Ericsson HM4x0 Reference Manual Download | Manualshive

Page: 229 / 702

background image

Firewall CLI Commands

2/1553-ZAT 759 94 Uen B – December 2005

229

10.7 firewall

add

portfilter

10.7.1 Syntax

firewall add portfilter <name> <policyname> {protocol
<protocol>} {inbound|outbound|both}

firewall add portfilter <name> <policyname> {tcp|udp}
<startport> <endport> {inbound|outbound|both}

firewall add portfilter <name> <policyname>
{icmp|smtp|http|ftp|telnet} {inbound|outbound|both}

10.7.2 Description

This command adds a portfilter to a firewall policy. Portfilters are individual
rules that determine what kind of traffic can pass between the two interfaces
specified in a policy.

There are three ways that you can add a portfilter depending on the type of
protocol that you want to feature in the portfilter:

•

Specify the number of a non-TCP or non-UDP protocol.

•

Specify TCP or UDP protocol, together with an application’s start/end port
numbers.

•

Specify one of the listed protocols, applications or services. These are
provided by the Firewall as popular examples that you can use. You do
not need to specify the portnumber – the Firewall does this for you.

10.7.3 Options

The following table gives the range of values for each option which can be
specified with this command and a default value (if applicable).

Option Description

Default

value

name

An arbitrary name that identifies the
portfilter. It can be made up of one or
more letters or a combination of letters
and digits, but it cannot start with a
digit.

N/A

«
...
227
228
229
230
231
...
»

Summary of Contents for HM4x0

Page 1: ...HM4x0 CLI Reference Guide ...

Page 2: ...roduced in any form without the written permission of the copyright owner The contents of this document are subject to revision without notice due to continued progress in methodology design and manufacturing Ericsson shall have no liability for any error or damages of any kind resulting from the use of this document Abstract This document is a reference guide describing the Command Line Interface...

Page 3: ...ent CLI Commands 29 3 1 Summary 29 3 2 agent get 30 3 3 agent methods 31 4 Bridge CLI Commands 32 4 1 Summary 32 4 2 bridge add interface 34 4 3 bridge clear interfaces 35 4 4 bridge delete interface 36 4 5 bridge list interfaces 37 4 6 bridge clear interface stats 38 4 7 bridge list interface stats 39 4 8 bridge show interfacestats 40 4 9 bridge set filterage 42 4 10 bridge set interface filterty...

Page 4: ...29 bridge delete vlaninterface 69 4 30 bridge list fdbs 70 4 31 bridge show fdb 71 4 32 bridge set interface ingressfiltering 72 4 33 bridge set interface pvid 73 4 34 bridge set interface defaultuserpriority 74 4 35 bridge set interface regenpriority 75 4 36 bridge show interface regenpriority 77 4 37 bridge set interface numtrafficclasses 78 4 38 bridge set interface trafficclassmap 79 4 39 brid...

Page 5: ...dunreginterface shared 102 4 61 bridge delete fwdunreginterface shared 103 4 62 bridge clear fwdunreginterfaces shared 105 4 63 bridge list fwdunreg shared 106 4 64 bridge list static fwdall shared 107 4 65 bridge list static fwdunreg shared 108 5 DHCP Client CLI Commands 109 5 1 Summary 109 5 2 dhcpclient add interfaceconfig 111 5 3 dhcpclient clear interfaceconfigs 112 5 4 dhcpclient delete inte...

Page 6: ... interfaceconfig givednstoclient enabled disabled 139 5 24 dhcpclient set interfaceconfig givednstorelay enabled disabled 140 5 25 dhcpclient set interfaceconfig interface 141 5 26 dhcpclient set interfaceconfig noclientid 142 5 27 dhcpclient set interfaceconfig requestedleasetime 143 5 28 dhcpclient set interfaceconfig server 144 5 29 dhcpclient set reboot 145 5 30 dhcpclient set retry 146 5 31 d...

Page 7: ...signautodomain 174 6 25 dhcpserver set subnet defaultleasetime 175 6 26 dhcpserver set subnet hostisdefaultgateway 176 6 27 dhcpserver set subnet hostisdnsserver 177 6 28 dhcpserver set subnet maxleasetime 178 6 29 dhcpserver set subnet subnet 179 6 30 dhcpserver show 180 6 31 dhcpserver show subnet 181 6 32 dhcpserver subnet add iprange 182 6 33 dhcpserver subnet add option 183 6 34 dhcpserver su...

Page 8: ...servers 203 8 4 dnsrelay delete server 204 8 5 dnsrelay enable disable 205 8 6 dnsrelay show 206 8 7 dnsrelay list servers 207 8 8 dnsrelay set hostname 208 8 9 dnsrelay set landomainname 209 8 10 dnsrelay show landomainname 210 9 Ethernet CLI Commands 211 9 1 Summary 211 9 2 ethernet add transport 212 9 3 ethernet clear transports 213 9 4 ethernet delete transport 214 9 5 ethernet list ports 215 ...

Page 9: ...238 10 13 firewall delete validator 240 10 14 firewall list validators 241 10 15 firewall show validator 242 11 IGMP CLI Commands 243 11 1 Summary 243 11 2 igmp set forwardall 244 11 3 igmp set upstreaminterface 245 11 4 igmp show upstreaminterface 246 11 5 igmp show forwardall 247 11 6 igmp show status 248 12 IP CLI Commands 249 12 1 Summary 249 12 2 ip add interface 251 12 3 ip attach 253 12 4 i...

Page 10: ... 277 12 24 ip clear riproutes 278 12 25 ip list riproutes 279 12 26 ip set interface rip accept 280 12 27 ip set interface rip multicast 282 12 28 ip set interface rip send 284 12 29 ip set rip advertisedefault 286 12 30 ip set rip authentication 287 12 31 ip set rip defaultroutecost 288 12 32 ip set rip hostroutes 289 12 33 ip set rip password 290 12 34 ip set rip poison 291 12 35 ip add defaultr...

Page 11: ... interface add staticarpentry 317 12 56 ip interface clear staticarpentries 319 12 57 ip interface delete staticarpentry 320 12 58 ip interface list staticarpentries 321 12 59 ip interface add secondaryipaddress 323 12 60 ip interface clear secondaryipaddresses 325 12 61 ip interface delete secondaryipaddress 326 12 62 ip interface list secondaryipaddresses 327 12 63 ip interface attachbridgevlan ...

Page 12: ... nat add resvmap interfacename tcp udp 355 14 13 nat add resvmap interfacename 357 14 14 nat clear resvmaps 359 14 15 nat delete resvmap 360 14 16 nat list resvmaps 361 14 17 nat show resvmap 363 14 18 nat status 364 15 Port CLI Commands 365 15 1 Summary 365 15 2 port 366 15 3 port list 367 15 4 port set 368 15 5 port a1 set 369 15 6 port wireless set 374 15 7 port show 380 15 8 port status 381 16...

Page 13: ...lay enabled disabled 404 16 18 pppoa set transport headers hdlc 405 16 19 pppoa set transport headers llc 406 16 20 pppoa set transport idletimeout 407 16 21 pppoa set transport interface 408 16 22 pppoa set transport ipv6cp 409 16 23 pppoa set transport lcpechoevery 410 16 24 pppoa set transport lcpmaxconf 411 16 25 pppoa set transport lcpmaxfail 412 16 26 pppoa set transport lcpmaxterm 413 16 27...

Page 14: ...2 pppoe add transport dialout pvc 450 17 3 pppoe add transport dialout eth 452 17 4 pppoe clear transports 454 17 5 pppoe delete transport 455 17 6 pppoe list transports 456 17 7 pppoe set transport accessconcentrator 457 17 8 pppoe set transport autoconnect 459 17 9 pppoe set transport autoconnect filter 460 17 10 pppoe set transport bt 462 17 11 pppoe set transport createroute 463 17 12 pppoe se...

Page 15: ...t transport password 485 17 33 pppoe set transport pcr 487 17 34 pppoe set transport prilevels 488 17 35 pppoe set transport pvc 489 17 36 pppoe set transport qosclass 491 17 37 pppoe set transport remotedns 493 17 38 pppoe set transport remoteip 495 17 39 pppoe set transport routemask 496 17 40 pppoe set transport scr 497 17 41 pppoe set transport servicename 498 17 42 pppoe set transport specifi...

Page 16: ...0 18 15 rfc1483 set transport rxvpi 531 18 16 rfc1483 set transport scr 532 18 17 rfc1483 set transport txvci 533 18 18 rfc1483 set transport txvpi 534 18 19 rfc1483 set transport vci 535 18 20 rfc1483 set transport vpi 536 18 21 rfc1483 show transport 537 19 Security CLI Commands 539 19 1 Summary 539 19 2 security enable disable 542 19 3 security status 543 19 4 security enable disable blockinglo...

Page 17: ... 25 security set trigger endport 568 19 26 security set trigger startport 569 19 27 security set trigger secondaryendport 570 19 28 security set trigger secondarystartport 571 19 29 security set trigger sessionchaining 572 19 30 security set trigger UDPsessionchaining 573 19 31 security show trigger 575 19 32 security enable disable IDS 577 19 33 security enable disable IDS blacklist 578 19 34 sec...

Page 18: ...curity application clear internalhost 601 19 56 security application add port 602 19 57 security application delete port 604 19 58 security application list ports 605 20 SNMP CLI Commands 607 20 1 Summary 607 20 2 snmp add communityname 608 20 3 snmp delete communityname 610 20 4 snmp set communityname 611 20 5 snmp list communitynames 612 20 6 snmp add trapdestination 613 20 7 snmp delete trapdes...

Page 19: ...1 11 sntpclient set retries 637 21 12 sntpclient show status 638 21 13 sntpclient set clock 639 22 System CLI Commands 640 22 1 Summary 640 22 2 system add user 641 22 3 system add login 642 22 4 system config backup 644 22 5 system config clear 645 22 6 system config restore 646 22 7 system config save 648 22 8 system config save factory 649 22 9 system delete login 650 22 10 system delete user 6...

Page 20: ...22 27 system set user password 670 23 Transports CLI Commands 671 23 1 Summary 671 23 2 transports clear 672 23 3 transports delete 673 23 4 transports list 674 23 5 transports show 675 24 User CLI Commands 676 24 1 Summary 676 24 2 user logout 677 24 3 user password 678 24 4 user change 679 25 Web Server CLI Commands 680 25 1 Summary 680 25 2 websersver clear stats 681 25 3 webserver enable disab...

Page 21: ... B December 2005 21 25 9 webserver set secclasses 688 25 10 webserver set telnetport 690 25 11 webserver set telnetsecclasses 691 25 12 webserver show info 693 25 13 webserver show memory 694 25 14 webserver show stats 695 Index 696 ...

Page 22: ...2 Typographic Conventions Throughout this guide the following typographical conventions are used to denote important information 1 2 1 Text Conventions The following text conventions are used Convention Example System printouts appear in Courier attachbridge Commands given to the CLI appear in Courier bold system add user Angle brackets mean that this part should be replaced with what is indicated...

Page 23: ...address for the HM4x0 is 192 168 1 1 and the connected PC must be on the same subnet for example the IP address set to 192 168 1 2 The Command Line is displayed If your Telnet application is GUI based you may be able to configure your Telnet terminal preferences to allow VT 100 compatibility in order to have scrolling and cursor arrow navigation If your Telnet application is CLI based you should h...

Page 24: ...dmin user enter system list users The following information is returned Users May May Access ID Name Conf Dialin Level Comment 1 admin ENABLED disabled superuser Administrator 2 3 Logout of the System To logout of the system enter the command user logout The system logs out the current user and closes the telnet connection Logging out Connection to host lost 2 4 Save Configuration Changes Whenever...

Page 25: ...re numbered entries in a list For example if you have created more than one IP interface the following command ip list interfaces produces a list of numbered interface objects Object numbers are displayed in the first column under the heading ID 2 5 1 Attach a Transport to an Interface To attach a transport to a bridge or router you need to 1 Create a transport In the following command an Ethernet...

Page 26: ...as displayed using the list command ethernet delete transport name number clear The clear command deletes ALL named entities that belong to an object for example the following command firewall clear policies Deletes all of the policy objects that belong to the Firewall You should use the clear command with caution the above example also deletes all validators and portfilters that belong to the pol...

Page 27: ...ransport Note The tab completion facility works with fixed CLI keywords It does not work with any CLI objects that you create or edit such as transport names Command Syntax Options If you type a command keyword and want to find out what the next syntax options are type Spacebar For example ethernet Displays a list of valid keywords that you can use after ethernet add Create ethernet transport clea...

Page 28: ...ame or number You assign a name when you create the interface or transport tunnel etc using the add interface command Once created the CLI adds this interface to a list of IP interfaces which you can display using the ip list interfaces command Interfaces are given identification numbers that appear under the first column under the heading ID ip list interfaces IP Interfaces ID Name IP Address DHC...

Page 29: ...ommands 2 1553 ZAT 759 94 Uen B December 2005 29 3 Agent CLI Commands This chapter describes the Agent CLI commands 3 1 Summary The table below lists the Agent commands provided by the CLI agent get agent methods ...

Page 30: ...e to the file system 3 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value source Specify source URL e g http somehost somefile N A Dest Specify destination e g isfs out txt N A 3 2 4 Example agent get http somehost somfile isfs out txt ...

Page 31: ... 31 3 3 agent methods 3 3 1 Syntax agent methods 3 3 2 Description This command displays the available methods for downloading a file 3 3 3 Example agent methods http Hyper Text Transfer Protocol tftp Trivial File Transfer Protocol ftp File Transfer Protocol ...

Page 32: ...ge attach bridge detach bridge flush bridge show bridge list ucastentries Q Bridge CLI Commands bridge add vlan bridge clear vlans bridge delete vlan bridge list vlans bridge list static vlans bridge show vlan bridge clear interfacevlanstats bridge list interfacevlanstats bridge show interfacevlanstats bridge add vlaninterface bridge clear vlaninterfaces bridge delete vlaninterface bridge list fdb...

Page 33: ...l independent bridge add fwdunreginterface independent bridge delete fwdunreginterface independent bridge clear fwdunreginterfaces independent bridge list fwdunreg independent bridge list static fwdall independent bridge list static fwdunreg independent Hybrid VLAN Learning Mechanism HVM commands bridge add fwdallinterface shared bridge delete fwdallinterface shared bridge clear fwdallinterfaces s...

Page 34: ... 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitrary name that identifies the interface It can be made up of one or more letters or a combination of letters and digits but it cannot start with a digit N A 4 2 4 Example bridge add interface LanInterface ...

Page 35: ...s command deletes all bridge interfaces previously created using the bridge add interface command If you have included support for source and or destination MAC address forwarding all source destination MAC address based unicast filtering entries associated with the interfaces are also deleted by this command 4 3 3 Example bridge clear interfaces ...

Page 36: ...es 4 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface name...

Page 37: ...ce command 4 5 3 Example bridge list interfaces ID 1 Name LanInterface Filter PVID Accept Ingress User Transport Type FrameType Filtering Prio All 1 ALL disabled 0 LanTransport ID 2 Name WlanInterface Filter PVID Accept Ingress User Transport Type FrameType Filtering Prio All 1 ALL disabled 0 WlanTransport ID 3 Name DslInterface Filter PVID Accept Ingress User Transport Type FrameType Filtering Pr...

Page 38: ...owing table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an already added and attached bridge interface See bridge add interface and bridge attach commands to add a bridge interface and attach it to a transport respectively N A number A number that identifies an existing bridge...

Page 39: ...out bridge interfaces Number of frames received on the interface Number of frames transmitted from the interface Number of frames discarded due to transit delay Number of frames discarded due to buffer overflow 4 7 3 Example bridge list interface stats Bridge Interfaces ID Name Rx Frames Tx Frames Tx Delay Unknown VLAN Discards Discards Buffer O F Ingress Frame Type Discards Discards Discards 1 La...

Page 40: ...iscarded due to buffer overflow 4 8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an already added and attached bridge interface See bridge add interface and bridge attach commands to add a bridge interface and attach it to a transport respectively ...

Page 41: ...Bridge CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 41 Rx Frames Tx Frames Transmit Unknown VLAN Delay Discards Discards Buffer O F Ingress Frame Type Discards Discards Discards 0 0 0 0 0 0 0 ...

Page 42: ...layed by the bridge show command 4 9 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value filterage The filter age is the time in seconds after which MAC addresses are removed from the filter table when there has been no activity The time may be an integer value between 10...

Page 43: ... if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface names use the bridge list interfaces command The number appears in the first column under the heading ID N A all Allows all types of ehternet p...

Page 44: ...a unicast packet is received by an interface with a portfilter set to all the portfilter rule is ignored The unicast packet is still only sent to one port Note If the bridge itself is attached to the router the bridge itself will always forward to all ports and will always be forwarded to by all ports Note Port Filter is not restored by the system config save command 4 11 3 Options The following t...

Page 45: ...at you want packets received on a specified bridge interface to be forwarded to To display port names use the bridge list interfaces command all Forwards packets received on a specified bridge interface to all existing bridge ports all 4 11 4 Example bridge set interface LanInterface portfilter all ...

Page 46: ...ing attached 4 12 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display int...

Page 47: ...that you want to detach are deleted by this command 4 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an e...

Page 48: ...the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface numbers use the bridge list interfaces command ...

Page 49: ...s of association with a shared filtering database FDB3 Multicast Learning setting which is configurable and can be set to HVM Hybrid VLAN Multicast Learning or IVM Independent VLAN Multicast Learning In case of HVM if two VLANs are associated with the same FDB the filtering information for a multicast MAC address in the other VLAN too However in case of IVM filtering information for a multicast MA...

Page 50: ...version number that this device supports which is 1 The maximum VLAN Id for a VLAN in the bridge The maximum number of VLANs supported in the bridge The number of VLANs that currently exist in the bridge 4 15 3 Example bridge show Global bridge configuration MAC Address 0 80 37 85 c5 c2 Number of Interfaces 3 Type TRANSPARENT Filter Age 1000 seconds Unicast Learning HYBRID Multicast Learning HVM I...

Page 51: ...iority Note This command does not show the current contents of the bridge s filter table See the command bridge list ucastentries or the console command filter 4 16 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interfac...

Page 52: ...n B December 2005 4 16 4 Example bridge show interface LanInterface Bridge Interface LanInterface Name LanInterface Filter Type Ip Port Filter all PVID 1 Acceptable Frame Type ALL Ingress Filtering disabled User Priority 0 Transport Not attached ...

Page 53: ...ce MAC address based destination MAC address based statically configured destination MAC address based dynamically learnt special Entry destination MAC address based statically configured and dynamically learnt Ethernet MAC address associated with the entry Receive interface for source MAC address based entries See the bridge add ucastentry src command for more information Egress interface list 4 ...

Page 54: ...arded To add a VLAN you must enter this command with the following values set name DefaultVlan vlanid 1 fdb DefaultFdb By default all of the bridge interfaces are added to the untagged port list of the default VLAN 4 18 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value ...

Page 55: ...th which the user wants the VLAN to be associated If the FDB already exists the VLAN becomes associated with that FDB If the FDB does not exist it is created and the VLAN becomes associated with it See the bridge list fdbs command to display all the existing filtering databases configured in the bridge and their corresponding statistics Set to DefaultFdb to add the default VLAN N A 4 18 4 Example ...

Page 56: ... VLANs from the bridge The egress interfaces and multicast filtering entries for an IVM configuration associated with the VLANs are also deleted by this command If a VLAN is the last VLAN associated with its FDB the FDB along with the unicast and multicast filtering entries and forward all unregistered group entries are also deleted from the bridge 4 19 3 Example bridge clear vlans ...

Page 57: ...ntries are also deleted from the bridge 4 20 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing VLAN To display the list of statically configured VLANs use the bridge list static vlans command To display the list of all the static ...

Page 58: ... the VLANs the command displays all of the statically added egress interfaces See the bridge add vlaninterface command to add an interface to the named VLAN The following VLAN information is displayed User configured VLAN name VLAN ID Filtering database associated with the VLAN Tagged egress interface list Untagged egress interface list 4 21 3 Example bridge list static vlans VLANs ID VLAN ID VLAN...

Page 59: ...ically learnt egress interfaces See the bridge add vlaninterface command to statically add an interface to a named VLAN The following VLAN information is displayed VLAN ID VLAN name for statically configured VLANs Filtering database name associated with the VLAN The type field indicating whether the VLAN is statically configured or dynamically learnt Tagged egress interface list Untagged egress in...

Page 60: ...d egress interface list Untagged egress interface list 4 23 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing VLAN To display the list of statically configured VLANs use the bridge list static vlans command To display the list of ...

Page 61: ...mmands 2 1553 ZAT 759 94 Uen B December 2005 61 column under the heading ID 4 23 4 Example bridge show vlan VLAN_1 VLAN VLAN_1 VLAN Id 2 Filtering Database FDB_1 Tagged Interfaces bridge1 Untagged Interfaces bridge2 ...

Page 62: ...ro 4 24 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname The name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the list of statically configured VLANs use the br...

Page 63: ...erface for the named VLAN 4 25 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname The name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the list of statically conf...

Page 64: ...nsmitted from the interface for the named VLAN 4 26 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname The name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the li...

Page 65: ...ete the interfaces from the default VLAN Note A bridge interface can exist either as a tagged interface or an untagged interface in a VLAN 4 27 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing VLAN To display the list of statical...

Page 66: ...fault value untagged To add an interface in the untagged interface list of the named VLAN N A interfacename The name of an already added and attached bridge interface See the bridge add interface and bridge attach commands 4 27 4 Example bridge add vlaninterface VLAN_1 tagged bridge1 ...

Page 67: ...ach option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing VLAN To display the list of statically configured VLANs use the bridge list static vlans command To display the list of all the static and dynamic VLANs in the bridge use the bridge list vlans command This command also displays the egress in...

Page 68: ...ed option is given in this command all the egress interfaces are removed from the VLAN N A untagged Removes all the untagged interfaces from the egress interface list of the VLAN If no tagged untagged option is given in this command all the egress ports are removed from the VLAN N A 4 28 4 Example bridge clear vlaninterfaces bridge clear vlaninterfaces tagged bridge clear vlaninterfaces untagged ...

Page 69: ...ption Default value name A name that identifies an existing VLAN To display the list of statically configured VLANs use the bridge list static vlans command To display the list of all the static and dynamic VLANs in the bridge use the bridge list vlans command N A number A number that identifies an existing VLAN To display the list of statically configured VLANs use the bridge list static vlans co...

Page 70: ...ng database ID FID Number of dynamic unicast entries within it Number of VLANs associated with it Number of frames discarded due to filtering database overflow Type indicating whether the filtering database is statically configured or dynamically created by default FDBs are created statically using the bridge add vlan command 4 30 3 Example bridge list fdbs Filtering Databases Statistics ID FDB Na...

Page 71: ...iscarded due to filtering database overflow 4 31 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname A name that identifies an existing Filtering Database See the bridge add vlan command to configure a new filtering database N A fdbnumber A number that identifies ...

Page 72: ...d a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface numbers use the bridge list interfaces command The number appears in the first column under the heading ID N A disable Accepts...

Page 73: ...ach option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface numbers use the bridge list interfaces command The number appears in the...

Page 74: ...ption which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface numbers use the bridge list interfaces command The number appears in the firs...

Page 75: ...ping 4 35 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface n...

Page 76: ...The regenerated user priority to which the user priority with value 4 in the incoming frame should be mapped 4 pri5 The regenerated user priority to which the user priority with value 5 in the incoming frame should be mapped 5 pri6 The regenerated user priority to which the user priority with value 6 in the incoming frame should be mapped 6 pri7 The regenerated user priority to which the user prio...

Page 77: ...n be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface numbers use the bridge list interfaces command The number appears in the first column under...

Page 78: ...value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface numbers use the bridge list interfaces command The number appears in the first column under the heading ID N A numtraffic classes A value that specifies the number of traffic classes su...

Page 79: ...lt value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface numbers use the bridge list interfaces command The number appears in the first column under the heading ID N A pri0 The traffic class t...

Page 80: ...4 should be mapped 4 pri5 The traffic class to which the regenerated priority with value 5 should be mapped 5 pri6 The traffic class to which the regenerated priority with value 6 should be mapped 6 pri7 The traffic class to which the regenerated priority with value 7 should be mapped 7 4 38 4 Example bridge set interface bridge1 trafficclassmap 7 6 5 4 3 2 1 0 ...

Page 81: ...he following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enable Enable the mapping of regenerated priority to its traffic class disable Disable the mapping of regenerated priority to its traffic class prioritybased Traffic class mapping would happen only if traffic class has not been alr...

Page 82: ...n which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface numbers use the bridge list interfaces command The number appears in the first co...

Page 83: ...s the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing bridge interface To display interface names use the bridge list interfaces command N A number A number that identifies an existing bridge interface To display interface numbers use the bridge list interfaces comman...

Page 84: ...ace 4 42 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value transport An arbitrary name that identifies the transport It can be made up of one or more letters or a combination of letters and digits but it cannot start with a digit N A vlanid A number that identifies an e...

Page 85: ... transport previously added using the bridgevlan add transport command 4 43 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value transport The name of an existing bridgevlan transport See the bridgevlan list transports command N A 4 43 4 Example bridgevlan delete transport...

Page 86: ...ber 2005 4 44 bridgevlan clear transports 4 44 1 Syntax bridgevlan clear transports 4 44 2 Description This command removes all bridgevlan transports previously created using the bridgevlan add transport command 4 44 3 Example bridgevlan clear transports ...

Page 87: ...ansports that have been created using the bridgevlan add transport command It displays the transport identification number and name the VLAN ID and the IP interface it is attached to The ip interface attachbridgevlan command is used to attach a vlan transport to an IP interface 4 45 3 Example bridgevlan list transports The VLAN transports are ID Name VLAN ID IP Interface 1 vtrans 2 ...

Page 88: ...f values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname The name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the list of statically configured VLANs use the bridge list static vlans command The number appears in th...

Page 89: ... following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname The name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the list of statically configured VLANs use the bridge list static vlan...

Page 90: ... multicast frames would be forwarded 4 48 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname A name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the list of static...

Page 91: ...l the multicast frames would be forwarded 4 49 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname A name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the list of s...

Page 92: ...0 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname The name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the list of statically configured VLANs use the bridge l...

Page 93: ...orwarding information available 4 51 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname The name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the list of staticall...

Page 94: ...rwarded whose destination MAC address have no other forwarding information available 4 52 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname A name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifie...

Page 95: ...be forwarded whose destination MAC address have no other forwarding information available 4 53 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname A name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that iden...

Page 96: ...ded to 4 54 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname A name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the list of statically configured VLANs use the ...

Page 97: ...ss have no other forwarding information available 4 55 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value vlanname A name of an existing VLAN See the bridge add vlan command to configure a new VLAN N A vlannumber A number that identifies an existing VLAN To display the l...

Page 98: ...r each option which can be specified with this command and a default value if applicable Option Description Default value fdbname The name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A number that identifies an existing Filtering Database To display the list of statically configured FDBs use the bridge list fdbs command The ...

Page 99: ...le gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname The name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A number that identifies an existing Filtering Database To display the list of statically configured FDBs use th...

Page 100: ...frames would be forwarded 4 58 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname A name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A number that identifies an existing Filtering Database ...

Page 101: ...cast frames would be forwarded 4 59 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname A name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A number that identifies an existing Filtering Data...

Page 102: ... The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname The name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A number that identifies an existing Filtering Database To display the list of statically conf...

Page 103: ...ress have no other forwarding information available 4 61 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname The name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A number that identifies an ...

Page 104: ...Bridge CLI Commands 104 2 1553 ZAT 759 94 Uen B December 2005 4 61 4 Example bridge delete fwdunreginterface shared FDB_1 bridge1 ...

Page 105: ...se destination MAC address have no other forwarding information available 4 62 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname A name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A number...

Page 106: ...d whose destination MAC address have no other forwarding information available 4 63 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname A name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A n...

Page 107: ... 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname A name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A number that identifies an existing Filtering Database To display the list of statica...

Page 108: ...other forwarding information available 4 65 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value fdbname A name of an existing Filtering Database See the bridge add vlan command to configure a new Filtering Database N A fdbnumber A number that identifies an existing Filter...

Page 109: ...fig delete sent option dhcpclient interfaceconfig list requested options dhcpclient interfaceconfig list sent options dhcpclient list interfaceconfigs dhcpclient set backoff dhcpclient set interfaceconfig autoip dhcpclient set interfaceconfig clientid dhcpclient set interfaceconfig defaultroute enabled disabled dhcpclient set interfaceconfig dhcpinform enabled disabled dhcpclient set interfaceconf...

Page 110: ...s By default received DNS server addresses are passed on to the DNS relay and not passed to DNS client To change these default settings use the commands dhcpclient set interfaceconfig givednstoclient enabled disabled and dhcpclient set interfaceconfig givednstorelay enabled disabled DHCP server default gateway information By default DHCP client makes use of default gateway information To change th...

Page 111: ...ollowing table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitrary name that identifies the client interface It can be made up of one or more letters or a combination of letters and digits but it cannot start with a digit N A ipinterface An IP address or a name that identifies an exi...

Page 112: ... 94 Uen B December 2005 5 3 dhcpclient clear interfaceconfigs 5 3 1 Syntax dhcpclient clear interfaceconfigs 5 3 2 Description This command deletes all existing DHCP client interface configurations 5 3 3 Example dhcpclient clear interfaceconfigs ...

Page 113: ...ge of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To display client interface numbers use the dhcp...

Page 114: ...tailed in RFC 2132 5 5 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP...

Page 115: ...ed in RFC 2132 5 6 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP cli...

Page 116: ...ult value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To display client interface numbers use the dhcpclient list interfaceconfigs command N A option A text string that identifies a ...

Page 117: ...n B December 2005 117 with string type values associated with them the option value must be in double quotes Also the entire string including the double quotes must be inside single quotes to ensure that the CLI treats the double quotes literally ...

Page 118: ...8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To ...

Page 119: ...ommand 5 9 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client inte...

Page 120: ... be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To display client interface numbers use the dhcpclient list interfaceconfigs command N...

Page 121: ...ied with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To display client interface numbers use the dhcpclient list interfaceconfigs command N A option ...

Page 122: ...true for options that were added using the dhcpclient interfaceconfig add required option command false for options added using the dhcpclient interfaceconfig add requested option command Options and their values are detailed in RFC 2132 5 12 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Des...

Page 123: ... 1553 ZAT 759 94 Uen B December 2005 123 5 12 4 Example dhcpclient interfaceconfig cconfig1 list requested options DHCP client requested options for config1 ID Identifier Is option required 1 irc server false 2 domain name true ...

Page 124: ...Suggested value Options and their values are detailed in RFC 2132 5 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A ...

Page 125: ...DHCP Client CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 125 ID Identifier Suggested Value 1 host name Vancouver ...

Page 126: ... about existing DHCP client interfaces Interface identification number Interface name IP interface configured by the client interface Requested lease time in seconds Client identifier if set Status of IP address auto configuration true or false 5 14 3 Example dhcpclient list interfaceconfigs DHCP Client Declarations Requested ID Name Interface Lease Time Client ID AutoIP DHCPINFORM 1 config1 LAN 8...

Page 127: ...vidual DHCP requests This prevents many clients trying to configure themselves at the same time and sending too many requests at once 5 15 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value backofftime The maximum number of seconds that the DHCP client can pause for betw...

Page 128: ...RP probe for that IP address Once an IP address has been automatically configured the DHCP client continues to check whether or not it can contact a DHCP server If the client can contact a DHCP server and obtain a legitimate lease the legitimate lease will supersede the auto configured IP address Note Even if you have enabled Auto IP using this command you will not be able to use IP address auto c...

Page 129: ...hat identifies an existing DHCP client interface To display client interface numbers use the dhcpclient list interfaceconfigs command N A enabled Enables Auto IP on a specified DHCP client disabled Disables Auto IP on a specified DHCP client enabled 5 16 4 Example dhcpclient set interfaceconfig config1 autoip enabled ...

Page 130: ...alue name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To display client interface numbers use the dhcpclient list interfaceconfigs command N A clientid A unique identifier that DHCP server can use to identify the client For Microsoft ...

Page 131: ...from DHCP server 5 18 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP ...

Page 132: ...DHCP Client CLI Commands 132 2 1553 ZAT 759 94 Uen B December 2005 5 18 4 Example dhcpclient set interfaceconfig config1 defaultroute disabled ...

Page 133: ... parameters such as DNS servers or default gateway from a DHCP server 5 19 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command ...

Page 134: ...DHCP Client CLI Commands 134 2 1553 ZAT 759 94 Uen B December 2005 5 19 4 Example dhcpclient set interfaceconfig config1 dhcpinform enabled ...

Page 135: ...ult gateway address as its LAN IP address 5 20 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that ide...

Page 136: ...DHCP Client CLI Commands 136 2 1553 ZAT 759 94 Uen B December 2005 5 20 4 Example dhcpclient set interfaceconfig config1 dhcpserverpoolsize 5 ...

Page 137: ...rface that it finds 5 21 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DH...

Page 138: ...rs from the DHCP server 5 22 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existin...

Page 139: ...The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To display clie...

Page 140: ...e following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To display client...

Page 141: ...the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To display client interface numbers use t...

Page 142: ...rver configuration or its lease database 5 26 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that iden...

Page 143: ...7 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To ...

Page 144: ...the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing DHCP client interface To display client interface names use the dhcpclient list interfaceconfigs command N A number A number that identifies an existing DHCP client interface To display client interface numbers use t...

Page 145: ...ient trying to reacquire its last address and giving up and then trying to discover a new address 5 29 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value reboottime The time in seconds after a client tries to reacquire the last IP address it had and before the client giv...

Page 146: ...erver is present before it tries again to contact a DHCP server 5 30 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value retrytime The time in seconds that must pass after the client has determined that no DHCP server is present before it tries again to contact a DHCP ser...

Page 147: ...lient show 5 31 1 Syntax dhcpclient show 5 31 2 Description This command displays global configuration information about DHCP client 5 31 3 Example dhcpclient show Global DHCP Client Configuration Reboot time 10 Retry time 300 Max backoff time 120 Initial interval 10 Timeout 60 ...

Page 148: ...ber 2005 5 32 dhcpclient update 5 32 1 Syntax dhcpclient update 5 32 2 Description This command updates the DHCP client configuration Changes made to the client configuration are not updated until this command has been entered 5 32 3 Example dhcpclient update ...

Page 149: ...ptions dhcpserver list subnets dhcpserver set allowunknownclients dhcpserver set bootp dhcpserver set defaultleasetime dhcpserver set fixedhost ipaddress dhcpserver set fixedhost macaddress dhcpserver set fixedhost maxleasetime dhcpserver set maxleasetime dhcpserver set subnet assignatuodomain dhcpserver set subnet defaultleasetime dhcpserver set subnet hostisdefaultgateway dhcpserver set subnet h...

Page 150: ...g DHCP relay to operate on other interfaces you can simultaneously use DHCP server and relay in your configuration 6 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value ipinterface The name of the existing interface that you want DHCP server to operate on To display int...

Page 151: ...Syntax dhcpserver clear interfaces 6 3 2 Description This command deletes all DHCP server IP interface previously defined using the dhcpserver add interface command Note This command does not delete the IP interfaces from the router See ip clear interfaces command 6 3 3 Example dhcpserver clear interfaces ...

Page 152: ... This command does not delete the IP interface from the router See ip clear interfaces command 6 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value ipinterface The name of an existing IP interface that DHCP server is set to operate on To display interface names use the...

Page 153: ...r list interfaces 6 5 1 Syntax dhcpserver list interfaces 6 5 2 Description This command lists the existing DHCP server IP interfaces previously defined using the dhcpserver add interface command 6 5 3 Example dhcpserver list interfaces DHCP Server Interfaces ID Name 1 IpInterface ...

Page 154: ... for fixed host mapping to work Note If you create a fixed host mapping with an IP address that is already present inside a configured dynamic IP range the fixed host IP address will override the address in the dynamic range 6 6 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Defau...

Page 155: ... host mapping dhcpserver add fixedhost myhost 192 168 219 1 00 20 2b 01 02 03 The example below creates a suitable subnet for the above fixed host mapping Note that the IP address above is not present in the following IP range dhcpserver add subnet mysubnet 192 168 219 0 255 255 255 0 192 168 219 10 192 168 219 20 ...

Page 156: ...ble Option Description Default value name An arbitrary name that identifies the subnet It can be made up of one or more letters or a combination of letters and digits but it cannot start with a digit N A ipaddress The IP address of the subnet displayed in the following format 192 168 102 3 N A netmask The netmask address of the subnet for example 255 255 255 0 N A startaddr The first IP address in...

Page 157: ...mber 2005 157 6 8 dhcpserver clear fixedhosts 6 8 1 Syntax dhcpserver clear fixedhosts 6 8 2 Description This command deletes all DHCP server fixedhosts that were created using the dhcpserver add fixedhost command 6 8 3 Example dhcpserver clear fixedhosts ...

Page 158: ... Uen B December 2005 6 9 dhcpserver clear subnets 6 9 1 Syntax dhcpserver clear subnets 6 9 2 Description This command deletes all DHCP server subnets that were created using the dhcpserver add subnet command 6 9 3 Example dhcpserver clear subnets ...

Page 159: ... server that was created using the dhcpserver add fixedhost command 6 10 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing fixed host To display fixed host name use the dhcpserver list fixedhosts command N A 6 10 4 Example dhcpser...

Page 160: ...ted 6 11 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver ...

Page 161: ...ces for the server and relay to bind to You cannot bind the same interface to both server and relay you must use different interfaces for each If you have set DHCP server to operate on an existing IP interface and you want to make configuration changes to that IP interface you must first disable DHCP server then re enable it once your IP configuration is complete 6 12 3 Options The following table...

Page 162: ...nt is on one of the subnets the DHCP server has been configured to serve The client must also be configured to accept DHCPFORCERENEW messages using the dhcpclient set interfaceconfig forcerenew enabled command 6 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value ipadd...

Page 163: ...14 2 Description This command lists the following information about existing DHCP fixed host mappings Fixed host ID number Fixed host name IP address MAC address Max lease time 6 14 3 Example dhcpserver list fixedhosts DHCP server fixed host mappings ID Name IP address MAC address Max Lease Time 1 myhost 192 168 219 0 00 20 2b 01 02 03 86400 ...

Page 164: ...assembly default ip ttl path mtu aging timeout path mtu plateau table interface mtu all subnets local broadcast address perform mask discovery mask supplier router discovery router solicitation address static routes trailer encapsulation arp cache timeout ieee802 3 encapsulation default tcp ttl tcp keepalive interval tcp keepalive garbage nis domain nis servers ntp servers vendor encapsulated opti...

Page 165: ...83 option 84 nds servers nds tree name nds context option 88 option 89 option 90 option 91 option 92 option 93 option 94 option 95 option 96 option 97 option 98 option 99 option 100 option 101 option 102 option 103 option 104 option 105 option 106 option 107 option 108 option 109 option 110 option 111 option 112 option 113 option 114 option 115 auto configure option 117 option 118 option 119 sip s...

Page 166: ...g information about existing DHCP subnets Subnet number Subnet IP address Subnet netmask address Default lease time in seconds Maximum lease time in seconds Whether the host is a DNS server true or false 6 16 3 Example dhcpserver list fixedhosts DHCP Server subnets Default Max Host is ID IP Address Netmask Lease time Lease time DNS svr 1 192 168 102 0 255 255 255 0 43200 86400 false ...

Page 167: ...nt of addresses to unknown clients 6 17 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enabled Allows IP addresses to be dynamically assigned to unknown clients disabled Does not allow IP addresses to be dynamically assigned to unknown clients enabled 6 17 4 Example ...

Page 168: ...ther or not DHCP server can respond to BOOTP requests 6 18 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enabled DHCP server responds to BOOTP queries disabled DHCP server does not respond to BOOTP queries enabled 6 18 4 Example dhcpserver set bootp disabled ...

Page 169: ...lt lease time for DHCP server 6 19 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value defaultlease time The default time in seconds that is assigned to a lease if the client requesting the lease does not ask for a specific expiry time 43200 6 19 4 Example dhcpserver set ...

Page 170: ...not add addresses into a dynamic IP range that are already configured as fixed host addresses The CLI will display a warning if you attempt to do this 6 20 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value host name A name that identifies an existing fixedhost To displa...

Page 171: ...mapping 6 21 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value host name A name that identifies an existing fixedhost To display fixedhost names use the dhcpserver list fixedhosts command N A mac address A MAC address displayed in the following format N A 6 21 4 Example...

Page 172: ...time for an existing fixed host mapping 6 22 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value maxlease time The maximum time in seconds that is assigned to a lease if the client requesting the lease does not ask for a specific expiry time 86400 6 22 4 Example dhcpserve...

Page 173: ... lease time for DHCP server 6 23 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value maxlease time The maximum time in seconds that is assigned to a lease if the client requesting the lease does not ask for a specific expiry time 86400 6 23 4 Example dhcpserver set maxlea...

Page 174: ...s for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A enabled DHCP server passes the local d...

Page 175: ...ives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A defaultlease ti...

Page 176: ... each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A enabled Allows DHCP server to give out its ...

Page 177: ... each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A enabled Allows DHCP server to give out its ...

Page 178: ...es the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A maxlease time The...

Page 179: ...e specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A ip address The new IP address for the subnet displayed in the follo...

Page 180: ...nformation about the DHCP server Status of the server enabled disabled Global default lease time Global maximum lease time bootp requests setting true or false Allow unknown clients setting true or false 6 30 3 Example dhcpserver show Global DHCP Server Configuration Status ENABLED Default lease time 43200 seconds Max lease time 86400 seconds Allow BOOTP requests true Allow unknown clients true ...

Page 181: ... gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A 6 31 4 Exampl...

Page 182: ...is command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A startaddr The first IP address in the pool of addresses The IP address is displayed in...

Page 183: ... unwilling or unable to supply an IP address lease In this case if this option is set to 1 then the DHCP server will not intervene to prevent clients from u sing auto configuration to determine an IP address If this option is set to 0 the use of IP address auto configuration on the network will be explicitly forbidden by the DHCP server If this option is not explicitly configured then it will be a...

Page 184: ...Server CLI Commands 184 2 1553 ZAT 759 94 Uen B December 2005 Option Description Default value value The value associated with the option N A 6 33 4 Example dhcpserver subnet sub1 add option auto configure 1 ...

Page 185: ...ions The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets c...

Page 186: ...The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets comman...

Page 187: ...ch can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A range id A number that identifies an IP range To list the e...

Page 188: ...lowing table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A o...

Page 189: ...le gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A 6 38 4 Exam...

Page 190: ...gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing subnet To display subnet names use the dhcpserver list subnets command N A number A number that identifies an existing subnet To display subnet numbers use the dhcpserver list subnets command N A 6 39 4 Example...

Page 191: ...05 191 6 40 dhcpserver update 6 40 1 Syntax dhcpserver update 6 40 2 Description This command updates the DHCP server configuration Changes made to the server configuration will not take effect until this command has been entered 6 40 3 Example dhcpserver update ...

Page 192: ...s the DNS Client CLI commands 7 1 Summary The table below lists the DNS Client commands provided by the CLI dnsclient add searchdomain dnsclient add server dnsclient clear searchdomains dnsclient clear servers dnsclient delete searchdomain dnsclient delete server dnsclient list searchdomains dnsclient list servers ...

Page 193: ...name The search string specified replaces any previous search strings added previously using this command 7 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value searchstring A search string used to find the IP address for an incomplete domain name You can have a maximum ...

Page 194: ...for a given IP address 7 3 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value ipaddress The IP address of the server that has an unknown domain name You can add a maximum of 3 addresses to the server list The IP address is displayed in the following format 192 168 102 3 ...

Page 195: ... 759 94 Uen B December 2005 195 7 4 dnsclient clear searchdomains 7 4 1 Syntax dnsclient clear searchdomains 7 4 2 Description This command deletes all domain names from the domain search list 7 4 3 Example dnsclient clear searchdomains ...

Page 196: ... 2 1553 ZAT 759 94 Uen B December 2005 7 5 dnsclient clear servers 7 5 1 Syntax dnsclient clear servers 7 5 2 Description This command deletes all the server IP addresses from the server list 7 5 3 Example dnsclient clear servers ...

Page 197: ...rch list 7 6 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value searchstring A search string that identifies a search string used to find the IP address for an incomplete domain name To list domain search strings use the dnsclient list searchdomains command N A 7 6 4 Exa...

Page 198: ... the server list 7 7 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value number The server number that identifies an IP address of the server that has an unknown domain name To display server numbers use the dnsclient list servers command N A 7 7 4 Example dnsclient delet...

Page 199: ...ains 7 8 2 Description This command lists the domain search strings that you have added to DNS client using the dnsclient add searchdomain command DNS client uses this list when a user asks for the IP address list for an incomplete domain name 7 8 3 Example dnsclient list searchdomains DNS Client Search Domains ID Domain 1 ericsson com ...

Page 200: ...ient list servers 7 9 2 Description This command lists the server IP addresses that you have added to DNS client using the dnsclient add server command DNS client uses this list to retrieve a domain name for a given IP address 7 9 3 Example dnsclient list servers DNS Client Servers ID IP Address 1 192 168 120 35 ...

Page 201: ...bes the DNS Relay CLI commands 8 1 Summary The table below lists the DNS Relay commands provided by the CLI dnsrelay add server dnsrelay clear servers dnsrelay delete server dnsrelay enable disable dnsrelay show dnsrelay list servers dnsrelay set hostname dnsrelay set landomainname dnsrelay show landomainname ...

Page 202: ...NS relay s list of server addresses 8 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value ipaddress The IP address of a DNS server that DNS relay can use The IP address is displayed in the following format 192 168 102 3 0 0 0 0 8 2 4 Example dnsrelay add server 239 252 ...

Page 203: ... Uen B December 2005 203 8 3 dnsrelay clear servers 8 3 1 Syntax dnsrelay clear servers 8 3 2 Description This command deletes all IP DNS server addresses stored in DNS relay s list of server IP addresses 8 3 3 Example dnsrelay clear servers ...

Page 204: ...ist of server IP addresses 8 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value number A number that identifies the DNS server in the DNS relay list To display server numbers use the dnsrelay list servers commands The numbers are displayed in the ID column N A 8 4 4 Ex...

Page 205: ...nfiguration If you try configuring DNS relay before you have entered the dnsrelay enable command the CLI issues a warning message To display the current state of DNS relay use the dnsrelay show command 8 5 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enable Enables...

Page 206: ...AT 759 94 Uen B December 2005 8 6 dnsrelay show 8 6 1 Syntax dnsrelay show 8 6 2 Description This command indicates the status of DNS relay enabled or disabled 8 6 3 Example dnsrelay showhost Global DNS Relay Configuration Status ENABLED ...

Page 207: ... dnsrelay list servers 8 7 1 Syntax dnsrelay list servers 8 7 2 Description This command displays the DNS relay s list of IP DNS server addresses and their unique identification numbers 8 7 3 Example dnsrelay list servers DNS Relay Servers ID IP Address 1 239 252 197 0 ...

Page 208: ...2 Description This command sets the host name of your device 8 8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The hostname that identifies your device N A 8 8 4 Example dnsrelay set hostname myhost ...

Page 209: ...n name of your device DHCP server can then be configured to give out this address to DHCP clients 8 9 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The LAN domain name that identifies your device N A 8 9 4 Example dnsrelay set landomainname ericsson com ...

Page 210: ...lay show landomainname 8 10 1 Syntax dnsrelay show landomainname 8 10 2 Description This command displays the domain name used by the DNS relay to determine if a host name request is for the local database 8 10 3 Example dnsrelay show landomainname LAN Domain Name ericsson com ...

Page 211: ...r describes the Ethernet transport CLI commands 9 1 Summary The table below lists the CLI commands for manipulating Ethernet channels ethernet add transport ethernet clear transports ethernet delete transport ethernet list transports ethernet list ports ethernet set transport ethernet show transport ...

Page 212: ...the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitrary name that identifies the transport It can be made up of one or more letters or a combination of letters and digits but it cannot start with a digit N A port The system port that is used to transport ethernet data You cannot use the same p...

Page 213: ...December 2005 213 9 3 ethernet clear transports 9 3 1 Syntax ethernet clear transports 9 3 2 Description This command deletes all ethernet transports that were created using the ethernet add transport command 9 3 3 Example ethernet clear transports ...

Page 214: ...ange of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing Ethernet transport To display transport names use the ethernet list transports command N A number A number that identifies an existing Ethernet transport To display transport numbers use the ethernet list transports comma...

Page 215: ...rts 9 5 2 Description This command lists the valid ports that can be used to transport ethernet data 9 5 3 Example ethernet list ports Valid ethernet port names eth_lan eth_wan wireless q1 pppoe wlan_filtered wireless0 wireless1 wireless2 wireless3 wireless4 wireless5 wireless6 wireless7 wireless8 wireless9 wireless10 ...

Page 216: ...d lists all ethernet transports that have been created using the ethernet add transport command It displays the transport identification number and name and the name of the port that it uses to transport ethernet data 9 6 3 Example ethernet list transports Ethernet transports ID Name Port 1 LanTransport eth_lan 2 WanTransport eth_wan 3 WlanTransport wireless0 ...

Page 217: ...ified with this command and a default value if applicable Option Description Default value name A name that identifies an existing Ethernet transport To display transport names use the ethernet list transports command N A number A number that identifies an existing Ethernet transport To display transport numbers use the ethernet list transports command N A port The system port that is used to tran...

Page 218: ...ch option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing Ethernet transport To display transport names use the ethernet list transports command N A number A number that identifies an existing Ethernet transport To display transport numbers use the ethernet list transports command N A 9 8 4 Example ...

Page 219: ...s the firewall commands provided by the CLI firewall enable disable firewall set securitylevel firewall status firewall list policies firewall show policy firewall add portfilter firewall clear portfilters firewall delete portfilter firewall list portfilters firewall show portfilter firewall add validator firewall delete validator firewall list validators firewall show validator ...

Page 220: ... during a session any configuration changes made when the Firewall was enabled remain in the Firewall so that you can re enable them later in the session If you need to reboot your system but want to save the Firewall configuration between sessions use the system config save command 10 2 3 Options The following table gives the range of values for each option which can be specified with this comman...

Page 221: ...anually configured portfilters are stored in the im conf file Explicitly setting the security level to none sets a security level that does not contain any policies or portfilters Note that if you create portfilters and store them in the im conf file then select none or any other security level all of your manually configured portfilters will be deleted and replaced with this level The user define...

Page 222: ...hether a certain service can be received in or allowed out by a specific policy Y yes N no HIGH SECURITY LEVEL External Internal External DMZ DMZ Internal Service Port In Out In Out In Out http 80 N Y Y Y Y Y dns 53 N Y N Y N Y telnet 23 N N N N N N smtp 25 N Y Y Y Y Y pop3 110 N Y Y Y Y Y nntp 119 N N N N N N real audio video 7070 N N N N N N icmp N A N Y N Y N Y H 323 1720 N N N N N N T 120 1503...

Page 223: ...l External DMZ DMZ Internal Service Port In Out In Out In Out http 80 N Y Y Y Y Y dns 53 N Y Y Y Y Y telnet 23 N Y N Y N Y smtp 25 N Y Y Y Y Y pop3 110 N Y Y Y Y Y nntp 119 N Y Y Y Y Y real audio video 7070 Y N N Y N Y icmp N A N Y N Y N Y H 323 1720 N Y N Y N Y T 120 1503 N Y N Y N Y SSH 22 N Y N Y N Y ...

Page 224: ...External DMZ DMZ Internal Service Port In Out In Out In Out http 80 N Y Y Y Y Y dns 53 Y Y Y Y Y Y telnet 23 N Y Y Y Y Y smtp 25 N Y Y Y Y Y pop3 110 N Y Y Y Y Y nntp 119 N Y Y Y Y Y real audio video 7070 Y N Y Y Y Y icmp N A N Y Y Y Y Y H 323 1720 Y Y Y Y Y Y T 120 1503 Y Y Y Y Y Y SSH 22 Y Y Y Y Y Y ...

Page 225: ...y portfilters high Your system uses the high firewall security level providing a high level of firewall security between interfaces medium Your system uses the medium firewall security level providing a medium level of firewall security between interfaces low Your system uses the low firewall security level providing a low level of firewall security between interfaces userdefined Your system uses ...

Page 226: ...isplays the following information about the Firewall Firewall status enabled or disabled Security level setting none high low or medium Firewall logging status session logging enabled or disabled blocking logging enabled or disabled intrusion logging enabled or disabled 10 4 3 Example firewall status Firewall enabled Firewall security level medium ...

Page 227: ...rface Type 2 the two interface types between a policy exists external internal external dmz or internal dmz Validator Allow Only status False only traffic based on the direction and the IP address es specified by Firewall validators is blocked All other traffic is allowed 10 5 3 Example firewall list policies Firewall Policies ID Name Type 1 Type 2 Validator Allow Only 1 ext int external internal ...

Page 228: ... the IP address es specified in the firewall add validator command is blocked All other traffic is allowed 10 6 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies a firewall policy To display policy names use the firewall list policies command...

Page 229: ...can add a portfilter depending on the type of protocol that you want to feature in the portfilter Specify the number of a non TCP or non UDP protocol Specify TCP or UDP protocol together with an application s start end port numbers Specify one of the listed protocols applications or services These are provided by the Firewall as popular examples that you can use You do not need to specify the port...

Page 230: ...A outbound Allows transport of packets of the specified protocol application or service from an inside interface to an outside interface Inbound transport of the packets is not allowed N A both Allows inbound and outbound transport of packets of the specified protocol application or service between inside and outside interfaces N A 10 7 4 Example Example one specifying a protocol number The follow...

Page 231: ...Protocol packets inbound and outbound between the internal interface to the DMZ interface This is a popular protocol that is provided by the Firewall You do not need to specify the portnumber the Firewall does this for you Then we can add the portfilter to it firewall add portfilter pf3 dmz int smtp both 10 7 5 See also See the Well Known Port Numbers section of RFC 1700 for a list of port numbers...

Page 232: ...ed to a firewall policy using the firewall add portfilter command 10 8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value policyname A name that identifies a firewall policy To display policy names use the firewall list policies command N A 10 8 4 Example firewall clear ...

Page 233: ...mand 10 9 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing portfilter To display portfilter names use the firewall list portfilters command N A policyname A name that identifies a firewall policy To display policy names use the f...

Page 234: ...is set to 0 0 In displays the inbound permission setting true or false Out displays the outbound permission setting true or false Raw displays whether or not the portfilter uses a non TCP UDP protocol true or false TCP displays whether or not the portfilter uses a TCP protocol true or false UDP displays whether or not the portfilter uses a UDP protocol true or false 10 10 3 Options The following t...

Page 235: ...Port 1 pf1 0 0 0 0 0 0 0 0 2 0 0 0 0 firewall list portfilters ext int Firewall Port Filters ID Name Src Address Dst Address Prot Src Port Dst Port 1 pf2 0 0 0 0 0 0 0 0 UDP 0 65535 53 53 firewall list portfilters dmz int Firewall Port Filters ID Name Src Address Dst Address Prot Src Port Dst Port 1 pf3 0 0 0 0 0 0 0 0 TCP 0 65535 25 25 ...

Page 236: ...on true or false Outbound permission true or false Raw IP whether the portfilter uses a non TCP UDP protocol true or false TCP permission whether the portfilter uses a TCP protocol true or false UDP permission whether the portfilter uses a UDP protocol true or false 10 11 3 Options The following table gives the range of values for each option which can be specified with this command and a default ...

Page 237: ...nt Firewall Port Filter pf2 Source IP address 0 0 0 0 Source mask 0 0 0 0 Destination IP address 0 0 0 0 Destination mask 0 0 0 0 IP protocol UDP Source port number start 0 Source port number end 65535 Destination port number start 53 Destination port number end 53 Inbound permission false Outbound permission true ...

Page 238: ...tion of traffic that you want to block Once you have added a validator to a policy specifying the IP address and direction values you can reuse these values by adding the validator to other policies 10 12 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitra...

Page 239: ...ress The IP address that you want to carry out IP address validation on The IP address is displayed in the following format 192 168 102 3 N A hostipmask The IP mask address If you want to filter a range of addresses you can specify the mask e g 255 255 255 0 If you want to filter a single IP address you can use the specific IP mask address e g 255 255 255 255 N A 10 12 4 Example firewall add valid...

Page 240: ...llowing table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing validator To display validator names use the firewall list validators command N A policyname A name that identifies a firewall policy To display policy names use the firewall list policies command...

Page 241: ... outbound or both Host IP address Host mask address 10 14 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value policyname A name that identifies a firewall policy To display policy names use the firewall list policies command N A 10 14 4 Example firewall list validators ex...

Page 242: ... both Host IP address Host mask address 10 15 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing validator To display validator names use the firewall list validators command N A policyname A name that identifies a firewall policy ...

Page 243: ...Commands This chapter describes the Internet Group Management Protocol IGMP CLI commands 11 1 Summary The table below lists the IGMP commands provided by the CLI igmp set forwardall igmp set upstreaminterface igmp show upstreaminterface igmp show forwardall igmp show status ...

Page 244: ...s an alternative to IGMP Proxy If you set forwardall enabled it unsets the upstream interface and disables IGMP proxy 11 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enabled Your router forwards multicast traffic to all interfaces This sets the upstream interface...

Page 245: ...on of the IGMP protocol and the downstream interfaces implement the Router portion of the IGMP protocol The IGMP Proxy may be disabled by setting upstream interface to none Enabling this command disables the igmp set forwardall command 11 3 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Descr...

Page 246: ...ow upstreaminterface 11 4 2 Description This command displays the status of the upstream interface If an upstream interface has been set using the igmp set upstreaminterface command this command displays the current setting 11 4 3 Example igmp show upstreaminterface IGMP Proxy configuration Upstream If IpInterface ...

Page 247: ...Syntax igmp show forwardall 11 5 2 Description This command displays status information about the igmp set forwardall command setting It tells you whether or not the router is set to forward multicast traffic to all interfaces 11 5 3 Example igmp show forwardall IGMP Forwarder Forward All false ...

Page 248: ...escription This command displays the following information about the status of IGMP IGMP Proxy group membership per interface details interface name and querier status group address 11 6 3 Example igmp show status Multicast group membership Interface querier Group address eth_lan yes 239 255 255 250 r1483 yes 224 0 1 101 ...

Page 249: ... dhcp ip set interface icmprouteradvertise ip set interface ipaddress ip set interface mtu ip set interface netmask ip set interface sourceaddrvalidation ip set interface tcpmssclamp ip set ttl ip show ip show debuginfo ip show interface ip show stats IP RIP commands ip clear riproutes ip list riproutes ip set interface rip accept ip set interface rip multicast ip set interface rip send ip set rip...

Page 250: ...xyarpexclusion ip interface delete staticarpentries ip interface list proxyarpentries ip interface list static arpentries ip list arpentries Secondary IP address commands ip interface add secondaryipaddress ip interface clear secondaryipaddress ip interface delete secondaryipaddress ip interface list secondaryipaddresses AppService IP commands ip list appservices ip set appservice ip show appservi...

Page 251: ...using the ip set interface dhcp enabled command By default DHCP is disabled This interface can obtain its IP configuration via PPP IPCP Internet Protocol Control Protocol negotiation See PPPoA CLI commands and PPPoE CLI commands The IP stack automatically creates a loopback interface for address 127 0 0 1 subnet mask 255 0 0 0 This interface is not displayed by the ip list interfaces command 12 2 ...

Page 252: ...e router id should be the same as the IP address of one of the router s numbered interfaces 0 0 0 0 netmask The netmask address of the interface displayed in the following format 255 255 255 0 The special value 255 255 255 255 is used to indicate an unnumbered interface An unnumbered interface is configured by setting the IP address to the interface s router id value and setting netmask to 255 255...

Page 253: ...option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column under ...

Page 254: ... values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the fi...

Page 255: ...ge of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface that will be used as a virtual interface The IP interface should not have a transport attached to it To display interface names use the ip list interfaces command N A real_inter face A name that identifies an e...

Page 256: ... 759 94 Uen B December 2005 12 6 ip clear interfaces 12 6 1 Syntax ip clear interfaces 12 6 2 Description This command clears all IP interfaces that were created using the ip add interface command 12 6 3 Example ip clear interfaces ...

Page 257: ...the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appea...

Page 258: ...ch option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column und...

Page 259: ...column means that the socket is bound to a specific interface using the SO BINDTODEVICE socket option with the specified IFIndex The IFIndex is displayed by the ip show debuginfo command A number in square brackets in the Remote address column means that the socket is bound to interfaces of a specific security class or classes using the SO_BINDTOSECCLASS socket option The number displayed is forme...

Page 260: ... CLI Commands 260 2 1553 ZAT 759 94 Uen B December 2005 udp 68 2 dhcpclient udp 50001 snmpr udp 161 snmpr udp 50000 dnsrelay udp 53 dnsrelay udp 520 rip udp 55001 tftp udp 55000 tftp udp 123 sntp key iked ...

Page 261: ...rface names IP address if previously specified DHCP status Whether a transport is attached to the interface and if so the name of the transport Whether a virtual interface is attached to a real interface The name of the attached virtual interface is displayed in the Transport column in square brackets for example ip2 12 10 3 Example ip list interfaces IP Interfaces ID Name IP Address DHCP Transpor...

Page 262: ...le gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value destination Enter the IP address or host name if you are using DNS client of the destination machine that you want to ping N A ifname A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A...

Page 263: ... and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column under the heading ID N A enabled The interface obtain...

Page 264: ...ceived 12 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers us...

Page 265: ...nterface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column under the heading ID N A ip address The IP address of the interface displayed in the following format 192 168 102 3 If the IP address is set to the special value 0 0 0 0 the interface is...

Page 266: ...5 255 255 0 The special value 255 255 255 255 is used to indicate an unnumbered interface An unnumbered interface is configured by setting the IP address to the interface s router id value and setting netmask to 255 255 255 255 If no IP address is supplied the natural mask of the IP address is used 12 14 4 Example ip set interface ip4 ipaddress 192 168 102 3 255 255 255 0 ...

Page 267: ...n existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column under the heading ID N A mtu Maximum Transmission Unit maximum packet size in bytes that an interface can handle The MTU should be set to a value appr...

Page 268: ... existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column under the heading ID N A netmask The netmask address of the interface displayed in the following format 255 255 255 0 The special value 255 255 255 255...

Page 269: ...h option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column unde...

Page 270: ...mum Transmission Unit the MSS option will be rewritten in order to allow TCP traffic to pass through the interface without requiring fragmentation 12 18 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display int...

Page 271: ... generated IP packet To display the current state of ttl use the ip show command 12 19 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value ttl A number that specifies the time to live ttl value for the IP header of all transmitted packets N A 12 19 4 Example ip set ttl 60...

Page 272: ...w 12 20 2 Description This command shows current IP configuration and any other information global to the router 12 20 3 Example ip show Global IP configuration Host routes false Poison reverse false Authentication false Auth password Advertise default false Default Route Cost 1 Default TTL 128 ...

Page 273: ...ne ICMP Advertise no CheckSrcAddr no Multicast mode none IfType ETHER MAC 00 80 37 85 c5 c2 Virtual No Device bridge VID 2 IfIndex 2 Name WanIpInterface Addr 0 0 0 0 Mask 255 0 0 0 All addresses 0 0 0 0 255 0 0 0 IGMP membership DHCP Yes MSS Clamp no IfSecClass 0 IP Filter none ICMP Advertise no CheckSrcAddr no Multicast mode none IfType ETHER MAC 00 80 37 85 c5 c2 Virtual No Device bun port eth_w...

Page 274: ...168 1 0 24 Gw 0 0 0 0 If 1 Cost 1 Dst 127 0 0 0 8 Gw 0 0 0 0 If 16 Cost 1 IGMP Proxy multicast forwarder Upstream interface none Group address Interfaces Compile time configuration IPv6 support not present Tunnel support not present IPIP Tunnel support present IPSEC support present ...

Page 275: ... Status of Source Address Validation Status of ICMP router advertisement Status of RIP send and RIP accept versions one and two Status of RIP multicast 12 22 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To displa...

Page 276: ...le ip show interface IpInterface IP Interface IpInterface Ipaddr 192 168 1 1 Mask 255 255 255 0 MTU 1500 Dhcp false TCP MSS Clamp false Source Addr Validation false Icmp Router Advertise false Accept V1 false Send V1 false Accept V2 false Send V2 false Send Multicast false ...

Page 277: ... taken from the IP group of SNMP statistics and the definition of each of the counters can be found in RFC 2011 12 23 3 Example ip show stats IP Statistics Counter name Value ipInReceives 1873 ipInHdrErrors 0 ipInAddrErrors 1569 ipForwDatagrams 1569 ipInUnknownProtos 0 ipInDiscards 0 ipInDelivers 304 ipOutRequests 304 ipOutDiscards 0 ipOutNoRoutes 0 ipReasmReqs 0 ipReasmOKs 0 ipReasmFails 0 ipFrag...

Page 278: ...4 ip clear riproutes 12 24 1 Syntax ip clear riproutes 12 24 2 Description This command deletes all the existing dynamic routes that have been obtained from RIP It does not delete the static routes see the ip clear routes command 12 24 3 Example ip clear riproutes ...

Page 279: ...Destination IP address Destination netmask address Gateway address Cost The number of hops counted as the cost of the route Timeout the number of seconds that this RIP route will remain in the routing table unless updated by RIP Source interface the name of the existing interface that this route uses 12 25 3 Example ip list riproutes IP RIP routes Destination Mask Gateway Cost Time Source 192 168 ...

Page 280: ...resses received 12 26 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface n...

Page 281: ...IP CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 281 all The interface accepts RIP version 1 RFC 1058 and RIP version 2 RFC 1723 messages 12 26 4 Example ip set interface ip3 rip accept all ...

Page 282: ...u need to set RIP to send v2 messages using the ip set interface rip send command in order for the ip set interface rip multicast enabled command to send version 2 messages via multicast 12 27 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies...

Page 283: ... 2 1553 ZAT 759 94 Uen B December 2005 283 disabled Disables RIP version 2 messages being sent via multicast Messages are sent via broadcast instead disabled 12 27 4 Example ip set interface ip1 rip multicast enabled ...

Page 284: ... fact be to a subnet and treating it as a route to the whole network may be the best way to make use of the information 12 28 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip lis...

Page 285: ...IP CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 285 all The interface sends RIP version 1 RFC 1058 and RIP version 2 RFC 1723 messages 12 28 4 Example ip set interface ip1 rip send v1 ...

Page 286: ...rotocol The cost associated with the route is the value set using the ip set rip defaultroutecost command Note You must enable default advertising before you create the default route 12 29 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enabled Enables RIP to advertis...

Page 287: ...ackets with no authentication or the wrong password will be rejected To set an authentication password use the ip set rip password command 12 30 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enabled Accepts RIP v2 packets that contain an authentication entry with th...

Page 288: ...s the cost of a default route advertised via RIP 12 31 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value cost The number of hops counted as the cost of the default route The cost value can be any positive integer between 1 and 15 1 12 31 4 Example ip set rip defaultrout...

Page 289: ...ork may be the best way to make use of the information To display the current state of rip hostroutes use the ip show command 12 32 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enabled Sets the hostroutes flag to on The interface accepts RIP routes to specific rout...

Page 290: ...s if ip set rip authentication is enabled 12 33 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value password An authentication password used by RIP v2 packets if ip set rip authentication is enabled The password is a string of 0 to 16 characters N A 12 33 4 Example ip set...

Page 291: ...RFC 1058 To display the current state of the poisoned reverse flag use the ip show command 12 34 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enabled Sets the poisoned reverse flag to on ATMOS TCP IP performs poisoned reverse as defined in RFC 1058 disabled Sets th...

Page 292: ...e already created a default route using the ip add route command or the ip add defaultroute interface command If you want RIP to advertise a default route with a default cost metric see the ip set rip advertisedefault and ip set rip defaultroutecost commands 12 35 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if...

Page 293: ... add route command or the ip add defaultroute interface command If you want RIP to advertise a default route with a default cost metric see the ip set rip advertisedefault and ip set rip defaultroutecost commands Routes via an interface can only be used on interfaces that provide point to point links 12 36 3 Options The following table gives the range of values for each option which can be specifi...

Page 294: ...with a mask to indicate what range of addresses the network covers and a next hop gateway address or interface If there is a choice of routes for a destination the route with the most specific mask is chosen Routes are used when sending datagrams as well as forwarding them so they are not relevant only to routers However a system with a single interface is likely to have a single route as a defaul...

Page 295: ...he destination network displayed in the following format 192 168 102 3 N A netmask The destination netmask address displayed in the following format 255 255 255 0 N A gateway_ip The IP address of the gateway that this route will use displayed in the following format 192 168 102 3 N A interface The name of an existing interface that this route will use To display interface names use the ip list int...

Page 296: ...53 ZAT 759 94 Uen B December 2005 12 38 ip clear routes 12 38 1 Syntax ip clear routes 12 38 2 Description This command clears all static routes that were created using the ip add route command 12 38 3 Example ip clear routes ...

Page 297: ... gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing route To display route names use the ip list routes command N A number A number that identifies an existing route To display route numbers use the ip list routes command The number appears in the first column ...

Page 298: ...ng information Route ID numbers Route names Destination IP address if previously specified Destination netmask address if previously specified Either the gateway address of the name of the destination interface whichever is set 12 40 3 Example ip list routes IP routes ID Name Destination Netmask Gateway Interface 2 route2 192 168 102 3 255 255 255 0 ip1 1 route1 192 168 50 50 255 255 255 0 192 168...

Page 299: ...then it controls the advertising of the route and uses the cost set by the ip set defaultroutecost command if the ip set rip advertisedefault command is disabled then the ip set route advertise command controls the advertising of the route and uses the cost set by the ip set route cost command as described above 12 41 3 Options The following table gives the range of values for each option which ca...

Page 300: ...3 ZAT 759 94 Uen B December 2005 Option Description Default value enabled Enables RIP to advertise a static route disabled Disables advertisement of a static route disabled 12 41 4 Example ip set route myroute advertise enabled ...

Page 301: ...lue if applicable Option Description Default value name A name that identifies an existing route To display route names use the ip list routes command N A number A number that identifies an existing route To display route numbers use the ip list routes command The number appears in the first column under the heading ID N A cost The number of hops counted as the cost of the route This may affect th...

Page 302: ...nd a default value if applicable Option Description Default value name A name that identifies an existing route To display route names use the ip list routes command N A number A number that identifies an existing route To display route numbers use the ip list routes command The number appears in the first column under the heading ID N A dest network The IP address of the destination network displ...

Page 303: ...ified with this command and a default value if applicable Option Description Default value name A name that identifies an existing route To display route names use the ip list routes command N A number A number that identifies an existing route To display route numbers use the ip list routes command The number appears in the first column under the heading ID N A gateway The IP address of the gatew...

Page 304: ... command and a default value if applicable Option Description Default value name A name that identifies an existing route To display route names use the ip list routes command N A number A number that identifies an existing route To display route numbers use the ip list routes command The number appears in the first column under the heading ID N A interface The name of the existing interface that ...

Page 305: ...12 46 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing route To display route names use the ip list routes command N A number A number that identifies an existing route To display route numbers use the ip list routes command N A ...

Page 306: ...s 306 2 1553 ZAT 759 94 Uen B December 2005 12 47 ip clear arpentries 12 47 1 Syntax ip clear arpentries 12 47 2 Description This command clears all ARP entries in the IP ARP table 12 47 3 Example ip clear arpentries ...

Page 307: ...IP addresses and corresponding MAC addresses obtained by ARP IP interface on which the host is connected Static status no for dynamically generated ARP entries yes for static entries added by the user 12 48 3 Example ip list arpentries IP ARP table entries IP address MAC address Interface Static 10 10 10 10 00 20 2b e0 03 87 iplan no 20 20 20 20 00 20 2b 03 0a 72 ipwan no 30 30 30 30 00 20 2b 03 0...

Page 308: ... not respond to proxy ARP using the ip interface add proxyarpexclusion command 12 49 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number ...

Page 309: ... 759 94 Uen B December 2005 309 in the following format 255 255 255 0 12 49 4 Example The following command adds proxy ARP support to the entire subnet 192 168 100 0 ip interface ip1 add proxyarpentry 192 168 100 0 255 255 255 0 ...

Page 310: ...50 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip l...

Page 311: ... 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing proxy ARP entry To display proxy ARP entry numbers use t...

Page 312: ...sk of proxy ARP entries and exclusions Exclusion status true for exclusions false for inclusions 12 52 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N ...

Page 313: ...IP CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 313 Proxy ARP entries for interface ip1 ID IP Address Netmask Exclude 1 192 168 100 0 255 255 255 0 false 2 192 168 100 8 255 255 255 254 true ...

Page 314: ...for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first colu...

Page 315: ...00 0 The second command adds proxy ARP exclusion support to 192 168 100 10 255 255 255 254 ip interface ip1 add proxyarpentry 192 168 100 0 255 255 255 0 ip interface ip1 add proxyarpexclusion 192 168 100 10 255 255 255 254 This means that the entire 192 168 100 0 subnet supports proxy ARP EXCEPT for addresses 192 168 100 10 and 192 168 100 11 ...

Page 316: ...gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing proxy ARP exclusion entry To display proxy ARP exclusion numbers use the ip interface l...

Page 317: ...d and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column under the heading ID N A ipaddress The IP address or...

Page 318: ...IP CLI Commands 318 2 1553 ZAT 759 94 Uen B December 2005 12 55 4 Example ip interface ip1 add staticarpentry 192 168 1 1 00 20 2b e0 03 87 ...

Page 319: ...wing table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command...

Page 320: ...Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing static ARP entry To display static ARP entry numbers use th...

Page 321: ...ARP entries MAC address of static ARP entries 12 58 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP in...

Page 322: ...IP CLI Commands 322 2 1553 ZAT 759 94 Uen B December 2005 Static ARP entries for interface ip1 ID IP Address MAC Address 1 192 168 100 0 00 20 2b e0 03 87 2 192 168 100 8 00 20 2b 03 0a 72 ...

Page 323: ...dress and the interface is Ethernet or a transport using a bridged encapsulation you must specify the subnet mask The IP stack will listen on the new address for connections to local services e g for management purposes and will also route packets to the new subnet If a secondary address is on a different subnet to the primary address and the interface is a point to point interface specifying a ne...

Page 324: ...st interfaces command The number appears in the first column under the heading ID N A ipaddress A secondary IP address that you want to add to the main IP interface You can add any number of secondary IP addresses The IP address is displayed in the following format 192 168 102 3 To display the secondary IP addresses use the ip interface list secondaryipaddresses command N A netmask The netmask of ...

Page 325: ... 60 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip ...

Page 326: ...ault value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column under the heading ID N A secondary ipaddress number The number ...

Page 327: ... for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first col...

Page 328: ... option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A number A number that identifies an existing IP interface To display interface numbers use the ip list interfaces command The number appears in the first column under...

Page 329: ... command lists the AppServices that are available and have configurable security classes It displays the following information AppService ID numbers AppService names The Security Class es configured on a specific AppService 12 64 3 Example ip list appservices ID AppService Security Classes 1 ftp all 2 http all 3 telnet all 4 snmp all 5 ssh all ...

Page 330: ...ains the application s configuration attribute Name of the VMI attribute that contains the application s SecClasses configuration 12 65 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing AppService To display AppService names use t...

Page 331: ...ppService will be provided 12 66 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing AppService To display AppService names use the ip list appservices command N A secClasses Supported secClasses values are as follows all allows acc...

Page 332: ...internal external or separated by a space and enclosed in double quotation marks for example internal external To specify all three internal external and dmz secClasses use the all value 12 66 4 Example ip set appservice telnet secclasses internal external ip set appservice ftp secclasses all ip set appservice snmp secclasses internal external ip set appservice tftp secclasses external dmz ip set ...

Page 333: ...94 Uen B December 2005 333 13 Logger CLI Commands This chapter describes the Logger CLI commands 13 1 Summary The table below lists the Logger commands provided by the CLI logger set facility logger set host logger set ident logger show ...

Page 334: ...cility code 0 represents kernel messages facility code 1 represents user level messages and so on The facility codes comply with those documented in RFC 3164 13 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value facility A numerically coded facility value as defined in...

Page 335: ...address to which syslog messages should be sent 13 3 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value host The IP address of the host to which syslog messages should be sent 0 0 0 0 unconfigured 13 3 4 Example logger set host 192 168 10 2 ...

Page 336: ...nd creates a string that will be used to identify syslog calls 13 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value ident An arbitrary name that identifies all syslog calls N A 13 4 4 Example logger set ident homerouter ...

Page 337: ... 5 1 Syntax logger show 13 5 2 Description This command displays the following information about the syslog configuration Syslog version number Host IP address Syslog call identifier Facility code 13 5 3 Example logger show version 1 00 host 192 168 10 2 ident homerouter facility 5 ...

Page 338: ...e NAT commands provided by the CLI nat enable nat disable nat add globalpool nat clear globalpools nat delete globalpool nat iketranslation nat list globalpools nat show globalpool nat add resvmap globalip tcp udp nat add resvmap globalip nat add resvmap interfacename tcp udp nat add resvmap interfacename nat clear resvmaps nat delete resvmap nat list resvmaps nat show resvmap nat status ...

Page 339: ...able NAT between two different interface types For example if interfacename is an external interface type you can enable NAT between the interfacename and the internal or the DMZ interface type but not the external interface type The following interface combinations are the only ones that you can use External outside and internal inside External outside and DMZ inside DMZ outside and internal insi...

Page 340: ...ace external or DMZ that was added to the Security package using the security add interface command To display security interfaces use the security list interfaces command N A internal Allows NAT to be enabled disabled between the interfacename and all interfaces that belong to the internal interface type N A dmz Allows NAT to be enabled disabled between the interfacename and all interfaces that b...

Page 341: ... between the security interface and all the interfaces that belong to the chosen interface type 14 3 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing NAT object created between a security interface and an interface type using the nat enable...

Page 342: ...s to an inside interface that is your mail server This command creates a pool of outside network addresses A network address pool is a range of IP addresses that is visible outside your network NAT translates packets between the outside addresses and the inside interfaces that each address is mapped to There are two ways to specify a range of IP addresses 1 Specify the interfacename IP address and...

Page 343: ...and N A internal Maps the IP addresses to the internal interface type inside the network N A dmz Maps the global addresses to the DMZ interface type inside the network N A ipaddress The IP address of the interfacename that is visible outside the network N A mask The subnet mask of the network IP address N A endaddress The last IP address in the range of addresses that make up the global address po...

Page 344: ... a network address pool that allows NAT to translate packets between the external interface and the internal interface type First NAT is enabled between the external interface and the DMZ interface type nat enable n2 extinterface internal Then the IP address and subnet mask is created nat add globalpool gp2 extinterface internal 192 168 103 2 endaddress 192 168 103 50 ...

Page 345: ...and 14 5 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value interfacename The name of an existing security interface external or DMZ created and connected to an inside interface DMZ or internal using the nat enable command To display security interfaces use the security ...

Page 346: ...s for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing global IP address To display global IP addresses use the nat list globalpools command N A interfacename The name of an existing security interface external or DMZ created and connected to an inside interface DMZ or internal using the ...

Page 347: ...efore any IPSec traffic can be passed each router firewall host must verify the identity of its peer This can be done by manually entering pre shared keys into both hosts or by a CA service 14 7 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value cookies Source port will ...

Page 348: ...e range of network pool addresses Mask End Address the outside subnet mask of the outside network IP address or the last address in the range of network pool addresses 14 8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value interfacename The name of an existing security ...

Page 349: ...s Subnet Mask or End Address the subnet mask of the outside network IP address or the last address in the range of addresses 14 9 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing global IP address To display global IP addresses u...

Page 350: ...ansport information TCP or UDP given in this command You can define reserved mappings for a range of ports and or translating port numbers 14 10 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing global IP address To display global...

Page 351: ...he first port number in the range of ports N A 2ndportno The second TCP or UDP port number in the range that started with the port specified in portno N A localportno Either a single internal TCP or UDP port number or the first port number in the range of external ports N A 2ndlocal portno The second internal TCP or UDP port number in the range of external ports to be used if you have specified a ...

Page 352: ... on the transport information given in this command 14 11 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing global IP address To display global IP addresses use the nat list globalpools command N A interfacename The name of an exi...

Page 353: ...NAT CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 353 inside the network internal or DMZ ...

Page 354: ... transport services N A egp Exterior Gateway Protocol EGP Protocol for exchanging routing information between autonomous systems N A rsvp Resource Reservation Protocol RSVP is set as the transport type Supports the reservation of resources across an IP network N A ospf Open Shortest Path First OSPF is set as the transport type A link state routing protocol N A ipip IP within IP Encapsulation Proto...

Page 355: ...ven in this command A range of external ports can be translated to a single local port if required You can define reserved mappings for a range of ports and or translating port numbers 14 12 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies a...

Page 356: ...ied in portno N A localportno Either a single internal TCP or UDP port number or the first port number in the range of external ports N A 2ndlocal portno The second internal TCP or UDP port number in the range of external ports to be used if you have specified a localportno N A 14 12 4 Example The example below forwards TCP port 80 to 90 requests on the WAN interface to 10 10 10 10 ports 8080 to 8...

Page 357: ...ress and the individual host based on the transport information given in this command 14 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing global IP address To display global IP addresses use the nat list globalpools command N ...

Page 358: ...Protocol for exchanging routing information between autonomous systems N A rsvp Resource Reservation Protocol RSVP is set as the transport type Supports the reservation of resources across an IP network N A ospf Open Shortest Path First OSPF is set as the transport type A link state routing protocol N A ipip IP within IP Encapsulation Protocol Encapsulates an IP datagram within a datagram N A all ...

Page 359: ...mands 14 14 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value interfacename The name of an existing security interface external or DMZ created and connected to an inside interface DMZ or internal using the nat enable command To display security interfaces use the securi...

Page 360: ...values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing global IP address To display global IP addresses use the nat list resvmaps command N A interfacename The name of an existing security interface external or DMZ created and connected to an inside interface DMZ or internal using th...

Page 361: ...tside security interface IP address is mapped to Transport type IGMP IPIP etc Port TCP or UDP port used by the transport type If a non TCP UDP protocol is used the port is set to 0 14 16 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value interfacename The name of an exis...

Page 362: ...NAT CLI Commands 362 2 1553 ZAT 759 94 Uen B December 2005 ID Name Global Address Internal Address Type Port 1 rm2 192 168 103 2 10 10 10 10 tcp 25 2 rm1 192 168 103 15 20 20 20 20 udp 21 ...

Page 363: ...ommand and a default value if applicable Option Description Default value name A name that identifies an existing global IP address To display global IP addresses use the nat list resvmaps command N A interfacename The name of an existing security interface external or DMZ created and connected to an inside interface DMZ or internal using the nat enable command To display security interfaces use t...

Page 364: ...s the outside security interfaces and inside interface types that NAT is currently enabled between It displays the following information NAT object identification number NAT object name Outside security interface name Inside interface type 14 18 3 Example nat status NAT enabled on ID Name Interface Type 1 n2 ip2 internal 2 n1 if1 internal ...

Page 365: ...ds 2 1553 ZAT 759 94 Uen B December 2005 365 15 Port CLI Commands This chapter describes the Port CLI commands 15 1 Summary The table below lists the Port commands provided by the CLI port port list port set port show ...

Page 366: ...4 Uen B December 2005 15 2 port 15 2 1 Syntax port 15 2 2 Description This command lists the ports that are currently available 15 2 3 Example port a1 Port name eth_lan Port name eth_wan Port name list List ports by type wireless Port name ...

Page 367: ...at belong to a specific class if that class is available in your system 15 3 3 Example port list 802 11 Port class 802 1x Port class all Port class atm Port class ethernet Port class The last line of the port list command output displays the first part of the port list port class command port list ethernet Valid port names in class ethernet eth_lan eth_wan wireless q1 pppoe wlan_filtered If you ty...

Page 368: ...ified the attribute that you want to modify you can specify the new value that you want to set it to 15 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value portname The name of a port that is configured in your system To display available ports use the port command N A ...

Page 369: ... portname set For example port a1 set 15 5 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value attribute A single attribute of a specified port An attribute has a value attached to it which you can modify N A value A value attached to an attribute The value could be a num...

Page 370: ...rt AutoSRA Enable Disable AutoSRADnShift Period value AutoSRAMaxTime CRC value AutoSRAMaxTime FEC value AutoSRAUpShift Period value AutoStart False True BitSwap Disable Enable Disables enables the adjustment of the number of bits assigned to a subcarrier without interrupting data flow Enable BitSwapUp Disable Enable Disable CabinetMode Enable Disable Capability This parameter controls whether the ...

Page 371: ...EC enables Echo Cancellation This setting is necessary if your device is connected to a high speed CO FDM enables Frequency Division Multiplexing FDM FastRetrain Enable Disable FramerType Type0 Type1 Type2 Type3 Type3ET To enable DataBoost set FramerType to Type3ET Type3 HostControl Disable Enable Disable terminates any host API interaction with the DSP for testing purposes Enable enables host API...

Page 372: ...le the bin settings configured as the RxStartBin RxEndBin parameters are used Enable DSP automatically adjust the bin selection for receive signal Disable RxEndBin value A value that indicates the highest bin number allowed for receive signal 255 RxStartBin value A value that indicates the lowest bin number allowed for receive signal 32 ShowtimeLed 0 1 2 3 4 None 2 Standard Indicates the preferred...

Page 373: ...6DB Bis_37DB Bis_38DB Bis_39DB Bis_3DB Bis_40DB Bis_4DB Bis_5DB Bis_6DB Bis_7DB Bis_8DB Bis_9DB Dmt_0 1DB Dmt_0 2DB Dmt_0 3DB Dmt_0 4DB Dmt_0 5DB Dmt_0 6DB Dmt_0 7DB Dmt_0 8DB Dmt_0 9DB Dmt_0DB Dmt_10DB Dmt_11DB Dmt_12DB Dmt_1DB Dmt_2DB Dmt_3DB Dmt_4DB Dmt_5DB Dmt_6DB Dmt_7DB Dmt_8DB Dmt_9DB Bis_0DB TxEndBin value A value that indicates the highest bin number allowed for transmit signal 31 TxStart...

Page 374: ...t portname set For example port wireless set 15 6 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value attribute A single attribute of a specified port An attribute has a value attached to it which you can modify N A value A value attached to an attribute The value could b...

Page 375: ...T BE DK FI DE GR IE IS IT CH LI LU NO NL PT SE GB HU PL CurrentCountry can be selected to simplify the configuration of allowed channels There are 14 channels available but in most country only 13 channels are allowed and some other have even less By selecting CurrentCountry all forbidden channels will be disabled and cannot be configured to be used by mistake See the HM4x0 Quick Installation Guid...

Page 376: ...rue MacAddressAuth Blacklist Whitelist disabled The MAC addresses entered in the MacAddressList can be either Blacklisted or Whitelisted If they are Blacklisted all MAC addresses that is entered in the MacAddressList will be blocked by the AP If Whitelisted is selected only the MAC addresses in the MacAddressList will be allowed all other will be blocked disabled MacAddressList index 0 31 value ma...

Page 377: ...OT11_OID_RATES 1 2 5 5 and 11 Mbps 6 9 12 18 24 36 48 and 54 Mbps DOT11_OID_PREAMBLESETTING_DYNAMIC DOT11_OID_CWMIN 15 DOT11_OID_NONERPPROTECTION_DYNAMIC DOT11_OID_SLOTSETTINGS_DYNAMIC MIXED_G_WIFI DOT11_OID_RATES 1 2 5 5 and 11 Mbps 6 9 12 18 24 36 48 and 54 Mbps DOT11_OID_PREAMBLESETTING_DYNAMIC DOT11_OID_CWMIN 15 DOT11_OID_NONERPPROTECTION_DYNAMIC DOT11_OID_SLOTSETTINGS_DYNAMIC MIXED_LONG DOT11...

Page 378: ... are sent the quicker the system can recover from interference or collisions as would be the case in a heavily loaded network or a wireless network with much electromagnetic interference 2347 WPA false true Enables WPA to be enabled or disabled false WPAEnableEAP false true Enables WPA to use EAP for authentication of wireless clients This also implicitly requires a RADIUS server that can handle t...

Page 379: ... CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 379 Attribute Description Default value resetDefaults false true Setting this to true will reset the wireless card and restore it to default values false ...

Page 380: ...ort 15 7 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value portname The name of a port that is configured in your system To display available ports use the port command N A 15 7 4 Example port eth_lan show resetDefaults false portSnmpIfIndex 2 portSnmpIfType 6 ...

Page 381: ...atus of a port 15 8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value portname The name of a port that is configured in your system To display available ports use the port command N A 15 8 4 Example port eth_lan status resetDefaults false ...

Page 382: ...abled pppoa set transport eventlevel pppoa set transport givedns client pppoa set transport givedns relay pppoa set transport headers hdlc pppoa set transport headers llc pppoa set transport interface pppoa set transport ipv6cp pppoa set transport lcpechoevery pppoa set transport lcpmaxconf pppoa set transport icpmaxfail pppoa set transport lcpmaxterm pppoa set transport localip pppoa set transpor...

Page 383: ...59 94 Uen B December 2005 383 pppoa set transport username pppoa set transport vci pppoa set transport vpi pppoa set transport welogin pppoa show transport pppoa show transport debuginfo channel pppoa show transport debuginfo config ...

Page 384: ...irtual Circuit Identifier The port VPI VCI combination must be unique for each transport 16 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitrary name that identifies the transport It can be made up of one or more letters or a combination of letters and ...

Page 385: ...e VPI is used to identify the virtual path that a circuit belongs to The VPI can be any value between 0 and 4095 N A vci Part of the ATM header The VCI is a tag that identifies which channel a cell will travel over The VCI can be any value between 1 and 65535 N A 16 2 4 Example pppoa add transport pppoa1 dialin pvc 1 a1 0 800 ...

Page 386: ...al Circuit Identifier The port VPI VCI combination must be unique for each transport 16 3 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitrary name that identifies the transport It can be made up of one or more letters or a combination of letters and digi...

Page 387: ...e VPI is used to identify the virtual path that a circuit belongs to The VPI can be any value between 0 and 4095 N A vci Part of the ATM header The VCI is a tag that identifies which channel a cell will travel over The VCI can be any value between 1 and 65535 N A 16 3 4 Example pppoa add transport pppoa1 dialout pvc 1 a1 0 800 ...

Page 388: ... Uen B December 2005 16 4 pppoa clear transports 16 4 1 Syntax pppoa clear transports 16 4 2 Description This command deletes all PPPoA transports that were created using the pppoa add transport commands 16 4 3 Example pppoa clear transports ...

Page 389: ...ns The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa...

Page 390: ... been created using the pppoa add transport commands It displays the following information about the transports Transport identification number Transport name ATM port used if applicable Virtual Circuit Identifier VCI used if applicable Virtual Path Identifier VPI used if applicable 16 6 3 Example pppoa list transports PPPoA transports ID Name Port Vci Vpi 1 p2 N A N A N A 2 p1 a1 800 0 ...

Page 391: ... 16 7 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers ...

Page 392: ...wing table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transp...

Page 393: ...To display the createroute settings use the pppoa show transport command The route is removed when the PPP link is disconnected 16 9 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use ...

Page 394: ...the following information The ATM port that will transport data VPI Virtual Path Identifier VCI Virtual Circuit Identifier The port VPI VCI combination must be unique for each transport 16 10 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies ...

Page 395: ...he VPI is used to identify the virtual path that a circuit belongs to The VPI can be any value between 0 and 4095 N A vci Part of the ATM header The VCI is a tag that identifies which channel a cell will travel over The VCI can be any value between 1 and 65535 N A 16 10 4 Example pppoa set transport pppoa2 dialin pvc a1 0 800 ...

Page 396: ...following information The ATM port that will transport data VPI Virtual Path Identifier VCI Virtual Circuit Identifier The port VPI VCI combination must be unique for each transport 16 11 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an e...

Page 397: ...e VPI is used to identify the virtual path that a circuit belongs to The VPI can be any value between 0 and 4095 N A vci Part of the ATM header The VCI is a tag that identifies which channel a cell will travel over The VCI can be any value between 1 and 65535 N A 16 11 4 Example pppoa set transport pppoa2 dialout pvc a1 0 800 ...

Page 398: ...setting for the pppoa set transport givedns commands is also enabled 16 12 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that...

Page 399: ...setting for the pppoa set transport givedns commands is also enabled 16 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that...

Page 400: ...eded for testing purposes the transport must be enabled explicitly 16 14 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that i...

Page 401: ...ported 4 Every packet and significant state change is reported 5 Every packet sent received is disassembled and hex dumped 6 Levels 1 5 plus assignment of the IP addresses to the interface and extra authentication information CHAP PAP reported 7 Levels 1 6 plus tunneling reported 8 Levels 1 7 plus minor phase changes reported 9 Levels 1 8 plus all timer information reported 16 15 3 Options The fol...

Page 402: ... A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A pppevent level A numerically coded debugging tracing event level value The value can be any numerical value between 1 9 1 16 15 4 Example pppoa set transport pppoa3 eventlevel 4 ...

Page 403: ...hed 16 16 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numb...

Page 404: ...shed 16 17 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport num...

Page 405: ...e to transmit receive packets by learning the format information from incoming packets 16 18 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A nu...

Page 406: ...e to transmit receive packets by learning the format information from incoming packets 16 19 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A nu...

Page 407: ...s for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A idletimeout The le...

Page 408: ...his command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A interface The PPP interface to a channel that transports PPPoA da...

Page 409: ...22 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use...

Page 410: ...ify zero 0 in the interval attribute 16 23 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA tr...

Page 411: ...s command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A lcp max configure Link Control Protocol the maximum number of confi...

Page 412: ...plicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A lcp max fail Link Control Protocol the maximum number of consecutive negative acknowledgements indicat...

Page 413: ...mmand and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A lcp max term Link Control Protocol the maximum number of consecutive Te...

Page 414: ... that the interface is attached to 16 27 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA tran...

Page 415: ... table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports...

Page 416: ... gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports comma...

Page 417: ...the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A ...

Page 418: ...PPPoA CLI Commands 418 2 1553 ZAT 759 94 Uen B December 2005 16 30 4 Example pppoa set transport pppoa1 password mercury pppoa set transport pppoa1 username jsmith password mercury ...

Page 419: ... with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A peak cell rate Determines the maximum rate at which ATM ce...

Page 420: ...ique for each transport 16 32 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To di...

Page 421: ...st effort and high priority traffic are prioritized on the same ATM VC 16 33 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number th...

Page 422: ... VCI combination must be unique for each transport 16 34 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an exi...

Page 423: ...mber 2005 423 Option Description Default value vci Part of the ATM header The VCI is a tag that identifies which channel a cell will travel over The VCI can be any value between 1 and 65535 N A 16 34 4 Example pppoa set transport pppoa2 pvc a1 0 800 ...

Page 424: ...escription Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A ubr Unspecified Bit Rate non constant and unpredictable data transport rate PCR Peak Cell Rate is the average and maxim...

Page 425: ...a transport rate that uses Real Time RT You can specify the PCR SCR BT and MBS for VBRRT traffic abr Available Bit Rate non constant and unpredictable data transport rate that provides ATM layer feedback and flow control qfc QFC ATM flow control protocol that supports ABR 16 35 4 Example pppoa set transport pppoa3 qosclass abr ...

Page 426: ...0 0 0 16 36 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport nu...

Page 427: ...e setting a primary address pppoa set transport pppoa1 remotedns 192 168 102 3 Example two setting primary and secondary addresses pppoa set transport pppoa1 remotedns 192 168 102 3 192 168 105 1 Example three deleting an address pppoa set transport pppoa1 remotedns 192 168 102 3 0 0 0 0 ...

Page 428: ...e range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A ip...

Page 429: ...Protocol Control Protocol negotiation 16 38 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA t...

Page 430: ... of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A sustainab...

Page 431: ...tained during IPCP negotiation The mask for the route is calculated from the class of the remote subnet unless an alternative has been specified using the pppoa set transport routemask command If specificroute is set to disabled a default route to the subnet at the remote end of the PPP link is created 16 40 3 Options The following table gives the range of values for each option which can be speci...

Page 432: ...A CLI Commands 432 2 1553 ZAT 759 94 Uen B December 2005 disabled A default route to the subnet at the remote end of the PPP link is crated 16 40 4 Example pppoa set transport pppoa1 specificroute disabled ...

Page 433: ...tion 16 41 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport num...

Page 434: ...em set login maydialin command 16 42 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transpor...

Page 435: ...35 chap Challenge Handshake Authentication Protocol the server sends an authentication request to the remote users dialing in CHAP passes the encrypted username and password and identifies the remote end 16 42 4 Example pppoa set transport pppoa2 theylogin pap ...

Page 436: ...ues for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A username A name ...

Page 437: ...PPPoA CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 437 16 43 4 Example pppoa set transport pppoa2 username jsmith pppoa set transport pppoa2 username jsmith password mercury ...

Page 438: ...h option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A vci Part of the ATM header ...

Page 439: ...option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A vpi A field in the ATM header...

Page 440: ...e if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A none No authentication method is used auto The authentication protocol used by the remote PPP s...

Page 441: ...441 chap Challenge Handshake Authentication Protocol the server sends an authentication request to the remote user dialing in CHAP passes the encrypted username and password and identifies the remote end 16 46 4 Example pppoa set transport pppoa2 welogin pap ...

Page 442: ...nnection state Server dialin status Headers the data format that the transport can accept or receive SVC status true or false Local IP address Subnet mask Remote IP address Remote DNS Give DNS to Client status Give DNS to Relay status Create Route status Specific Route status Route mask Dialout Username Dialout Password Dialout Authentication method Dialin Authentication method LCP Max Configure L...

Page 443: ...setting 16 47 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport ...

Page 444: ...Relay false Create Route true Specific Route false Route Mask 0 0 0 0 Dialout Username Dialout Password Dialout Auth none Dialin Auth none Lcp Max Configure 10 Lcp Max Failure 5 Lcp Max Terminate 2 Lcp Echo Every 10 Auto Connect false Idle Timeout 0 ATM Port a1 Tx VPI 0 Rx VPI 0 Tx VCI 800 Rx VCI 800 ATM Traffic Class UBR Peak Cell Rate 2500 Burst Tolerance N A Sustainable Cell Rate N A Max Burst ...

Page 445: ... be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports command N A 16 48 4 Example pppoa show transport PppoaUp ...

Page 446: ... 0 ppp 95795 1 PPP 1 ECHO every 10 seconds ppp 95795 1 PPP 1 IPCP state Starting ppp 95795 1 PPP 1 IPCP local options IP address 0 0 0 0 ppp 95795 1 PPP 1 IPCP local options primary DNS server discovery disabled ppp 95795 1 PPP 1 IPCP local options IP subnet mask discovery disabled ppp 95795 1 PPP 1 IPCP remote options IP address 0 0 0 0 ppp 95795 1 PPP 1 Transmitted 0 bytes 0 packets ppp 95795 1 ...

Page 447: ...ble gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoA transport To display transport names use the pppoa list transports command N A number A number that identifies an existing PPPoA transport To display transport numbers use the pppoa list transports co...

Page 448: ... set transport discoverdns primary pppoe set transport discoverdns secondary pppoe set transport eth pppoe set transport enabled disabled pppoe set transport eventlevel pppoe set transport givedns client pppoe sets transport givedns relay pppoe set transport headers hdlc pppoe set transport headers llc pppoe set transport interface pppoe set transport ipv6cp pppoe set transport idletimeout pppoe s...

Page 449: ...set transport scr pppoe set transport specificroute pppoe set transport subnetmask pppoe set transport servicename pppoe set transport theylogin pppoe set transport username pppoe set transport welogin pppoe show transport pppoe show transport debuginfo channel pppoe show transport debuginfo config ...

Page 450: ...erface to the channel that the PVC will use The ATM port that will transport data VPI Virtual Path Identifier VCI Virtual Circuit Identifier Access concentrator optional Service name optional The port VPI VCI combination must be unique for each transport 17 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if appl...

Page 451: ...e between 1 and 65535 N A concen trator A PPPoE tag that identifies a remote access concentrator or PPPoE server PPPoE will only connect to the named access concentrator If no concentrator tag is set PPPoE connects to the first access concentrator that responds The tag name number is determined by your ISP N A service name A PPPoE tag that identifies a specific service that is acceptable to the PP...

Page 452: ... optional Service name optional 17 3 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitrary name that identifies the transport It can be made up of one or more letters or a combination of letters and digits but it cannot start with a digit N A interface The...

Page 453: ...e tag name number is determined by your ISP N A service name A PPPoE tag that identifies a specific service that is acceptable to the PPPoE client If set the PPPoE transport will connect to the first access concentrator it finds that uses this service If an access concentrator is also set the PPPoE transport will connect to the specified service on the named concentrator The service name is determ...

Page 454: ... Uen B December 2005 17 4 pppoe clear transports 17 4 1 Syntax pppoe clear transports 17 4 2 Description This command deletes all PPPoE transports that were created using the pppoe add transport commands 17 4 3 Example pppoe clear transports ...

Page 455: ... the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A...

Page 456: ...using the pppoe add transport commands It displays the following information about the transports Transport identification number Transport name Name of port used Virtual Circuit Identifier VCI used PVC transports only Virtual Path Identifier VPI used PVC transports only 17 6 3 Example pppoe list transports PPPoE transports ID Name Port Vci Vpi 1 p3 realtek N A N A 2 p2 a1 800 0 3 p1 ethernet0 N A...

Page 457: ... range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A interface A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A ...

Page 458: ...LI Commands 458 2 1553 ZAT 759 94 Uen B December 2005 17 7 4 Example pppoe set transport pppoe1 accessconcentrator server5 17 7 5 See also For more information about PPPoE and access concentrators see RFC 2516 ...

Page 459: ... 17 8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers ...

Page 460: ... to clear an existing autoconnect filter Note This command is only effective if you have already enabled PPP autoconnection using the pppoe set transport autoconnect command 17 9 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing P...

Page 461: ...The TCP port that you want to set the autoconnect filter on N A udpportadd The UDP port that you want to set the autoconnect filter on N A 17 9 4 Example This example creates a filter to prevent TCP SNMPTRAP packets from starting PPP autoconnect pppoe set transport pppoe1 autoconnect filter add tcpport 162 ...

Page 462: ...each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A burst tolerance Controls...

Page 463: ... To display the createroute settings use the pppoe show transport command The route is removed when the PPP link is disconnected 17 11 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names us...

Page 464: ...terface that was specified when the transport was created 17 12 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies...

Page 465: ...setting for the pppoe set transport givedns commands is also enabled 17 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that...

Page 466: ...setting for the pppoe set transport givedns commands is also enabled 17 14 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that...

Page 467: ...which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A port The system port that is used to...

Page 468: ...eded for testing purposes the transport must be enabled explicitly 17 16 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that i...

Page 469: ...eported 4 Every packet and significant state change is reported 5 Every packet sent received is disassembled and hex dumped 6 Levels 1 5 plus assignment of the IP addresses to the interface and extra authentication information CHAP PAP reported 7 Levels 1 6 plus tunneling reported 8 Levels 1 7 plus minor phase changes reported 9 Levels 1 8 plus all timer information reported 17 17 3 Options The fo...

Page 470: ... A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A pppevent level A numerically coded debugging tracing event level value The value can be any numerical value between 1 9 1 17 17 4 Example pppoe set transport pppoe3 eventlevel 4 ...

Page 471: ...hed 17 18 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numb...

Page 472: ...shed 17 19 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport num...

Page 473: ...e to transmit receive packets by learning the format information from incoming packets 17 20 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A nu...

Page 474: ...e to transmit receive packets by learning the format information from incoming packets 17 21 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A nu...

Page 475: ...s for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A idletimeout The le...

Page 476: ...23 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use...

Page 477: ...his command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A interface The PPP interface to a channel that transports PPPoE da...

Page 478: ...ify zero 0 in the interval attribute 17 25 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE tr...

Page 479: ...s command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A lcp max configure Link Control Protocol the maximum number of confi...

Page 480: ...plicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A lcp max fail Link Control Protocol the maximum number of consecutive negative acknowledgements indicat...

Page 481: ...mmand and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A lcp max term Link Control Protocol the maximum number of consecutive Te...

Page 482: ... following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list ...

Page 483: ...ange of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A maxim...

Page 484: ... for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A min cell rate Deter...

Page 485: ...the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A ...

Page 486: ...PPPoE CLI Commands 486 2 1553 ZAT 759 94 Uen B December 2005 17 32 4 Example pppoe set transport pppoe1 password mercury pppoe set transport pppoa1 username jsmith password mercury ...

Page 487: ...efault value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A peak cell rate Determines the maximum rate at which ATM cells are allowed to be sent...

Page 488: ...st effort and high priority traffic are prioritized on the same ATM VC 17 34 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number th...

Page 489: ... VCI combination must be unique for each transport 17 35 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an exi...

Page 490: ...December 2005 Option Description Default value vci Part of the ATM header The VCI is a tag that identifies which channel a cell will travel over The VCI can be any value between 1 and 65535 N A 17 35 4 Example pppoe set transport pppoe2 pvc a1 0 800 ...

Page 491: ...value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A ubr Unspecified Bit Rate non constant and unpredictable data transport rate PCR Peak Cell Rate is the average and maximum speed of transmi...

Page 492: ...a transport rate that uses Real Time RT You can specify the PCR SCR BT and MBS for VBRRT traffic abr Available Bit Rate non constant and unpredictable data transport rate that provides ATM layer feedback and flow control qfc QFC ATM flow control protocol that supports ABR 17 36 4 Example pppoe set transport pppoe3 qosclass abr ...

Page 493: ...0 0 0 17 37 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport nu...

Page 494: ...e setting a primary address pppoe set transport pppoe1 remotedns 192 168 102 3 Example two setting primary and secondary addresses pppoe set transport pppoe1 remotedns 192 168 102 3 192 168 105 1 Example three deleting an address pppoe set transport pppoe1 remotedns 192 168 102 3 0 0 0 0 ...

Page 495: ...e range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A ip...

Page 496: ...Protocol Control Protocol negotiation 17 39 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE t...

Page 497: ... of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A sustainab...

Page 498: ...an be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A service name A PPPoE tag that identifies a ...

Page 499: ...PPPoE CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 499 17 41 4 Example pppoe set transport pppoe1 servicename jupiter ...

Page 500: ...ote end of the PPP link The address of this subnet is obtained during IPCP negotiation The mask for the route is calculated from the class of the remote subnet unless an alternative has been specified using the pppoe set transport routemask command If specificroute is set to disabled a default route to the subnet at the remote end of the PPP link is created 17 42 3 Options The following table give...

Page 501: ...ion Default value enabled Allows the created route to apply to packets for the subnet at the remote end of the PPP link disabled A default route to the subnet at the remote end of the PPP link is crated disabled 17 42 4 Example pppoe set transport pppoe1 specificroute disabled ...

Page 502: ...tion 17 43 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport num...

Page 503: ...em set login maydialin command 17 44 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transpor...

Page 504: ...05 chap Challenge Handshake Authentication Protocol the server sends an authentication request to the remote users dialing in CHAP passes the encrypted username and password and identifies the remote end 17 44 4 Example pppoe set transport pppoe2 theylogin pap ...

Page 505: ...alues for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A username A nam...

Page 506: ...PPPoE CLI Commands 506 2 1553 ZAT 759 94 Uen B December 2005 17 45 4 Example pppoe set transport pppoe2 username jsmith pppoe set transport pppoe2 username jsmith password mercury ...

Page 507: ...e if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A none No authentication method is used auto The authentication protocol used by the remote PPP s...

Page 508: ...005 chap Challenge Handshake Authentication Protocol the server sends an authentication request to the remote user dialing in CHAP passes the encrypted username and password and identifies the remote end 17 46 4 Example pppoe set transport pppoe2 welogin pap ...

Page 509: ...r Server dialin status Headers the data format that the transport can accept or receive SVC status false Local IP address Subnet mask Remote IP address Remote DNS Propagate DNS to Client true or false Propagate DNS to Relay true or false Create Route true or false Specific Route true or false Route netmask Dialout Username Dialout Password Dialout Authentication method Dialin Authentication method...

Page 510: ...imum Cell Rate MCR PVC transports only Packet Priority Levels setting 17 47 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number tha...

Page 511: ... true To relay true Create route true Specific route false Route netmask 0 0 0 0 Dialout username Dialout password Dialout auth none Dialin auth none LCP Max Conf 10 LCP Max Failure 5 LCP Max Terminate 2 LCP Echo Every 10 Autoconnect false User Idle Timeout 0 Access Concentrator server32 Service Name mercury ATM Port a1 Tx VPI 2 Rx VPI 2 Tx VCI 400 Rx VCI 400 ATM Traffic Class UBR Peak Cell Rate 2...

Page 512: ...command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A 17 48 4 Example pppoe show transport PppoeUp debuginfo channel ppp 96...

Page 513: ...y 10 seconds ppp 96964 1 PPP 2 IPCP state Starting ppp 96964 1 PPP 2 IPCP local options IP address 0 0 0 0 ppp 96964 1 PPP 2 IPCP local options primary DNS server 0 0 0 0 ppp 96964 1 PPP 2 IPCP local options secondary DNS server 0 0 0 0 ppp 96964 1 PPP 2 IPCP local options IP subnet mask discovery disabled ppp 96964 1 PPP 2 IPCP remote options IP address 0 0 0 0 ppp 96964 1 PPP 2 Transmitted 0 byt...

Page 514: ...n be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing PPPoE transport To display transport names use the pppoe list transports command N A number A number that identifies an existing PPPoE transport To display transport numbers use the pppoe list transports command N A 17 49 4 Example pppoe show transport PppoeUp...

Page 515: ...ete transport rfc1483 list transports rfc1483 set transport bt rfc1483 set transport mbs rfc1483 set transport mcr rfc1483 set transport mode rfc1483 set transport pcr rfc1483 set transport port rfc1483 set transport prilevels rfc1483 set transport qosclass rfc1483 set transport rxvci rfc1483 set transport rxvpi rfc1483 set transport scr rfc1483 set transport txvci rfc1483 set transport txvpi rfc1...

Page 516: ...optional The port VPI VCI combination must be unique for each transport 18 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitrary name that identifies the transport It can be made up of one or more letters or a combination of letters and digits but it can...

Page 517: ...el a cell will travel over The VCI can be any value between 1 and 65535 N A llc Logical Link Control encapsulation method vcmux VC Multiplexing encapsulation method llc bridged Traffic type that is going to be transmitted received routed Traffic type that is going to be transmitted received bridged 18 2 4 Example rfc1483 add transport my1483 myport 0 700 vcmux routed ...

Page 518: ...n B December 2005 18 3 rfc1483 clear transports 18 3 1 Syntax rfc1483 clear transports 18 3 2 Description This command deletes all RFC1483 transports that were created using the rfc1483 add transport command 18 3 3 Example rfc1483 clear transports ...

Page 519: ...the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports comm...

Page 520: ...ave been created using the rfc1483 add transport command It displays the following information about the transports Transport identification number Transport name Name of the ATM port used to transport RFC1483 data Transmit and receive VCI numbers Transmit and receive VPI numbers 18 5 3 Example rfc1483 list transports RFC1483 transports ID Name Port TxVci RxVci TxVpi RxVpi 1 my1483 a1 700 700 0 0 ...

Page 521: ...ach option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A burst tolerance C...

Page 522: ...nge of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N ...

Page 523: ...ich can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A min cell rate Determines the m...

Page 524: ...ch option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A llc Logical Link C...

Page 525: ...licable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A peak cell rate Determines the maximum rate at which ATM cells are allowed to be transported int...

Page 526: ...tion which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A atm port The system por...

Page 527: ... effort and high priority traffic are prioritized on the same ATM VC 18 12 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number ...

Page 528: ... identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A ubr Unspecified Bit Rate non constant and unpredictable data transport rate PCR Peak Cell Rate is the average and maximum speed of transmission cbr Cons...

Page 529: ...a transport rate that uses Real Time RT You can specify the PCR SCR BT and MBS for VBRRT traffic abr Available Bit Rate non constant and unpredictable data transport rate that provides ATM layer feedback and flow control qfc QFC ATM flow control protocol that supports ABR 18 13 4 Example rfc1483 set transport my1483 qosclass abr ...

Page 530: ... each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A rxvci Part of t...

Page 531: ...h can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A rxvpi A field in the ATM header ...

Page 532: ...specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A sustainable cell rate Sustainable Cell Ra...

Page 533: ...each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A txvci Part of th...

Page 534: ...h can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A txvpi A field in the ATM header ...

Page 535: ... be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A vci Part of the ATM header The VCI is...

Page 536: ...pecified with this command and a default value if applicable Option Description Default value name A name that identifies an existing RFC1483 transport To display transport names use the rfc1483 list transports command N A number A number that identifies an existing RFC1483 transport To display transport numbers use the rfc1483 list transports command N A vpi A field in the ATM header The VPI is u...

Page 537: ...Virtual Path Identifier TX VCI transmit Virtual Circuit Identifier RX VCI receive Virtual Circuit Identifier ATM Traffic class PCR Peak Cell Rate BT Burst Tolerance SCR Sustainable Cell Rate MBS Maximum Burst Size MCR Minimum Cell Rate Packet Priority Levels 18 21 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if...

Page 538: ...lay transport numbers use the rfc1483 list transports command N A 18 21 4 Example rfc1483 show transport my1483 RFC1483 Transport my1483 Description Default LAN port Encapsulation LlcBridged ATM port a1 Tx VPI 0 Rx VPI 0 Tx VCI 800 Rx VCI 800 ATM Traffic class UBR Peak Cell Rate 0 Burst Tolerance N A Sustainable Cell Rate 800 Max Burst Size N A Max Cell Rate N A Packety Priority Levels 2 ...

Page 539: ...rity interfaces that are used to configure the NAT and Firewall child modules set triggers to allow applications to open secondary port sessions set IDSs Intrusion Detection Settings configure security applications The NAT module is a child module in the Security Package The NAT commands allow you to implement NAT based on the security interfaces added to the Security package by the parent Securit...

Page 540: ...ity clear interfaces security delete interface security list interfaces security show interface security add management station range security delete management station security list management station security set management station security add trigger tcp udp security add trigger netmeeting security clear triggers security delete trigger security list triggers security set trigger addressreplac...

Page 541: ...IDS portfloodthreshold security set IDS scanperiod security set IDS scanthreshold security set IDS victimprotection security show IDS security add application security clear application security list applications security application add dependency security application delete dependency security set application internalhost security application clear internalhost security application add port secu...

Page 542: ...s made to the Security NAT or Firewall modules when the package was enabled remain in the system so that you can re enable them later in the session If you need to reboot your system but want to save the security configuration between sessions use the system config save command 19 2 3 Options The following table gives the range of values for each option which can be specified with this command and...

Page 543: ...isabled Firewall security level setting none high low or medium Firewall session logging enabled or disabled Firewall blocking logging enabled or disabled Firewall intrusion logging enabled or disabled NAT status enabled or disabled 19 3 3 Example security status Security enabled Firewall disabled Firewall security level none NAT disabled Intrusion detection is disabled Security logging is enabled...

Page 544: ...nables disables logging of Blocking activity Intrusion activity Session events 19 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enable Logging is enabled disable Logging is disabled disabled blockinglog Details of blocking activity are logged enabled intrusionlog ...

Page 545: ...g table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enable The specified logging activity is displayed at the console disable The specified logging activity is sent to the event log disabled blockinglog Specifies where blocking activity is displayed intrusionlog Specifies where intrusion activ...

Page 546: ...ble gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value blockinglog Configures blocking logging N A intrusionlog Configures intrusion logging N A sessionlog Configures session event logging N A level The level of logging reported at the event log or the console You can choose from the following levels...

Page 547: ... can use them in the NAT and or Firewall configurations 19 7 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing IP interface To display interface names use the ip list interfaces command N A external An interface that connects to t...

Page 548: ...2005 19 8 security clear interfaces 19 8 1 Syntax security clear interfaces 19 8 2 Description This command removes all security interfaces that were added to the Security package using the security add interface command 19 8 3 Example security clear interfaces ...

Page 549: ...to the Security package using the security add interface command 19 9 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing security interface To display interface names use the security list interfaces command N A 19 9 4 Example secu...

Page 550: ...scription This command lists the following information about security interfaces that were added to the Security package using the security add interface command Interface ID number Interface name Interface type external internal or DMZ 19 10 3 Example security list interfaces Security Interfaces ID Name Type 1 i1 internal 2 i2 external 3 i3 dmz ...

Page 551: ... following interface information is displayed Interface name Interface type external internal or DMZ 19 11 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing security interface To display interface names use the security list inter...

Page 552: ...t and port number The Management Station is not enabled until you enable it using the security set mgmt station command or enable Remote Access using EmWeb The idle timeout setting configured here is overruled by the idle timeout setting configured using the EmWeb System Remote Access page 19 12 3 Options The following table gives the range of values for each option which can be specified with thi...

Page 553: ...umber used This is only effective if the transport_type is set to 6 TCP or 17 UDP The wildcard is 65535 N A idle_timeout The idle time in minutes If no sessions are created by the Management Station within this setting the Station is disabled If a session is created that session uses the idle time set and the Station is not disabled until the session expires 0 no timeout 19 12 4 Example security a...

Page 554: ... Description This command deletes a single Management Station that was added to the Security module using the security add mgmt station command 19 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing Management Station To display ...

Page 555: ... The enable disable setting configured here is overruled by the enable disable setting configured using the EmWeb System Remote Access page 19 14 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing Management Station To display Mana...

Page 556: ...ere added to the Security module using the security add mgmt station command It displays the following information about Management Stations Management Station ID number Management Station name Subnet status true or false IP address of subnet or first address in range Subnet mask or last address of range Transport number Port number Idle timeout in minutes Enabled status true or false 19 15 3 Exam...

Page 557: ...ity set IDS SCANattackblock until the portfilters were deleted A trigger opens a secondary port dynamically and allows you to specify the length of time that it can remain inactive before it is closed 19 16 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbit...

Page 558: ...rval Sets the maximum interval time in milliseconds between the use of secondary port sessions If a secondary port opened by a trigger has not been used for the specified time it is closed 3000 19 16 4 Example The following example creates a Netmeeting H323 trigger security add trigger t1 tcp 1720 1720 30000 ...

Page 559: ...on opens a secondary port session You do not have to set the port range or maxactinterval for a Netmeeting trigger the CLI automatically sets this for you 19 17 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitrary name that identifies the trigger It can b...

Page 560: ...cember 2005 19 18 security clear triggers 19 18 1 Syntax security clear triggers 19 18 2 Description This command deletes all triggers that were added to the Security module using the security add trigger commands 19 18 3 Example security clear triggers ...

Page 561: ...ed to the Security module using the security add trigger commands 19 19 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names use the security list triggers command N A 19 19 4 Example security delete ...

Page 562: ...s that were added to the Security module using the security add trigger command It displays the following information about triggers Trigger ID number Trigger name Trigger transport type TCP or UDP Port range Secondary port range Interval 19 20 3 Example security list triggers Security Triggers ID Name Type Port Range Sec Port Range Interval 1 t1 tcp 1720 1720 1024 65535 30000 ...

Page 563: ...inside host IP address and NAT translates the packets to the correct destination You can specify whether you want to carry out address replacement on TCP packets on UDP packets or on both TCP and UDP packets 19 21 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A...

Page 564: ...Security CLI Commands 564 2 1553 ZAT 759 94 Uen B December 2005 19 21 4 Example security set trigger t2 addressreplacement tcp ...

Page 565: ...trigger 19 22 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names use the security list triggers command N A enable A secondary session can be initiated to from different remote hosts disable A secon...

Page 566: ...mmand security set trigger addressreplacement 19 23 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names use the security list triggers command N A enable Enables the use of binary address replacement...

Page 567: ...table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names use the security list triggers command N A interval Sets the maximum interval time in milliseconds between the use of secondary port sessions If a secondary port opened by...

Page 568: ... for an existing trigger 19 25 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names use the security list triggers command N A portnumber Sets the end of the trigger port range N A 19 25 4 Example sec...

Page 569: ...e for an existing trigger 19 26 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names use the security list triggers command N A portnumber Sets the start of the trigger port range N A 19 26 4 Example ...

Page 570: ...ct the ports that a trigger will open however this is not usually necessary 19 27 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names use the security list triggers command N A portnumber Sets the en...

Page 571: ...t the ports that a trigger will open however this is not usually necessary 19 28 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names use the security list triggers command N A portnumber Sets the sta...

Page 572: ...ssion which allows multi level session triggering 19 29 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names use the security list triggers command N A enable Enables TCP sessionchaining on an existin...

Page 573: ...he syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 30 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trigger To display trigger names...

Page 574: ...Security CLI Commands 574 2 1553 ZAT 759 94 Uen B December 2005 19 30 4 Example security set trigger t3 UDPsessionchaining enable ...

Page 575: ...ple host permission true or false Maximum activity interval in milliseconds Session chaining permission true or false Session chaining on UDP permission true or false Binary address replacement permission true or false Address translation type UDP TCP none or both 19 31 3 Options The following table gives the range of values for each option which can be specified with this command and a default va...

Page 576: ...ecember 2005 Transport Type tcp Starting port number 1720 Ending port number 1720 Allow multiple hosts false Max activity interval 30000 Session chaining false Session chaining on UDP false Binary address replacement false Address translation type none ...

Page 577: ... changes made when IDS was enabled are not deleted you can re enable them later in the session Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 32 3 Options The following table gives the range of valu...

Page 578: ...ensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 33 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value...

Page 579: ...s to the system if IDS has detected an intrusion from that host Access to the network is denied for ten minutes unless this command is used before this duration expires Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax...

Page 580: ...tack are blocked for a specified duration 600 minutes by default Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 35 3 Options The following table gives the range of values for each option which can b...

Page 581: ...lock time limit Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 36 3 Options The following table gives the range of values for each option which can be specified with this command and a default value...

Page 582: ...ou to specify the duration of the block time limit Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 37 3 Options The following table gives the range of values for each option which can be specified wi...

Page 583: ...er of ICMP packets per second is reached an attempted ICMP Flood is detected Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 38 3 Options The following table gives the range of values for each option...

Page 584: ...timate users Once the maximum number of pings per second is reached an attempted DOS attack is detected Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 39 3 Options The following table gives the rang...

Page 585: ...et the server sends the SYN ACK packets to the unreachable addresses and keeps resending them This creates a backlog queue of unacknowledged SYN ACK packets Once the queue is full the system will ignore all incoming SYN requests and no legitimate TCP connections can be established Once the maximum number of unfinished TCP handshaking sessions is reached an attempted DOS attack is detected The susp...

Page 586: ...4 Uen B December 2005 Option Description Default value max The maximum number per second of unfinished TCP handshaking sessions that are allowed before a SYN Flood attempt is detected 100 19 40 4 Example security set IDS MaxTCPopenhandshake 150 ...

Page 587: ...the duration of the block time limit Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 41 3 Options The following table gives the range of values for each option which can be specified with this comman...

Page 588: ... attacker is blocked for the time limit specified in the command security set IDS DOSattackblock Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 42 3 Options The following table gives the range of va...

Page 589: ...attackblock For example using the default settings if more than 20 SYN packets are received per second for a 10 second duration the attacker is blocked Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19...

Page 590: ...IDS DOSattackblock For example using the default settings if more than 10 SYN packets are received per second for a 10 second duration the attacker is blocked Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error mes...

Page 591: ...cted attacker is blocked for the time limit specified in the command security set IDS SCANattackblock Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 45 3 Options The following table gives the range ...

Page 592: ...CANattackblock For example using the default setting if more than 5 scanning packets are received per second for a 60 second duration the attacker is blocked Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error mess...

Page 593: ... open handshaking count allowed per second Maximum ping count allowed per second Maximum ICMP count allowed per second Note This CLI command is case sensitive You must type the command attributes exactly as they appear in the syntax section of this page If you do not use the same case sensitive syntax the command fails and the CLI displays a syntax error message 19 47 3 Example security show IDS F...

Page 594: ...tch between the CLI and Web interfaces you must use the short and long names respectively to configure the security application 19 48 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value shortname An arbitrary name that identifies an application via the CLI interface N A l...

Page 595: ...ication using the security set application internalhost command 19 49 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value application The shortname that identifies an existing security application To display security application names use the security list applications co...

Page 596: ...the Security module using the security add application command 19 50 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing application To display application names use the security list applications command N A 19 50 4 Example securit...

Page 597: ...ions previously added using the security add application command Security application ID number Security application short name CLI identifier Name of internal hosts configured to receive packets from specified applications Name of dependencies that certain applications are configured to use 19 51 3 Example security list applications Available security applications ID Short name Internal host Depe...

Page 598: ...DAP and Databeam T 120 A dependency must be created as a security application using the security add application command before you can add it as a dependency to another application 19 52 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value application The shortname that i...

Page 599: ...ng the security application add dependency command It does not delete the dependency application 19 53 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value application The shortname that identifies an existing security application To display security application names use ...

Page 600: ...he security add application command 19 54 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value application The shortname that identifies an existing security application To display security application names use the security list applications command N A internalhost The n...

Page 601: ...nalhost command Note that this does not delete the internal host 19 55 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value application The shortname that identifies an existing security application To display security application names use the security list applications c...

Page 602: ... You cannot create a new port configuration if it overlaps with an existing port configuration range To check existing port configurations use the security application list ports commands 19 56 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value application The shortname ...

Page 603: ... A 19 56 4 Example Note that in the following example TCP and UDP is enclosed in double quotation marks because the values contain a space security application quake2 add port 27910 27910 TCP and UDP true TCP and UDP Note that in the following example the command fails because the port clashes with an existing configuration This would occur when running an image containing the dsl gateway system f...

Page 604: ...d 19 57 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value application The shortname that identifies an existing security application To display security application names use the security list applications command N A number The port ID number for the existing port conf...

Page 605: ...er address translation type Note If you image contains the dsl gateway system file common port configurations will already exist for default security applications These ports are not displayed by the security application list ports command 19 58 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option ...

Page 606: ...Security CLI Commands 606 2 1553 ZAT 759 94 Uen B December 2005 ID Start End Protocol Needs trigger Translation Type 1 27910 27910 TCP and UDP true TCP and UDP ...

Page 607: ...me snmp list communitynames snmp add trapdestination snmp delete trapdestination snmp set trapdestination snmp list trapdestinations snmp set config syscontact snmp set config sysdescr snmp set config syslocation snmp set config sysname snmp set config authentraps snmp set config snmpautosave snmp show config snmp disable enable disable trap snmp list disabledtraps snmp send trap snmp set coldstar...

Page 608: ...for SNMP requests issued from that IP address The same community name can be configured several times with different IP addresses allowing access with the same community name from a number of different machines 20 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name...

Page 609: ...lue ipAddress The IP address of the manager from which requests are restricted by this entry This should be an IPv4 address in the range 0 0 0 0 255 255 255 255 0 0 0 0 means no restriction on source address 0 0 0 0 20 2 4 Example snmp add communityname tonyget tony read read 192 168 88 110 ...

Page 610: ... created using the snmp add communityname command 20 3 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing community To display community names use the snmp list communitynames command N A 20 3 4 Example snmp delete communityname to...

Page 611: ...ptions The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing community name To display community names use the snmp list communitynames command N A community The community name of an existing community To display community names use the snmp li...

Page 612: ...sly created using the snmp add communityname command It displays the following information about community names Name ID Name or password assigned to a community Default SNMP community name Access set read or write IP address of SNMP Manager 0 0 0 0 means none set Temporarily Permanently 20 5 3 Example snmp list communitynames ID Name Community Name Access Manager Temp Perm 1 tonyget tony read rea...

Page 613: ... Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name An arbitrary name that identifies the SNMP trap destination It can be made up of one or more letters or a combination of letters and digits but it cannot start with a digit N A community The SNMP name of a community ...

Page 614: ...ed using the snmp add trapdestination command 20 7 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing SNMP trap destination To display trap destination names use the snmp list trapdestinations command N A 20 7 4 Example snmp delete...

Page 615: ...h can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing trap destination To display trap destination names use the snmp list trapdestinations command N A community The trap community name of an existing community To display community names use the snmp list communitynames command N A destination The IP address ...

Page 616: ...SNMP CLI Commands 616 2 1553 ZAT 759 94 Uen B December 2005 20 8 4 Example snmp set trapdestination tonyv1 destination 192 168 45 2 ...

Page 617: ...created using the snmp add trapdestination command It displays the following information about trap destinations ID Trap name SNMP trap community name IP address of the destination machine SNMP version supported v1 or v2c Port used to send SNMP trap messages Temporarily Permanently 20 9 3 Example snmp list trapdestinations ID Name SNMP Trap Community Destination Ver Port Temp Perm 1 tonyv1 tony tr...

Page 618: ...ails set by this command are returned 20 10 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value contact details Contact details e g telephone number email address for the person responsible for maintaining the SNMP agent system The details are represented by a string of u...

Page 619: ...is command is returned 20 11 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value system Description A description of the SNMP agent system The description is represented by a string of up to 255 characters no spaces If you wish to add spaces enclose the description in dou...

Page 620: ...d is returned 20 12 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value system Location A name that identifies the location of the SNMP agent system The location is represented by a string of up to 255 characters no spaces If you wish to add spaces enclose the description...

Page 621: ...d is returned 20 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value system Name The name that identifies the system that the SNMP agent is running on The name is a string of up to 255 characters no spaces If you wish to add spaces enclose the description in double quo...

Page 622: ...anager with an invalid community name 20 14 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enabled A trap is generated when an SNMP request with an unrecognized community name is received disabled A trap is not generated when an SNMP request with an unrecognized comm...

Page 623: ...d disabled 20 15 2 Description This command allows you to configure the 20 15 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enabled Sets disabled Sets enabled 20 15 4 Example snmp set config snmpautosave disabled ...

Page 624: ...LI commands 21 1 Summary The table below lists the SNTP Client commands provided by the CLI sntpclient add server sntpclient clear servers sntpclient delete server sntpclient list servers sntpclient set timezone sntpclient set mode sntpclient set poll interval sntpclient sync sntpclient set timeout sntpclient set retries sntpclient show status sntpclient set clock ...

Page 625: ...ng the IP address or the hostname 21 2 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value sntp ipaddress The IP address of the dedicated unicast server that SNTP can use to synchronize its time N A sntp hostname The hostname of the dedicated unicast server that SNTP can ...

Page 626: ...ZAT 759 94 Uen B December 2005 21 3 sntpclient clear servers 21 3 1 Syntax sntpclient clear servers 21 3 2 Description This command deletes the servers added using the sntpclient add server command 21 3 3 Example sntpclient clear servers ...

Page 627: ...letes a single server previously added using the sntpclient add server command 21 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value serverid The server ID displayed by the sntpclient list servers command N A 21 4 4 Example sntpclient delete server 1 ...

Page 628: ...ber 2005 21 5 sntpclient list servers 21 5 1 Syntax sntpclient list servers 21 5 2 Description This command lists the servers added using the sntpclient add server command 21 5 3 Example sntpclient list servers SNTPClient Servers ID IP Address 1 239 252 197 0 ...

Page 629: ...table below gives the 64 time zone abbreviations that you can use in this command to set the timezone difference for the timer The table also contains the difference in time in hours and minutes from the UTC and a description of the area of the world from west to east where the time difference is calculated from Time Zone UTC World Area of Time Zone IDLW 1200 International Date Line West NT 1100 N...

Page 630: ...0 Newfoundland Daylight AT 0200 Azores WAT 0100 West Africa GMT 0000 Greenwich Mean UTC 0000 Universal Coordinated WET 0000 Western European CET 0100 Central European FWT 0100 French Winter MET 0100 Middle European MEWT 0100 Middle European Winter SWT 0100 Swedish Winter BST 0100 British Summer EET 0200 Eastern Europe FST 0200 French Summer MEST 0200 Middle European Summer SST 0200 Swedish Summer ...

Page 631: ...orean Standard KST 0900 Korean Standard JST 0900 Japan Standard CAST 0930 Central Australian Standard KDT 1000 Korean Daylight EAST 1000 Eastern Australian Standard GST 1000 Guam Standard CADT 1030 Central Australian Daylight EADT 1100 Eastern Australian Daylight IDLE 1200 International Date Line East NZST 1200 New Zealand Standard NZT 1200 New Zealand NZDT 1300 New Zealand Daylight 21 6 4 Example...

Page 632: ... association list Broadcast mode Enable allows the SNTP client to accept time synchronization broadcast packets from an SNTP server located on the network and updated the local system time accordingly Disable stops synchronization via broadcast mode Anycast mode Enable the SNTP client sends time synchronized broadcast packets to the network and subsequently expects a reply from a valid timeserver ...

Page 633: ...scription Default value Unicast Sets the time synchronous access mode to use the unicast server N A broadcast Sets the time synchronous access mode to use the broadcast server N A anycast Sets the time synchronous access mode to use the anycast server N A Enable Enables the selected time synchronous access mode N A Disable Disables the selected time synchronous access mode N A 21 7 4 Example sntpc...

Page 634: ... network at a specific interval If the poll interval is set to 0 the polling mechanism will be disabled 21 8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value pollintv Sets the polling interval in minutes that SNTP client will sync with a designated server This can be a...

Page 635: ...c 21 9 1 Syntax sntpclient sync 21 9 2 Description This command forces the SNTP client to immediately synchronize the local time with the server located in the association list if unicast or if anycast is enabled initiate an anycast sequence to the network 21 9 3 Example sntpclient sync ...

Page 636: ...nc request initiation After timeout if the sntpclient retry command value is set an attempt will be retried 21 10 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value timeout Sets the received packet response timeout value in seconds This can be any value between 0 and 30 ...

Page 637: ...ed from a timeserver The SNTP client will send another packet for synchronization after a timeout 21 11 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value Retries Sets the number between 0 and 10 of packet retry attempts made when no response is received from a timeserve...

Page 638: ...NT STATUS Clock Synchronized FALSE SNTP Standard Version Number 4 SNTP Mode s Configured None Configured Local Time Tue 13 Jan 1970 22 40 57 Local Timezone UTC Universal Coordinated Time Time Difference UTC 0 00 Server Stratum 0 Precision 1 second Root Delay 0 0 second s Dispersion 0 0 second s Server Reference ID Round Trip Delay 0 second s Local Clock Offset 0 second s Resync Poll Interval 0 min...

Page 639: ...zing the local system clock via internal or external timeservers 21 13 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value sntpclock Sets the time and date of the system clock in the following format yyyy mm dd hh mm ss N A 21 13 4 Example The following example set the sy...

Page 640: ...ystem config download system config restore system config save system config save factory system delete login system delete user system info system legal system list errors system list openfiles system list users system list logins system log system log enable disable system log list system restart system set login access system set login mayconfigure system set login maydialin system set user acc...

Page 641: ... to a new account added using the system add login command Option Default setting dialin to the system enabled login to the system disabled configuration permissions disabled access permissions default user 22 2 4 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value Name A u...

Page 642: ...lts are applied to a new account added using the system add user command Option Default setting dialin to the system disabled login to the system enabled configuration permissions enabled access permissions default user 22 3 4 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default v...

Page 643: ...System CLI Commands 2 1553 ZAT 759 94 Uen B December 2005 643 22 3 5 Example system add login john temporarily ...

Page 644: ...o prevent a user from overwriting the system with their own configuration only a Super user can use this command 22 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value filename The name of an existing file that you want to save your configuration in The filename MUST be...

Page 645: ...ystem This command has the same effect as entering the system config restore minimal command Once you have entered this command you need to save your configuration and restart your device using the system config save and system restart commands If you do not save and restart any subsequent changes you make to the configuration will not be saved 22 5 3 Example system config clear Restoring backup c...

Page 646: ... stored in followed by a filename value Super users can restore the factory defaults from isfs im conf factory Super users can clear their current configuration by restoring the isfs im conf minimal Attributes are set to their defaults and all interfaces and transports are deleted The default admin user is not affected so you can still login to the system 22 6 3 Options The following table gives t...

Page 647: ...ration from the isfs im conf factory file Only Super users can use this command N A minimal Clears the current configuration by resetting attributes to their defaults and deleting interfaces and transports Only Super users can use this command N A 22 6 4 Example system config restorebackup Restoring backup configuration isfs im conf backup ...

Page 648: ...ve 22 7 2 Description This command saves the system configuration in the im conf file in FlashFS This allows all users to create their own backup files Default Engineer and Super users can use this command 22 7 3 Example system config save Wait for configuration saved message Saving configuration Configuration saved ...

Page 649: ...e partition will destroy the saved factory configuration on that image partition 22 8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value image The image partition where the factory default configuration file is to be stored current the current image partition used for th...

Page 650: ...r that has been added to the system using the system add login command Only a Super user can use this command 22 9 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing user N A 22 9 4 Example system delete login john ...

Page 651: ...er that has been added to the system using the system add user command Only a Super user can use this command 22 10 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing user N A 22 10 4 Example system delete user fred ...

Page 652: ... MAC address and hardware and software version details of your system 22 11 3 Example system info Global System Configuration Vendor Ericsson AB URL http www ericsson com MAC address 00 80 37 85 C5 C2 Hardware ver null He5x0 He400 CSP v1 0 ISOS 9 0 Serial number B370001858 Software ver R2B01 Build date 22 March 2005 Build type RELEASE Compiler gcc 2 95 3 20010315 release ...

Page 653: ...9 94 Uen B December 2005 653 22 12 system legal 22 12 1 Syntax system legal 22 12 2 Description This command displays copyright information about the software that you are using 22 12 3 Example system legal Copyright c 2004 Ericsson AB ...

Page 654: ... 00 0b cd 5c 30 37 associated 517733 i802_1x 00 0b cd 5c 30 37 disassociated 517737 i802_1x 00 0b cd 5c 30 37 associated 518168 i802_1x 00 0b cd 5c 30 37 disassociated 518217 i802_1x 00 0b cd 5c 30 37 associated 518461 i802_1x 00 0b cd 5c 30 37 disassociated 523335 i802_1x 00 0b cd 5a b2 08 associated 523767 i802_1x 00 0b cd 5a b2 08 disassociated 523772 i802_1x 00 0b cd 5a b2 08 associated 523820...

Page 655: ...3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of a file which has open file handless associated with it N A 22 14 4 Example system list openfiles bun qid devuse appuse colour flags lasterrno console 0000004b 00000000 00400000 3 0 console 00000027 00000...

Page 656: ...t logins command The list contains the following information User ID number User name Configuration permissions enabled or disabled Dialin permissions enabled or disabled Access level default engineer or super user Comment any comments that were included when the user was added to the system 22 15 3 Example system list users Users May May Access ID Name Conf Dialin Level Comment 1 admin ENABLED di...

Page 657: ...st users command The list contains the following information User ID number User name Configuration permissions enabled or disabled Dial in permissions enabled or disabled Access level default engineer or super user Comment any comments that were included when the user was added to the system 22 16 3 Example system list logins Users May May Access ID Name Conf Dialin Level Comment 1 admin ENABLED ...

Page 658: ...mand and a default value if applicable Option Description Default value nothing No extra output is displayed N A warnings Non fatal errors are displayed N A info Certain program messages are displayed Also displays the values for the warnings option N A trace Detailed trace output is displayed Also displays the values for info and warnings options N A entryexit A message is displayed every time a ...

Page 659: ... info system log enable disable sshd debug debug1 debug2 debug3 error fatal info verbose system log enable disable upload get info preserve system log enable disable webserver access file system log enable disable wpa errors states gtk events 22 18 2 Description This command enables disables the tracing support output that is displayed by the CLI for a specific module and module category The comma...

Page 660: ... does not affect ip udp and so on To display a list of modules and categories and their enable disable status see the system log list command 22 18 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enable Enables tracing support output for a specified specific module an...

Page 661: ...re using For example if you do not have IPoA included in your image build the IPoA options are not listed in the output for this command 22 19 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value module The name of a module that exists in your current image build This can ...

Page 662: ...ed ipsec pfkey disabled ipsec seltbl_dt disabled ipsec seltbl_nm disabled rip errors disabled rip rx disabled rip tx disabled scanpvc error ENABLED scanpvc results ENABLED scanpvc info disabled sshd fatal ENABLED sshd error ENABLED sshd info disabled sshd verbose disabled sshd debug disabled sshd debug1 disabled sshd debug2 disabled sshd debug3 disabled upload info disabled upload preserve disable...

Page 663: ...759 94 Uen B December 2005 663 22 20 system restart 22 20 1 Syntax system restart 22 20 2 Description This command restarts your system It has the same effect as pressing the Reset button on your HM4x0 22 20 3 Example system restart ...

Page 664: ...ptions The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing user N A default Access permissions for a user engineer Access permissions for a user superuser Access permissions for a user default 22 21 4 Example system set login john access engineer 22 21 ...

Page 665: ...dd system login or the add system user command Only a Super user can use this command 22 22 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing user N A enables Enables configuration permissions for a user disabled Disables configuration permi...

Page 666: ...tem using the system add login command Only a Super user can use this command 22 23 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing user N A enabled Enables dial in permissions for a user disabled Disables dial in permissions for a user di...

Page 667: ...tions The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing user N A default Access permissions for a user engineer Access permissions for a user superuser Access permissions for a user default 22 24 4 Example system set user fred access engineer 22 24 5 ...

Page 668: ... using the add system user command Only a Super user can use this command 22 25 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing user N A enables Enables configuration permissions for a user disabled Disables configuration permissions for a...

Page 669: ...tem using the system add user command Only a Super user can use this command 22 26 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing user N A enabled Enables dial in permissions for a user disabled Disables dial in permissions for a user ena...

Page 670: ...mand Only a Super user can use this command 22 27 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name The name of an existing user N A password A unique password made up of more than one character that identifies an individual user and lets the user access PPP servic...

Page 671: ...n B December 2005 671 23 Transports CLI Commands This chapter describes the Transports CLI commands 23 1 Summary The table below lists the Transports commands provided by the CLI transports clear transports delete transports list transports show ...

Page 672: ...ZAT 759 94 Uen B December 2005 23 2 transports clear 23 2 1 Syntax transports clear 23 2 2 Description This command deletes all transports that were created using the transport_module add transport command 23 2 3 Example transports clear ...

Page 673: ...and 23 3 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A name that identifies an existing transport To display transport names use the transport list command N A number A number that identifies an existing transport To display transport numbers use the transpor...

Page 674: ...owing information about the transports Transport identification number Transport name Transport type RFC1483 PPP or Ethernet Number of transmitted received packets for each transport VPI VCI setting RFC1483 and PPP transports only 23 4 3 Example transports list Services ID Name Type 1 wantrans Ethernet TxPkts 659 0 RxPkts 0 0 2 lantrans Ethernet TxPkts 0 0 RxPkts 0 0 3 wlan_filtered Ethernet TxPkt...

Page 675: ...efault value if applicable Option Description Default value name A name that identifies an existing transport To display transport names use the transport list command N A number A number that identifies an existing transport To display transport numbers use the transport list command N A 23 5 4 Example transports show LanTransport Ethernet Status Service Creator CLI Description LanTransport Atm P...

Page 676: ...6 2 1553 ZAT 759 94 Uen B December 2005 24 User CLI Commands This chapter describes the User CLI commands 24 1 Summary The table below lists the User commands provided by the CLI user logout user password user change name ...

Page 677: ... 94 Uen B December 2005 677 24 2 user logout 24 2 1 Syntax user logout 24 2 2 Description This command logs you out of the system Default Engineer and Super users can use this command 24 2 3 Example user logout Logging out HM4x0 Login ...

Page 678: ...ecember 2005 24 3 user password 24 3 1 Syntax user password 24 3 2 Description This command allows you to change your user password Default Engineer and Super users can use this command 24 3 3 Example user password Enter new password Again to verify ...

Page 679: ... permissions you loose your Super user privileges and inherit the access permissions of either the Default or Engineer user 24 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value name A unique login name made up of more than one character that identifies an individual u...

Page 680: ...lists the Web Server commands provided by the CLI webserver clear stats webserver enable disable webserver load webserver set archive webserver set interface webserver set managementip webserver set port webserver set secclass webserver set telnetport webserver set telnetsecclasses webserver set upnpport webserver set upnpsecclasses webserver show info webserver show stats ...

Page 681: ... 2 1553 ZAT 759 94 Uen B December 2005 681 25 2 websersver clear stats 25 2 1 Syntax webserver clear stats 25 2 2 Description This command sets all of the Web Server process counters to 0 25 2 3 Example webserver clear stats ...

Page 682: ...e Web Server process By default the Web Server process is enabled 25 3 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value enable Enables the Web Server process disable Disables the Web Server process enable 25 3 4 Example websesrver disable Webserver is disabled ...

Page 683: ... 25 4 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value archive_ name The name of an existing file that is used for static web page content Setting this option to none means that the derived archive file is not loaded at startup expand isfs derived_data dat 25 4 4 Examp...

Page 684: ...aded when the webserver process starts 25 5 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value archive_ name The name of an existing file that is used for static web page content Setting this option to none means that the derived archive file is not loaded at startup exp...

Page 685: ...ion Once you have set the UPnP interface the IGD monitors the interface The IGD can handle changes to the interface definition for example if the IP address changes through a DHCP update the IGD will use the newly assigned address You must save your configuration see the system config save command and restart your system see the system restart command to activate the Web Server settings 25 6 3 Opt...

Page 686: ...tity or from any IP address by setting the IP address to 0 0 0 0 25 7 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value Ip address The only IP address that the Web Server will allow connection requests from The IP address is displayed in the following format 192 168 102...

Page 687: ...ets the HTTP port number that the Web Server process will use to transfer data 25 8 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value port A valid port number that must be between 0 and 65535 80 25 8 4 Example webserver set port 100 ...

Page 688: ... This has the same effect as entering the command ip set appservice http secclasses secclasses Supported secclasses values are as follows all allows access to the HTTP AppService via all existing security interfaces none prevents access to the HTTP AppService via any existing security interface internal allows access to the HTTP AppService via the existing internal security interface external allo...

Page 689: ...ription Default value secclasses all none internal external or dmz To allow access to the HTTP AppService via two security interface types type the secclass values separated by a comma for example internal external or separated by a space and enclosed in double quotation marks for example internal external To specify all three internal external and dmz secclasses use the all value N A 25 9 4 Examp...

Page 690: ...ication You must save your configuration see the system config save command and restart your system see the system restart command to activate the Web Server settings 25 10 3 Options The following table gives the range of values for each option which can be specified with this command and a default value if applicable Option Description Default value port A valid port number that must be between 0...

Page 691: ...ice This has the same effect as entering the command ip set appservice telnet secclasses secclasses Supported secclasses values are as follows all allows access to the Telnet AppService via all existing security interfaces none prevents access to the Telnet AppService via any existing security interface internal allows access to the Telnet AppService via the existing internal security interface ex...

Page 692: ...ault value secclasses all none internal external or dmz To allow access to the Telnet AppService via two security interface types type the secclass values separated by a comma for example internal external or separated by a space and enclosed in double quotation marks for example internal external To specify all three internal external and dmz secclasses use the all value N A 25 11 4 Example webse...

Page 693: ...nabled status true or false Archive file set Interface set HTTP port set Telnet port set Auxiliary HTTP port setting Management IP address 25 12 3 Example webserver show info Web server configuration EmWeb release R6_1_0 Enabled true Archive expand isfs derived_data dat Interface wan_ip HTTP port 80 Telnet port 23 Auxiliary HTTP port 8008 Permitted HTTP security classes all Permitted UPnP security...

Page 694: ...web server Note The memory shown is the memory that can be accessed and used by the web server i e not the total amount memory available for all processes 25 13 3 Example webserver show memory Variable allocation pool total pool size 149968 free 86464 allocated 63504 mean alloc chunk 79 max free chunk 86448 Buffer pool total pool size 25568 free 21216 allocated 4352 mean alloc chunk 197 max free c...

Page 695: ...webserver show stats 25 14 1 Syntax webserver show stats 25 14 2 Description This command tells you how many bytes have been transmitted and received by the Web Server 25 14 3 Example webserver show stats Web Server statistics new Bytes transmitted 3306135 Bytes received 0 ...

Page 696: ...userpriority 75 bridge set interface filtertype 44 bridge set interface ingressfiltering 73 bridge set interface numtrafficclasses 79 bridge set interface portfilter 45 bridge set interface pvid 74 bridge set interface regenpriority 76 bridge set interface trafficclassmap 80 bridge set trafficclassstatus 82 bridge show 50 bridge show fdb 72 bridge show interface 52 bridge show interface regenprior...

Page 697: ...bnet hostisdnsserver 178 dhcpserver set subnet maxleasetime 179 dhcpserver set subnet subnet 180 dhcpserver show 181 dhcpserver show subnet 182 dhcpserver subnet add iprange 183 dhcpserver subnet add option 184 dhcpserver subnet clear ipranges 186 dhcpserver subnet clear options 187 dhcpserver subnet delete iprange 188 dhcpserver subnet delete option 189 dhcpserver subnet list ipranges 190 dhcpser...

Page 698: ...set interface ipaddress 266 ip set interface mtu 268 ip set interface netmask 269 ip set interface rip accept 281 ip set interface rip multicast 283 ip set interface rip send 285 ip set interface sourceaddrvalidation 270 ip set interface tcpmssclamp 271 ip set rip advertisedefault 287 ip set rip authentication 288 ip set rip defaultroutecost 289 ip set rip hostroutes 290 ip set rip password 291 ip...

Page 699: ...ort dialout pvc 451 pppoe clear transports 455 pppoe delete transport 456 pppoe list transports 457 pppoe set transport accessconcentrator 458 pppoe set transport autoconnect 460 pppoe set transport autoconnect filter 461 pppoe set transport bt 463 pppoe set transport createroute 464 pppoe set transport dialout 465 pppoe set transport discoverdns primary 466 pppoe set transport discoverdns seconda...

Page 700: ...ockinglog intrusionlog sessionlog level 547 security set IDS DOSattackblock 583 security set IDS floodperiod 589 security set IDS floodthreshold 590 security set IDS MaxICMP 584 security set IDS MaxPING 585 security set IDS MaxTCPopenhandshake 586 security set IDS portfloodthreshold 591 security set IDS SCANattackblock 588 security set IDS scanperiod 592 security set IDS scanthreshold 593 security...

Page 701: ...mayconfigure 666 system set login maydialin 667 system set user access 668 system set user mayconfigure 669 system set user maydialin 670 system set user password 671 T transports clear 673 transports delete 674 transports list 675 transports show 676 U user change 680 user logout 678 user password 679 W websersver clear stats 682 webserver enable disable 683 webserver load 684 webserver set archi...

Page 702: ...Ericsson AB Ericsson AB 2005 All Rights Reserved www ericsson com 2 1553 ZAT 759 94 Uen B December 2005 ...

Reviews:

No comments

Related manuals for HM4x0

Brand: ZETR Pages: 2

Brand: CallDirect Pages: 33

Brand: H3C Pages: 16

Brand: H3C Pages: 24

Brand: JB Systems Pages: 24

Brand: JB Systems Pages: 61

Pixie-4 Express

Brand: XIA Pages: 17

Brand: NXP Semiconductors Pages: 24

iW-RainboW-G30D

Brand: iWave Pages: 89

Brand: Vivotek Pages: 170

Brocade X6-8 Director

Brand: Broadcom Pages: 207

Brand: Juniper Pages: 190

Brand: WaiLan Pages: 27

Brand: RAK Pages: 30

Brand: Lanner Pages: 63

PCH1 T P Series

Brand: Parker Pages: 107

Brand: Ubiquiti Pages: 20

Brand: AMG Systems Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands