Siemens SCALANCE S615 Configuration Manual Download Page 387

Page: 387 / 442

Security and authentication

9.3 IPsec VPN

SCALANCE S615 Command Line Interface
Configuration Manual, 06/2015, C79000-G8976-C406-02

387

9.3.7.3

default-ciphers

Description

With this command, you specify that a preset list (default list) is transferred to the VPN

connection partner during connection establishment. The list contains a combination of the

three algorithms (Encryption, Authentication, Key Derivation).
To establish a VPN connection, the VPN connection partner must support at least one of

these combinations. The combinations depend on the phase und the key exchange method

IKE).

Combination

Phase 1

Phase 2

Encryption

Authentica-

tion

Key Derivation

IKEv1

IKEv2

IKEv1

IKEv2

AES128

SHA1

DH Group 14

AES256

SHA512

DH Group 16

AES128 CCM 16 SHA256

DH Group 14

AES256 CCM 16 SHA512

DH Group 16

AES128

SHA1

none

AES256

SHA512

none

AES128 CCM 16 SHA256

none

AES256 CCM 16 SHA512

none

x: is supported

-: is not supported
none: For phase 2, no separate keys are exchanged. This means that Perfect Forward Secrecy PFS) is disabled.

Requirement

You are in the IPSEC PHASE configuration mode.
The command prompt is as follows:

cli(config-conn-phsX)#

X: 1 (Phase 1)

2 (Phase 2)

Syntax

Call the command without parameter assignment:

default-ciphers

Result

The default list is used.

Summary of Contents for SCALANCE S615

Page 1: ...__________ ___________________ ___________________ SIMATIC NET Industrial Ethernet Security SCALANCE S615 Command Line Interface Configuration Manual 06 2015 C79000 G8976 C406 02 Preface Description 1 Configuration 2 Functions specific to SCALANCE 3 System time 4 Network structures 5 Network protocols 6 Load control 7 Layer 3 functions 8 Security and authentication 9 Diagnostics 10 ...

Page 2: ... be operated only by personnel qualified for the specific task in accordance with the relevant documentation in particular its warning notices and safety instructions Qualified personnel are those who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Note the following WARNI...

Page 3: ...umentation Apart from the Configuration Manual you are currently reading the following documentation is also available on the topic of Remote Network Configuration manual SCALANCE S615 Web Based Management This document is intended to provide you with the information you require to commission and configure SCALANCE S615 devices using the Web Based Management Getting Started SCALANCE S615 Based on ...

Page 4: ...ll find the SIMATIC NET glossary here SIMATIC NET Manual Collection or product DVD The DVD ships with certain SIMATIC NET products On the Internet under the following entry ID 50305045 http support automation siemens com WW view en 50305045 Security information Siemens provides products and solutions with industrial security functions that support the secure operation of plants solutions machines ...

Page 5: ...tions Note Open source software Read the license conditions for open source software carefully before using the product You will find license conditions in the following documents on the supplied data medium DOC_OSS SCALANCE S_74 pdf DC_LicenseSummaryScalanceS615_76 htm Trademarks The following and possibly other names not identified by the registered trademark sign are registered trademarks of Si...

Page 6: ...Preface SCALANCE S615 Command Line Interface 6 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Page 7: ...put 31 1 6 5 1 help 31 1 6 5 2 The command 32 1 6 5 3 Completion of command entries 33 1 6 5 4 Abbreviated notation of commands 34 1 6 5 5 Reusing the last used commands 34 1 6 5 6 Working through a command sequence 35 1 6 5 7 clear history 35 1 6 5 8 show history 36 2 Configuration 37 2 1 System 37 2 1 1 show commands 37 2 1 1 1 show cli console timeout 37 2 1 1 2 show coordinates 38 2 1 1 3 show...

Page 8: ...0 5 lldp 62 2 1 10 6 no lldp 63 2 1 10 7 negotiation 64 2 1 10 8 no negotiation 64 2 1 10 9 mtu 65 2 1 10 10 shutdown complete 66 2 1 10 11 no shutdown 67 2 1 10 12 speed 68 2 2 Load and Save 69 2 2 1 show commands 69 2 2 1 1 show loadsave files 69 2 2 1 2 show loadsave tftp 70 2 2 2 load tftp 70 2 2 3 save filetype 71 2 2 4 Commands in the global configuration mode 72 2 2 4 1 loadsave 72 2 2 5 Co...

Page 9: ... close 95 3 3 3 2 digital output open 96 3 4 SRS 97 3 4 1 show srs overview 97 3 4 2 Commands in the global configuration mode 98 3 4 2 1 srs 98 3 4 3 Commands in the SRS configuration mode 99 3 4 3 1 interval 99 3 4 3 2 logon 100 3 4 3 3 logon addr 101 3 4 3 4 no logon 102 3 4 3 5 logon idx addr 103 3 4 3 6 logon idx group 104 3 4 3 7 logon idx name 105 3 4 3 8 logon idx pw 106 3 4 3 9 logon show...

Page 10: ...status 132 4 3 4 show sntp unicast mode status 132 4 3 5 Commands in the global configuration mode 133 4 3 5 1 sntp 133 4 3 6 Commands in the SNTP configuration mode 134 4 3 6 1 sntp time diff 134 4 3 6 2 sntp unicast server ipv4 135 4 3 6 3 no sntp unicast server ipv4 136 4 3 6 4 sntp client addressing mode 137 5 Network structures 139 5 1 VLAN 139 5 1 1 The show commands 139 5 1 1 1 show subnet ...

Page 11: ...e show commands 171 6 1 1 1 show ip dns 171 6 1 1 2 show dcp forwarding 172 6 1 1 3 show dcp server 172 6 1 1 4 show ip route 173 6 1 1 5 show ip routing 174 6 1 1 6 show ip static route 174 6 1 1 7 show ip telnet 175 6 1 2 Commands in the global configuration mode 175 6 1 2 1 dcp server 176 6 1 2 2 no dcp server 176 6 1 2 3 ip echo reply 177 6 1 2 4 no ip echo reply 178 6 1 2 5 ip route 178 6 1 2...

Page 12: ...4 3 6 pool enable 202 6 4 3 7 no pool enable 203 6 4 3 8 set interface 204 6 4 3 9 static lease mac 205 6 4 3 10 no static lease 206 6 5 DNS 207 6 5 1 The show commands 207 6 5 1 1 show dnsclient information 207 6 5 1 2 show ddnsclient information 208 6 5 2 Commands in the global configuration mode 208 6 5 2 1 Introductory sentence for the global configuration mode 208 6 5 2 2 dnsclient 208 6 5 2 ...

Page 13: ...index 233 6 6 2 7 no snmp community index 234 6 6 2 8 snmp filterprofile 235 6 6 2 9 no snmp filterprofile 236 6 6 2 10 snmp group 237 6 6 2 11 no snmp group 238 6 6 2 12 snmp notify 239 6 6 2 13 no snmp notify 240 6 6 2 14 snmp targetaddr 241 6 6 2 15 no snmp targetaddr 243 6 6 2 16 snmp targetparams 243 6 6 2 17 no snmp targetparams 245 6 6 2 18 snmp v1 v2 readonly 246 6 6 2 19 no snmp v1 v2 rea...

Page 14: ... send test mail 273 6 11 SSH server 274 6 11 1 show ip ssh 274 6 11 2 Commands in the Global Configuration mode 274 6 11 2 1 ssh server 275 6 11 2 2 no ssh server 276 7 Load control 277 7 1 Flow control 277 7 1 1 show flow control 277 7 1 2 Commands in the interface configuration mode 278 7 1 2 1 flowcontrol 278 7 2 Dynamic MAC aging 280 7 2 1 show commands 280 7 2 1 1 show mac address table aging...

Page 15: ... account 305 9 1 4 2 no user account 307 9 1 4 3 username 307 9 2 Firewall 309 9 2 1 Introduction to the Firewall section 309 9 2 2 The show commands 309 9 2 2 1 show firewall icmp services ipv4 309 9 2 2 2 show firewall information 310 9 2 2 3 show firewall ip protocols 310 9 2 2 4 show firewall ip rules ipv4 311 9 2 2 5 show firewall pre rules ipv4 311 9 2 2 6 show firewall ip services 312 9 2 3...

Page 16: ...7 service name 348 9 2 4 38 no service 349 9 2 4 39 service name set prot 350 9 2 4 40 service name set dst 351 9 2 4 41 service name set src 352 9 2 4 42 service show names 353 9 2 4 43 shutdown 353 9 2 4 44 no shutdown 354 9 3 IPsec VPN 355 9 3 1 The show commands 355 9 3 1 1 show ipsec conn authentication 355 9 3 1 2 show ipsecvpn connections 355 9 3 1 3 show ipsec conn phase1 356 9 3 1 4 show ...

Page 17: ... 9 3 6 6 no local id 383 9 3 6 7 rem id 384 9 3 6 8 no rem id 384 9 3 7 Commands in the IPSEC PHASE1 configuration mode 385 9 3 7 1 aggressive 385 9 3 7 2 no aggressive 386 9 3 7 3 default ciphers 387 9 3 7 4 no default ciphers 388 9 3 7 5 dpd 388 9 3 7 6 no dpd 389 9 3 7 7 dpd period 390 9 3 7 8 dpd timeout 391 9 3 7 9 ike auth 391 9 3 7 10 ike encryption 392 9 3 7 11 ike keyderivation 394 9 3 7 ...

Page 18: ...power line state 416 10 1 1 9 show seclog 417 10 1 2 clear fault counter 418 10 1 3 clear fwlog 419 10 1 4 clear logbook 419 10 1 5 clear seclog 420 10 1 6 fault report ack 420 10 1 7 no logging console 421 10 1 8 logging console 422 10 1 9 Commands in the global configuration mode 422 10 1 9 1 events 423 10 1 10 Commands in the Events configuration mode 423 10 1 10 1 add log 424 10 1 10 2 client ...

Page 19: ...rious modes The commands of the Command Line Interface are grouped according to various modes Apart from a few exceptions help exit commands can only be called up in the mode to which they are assigned This grouping allows different levels of access rights for each individual group of commands The following graphic is an overview of the available modes ...

Page 20: ...you can you display the configuration data and change it If you log with the admin user you change directly to the Privileged EXEC mode To change from the User EXEC Mode to the Privileged EXEC mode enter the enable command When the command executes you will be prompted to enter the password for the admin user You are logged out with the exit command ...

Page 21: ...special interfaces or functions for example to configure a VLAN or a PLUG You change to this mode by entering configure terminal in the Privileged EXEC mode You exit this mode by entering end or exit Other configuration modes From the Global configuration mode you can change to other configuration modes for special tasks These are either general configuration modes for example line configuration i...

Page 22: ...make sure that the functions required for this are enabled in Windows 7 Starting the CLI in a Windows console Follow the steps outlined below to start the Command Line Interface in a Windows console 1 Open a Windows console and type in the command telnet followed by the IP address of the device you are configuring C telnet IP address 2 Enter your login and password As an alternative you can also e...

Page 23: ... placeholder is replaced by the identifier of the Interface You select the Interface by setting suitable parameters for the interface command An identifier when the Trial mode is enabled If you first test changes to the configuration and then want to discard them disable the Auto save function with the no auto save command You are then in Trial mode Changes to the configuration that you have not s...

Page 24: ...tions to describe mandatory and optional entries There is a general description of some of these combinations below Character combinations Meaning Parameter Instead of the expression in parentheses enter a permitted value Unit a b Instead of the expression in parentheses enter a value from the range a to b The unit to be used is specified before the brackets and is also replaced by the entry Param...

Page 25: ...lash The interfaces permanently installed in the device are identified with module 0 Example Fast Ethernet interface fa 0 1 Addressing logical interfaces This notation also applies to other commands that address a logical interface Enter the command interface Enter the keyword for the VLAN interface After a space enter the number of the VLAN interface you assigned when you created it Example VLAN ...

Page 26: ...nterface 1 5 2 Address types address ranges and address masks Overview Since the various types of addresses can be represented by different notations the notations used in the Command Line Interface are shown below IPv4 addresses Addresses for the Internet Protocol version 4 are written in the decimal notation of four numbers from the range 0 to 255 separated by a period Note With leading zeros th...

Page 27: ... Each byte is represented in decimal with a dot separating it from the previous one XXX XXX XXX XXX XXX stands for a number between 0 and 255 The IPv4 address consists of two parts The address of the sub network The address of the node generally also called end node host or network node Range of values for subnet mask The subnet mask consists of four decimal numbers with the range from 0 to 255 ea...

Page 28: ... 192 168 0 0 with subnet mask 255 255 255 0 The network part of the address covers 3 x 8 bits in binary representation in other words 24 bits This results in the CIDR notation 192 168 0 0 24 The host part covers 1 x 8 bits in binary notation This results in an address range of 2 to the power 8 in other words 256 possible addresses Value range for gateway address The address consists of four decima...

Page 29: ...yed Syntax Call the command without parameters clear screen Result The screen is cleared The command prompt is displayed 1 6 2 do Description With this command you can execute the commands from the Privileged EXEC mode in any configuration mode Syntax Call up the command with the following parameters do command To do this you replace command with the command from the Privileged EXEC mode that you ...

Page 30: ...quirement You are in a configuration mode Syntax Call the command without parameters end Result You are in the Privileged EXEC mode The command prompt is as follows cli 1 6 4 exit Description With this command you close the current mode Syntax Call the command without parameters exit Result The current mode was exited You are then at the next higher level If you are in Privileged EXEC Modus or in ...

Page 31: ... completion of incomplete commands Paging in the list of most recently used commands Display of the list of most recently used commands show history 1 6 5 1 help Description With this command you display the help entry for a command or the command list Syntax Call up help with the following parameters help command Here you replace command with the command for which you require help If the command ...

Page 32: ...all up the command list Syntax Enter a question mark to obtain a list of all permitted commands in the current mode For this command you do not need to press the enter key The command executes immediately after you type the character Result The mode specific as well as the global commands are displayed Note Incomplete command names If you have specified an incomplete command when calling the help ...

Page 33: ...uous This can be repeated after entering further characters Procedure Enter the first characters of the command Press the tab key Result The command interpreter completes the input as long as the command is unambiguous If you enter a character string that cannot be completed to form a command an error message is displayed The command is not unique Ambiguous Command The command is unknown Invalid C...

Page 34: ...he last 14 commands used in a list assigned to the particular mode This can then only be called up in the relevant mode Example In the Global Configuration mode all entered commands are saved If you entered commands earlier in the Interface Configuration mode these commands are not included in the list of the Global Configuration mode You can only call up and reuse these commands in the Interface ...

Page 35: ... vlan 1 no ip address dhcp ip address 192 168 1 1 255 255 255 0 end write startup has the same effect as CLI conf t CLI config int vlan 1 CLI config if vlan 1 no ip address dhcp CLI config if vlan 1 ip address 192 168 1 1 255 255 255 0 CLI config if vlan 1 end CLI write startup 1 6 5 7 clear history Description This command deletes the last commands you entered Requirement You are in the User EXEC...

Page 36: ... show history command is listed as the last command to be entered The list depends on the mode In the Global configuration mode the last 14 commands entered in this mode are displayed These commands are not included in the list of the Interface configuration mode Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the com...

Page 37: ... display various settings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 2 1 1 1 show cli console timeout Description This command shows the global configuration for the timeout of the CLI console Requirement You are in the User EXEC mode or i...

Page 38: ...e Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show coordinates Result The system coordinates are displayed 2 1 1 3 show device information Description This command shows information about the device Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the comm...

Page 39: ...ates whether or not the current configuration has been saved Login Authentication mode This indicates whether the authentication is made locally or on the RADIUS server 2 1 1 4 show interfaces Description This command shows the status and the configuration of one several or all interfaces Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli ...

Page 40: ...rmation on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you do not select any parameters from the parameter list the status and configuration of all available interfaces will be displayed Result The status and the configuration of the selected interfaces are displayed 2 1 1 5 show im Description This command shows information on device...

Page 41: ...th the following parameters show interface mtu Vlan vlan id 1 4094 interface type interface id The parameters have the following meaning Parameter Description Range of values Vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface For information on ident...

Page 42: ...ion Range of values note interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you do not select any parameter from the parame...

Page 43: ... EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show lldp status port interface type interface id The parameters have the following meaning Parameter Description Values port Keyword for a port description interface type Type or speed of the interface Enter a valid interface interface id Module no and por...

Page 44: ...following meaning Parameter Description Range of values note vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface loopback Loopback For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page...

Page 45: ...hout parameters show versions Result The following settings are displayed Basic device Name Revision Order ID Firmware Bootloader Description Version Date 2 1 2 clear counters Description With this command you reset the counters of an interface Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the fo...

Page 46: ... identifiers and addresses Page 25 If no parameters are specified the counters for all interfaces are reset Result The counters of the interface are reset Further notes You can display the statistical information of the interfaces with the show interfaces counters command 2 1 3 configure terminal Description With this command you change to the Global configuration mode Requirement You are in the P...

Page 47: ...not reacting Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call up the command with the following parameters clear line vty line number 2 9 all forceful clear The parameters have the following meaning Parameter Description Range of values note line number Number of the connection that will be terminated 2 9 all terminates all connections forceful clear...

Page 48: ...mode Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters disable Result You are in the User EXEC mode The command prompt is as follows cli 2 1 6 enable Description With this command you change to the Privileged EXEC mode Requirement You are in the User EXEC mode The command prompt is as follows cli Syntax Call the command ...

Page 49: ...nnected to the device via telnet the session is closed Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters logout Result The CLI session is ended and the Windows Login prompt is displayed 2 1 8 ping Description With this command you request a response from a device in the network This allows...

Page 50: ... Keyword for the size of the packets in bytes 0 2080 count Keyword for the number of packets to be requested packet_count Number of packets 1 10 timeout Response wait time If this time expires the request is reported as timed out seconds Time to the timeout in seconds 1 100 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you ...

Page 51: ...s You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 2 1 9 1 coordinates height Description With this command you enter a height coordinate Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters coordinates height meter The parameter has...

Page 52: ...tude latitude The parameter has the following meaning Parameter Description Range of values note latitude Input box for the latitude coordinate max 32 characters To use spaces in the entry enter the latitude coordinate in quotes coordinates latitude 123 456 Result The latitude coordinate is created 2 1 9 3 coordinates longitude Description With this command you enter a longitude coordinate Require...

Page 53: ...he parameters of this command If you specify a logical interface that does not exist it will be created The name of the selected interface is displayed in the command prompt Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters interface vlan vlan id 1 4094 interface type interface id The parameters...

Page 54: ...on the hardware configuration Further notes You exit the Interface configuration mode with the end or exit command You delete a logical interface with the no interface command You display the status and the configuration of the interfaces with the show interfaces command 2 1 9 5 no interface Description With this command you delete a logical interface Requirement You are in the Global Configuratio...

Page 55: ...e check the setting of the keepalive function on the Telnet client If the set interval is shorter than the configured time the lower value applies You have set for example 300 seconds for the automatic logout and 120 seconds for the keepalive function In this case a packet is sent every 120 seconds that keeps the connection up Requirement You are in the Global configuration mode The command prompt...

Page 56: ...tic logout Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no cli console timeout Result Automatic logout is disabled Further notes You enable automatic logout with the cli console timeout command You display the current timeout setting with the show cli console timeout command 2 1 9 8 system contact Descri...

Page 57: ...esult The contact information is created in the system 2 1 9 9 system location Description With this command you enter the location information for the system Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters system location string The parameter has the following meaning Parameter Description Ra...

Page 58: ...haracters Result The name is created in the system 2 1 10 Commands in the Interface configuration mode This section describes commands that you can call up in the interface configuration mode Depending on the Interface selected various command sets are available In the Global configuration mode enter the interface command to change to this mode Commands relating to other topics that can be called ...

Page 59: ...pt is as follows cli config if Syntax Call up the command with the following parameters alias port name The parameter has the following meaning Parameter Description Range of values note port name Name of the interface max 63 characters Result The interface was assigned a name Further notes You delete the name of the interface with the no alias command 2 1 10 2 no alias Description With this comma...

Page 60: ...onnections are always operated in full duplex mode since they have a fiber for each transmission direction With this command you configure the duplex mode of an interface The same mode must be set for connected interfaces Requirement Autonegotiation is disabled You are in the Interface configuration mode of an electrical interface The command prompt is as follows cli config if Syntax Call up the c...

Page 61: ...tonegotiation with the no negotiation command 2 1 10 4 no duplex Description With this command you reset the duplex mode of an interface to the default value The default value is full Requirement You are in the Interface configuration mode The command prompt is as follows cli config if Syntax Call the command without parameters no duplex Result The duplex mode of the Interface is reset to the defa...

Page 62: ...he following meaning Parameters Description transmit the sending of LLDP packets is enabled receive the receipt of LLDP packets is enabled At system start or when using the restart command with the option memoryor factory the following defaults apply Sending and receipt of LLDP packets are enabled Note Enabling both options When you call this command you can only select one option If you want to e...

Page 63: ...command with the following parameters no lldp transmit receive The parameters have the following meaning Parameters Description transmit the sending of LLDP packets is enabled receive the receipt of LLDP packets is disabled Note Disabling both options When you call this command you can only select one option If you want to disable both options call up the command again Result The setting is config...

Page 64: ...mmand prompt is as follows cli config if Syntax Call the command without parameters negotiation Result The automatic negotiation of connection parameters on an interface is activated Further notes You disable the autonegotiation of connection parameters with the no negotiation command 2 1 10 8 no negotiation Description With this command you disable autonegotiation of connection parameters on an i...

Page 65: ...uration mode The command prompt is as follows cli config if Syntax Call up the command with the following parameters mtu frame size 64 1500 The parameter has the following meaning Parameter Description Range of values frame size Size of the MTU in bytes 64 1500 At system start or when using the restart command with the option memoryor factory the following defaults apply The size of the MTU is con...

Page 66: ...eters shutdown complete Result The Interface is shut down Note If you use this command in the Interface Configuration mode for a VLAN input prompt CLI config if vlan management access to the device is no longer possible This relates to configuration using CLI WBM and SNMP Access is only possible again after resetting the device to the factory settings with the Reset button Further notes You activa...

Page 67: ...n an interface Requirement You are in the Interface Configuration mode The command prompt is as follows cli config if Syntax Call the command without parameters no shutdown Result The Interface is activated Further notes You activate the interface with the shutdown complete command You can display the status of this function and other information with the show interfacescommand ...

Page 68: ...eed can only be configured for electrical data transfer On optical connections the transmission speed is fixed Requirement You are in the Interface configuration mode The command prompt is as follows cli config if Syntax Call up the command with the following parameters speed 10 100 The parameters have the following meaning Parameter Description 10 Transmission speed 10 Mbps 100 Transmission speed...

Page 69: ...stalled 2 2 1 show commands This section describes commands with which you display various settings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 2 2 1 1 show loadsave files Description This command shows the current Load Save file informatio...

Page 70: ...ommand prompt is as follows cli or cli Syntax Call the command without parameters show loadsave tftp Result The current configuration of the TFTP server for Load Save is displayed 2 2 2 load tftp Description With this command you load the files from a TFTP server Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the ...

Page 71: ...x 100 characters filetype Keyword for the file type to be loaded filetype Name of the file type max 100 characters For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The file is loaded on the device from the TFTP server Further notes With the show loadsave files command you can display the file types 2 2 3 save filetyp...

Page 72: ... of the file max 100 characters For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The file is saved on the TFTP server Further notes With the show loadsave files command you can display the file types 2 2 4 Commands in the global configuration mode This section describes commands that you can call up in the Global con...

Page 73: ...configuration mode This section describes commands that you can call up in the LOADSAVE configuration mode In the Global Configuration mode enter the loadsave command to change to this mode You display the valid file types for the commands in the LOADSAVE Configuration mode with the global command show loadsave tftp If you exit the LOADSAVE configuration mode with the exitcommand you return to the...

Page 74: ...letype Name of the file type max 100 characters Result The files are displayed or the file is deleted Further notes With the show loadsave files command you can display the file types 2 2 5 2 tftp filename Description With this command you assign a name to a file type The file type decides the type that is affected by the tftp load or tftp save action The name decides the file to be copied to or f...

Page 75: ...rther notes With the show loadsave files command you can display the file types 2 2 5 3 tftp load Description With this command you load a file from a TFTP server into the file system of the device The TFTP protocol is used for the transfer You can also display a list of available files Requirement The name of the file is specified You are in the LOADSAVE configuration mode The command prompt is c...

Page 76: ...nsfer You can also display a list of available files Requirement The name of the file is specified You are in the LOADSAVE configuration mode The command prompt is cli config loadsave Syntax Call up the command with the following parameters tftp save showfiles filetype filetype The parameters have the following meaning Parameter Description Range of values note showfiles Shows the available files ...

Page 77: ...ameters tftp server ipv4 ipv4 address port tcp port 1 65535 The parameters have the following meaning Parameter Description Range of values note ipv4 Keyword for an IPv4 address ipv4 address Value for an IPv4 unicast address Enter a valid IPv4 unicast ad dress port Keyword for the port of the server via which the TFTP connection runs tcp port Number of the port 1 65535 For information on identifie...

Page 78: ...yntax Call up the command with the following parameters password showfiles filetype filetype pw password The parameters have the following meaning Parameter Description Values showfiles Shows the available files filetype Shows that the file type follows that will be loaded filetype Name of the file type max 100 characters pw Keyword for the password password Password Enter the password for the fil...

Page 79: ...is as follows cli config loadsave Syntax Call up the command with the following parameters no password showfiles filetype filetype The parameters have the following meaning Parameter Description Values showfiles Shows the available files filetype Shows that the file type follows that will be loaded filetype Name of the file type max 100 characters Result The password for the file is disabled Furth...

Page 80: ...e device Select one of the following configuration settings Device restart with the current configuration Device restart with the factory configuration settings with the exception of the following parameters IP addresses Subnet mask IP address of the default gateway DHCP client ID DHCP System name System location System contact User names and passwords Mode of the device Device restart with the fa...

Page 81: ...the current configuration Parameter Description memory Resets the system to the factory configuration settings and restarts the system The parameters listed above are unaffected by a reset factory Resets the system to the factory configuration settings and restarts the system Note By resetting to the factory configuration settings the device loses its configured IP address and is reachable again w...

Page 82: ... http auto logout time ntp auto save events firewall firewallnat sinemarc proxyserver srs all The parameters have the following meaning Parameter Description Range of values syslog Shows the configuration settings of the Syslog function dhcp Shows the configuration settings of the Dynam ic Host Configuration Protocol vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 in...

Page 83: ...ows the configuration settings of the auto save function events Shows the configuration settings of the system events firewall Shows the configuration settings of the firewall firewallnat Shows the configuration settings of the NAT sinemarc Shows the configuration settings of the SINEMA RC connection proxyserver Shows the configuration settings of the proxy servers srs Shows the configuration sett...

Page 84: ... the configuration file Use the restart command without parameters to restart the system with this configuration Further notes You enable the auto save function or disable the Trial mode with the auto save command You disable the auto save function or enable the Trial mode with the no auto save command 2 4 3 Commands in the global configuration mode This section describes commands that you can cal...

Page 85: ...n asterisk in front of the command prompt cli You save the changes to the configuration with the write startup config command With the auto save command you enable the auto save function Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters auto save As default the function is enabled Result The auto save functio...

Page 86: ...l Configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no auto save Result The auto save function is disabled The Trial mode is activated Further notes You enable the function with the auto save command You can display the status of this function and other information with the show device informationcommand You save changes to the configuration ...

Page 87: ...e when a device is replaced In addition to the configuration the KEY PLUG also contains a license that enables the use of certain functions This section describes commands relevant for working with the C PLUG or KEY PLUG 3 1 1 show plug Description This command shows the current C PLUG or KEY PLUG information Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prom...

Page 88: ...led in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 3 1 2 1 plug Description With this command you change to the Plug Configuration mode Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command with...

Page 89: ...ration mode with the exit command you return to the Global Configuration mode If you exit the Plug Configuration mode with the end command you return to the Privileged EXEC mode 3 1 3 1 factoryclean Description With this command you delete the device configuration stored on the C PLUG or KEY PLUG Requirement There is a device configuration on the C PLUG or KEY PLUG You are in the Plug Configuratio...

Page 90: ... command you format the C PLUG or KEY PLUG and copy the current device configuration to it Requirement The C PLUG or KEY PLUG is formatted You are in the Plug Configuration mode The command prompt is cli config plug Syntax Call the command without parameter assignment write Result The current device configuration has been copied to the formatted C PLUG or KEY PLUG ...

Page 91: ...are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show web session timeout Result The timeout setting for the WBM is displayed 3 2 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure t...

Page 92: ...ommand prompt is as follows cli config Syntax Call up the command with the following parameters web session timeout seconds 60 3600 The parameter has the following meaning Parameter Description Range of values note seconds Time in seconds until automatic logout after the last entry 60 3600 Default 900 Result The time is configured and automatic logout is enabled Further notes You disable automatic...

Page 93: ...you disable the automatic logoff Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no web session timeout Result Automatic logoff is disabled Further notes You enable automatic logoff with the web session timeout command You display the current timeout setting with the show web session timeout command ...

Page 94: ...CLI commands you can open or close the digital output Application examples Digital input to signal one item of information for example door open door closed Digital output for example for go to sleep for devices on an automated guided transport system 3 3 1 show digital input Description This command shows the current setting of the digital input Requirement You are in the User EXEC mode or in the...

Page 95: ...digital output is displayed 3 3 3 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configurat...

Page 96: ...ou can display the setting of the digital output with the show digital output command 3 3 3 2 digital output open Description This command opens the digital output Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters digital output open Result The digital output is opened Further notes You close the digital outp...

Page 97: ...ested in SRS call your local Siemens contact or visit http support automation siemens com WW view en 42346681 http support automation siemens com WW view en 42346681 3 4 1 show srs overview Note This command is only available with a KEY PLUG Description This command shows the configured destination server of the Siemens Remote Service SRS Requirement You are in the Privileged EXEC mode The command...

Page 98: ...guration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 3 4 2 1 srs Note This command is only available with a KEY PLUG Description With this command you change to the SRS configuration mode Requirement You are in the Global configuration mode The command prompt is as follows cli config S...

Page 99: ...the end command you return to the Privileged EXEC mode 3 4 3 1 interval Note This command is only available with a KEY PLUG Description With this command you configure the time after which the IPv4 address will be transferred to the required destination server Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call up the command with the follo...

Page 100: ...The parameters have the following meaning Parameter Description Range of values note idx Keyword for the number of the destina tion server index Number corresponding to a specific destination server Enter the required number 1 100 all Uses all destination servers enabled Enables the entry disabled Disables the entry Result The specified destination server is enabled Further notes You display this ...

Page 101: ...he following meaning Parameter Description Range of values note ip_addr IPv4 address Enter the IPv4 address of the proxy server dns DNS host name Enter the DNS host name of the proxy server Maximum of 50 characters group Keyword for the group name descr Group name Enter a group name name Keyword for the user name name User name for access to the destina tion server Specify the negotiated user name...

Page 102: ...and logon idx pw commands You delete the destination server entry with the no logon command 3 4 3 4 no logon Note This command is only available with a KEY PLUG Description With this command you delete a specific destination server or all destination servers Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call up the command with the followi...

Page 103: ... this command you change address of a specific destination server Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call up the command with the following parameters logon idx num 1 100 addr ip_addr dns 50 The parameters have the following meaning Parameter Description Range of values note num Number corresponding to a specific destination ser...

Page 104: ...ss to a specific destination server Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call up the command with the following parameters logon idx num 1 100 group string 255 The parameters have the following meaning Parameter Description Range of values note num Number corresponding to a specific destination server Enter the required number gro...

Page 105: ...s follows cli config srs Syntax Call up the command with the following parameters logon idx num 1 100 name string 255 The parameters have the following meaning Parameter Description Range of values note num Number corresponding to a specific destination server Enter the required number name Keyword for the user name string User name Specify the user name Maximum of 255 characters Result The user n...

Page 106: ...s follows cli config srs Syntax Call up the command with the following parameters logon idx num 1 100 pw string 100 The parameters have the following meaning Parameter Description Range of values note num Number corresponding to a specific destination server Enter the required number pw Keyword for the password string Password Specify the user name Maximum of 100 characters Result The password for...

Page 107: ...ment You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call the command without parameter assignment logon show idx Result The destination servers are listed Further notes You create a destination server entry with the logon addr command 3 4 3 10 shutdown Note This command is only available with a KEY PLUG Description With this command you disable the use...

Page 108: ...Further notes You enable the use with the no shutdown command 3 4 3 11 no shutdown Note This command is only available with a KEY PLUG Description With this command you enable the use of SRS Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call the command without parameter assignment no shutdown Result The use of SRS is enabled Further notes...

Page 109: ...vailable with a KEY PLUG Description This command shows information on SINEMA RC Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters show sinemarc Result The information is displayed 3 5 3 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Priv...

Page 110: ... this command you change to the SINEMARC configuration mode Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters sinemarc Result You are now in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Further notes You exit the SINEMARC configuration mode with the end or exit command ...

Page 111: ... PLUG Description With this command you configure the IPv4 address or the DNS host name of the SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters addr ip_addr dns 50 The parameters have the following meaning Parameter Description Range of values note ip_addr IPv4 addre...

Page 112: ...Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment autofwnat Result The automatic firewall and NAT rules are created The connections between the configured exported subnets and the subnets that can be reached via the SINEMA RC Server are allowed The NAT settings are implemented as configur...

Page 113: ...on With this command you disable the firewall and NAT rules Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment autofwnat Result The firewall and NAT rules are disabled Further notes You enable the setting with the autofwnat command You display this setting and other information with the sh...

Page 114: ...this in the Operating Instructions of the SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment device id number 0 20000 Syntax Call up the command with the following parameters device id number 0 20000 The parameter has the following meaning Parameter Description Range of va...

Page 115: ...MA RC Server You will find further information on this in the Operating Instructions of the SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters device pw password 256 The parameter has the following meaning Parameter Description Range of values note password Device pass...

Page 116: ... the SINEMA RC Server can be reached Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters port number 1 65535 The parameter has the following meaning Parameter Description Range of values note number Port number Specify the port 1 65535 Result The port is configured Further notes You dis...

Page 117: ...uration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters proxy string 128 The parameter has the following meaning Parameter Description Range of values note string Proxy server name Specify the proxy server name Maximum of 128 characters Result The proxy server via which the connection is established is configured Further notes You ...

Page 118: ...escription With this command you remove the proxy server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment no proxy Result The proxy server is removed Further notes You configure the proxy server with the proxy command You display this setting and other information with the show sinemarc ...

Page 119: ...d you disable the connection to the configured SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment shutdown Result The connection to the SRC server is terminated Further notes You enable the connection with the no shutdown command You display this setting and other informat...

Page 120: ... this command you establish a connection to the configured SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment no shutdown Result The connection is enabled Further notes You disable the connection with the shutdown command You display this setting and other information with...

Page 121: ...ed You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters verification cacert name 256 The parameter has the following meaning Parameter Description Range of values note name Name of the server certificate Enter the name of the server certificate Maximum of 256 characters Result The CA certificate of ...

Page 122: ...tructions of the SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters verification fingerprint string 59 The parameter has the following meaning Parameter Description Range of values note string Fingerprint of the device Specify the fingerprint of the device Maximum of 5...

Page 123: ...the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show time Result The settings for the system clock are displayed 4 1 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Comma...

Page 124: ... config Syntax Call up the command with the following parameters time manual ntp sntp SINEC The parameters have the following meaning Parameter Description manual The system time is entered by the user ntp The system time is obtained from an NTP server sntp The system time is obtained from an SNTP server SINEC The system time is obtained using the SIMATIC time protocol Result The method of obtaini...

Page 125: ...rameters time set hh mm ss day 1 31 january february march april may june july august september october november decembe r year 2000 2035 The parameters have the following meaning Parameter Description Range of values note hh mm ss Time of day Hour minute second each sepa rated by no link day Day of the month 1 31 Month january february march april may june july august septem ber october november ...

Page 126: ...mmand prompt is as follows cli or cli Syntax Call the command without parameters show ntp info Result The current NTP settings are displayed 4 2 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that ca...

Page 127: ...s follows cli config ntp Further notes You exit the NTP configuration mode with the end or exit command 4 2 3 Commands in the NTP configuration mode This section describes commands that you can call up in the NTP configuration mode In the Global configuration mode enter the ntp command to change to this mode If you exit the NTP configuration mode with the exit command you return to the Global conf...

Page 128: ...he time server Enter a valid IPv4 address port UDP port of the time server 123 1025 36564 Default 123 poll Keyword for the time after which the time of day is re quested again seconds Value for the time in seconds 64 1024 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The connection to a server is configured on the NTP c...

Page 129: ...ence between the device and the NTP server Requirement You are in the NTP configuration mode The command prompt is as follows cli config ntp Syntax Call up the command with the following parameters ntp time diff hh mm The parameter has the following meaning Parameter Description Time zones to the west of the NTP server time zone Time zones to the east of the NTP server time zone hh Number of hours...

Page 130: ...System time 4 2 NTP client SCALANCE S615 Command Line Interface 130 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Page 131: ...mmand with the show command that you want to execute Example do show cli console timeout This section describes commands relevant for configuration of the SNTP client 4 3 2 show sntp broadcast mode status Description This command shows the current configuration of the broadcast mode of SNTP Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cl...

Page 132: ...nd prompt is as follows cli or cli Syntax Call the command without parameters show sntp status Result The settings of SNTP are displayed 4 3 4 show sntp unicast mode status Description This command shows the current configuration of the unicast mode of SNTP Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command w...

Page 133: ...n the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 4 3 5 1 sntp Description With this command you change to the SNTP configuration mode Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without p...

Page 134: ...p time diff Description With this command you configure the time difference of the system time relative to the UTC time Requirement The SNTP server must have started up You are in the SNTP Configuration mode The command prompt is cli config sntp Syntax Call up the command with the following parameters sntp time diff hh mm The parameter has the following meaning Parameter Description Time zones to ...

Page 135: ...nicast server ipv4 ucast_addr port 1025 36564 poll seconds 16 16284 The parameter has the following meaning Parameter Description Range of values note ucast_addr Value for an IPv4 unicast address Enter a valid IPv4 unicast address port UDP port of the time server 1025 36564 Default 123 poll Keyword for the time after which the time of day is requested again seconds Value for the time in seconds 16...

Page 136: ...nd with the following parameters no sntp unicast server ipv4 ucast_addr The parameters have the following meaning Parameter Description Range of values ucast_addr Value for an IPv4 unicast address Enter a valid IPv4 unicast address For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The SNTP unicast server is reset to the def...

Page 137: ...wing parameters sntp client addressing mode unicast broadcast The parameters have the following meaning Parameter Description Range of values note unicast configures the SNTP client in unicast mode Default unicast enabled broadcast configures the SNTP client in broad cast mode Result The addressing mode of the SNTP client is configured Further notes You display this setting and other information w...

Page 138: ...System time 4 3 SNTP client SCALANCE S615 Command Line Interface 138 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Page 139: ...execute Example do show cli console timeout 5 1 1 1 show subnet vlan mapping Description This command shows the subnets for the selected interface or for all interfaces Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show subnet vlan mapping interface interface type interfa...

Page 140: ...VLAN Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show vlan brief id vlan range summary The parameters have the following meaning Parameter Description Range of values note brief Shows brief information about all VLANs id Keyword for a VLAN or VLAN range vlan range Numbe...

Page 141: ...ow vlan device info Description This command shows all the global information that is valid for all VLANs Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show vlan device info Result The global information is displayed ...

Page 142: ... the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show vlan learning params vlan vlan range The parameters have the following meaning Parameter Description Range of values note vlan Keyword for a VLAN or VLAN range vlan range Number of the addressed VLAN or VLAN range 1 4094 If you do not select any parameter from the par...

Page 143: ...owing parameters show vlan port config port interface type interface id The parameters have the following meaning Parameter Description Range of values note port Keyword for a port interface type Type of interface Enter a valid interface interface id Module no and port no of the interface For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addr...

Page 144: ...mmand without parameter assignment show vlan protocols group Result The table of protocol groups is displayed 5 1 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global confi...

Page 145: ...The command prompt is as follows cli config Syntax Call up the command with the following parameters base bridge mode dot1d bridge dot1q vlan The parameters have the following meaning Parameter Description Range of values notes dot1d bridge Sets the mode VLAN unaware for the device VLAN tags are not taken into account or changed but are forwarded transparently dot1q vlan Sets the mode VLAN aware f...

Page 146: ...f values note interface type Keyword for an interface Enter a valid interface 0 a b 0 c Module no and port no of the interface vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 vlan id Number of the addressed VLAN 2 4094 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you want to address several V...

Page 147: ...ge vlan vlan id 1 4094 vlan id 2 4094 The parameters have the following meaning Parameter Description Range of values note vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 vlan id Number of the addressed VLAN 2 4094 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you address several VLANs you mus...

Page 148: ...e following meaning Parameter Description Range of values note ip Internet Protocol v4 HEX 08 00 novell Novell Netware protocol HEX 81 38 netbios Netbios via TCP IP HEX f0 f0 appletalk Appletalk HEX 80 9b other Other protocol enter the hexadecimal protocol value other aa aa IPV6 86 DD LLDP 88 CC PTP IEEE1588 88 F7 EAP 802 1X 88 8E enet v2 Frame structure is Ethernet II protocols group Keyword for ...

Page 149: ... v2 The parameters have the following meaning Parameter Description Range of values note ip Internet Protocol v4 HEX 08 00 novell Novell Netware protocol HEX 81 38 netbios Netbios via TCP IP HEX f0 f0 appletalk Appletalk HEX 80 9b other Other protocol enter the hexadecimal protocol value other aa aa IPV6 86 DD LLDP 88 CC PTP IEEE1588 88 F7 EAP 802 1X 88 8E enet v2 Frame structure is Ethernet II Re...

Page 150: ...sed classification on all interfaces Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no protocol vlan Result The classification is disabled Further notes You enable the setting with the protocol vlan command You can display the status of this function and other information with the show vlan device infocomm...

Page 151: ...yntax Call the command without parameters protocol vlan Result The classification is enabled Further notes You disable the setting with the protocol vlan command You can display the status of this function and other information with the show vlan device infocommand 5 1 2 8 subnet vlan Description With this command you enable the subnet based VLAN classification on all interfaces Requirement You ar...

Page 152: ...vlan device info command 5 1 2 9 no subnet vlan Description With this command you disable the subnet based VLAN classification on all interfaces Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no subnet vlan Result The classification is disabled Further notes You enable the setting with the subnet vlan comm...

Page 153: ...ment You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters vlan vlan id 1 4094 The parameter has the following meaning Parameters Description Range of values vlan id Number of the addressed VLAN 1 4094 Do not enter any leading zeros with the number of the VLAN Result The VLAN is created You are now in the VLAN ...

Page 154: ... vlan command you create a VLAN on the device You can display information about the VLAN with the show vlan command 5 1 3 Commands in the interface configuration mode This section describes commands that you can call up in the interface configuration mode Depending on the Interface selected various command sets are available In the Global configuration mode enter the interface command to change to...

Page 155: ... note ip subnet address IP subnet address Enter a valid subnet address vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 mask Subnet mask aaa bbb ccc ddd arp Keyword ARP protocol suppress Suppress the ARP protocol allow Allow the ARP protocol For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you do ...

Page 156: ...meters no map subnet ip subnet address The parameters have the following meaning Parameter Description Range of values note ip subnet address IP subnet address Enter a valid subnet address For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The subnet with subnet mask and subnet address is assigned to a VLAN Further notes You...

Page 157: ...ommand prompt is as follows cli config if Syntax Call the command without parameters shutdown complete Result The Interface is shut down A connection continues to be indicated if a switch port is turned off The LED for the port status flashes 3 times cyclically However no data is sent or received Further notes You activate the interface with the no shutdown command You can display the status of th...

Page 158: ...t down an interface Requirement You are in the Interface configuration mode The command prompt is as follows cli config if Syntax Call the command without parameters no shutdown Result The Interface is activated Further notes You deactivate the interface with the shutdown command You can display the status of this function and other information with the show interfacescommand ...

Page 159: ...ce configuration mode The command prompt is cli config if Syntax Call the command without parameters switchport Result The interface is configured as a switch port Activate the interface again Further notes You shut down the interface with the shutdown command You activate the interface with the no shutdown command You configure the interface with the no switchport command You can display the stat...

Page 160: ...re in the Interface configuration mode The command prompt is cli config if Syntax Call the command without parameters no switchport Result The interface is configured as a router port Activate the interface again Further notes You shut down the interface with the shutdown complete command You activate the interface with the no shutdown command You configure the interface as a switch port with the ...

Page 161: ... port Requirement You are in the Interface configuration mode The command prompt is as follows cli config if Syntax Call up the command with the following parameters switchport pvid vlan id 1 4094 The parameter has the following meaning Parameter Description Range of values note vlan id Number of the addressed VLAN 1 4094 Result The PVID is configured Further notes You can reset the setting to the...

Page 162: ...u configure the VLAN ID with the switchport access vlan command You can display the status of this function and other information with the show vlan port config command 5 1 4 Commands in the VLAN configuration mode This section describes commands that you can call up in the VLAN Configuration mode In the Global Configuration mode enter the vlan command to change to this mode When doing this you ne...

Page 163: ...e parameter has the following meaning Parameter Description Range of values note ip address IP address Specify a valid IP address subnet mask Subnet mask Enter a valid subnet mask prefix length Decimal representation of the mask as a number of 1 bits 0 32 For information on names of addresses and interfaces refer to the section Auto Hotspot Result The IP address is assigned Note Effectiveness of t...

Page 164: ...ter if you want to disable the DHCP function explicitly For information on names of addresses and interfaces refer to the section Auto Hotspot Result If DHCP was enabled on this interface DHCP is now disabled Any existing dynamically learned IP address will be automatically converted to a static IP address If static IP addresses were configured and if no explicit IP address was transferred as a pa...

Page 165: ...in the VLAN Configuration mode The command prompt is as follows cli config vlan Syntax Call up the command with the following parameters name vlan name The parameter has the following meaning Parameter Description Range of values note vlan name Name that will be assigned to the VLAN max 32 characters Result The VLAN is assigned a name Further notes You delete name assignment for a VLAN with the no...

Page 166: ...pecifies the behavior of the interfaces and replaces the existing VLAN configuration Member ports tagged ports The interface is added permanently to the list of incoming and outgoing connections Tagged and untagged frames are transferred Untagged Ports The interface transfers untagged frames If the VLAN ID PVID is set incoming untagged frames are given a tag with the VLAN ID specified there If the...

Page 167: ...aning Parameter Description Values interface type Type or speed of the interface Specify a valid interface a b 0 c Port no of the interface untagged Keyword for interfaces or ports that transfer data packets without VLAN marking all Specifies that all interfaces or ports are set to untagged forbidden Keyword for forbidden interfaces or ports name Keyword for the name assignment vlan name Name of t...

Page 168: ...b 0 c all forbidden interface type 0 a b 0 c interface type 0 a b 0 c all name vlan name The parameters have the following meaning Parameter Description Values interface type Type or speed of the interface Enter a valid interface a b 0 c Port no of the interface untagged Keyword for interfaces or ports that transfer data packets without VLAN marking all Specifies that all interfaces or ports are s...

Page 169: ... this command you enable or disable the TIA interface property The interface can only be used for PNIO Requirement The interface is activated You are in the VLAN configuration mode of the VLAN interface with the ID The command prompt is cli config if vlan Syntax Call the command without parameters tia interface Result The TIA interface is enabled exclusively for the specified VLAN The function was...

Page 170: ...Network structures 5 1 VLAN SCALANCE S615 Command Line Interface 170 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Page 171: ...ings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 1 1 1 show ip dns Description This command shows information about the DNS client for example the status of the DNS client and parameters for querying the DNS server Requirement You are in ...

Page 172: ...lowing meaning Parameter Description Range of values note port Keyword for a an interface description interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The overview of the DCP forwarding behavior is disp...

Page 173: ...XEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show ip route ip address mask connected static The parameters have the following meaning Parameter Description Range of values ip address Shows the information for a specific IP address Specify a valid IP address mask Defines an address range using the subnet mask 8 16 or 24 connected Show...

Page 174: ...rivileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show ip routing Result The routing function is enabled 6 1 1 6 show ip static route Description This command shows the routes that were generated statically Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the com...

Page 175: ...mmand without parameters show ip telnet Result The admin status and the port number of the Telnet server are displayed 6 1 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Glo...

Page 176: ...th the following parameters dcp server read only read write The parameters have the following meaning Parameter Description Range of values note read only only reading is permitted on the DCP server read write reading and writing is permitted on the DPC server Default read write Result The read and write permissions for the DPC server are configured The DCP server is enabled Further notes You disa...

Page 177: ...eck the availability of a network node packets of the Internet Control Message Protocol ICMP can be sent to it These packets of type 8 request the recipient to send a packet back to the sender echo reply With this command you enable the network node to react to ping queries Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command with...

Page 178: ...onfig Syntax Call the command without parameters no ip echo reply Result ICMP echo reply messages are disabled The network node does not react to ping queries Further notes You change the setting with the ip echo reply command 6 1 2 5 ip route Description With this command you configure a static entry in the IP routing table Requirement You are in the Global configuration mode The command prompt i...

Page 179: ...ress distance The value for the administrative dis tance 1 255 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The entry in the IP routing table is configured Further notes You delete an entry from the IP routing table with the no ip route command You display the IP routing table with the show ip route command 6 1 2 6 no ...

Page 180: ... distance The value for the administrative dis tance 1 255 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The entry is deleted Further notes You configure an entry from the IP routing table with the ip route command You display the IP routing table with the show ip route command 6 1 2 7 ip routing Description With this c...

Page 181: ...on With this command you disable IPv4 routing function on the device Note IPv6 routing If IPv6 routing is enabled on the device this is also disabled with this function Note This command is available only with layer 3 Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no ip routing Result IPv4 routing is disab...

Page 182: ...mpt is as follows cli config Syntax Call the command without parameters telnet server As default the function is enabled Result The Telnet server is enabled Further notes You disable the Telnet server with the no telnet server command 6 1 2 10 no telnet server Description With this command you disable the Telnet server Requirement You are in the Global configuration mode The command prompt is as f...

Page 183: ...topics that can be called in the interface configuration mode can be found in the relevant sections If you exit the Interface configuration mode with the exit command you return to the Global configuration mode If you exit the Interface configuration mode with the end command you return to the Privileged EXEC mode 6 1 3 1 ip address Description With this command you assign an IP address to a VLAN ...

Page 184: ...n Interface identifiers and addresses Page 25 Result The IP address is assigned to the VLAN interface Note Effectiveness of the command The command is effective immediately If you configure the interface via which you access the device the connection will be lost Further notes You delete the settings with the no ip address command You display this setting and other information with the show ip int...

Page 185: ... with the following parameters no ip address ucast_addr The parameter has the following meaning Parameter Description Values ucast_addr IP Address of the VLAN interface that will be deleted enter a valid IP address For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The assignment of the IP address to a VLAN interface is dele...

Page 186: ... have the following meaning Parameter Description Range of values note Vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface ip address Shows the IP addresses of the entries in the ARP table mac address Shows the MAC addresses of the en tries in the ARP...

Page 187: ...s of the DHCP client Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show ip dhcp client Result The configuration settings of the DHCP client are displayed 6 3 2 renew dhcp Description This command reassigns an IP address to the selected interface via DHCP Requirement The IP address of t...

Page 188: ...is assigned again This address can be a different address from the previously assigned address Further notes You can display the statistical information of the DHCP client with the show ip dhcp client stats command You show the statistical information and the configuration of the IP interface with the show ip interface command See also Interface identifiers and addresses Page 25 6 3 3 Commands in ...

Page 189: ...is file With this command you enable the DHCP config file request option Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters ip dhcp config file request Result The DHCP config file request option is enabled Further notes You disable the DHCP config file request option with the no ip dhcp config file request com...

Page 190: ...he type of identifier with which the DHCP client logs on with its DHCP server Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters ip dhcp client mode mac client id client id sysname The parameters have the following meaning Parameter Description Range of values mac The client registers with its MA...

Page 191: ...splay various settings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 4 1 1 show ip dhcp server bindings Description This command shows the current assignments of IPv4 addresses of the DHCP server Requirement You are in the User EXEC mode or...

Page 192: ...hcp server pools pool id 1 5 The parameter has the following meaning Parameter Description Range of values note pool id ID of the addressed IPv4 address band 1 5 Result The configuration of the DHCP server and the DHCP options is displayed 6 4 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode en...

Page 193: ...of IPv4 addresses that the DHCP server supports is 100 In other words a total of 100 IPv4 addresses dynamic static With the static assignments you can create a maximum of 20 entries Requirement NAT is enabled in Client mode You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameter assignment ip dhcp server Result The DHCP server ...

Page 194: ...ver is disabled Further notes You enable the DHCP server with the ip dhcp server command 6 4 2 3 no ip dhcp server icmp probe Description With this command you disable the Probe address with ICMP Echo before offer function Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameter assignment no ip dhcp server icmp prob...

Page 195: ...ip dhcp server pool Description With this command you have two options of changing to the DHCPPOOL configuration mode and to assign an interface to the IPv4 address band 1 If you call the command ip dhcp server pool with the parameter pool id 1 5 you change directly to the DHCPPOOL configuration mode If the ID of the addressed IPv4 address band does not yet exist it is first created and assigned t...

Page 196: ... options Displays the possible options for the interface For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The ID of the addressed IPv4 address band is configured You are now in the DHCPPOOL configuration mode The command prompt is as follows cli config dhcp pool ID Further notes You exit the DHCPPOOL configuration mo...

Page 197: ...tion describes commands that you can call up in the DHCPPOOL Configuration mode In the Global Configuration mode enter the ip dhcp server pool command to change to this mode If you exit the DHCPPOOL Configuration mode with the exit command you return to the Global Configuration mode If you exit the DHCPPOOL Configuration mode with the end command you return to the Privileged EXEC mode 6 4 3 1 leas...

Page 198: ...2 network Description With this command you configure the IPv4 address band from which the DHCP client receives any IPv4 address Note Maximum number of IP addresses The maximum number of IPv4 addresses that the DHCP server supports is 100 In other words a total of 100 IPv4 addresses dynamic static With the static assignments you can create a maximum of 20 entries Assignment of IP addresses The req...

Page 199: ...ess band is configured The DHCP options 1 3 6 66 and 67 are created automatically With the exception of option 1 the options can be deleted Further notes You display the setting with the show ip dhcp server pools command You assign an IP address to an interface with the set interface command You configure the DHCP option 67 with the option value string command You configure the DHCP options 3 6 an...

Page 200: ...Pv4 address of the interface that is assigned to the IPv4 address band Result The DHCP option is created In total a maximum of 20 DHCP options are possible Further notes You display the setting with the show ip dhcp server pools command You disable the IPv4 address band with the no pool enable command You delete the DHCP option with the no option command You configure the DHCP option 67 with the o...

Page 201: ...HCP options 3 6 and 66 with the option command You configure all other DHCP options with the option value hex command 6 4 3 5 option value hex Description With this command you create DHCP options that contain a hexadecimal value as DHCP parameter The various DHCP options are defined in RFC 2132 The exceptions are the DHCP options 1 3 66 and 67 You configure the DHCP options 3 6 and 66 with the co...

Page 202: ...lue Format XXXXX e g C0A86402 Result The DHCP option is configured In total a maximum of 20 DHCP options are possible Further notes You display the setting with the show ip dhcp server pools command You disable the IPv4 address band with the no pool enable command You delete the DHCP option with the no option command 6 4 3 6 pool enable Description With this command you specify that this IPv4 addr...

Page 203: ...hcp server pools command You disable the setting with the no pool enable command 6 4 3 7 no pool enable Description With this command you specify that this IPv4 address band will not be used Requirement You are in the DHCPPOOL configuration mode The command prompt is as follows cli config dhcp pool ID Syntax Call the command without parameter assignment no pool enable Result The setting is disable...

Page 204: ...all up the command with the following parameters set interface vlan vlan id 1 4094 interface type interface id The parameters have the following meaning Parameter Description Range of values note vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface For...

Page 205: ... config dhcp pool ID Syntax Call up the command with the following parameters static lease mac mac address ip address The parameters have the following meaning Parameter Description Range of values note mac address Unicast MAC address Specify the MAC address aa bb cc dd ee ff ip address Unicast IPv4 address Enter a valid IPv4 address The IPv4 address must match the subnet of the IPv4 address band ...

Page 206: ...rement You are in the DHCPPOOL configuration mode The command prompt is as follows cli config dhcp pool ID Syntax Call up the command with the following parameters no static lease mac mac address The parameter has the following meaning Parameter Description Range of values note mac address Unicast MAC address Specify a valid MAC address Result The assignment is deleted Further notes You configure ...

Page 207: ...he command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 5 1 1 show dnsclient information Description This command shows the configuration of the DNS client Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the...

Page 208: ...n mode 6 5 2 1 Introductory sentence for the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration m...

Page 209: ...You exit the DNS CLIENT configuration mode with the end or exit command 6 5 2 3 dnsproxy Description With this command you change to the DNS PROXY configuration mode Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameter assignment dnsproxy Result You are now in the DNS PROXY configuration mode The command prompt i...

Page 210: ... configuration mode The command prompt is as follows cli config ddnsclient Further notes You exit the DDNS Client configuration mode with the end or exit command 6 5 3 Commands in the DNS CLIENT configuration mode This section describes commands that you can call up in the DNS CLIENT configuration mode In the Global configuration mode enter the dnsclient command to change to this mode If you exit ...

Page 211: ...and with the following parameters manual srv ip_addr The parameter has the following meaning Parameter Description Range of values note ip_addr IPv4 address Enter a valid IPv4 address Result The DNS server is configured Further notes You display this setting and other information with the show dnsclient informationen command You configure the DNS server type with the server type command You delete...

Page 212: ... for DNS server ip address IPv4 address Enter the IPv4 address of the DNS server all Deletes all DNS servers Result The specified DNS server is deleted Further notes You create a DNS server entry with the manual srv command You display this setting and other information with the show dnsclient information command 6 5 3 3 server type Description With this command you specify which DNS server the de...

Page 213: ... automatically Result The device uses the specified DNS servers Further notes You display this setting and other information with the show dnsclient information command You create a manually configured DNS server with the manual srv command 6 5 3 4 shutdown Description With this command you end the DNS client Requirement You are in the DNS CLIENT configuration mode The command prompt is as follows...

Page 214: ...assignment no shutdown Result The DNS client of the device is enabled and when necessary sends queries to the DNS server Further notes You end the DNS client with the shutdown command You display this setting and other information with the show dnsclient information command 6 5 4 Commands in the DNS PROXY configuration mode This section describes commands that you can call up in the DNS PROXY conf...

Page 215: ...DNS PROXY configuration mode The command prompt is as follows cli config dnsproxy Syntax Call the command without parameter assignment cache nxdomain Result The setting is enabled Further notes You disable the setting with the no cachenxdomain command 6 5 4 2 no cachenxdomain Description With this command you disable the caching of NXDOMAIN responses Requirement You are in the DNS PROXY configurat...

Page 216: ...y of the DNS server Requirement You are in the DNS PROXY configuration mode The command prompt is as follows cli config dnsproxy Syntax Call the command without parameter assignment shutdown Result The setting is disabled Further notes You enable the setting with the no shutdown command 6 5 4 4 no shutdown Description With this command you enable the proxy of the DNS server Requirement You are in ...

Page 217: ...configuration mode In the Global configuration mode enter the ddnsclient command to change to this mode If you exit the DDNS CLIENT configuration mode with the exit command you return to the Global configuration mode If you exit the DDNS CLIENT configuration mode with the end command you return to the Privileged EXEC mode 6 5 5 1 service Description With this command you enable the dynamic DNS pro...

Page 218: ...ith the show ddnsclient information command You disable an entry with the no service command 6 5 5 2 no service Description With this command you disable the dynamic DNS provider Requirement You are in the DDNS Client configuration mode The command prompt is as follows cli config ddnsclient Syntax Call up the command with the following parameters no service show services index The parameters have ...

Page 219: ...S Client configuration mode The command prompt is as follows cli config ddnsclient Syntax Call up the command with the following parameters userhost show services index host The parameters have the following meaning Parameter Description Range of values note show services Lists the available providers index Number corresponding to a specific provider Specify a valid number host Host name Specify t...

Page 220: ...s username show services index username The parameters have the following meaning Parameter Description Range of values note show services Lists the available providers index Number corresponding to a specific provider Specify a valid number username User names Specify the negotiated user name Result The user name is configured Further notes You display this setting and other information with the ...

Page 221: ...ers password show services index password The parameters have the following meaning Parameter Description Range of values note show services Lists the available providers index Number corresponding to a specific provider Specify a valid number password Password Enter the negotiated password Result The password is configured Further notes You display this setting and other information with the show...

Page 222: ...ngs With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 6 1 1 show snmp Description This command shows the status information of SNMP Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or...

Page 223: ...d prompt is as follows cli or cli Syntax Call the command without parameters show snmp community Result The details of the configured SNMP communities are displayed 6 6 1 3 show snmp engineID Description This command shows the SNMP identification number of the device Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the...

Page 224: ...XEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show snmp filter Result The configured SNMP filters are displayed 6 6 1 5 show snmp group Description This command shows the configured SNMP groups Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without paramet...

Page 225: ...ompt is as follows cli or cli Syntax Call the command without parameters show snmp group access Result The rights of the configured SNMP groups are displayed 6 6 1 7 show snmp inform statistics Description This command shows the statistics of the Inform Messages Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the comm...

Page 226: ...The command prompt is as follows cli or cli Syntax Call the command without parameters show snmp notif Result The configured SNMP notification types are displayed 6 6 1 9 show snmp targetaddr Description This command shows the configured SNMP target addresses Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command...

Page 227: ...ode The command prompt is as follows cli or cli Syntax Call the command without parameters show snmp targetparam Result The configured SNMP target parameters are displayed 6 6 1 11 show snmp tcp Description This command shows the configuration for SNMP via TCP Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the comman...

Page 228: ...command prompt is as follows cli or cli Syntax Call the command without parameters show snmp user Result The settings for the SNMP user are displayed 6 6 1 13 show snmp viewtree Description This command shows the settings for the SNMP tree views Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without param...

Page 229: ...topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 6 6 2 1 snmpagent Description With this command you enable the SNMP agent function Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax C...

Page 230: ...onfig Syntax Call the command without parameters no snmpagent Result The SNMP agent function is disabled Further notes You enable the SNMP agent function with the snmpagent command 6 6 2 3 snmp agent version Description With this command you configure whether all SNMP queries or only SNMPv3 queries are processed Requirement You are in the Global configuration mode The command prompt is as follows ...

Page 231: ...re in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters snmp access GroupName v1 v2c v3 auth noauth priv read ReadView none write WriteView none notify NotifyView none volatile nonvolatile The parameters have the following meaning Parameter Description Range of values note GroupName Name of the group to which access i...

Page 232: ...estart The keywords need to be specified If optional parameters are not specified when configuring a group the default value will be used Result The settings for access to an SNMP group are configured Further notes You delete the access to an SNMP group with the no snmp access command You display the configured SNMP groups with the show snmp group command You display the access configurations for ...

Page 233: ...s the authentication method auth noauth priv Result The access to an SNMP group is deleted Further notes You configure the setting with the snmp access command You display the configured SNMP groups with the show snmp group command You display the access configurations for SNMP groups with the show snmp group access command You display the configured SNMP tree views with the show snmp viewtree com...

Page 234: ... max 32 characters Storage type specifies whether the settings remain following a restart volatile volatile The settings are lost after a restart nonvolatile non volatile The settings are retained after a restart If optional parameters are not specified when configuring a community the default values apply Result The settings are configured Further notes You delete the details of an SNMP community...

Page 235: ... SNMP community with the show snmp community command You show the status information of the SNMP communication with the show snmp command 6 6 2 8 snmp filterprofile Description With this command you configure a filter that describes the access rights to the MIB tree Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the ...

Page 236: ... nonvolatile non volatile The saved settings are used after a restart Note that the meaning of the filter mask changes depending on the included excluded parameter 0 and included means Access denied 0 and excluded means Access permitted 1 and included means Access permitted 1 and excluded means Access denied Result The filter is created Further notes You delete a filter with the no snmp filterprof...

Page 237: ...p filterprofile command You display the created filter with the show snmp filter table command 6 6 2 10 snmp group Description With this command you configure the details of an SNMP group Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters snmp group GroupName user UserName security model v1 v2c v...

Page 238: ...ers are not specified when configuring a group the default values apply Result The details of the group are configured Further notes You delete the details of an SNMP group with the no snmp group command You display the created SNMP groups with the show snmp group command You display the created SNMP user with the show snmp user command 6 6 2 11 no snmp group Description With this command you dele...

Page 239: ...the snmp group command You display the created SNMP groups with the show snmp group command You display the created SNMP user with the show snmp user command 6 6 2 12 snmp notify Description With this command you configure the details of the SNMP notifications Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the follow...

Page 240: ...The settings are retained after a restart Result The details of the SNMP notifications are configured Further notes You delete the details of an SNMP group with the no snmp notify command You display the configured SNMP notifications with the show snmp notif command You display the configured SNMP target addresses with the show snmp targetaddr command 6 6 2 13 no snmp notify Description With this ...

Page 241: ...mmand 6 6 2 14 snmp targetaddr Description With this command you configure the SNMP target addresses Requirement The SNMP target parameters are configured You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters snmp targetaddr TargetAddressName param ParamName ipv4 IPAddress timeout Seconds 1 1500 retries RetryCo...

Page 242: ...cifies whether the settings re main following a restart volatile The default settings are used af ter a restart nonvolatile The saved settings are used af ter a restart port Keyword for the port number at which the SNMP manager receives traps and inform messages integer Port number 1 65535 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses...

Page 243: ...o snmp targetaddr TargetAddressName The parameter has the following meaning Parameter Description Range of values note TargetAddressName SNMP target address max 32 characters Result The SNMP target address is deleted Further notes You change the SNMP target address with the snmp targetaddr command You display the SNMP target address with the show snmp targetaddr command 6 6 2 16 snmp targetparams ...

Page 244: ...MP version is used With SNMPv3 a security level authen tication encryption can also be con figured SNMP version v1 v2c v3 Security level for v3 auth Authentication enabled no encryption enabled noauth No authentication enabled no encryption enabled priv Authentication enabled encryption enabled message processing Specifies which SNMP version is used for processing the messages and whether the sett...

Page 245: ...w snmp user command 6 6 2 17 no snmp targetparams Description With this command you delete the SNMP target parameters Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters no snmp targetparams ParamName The parameter has the following meaning Parameter Description Range of values note ParamName Name...

Page 246: ... cli config Syntax Call the command without parameters snmp v1 v2 readonly Result Write access for SNMPv1 and SNMPv2 PDUs is blocked Further notes You release write access for SNMPv1 and SNMPv2 PDUs with the no snmp v1 v2 readonly command 6 6 2 19 no snmp v1 v2 readonly Description With this command you enable write access for SNMPv1 and SNMPv2 PDUs Requirement You are in the Global configuration ...

Page 247: ... UserName auth md5 sha passwd priv DES passwd volatile nonvolatile The parameters have the following meaning Parameter Description Range of values note UserName Name of the user max 32 characters auth specifies that authentication takes place and which algorithm is used md5 Message Digest 5 sha Secure Hash Algorithm Default No authentication passwd Password for authentication max 32 characters pri...

Page 248: ...p user command 6 6 2 21 no snmp user Description With this command you delete the details of an SNMP user Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters no snmp user UserName The parameter has the following meaning Parameter Description Range of values note UserName Name of the user max 32 ch...

Page 249: ...Parameter Description Range of values note ViewName Name of the SNMP view max 32 characters OIDTree Object ID Path information of the MIB tree mask Keyword for the OID mask OIDMask Mask that filters access to the ele ments of the MIB tree A series of 0 and 1 separated by dots in keeping with the path information of the MIB tree View type Specifies whether the filtered elements are used or excluded...

Page 250: ...d 6 6 2 23 no snmp view Description With this command you delete an SNMP view Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters no snmp view ViewName OIDTree The parameters have the following meaning Parameter Description Range of values note ViewName Name of the view max 32 characters OIDTree O...

Page 251: ...is as follows cli or cli Syntax Call the command without parameters show ip http server status Result The status of the HTTP server is displayed 6 7 2 Commands in the Global Configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics tha...

Page 252: ...e command without parameters ip http As default the function is enabled Result HTTP is enabled on the device Further notes You can display the setting of this function and other information with the show ip http server statuscommand You deactivate HTTP on the device with the no ip http command 6 7 2 2 no ip http Description With this command you disable HTTP on the device Requirement You are in th...

Page 253: ...ce Configuration Manual 06 2015 C79000 G8976 C406 02 253 no ip http Result HTTP is disabled on the device Further notes You can display the setting of this function and other information with the show ip http server statuscommand You enable HTTP with the ip http command ...

Page 254: ...rement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show ip http secure server status Result The status cipher suite and version of the HTTPS server are displayed 6 8 2 show ssl server cert Description This command shows the SSL server certificate Requirement You are in the User EXEC mode or in t...

Page 255: ...Network protocols 6 8 HTTPS server SCALANCE S615 Command Line Interface Configuration Manual 06 2015 C79000 G8976 C406 02 255 Result The SSL server certificate is displayed ...

Page 256: ...ers show proxyserver table Result The configuration is displayed 6 9 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant se...

Page 257: ...ommand 6 9 3 Commands in the PROXYSERVER configuration mode This section describes commands that you can call up in the PROXYSERVER configuration mode In the Global configuration mode enter the proxyserver command to change to this mode If you exit the PROXYSERVER configuration mode with the exit command you return to the Global configuration mode If you exit the PROXYSERVER configuration mode wit...

Page 258: ...using HTTP socks Universal proxy server port Keyword for port num Port number 0 65535 Specify the port on which the proxy ser vice runs auth Keyword for the authentication method basic Standard authentication User name and password are sent unencrypted ntlm Authentication according to the NTML standard Windows user logon none No authentication addr Keyword for IPv4 address ip_addr IPv4 address Ent...

Page 259: ...y server name has been created and is not being used anywhere You are in the PROXYSERVER configuration mode The command prompt is as follows cli config proxysrv Syntax Call up the command with the following parameters no srv name string 128 all The parameters have the following meaning Parameter Description Range of values note name Keyword for proxy server name string Proxy server name Specify a ...

Page 260: ...and with the following parameters srv name string 128 addr ip_addr dns 50 The parameters have the following meaning Parameter Description Range of values note string Proxy server name Specify the proxy server name Maximum of 128 characters ip_addr IPv4 address Enter the IPv4 address of the proxy server dns DNS host name Enter the DNS host name of the proxy server Maximum of 50 characters Result Th...

Page 261: ...tring 128 auth none basic ntlm The parameters have the following meaning Parameter Description Range of values note string Proxy server name Specify the proxy server name Maximum of 128 characters none No authentication basic Standard authentication The user name and password are sent unencrypted ntlm Authentication according to the NTML standard Windows user logon Result The authentication method...

Page 262: ...note string Proxy server name Specify the proxy server name Maximum of 128 characters Port Port number Specify the port number on which the proxy service runs 0 65535 Result The port has been changed Further notes You display the available proxy server names with the srv show names command You create the proxy server with the srv name command 6 9 3 6 srv name pw Description With this command you c...

Page 263: ... Specify the changed pass word for access to the proxy server Maximum of 255 characters Result The password is changed Further notes You display the available proxy server names with the srv show names command You create the proxy server with the srv name command 6 9 3 7 srv name type Description With this command you change the type of the proxy server Requirement The proxy server name has been c...

Page 264: ... server has been changed Further notes You display the available proxy server names with the srv show names command You create the proxy server with the srv name command 6 9 3 8 srv name user Description With this command you change the user name for access to the proxy server Requirement When selecting the authentication method basic is used The proxy server name has been created You are in the P...

Page 265: ...characters Result The user name has been changed Further notes You display the available proxy server names with the srv show names command You create the proxy server with the srv name command 6 9 3 9 srv show names Description With this command you display the available proxy server names Requirement You are in the PROXYSERVER configuration mode The command prompt is as follows cli config proxys...

Page 266: ...ds in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 10 1 1 show events smtp server Description This command shows the configured SMTP servers Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters sho...

Page 267: ...ddress is displayed 6 10 1 3 show events smtp port Description This command shows the configured SNMP port Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show events smtp port Result The configured SMTP port is displayed 6 10 2 Commands in the Events configuration mode This section desc...

Page 268: ... With this command you configure the e mail name of the sender Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters sender mail address mail address The parameter has the following meaning Parameter Description Range of values note mail address Email name of the sender max 100 characters Res...

Page 269: ... You display the setting with the show events sender email command 6 10 2 3 smtp server Description With this command you configure an entry for an SMTP server Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters smtp server ipv4 ucast_addr fqdn name FQDN 100 receiver mail address The parame...

Page 270: ...smtp server command 6 10 2 4 no smtp server Description With this command you delete an SMTP server entry Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters no smtp server ipv4 ucast_addr fqdn name FQDN 100 The parameters have the following meaning Parameter Description Range of values not...

Page 271: ... SMTP port Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters smtp port smtp port 1 65535 The parameter has the following meaning Parameter Description Range of values note smtp port Value for the SMTP port 1 65535 Default 25 Result An SMTP port is configured Further notes You can reset th...

Page 272: ...t the SMTP port to the default The default value is 25 Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call the command without parameters no smtp port Result The SMTP port is reset to the default value Further notes You configure the setting with the smtp port command You display the setting with the show smtp port command ...

Page 273: ... mail according to the currently configured SMTP settings Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call the command without parameters send test mail Result An e mail according to the currently configured SMTP settings was sent Further notes You can display the current SMTP settings with the show events emailserver command ...

Page 274: ...follows cli or cli Syntax Call the command without parameters show ip ssh Result The settings for the SSH server are displayed 6 11 2 Commands in the Global Configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called i...

Page 275: ...this command you enable the SSH protocol on the device Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters ssh server As default the function is enabled Result The SSH protocol is enabled on the device Further notes You disable the SSH protocol with the no ssh server command ...

Page 276: ...r Description With this command you disable the SSH protocol on the device Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no ssh server Result The SSH protocol is disabled on the device Further notes You enable the SSH protocol with the ssh server command ...

Page 277: ... of the flow control function 7 1 1 show flow control Description This command shows the settings of the flow control function Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show flow control interface interface type interface id The parameters have the following meaning P...

Page 278: ... relating to other topics that can be called in the interface configuration mode can be found in the relevant sections If you exit the Interface configuration mode with the exit command you return to the Global configuration mode If you exit the Interface configuration mode with the end command you return to the Privileged EXEC mode 7 1 2 1 flowcontrol Description The flow control function monitor...

Page 279: ...up the command with the following parameters flowcontrol on off The parameters have the following meaning Parameter Description on Enables the function off Disables the function Result The settings for the flow control function are configured Further notes You can display the status of this function with the show flow control command ...

Page 280: ...very configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 7 2 1 1 show mac address table aging time Description To ensure that the address entries are up to date MAC addresses are only kept in the address table for a specified time This command shows the time after which the MAC addresses are removed from the address t...

Page 281: ... mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged E...

Page 282: ...address table aging time command You disable the Aging function with the no mac address table aging command 7 2 2 2 no mac address table aging Description With this command you disable the Aging function Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no mac address table aging Result The Aging function is ...

Page 283: ...and prompt is as follows cli config Syntax Call up the command with the following parameters mac address table aging time seconds 10 1000000 The parameter has the following meaning Parameter Description Range of values seconds Life of the entry in seconds 10 1000000 At system start or when using the restart command with the option memoryor factory the following defaults apply The default value is ...

Page 284: ...Load control 7 2 Dynamic MAC aging SCALANCE S615 Command Line Interface 284 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Page 285: ... for NAT NAPT 8 1 1 The show commands 8 1 1 1 show firewallnat masquerading Description This command shows the interfaces on which IP masquerading is enabled Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show firewallnat masquerading Result The interfaces are displayed ...

Page 286: ...mand prompt is as follows cli Syntax Call the command without parameter assignment show firewallnat napt Result The configured NAPT rules are displayed 8 1 1 3 show firewallnat netmap map Description This command shows the configured NETMAP rules Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show firewallna...

Page 287: ...s in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and...

Page 288: ...ion mode enter the firewallnat command to change to this mode If you exit the FIREWALL NAT configuration mode with the exit command you return to the Global configuration mode If you exit the FIREWALL NAT configuration mode with the end command you return to the Privileged EXEC mode Available interfaces As the source and destination interfaces the following interfaces are available Interface masqu...

Page 289: ... Parameter Description Range of values note interface type Type or speed of the interface Specify a valid interface num Number of the addressed VLAN Specify a valid interface index 0 4094 For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL NAT configuration mode Page 288 Result The rules for IP masquerading are enabled on the specified interface...

Page 290: ...ce num Number corresponding to a specific interface Enter the required number 0 10 all int Disables the rules for IP masquerading on all interfaces show int Lists the available interfaces For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL NAT configuration mode Page 288 Result The rules for IP masquerading are disabled on the relevant interface...

Page 291: ...ord for a protocol UDP Address assignment for UDP valid TCP Address assignment for TCP valid dstip Keyword for the destination IP ad dress auto Uses the IP address of the selected interface ip_addr IPv4 address Enter a valid IPv4 address transip Keyword for the IP address of the node to which this frame will be for warded ip_addr IPv4 address Enter a valid IPv4 address dstport Keyword for destinat...

Page 292: ... with a unique number index is created Further notes You delete a NAPT rule with the no napt command You delete all NAPT rules with the no napt all command You display the numbers of the NAPT rules with the napt show idx command You display the NAPT rule with the show firewallnat napt command 8 1 3 4 no napt Description With this command you delete a specific NAPT rule Requirement VLAN interface w...

Page 293: ... You display the numbers of the NAPT rules with the napt show idx command You delete all NAPT rules with the no napt all command You create a NAPT rule with the napt type ipv4 command 8 1 3 5 no napt all Description With this command you delete all NAPT rules Requirement You are in the FIREWALL NAT configuration mode The command prompt is as follows cli config fwnat Syntax Call the command without...

Page 294: ...nat Syntax Call the command without parameter assignment napt show idx Result The numbers are listed Further notes You delete a NAPT rule with the no napt command You create a NAPT rule with the napt command 8 1 3 7 netmap destination type ipv4 Description With this command you create the NETMAP rule for the address translation of the destination IP address Requirement You are in the FIREWALL NAT ...

Page 295: ...ord for the destination subnet subnet The subnet can also be a single PC or another subset of the subnet Specify the subnet in the CIDR notation transip Keyword for the subnet with which the destina tion subnet is replaced subnet The subnet can also be a single PC or another subset of the subnet Specify the subnet in the CIDR notation For information on identifiers of addresses and interfaces refe...

Page 296: ...um Number of the addressed interface 0 4094 dstint Keyword for the destination interface if type Type or speed of the interface Specify a valid interface num Number of the addressed interface 0 4094 idx Keyword for the number of the NETMAP rule num Number corresponding to a specific NETMAP rule Specify a valid number 0 200 For information on identifiers of addresses and interfaces refer to the sec...

Page 297: ...at Syntax Call the command without parameter assignment no netmap all Result All NETMAP rules are deleted Further notes You create a NETMAP rule with the commands netmap source type ipv4 and netmap destination type ipv4 8 1 3 10 netmap show idx Description With this command you show the numbers of the configured NETMAP rules Requirement You are in the FIREWALL NAT configuration mode The command pr...

Page 298: ...and with the following parameters src nat srcint if type num 0 4094 dstint if type num 0 4094 type ipv4 srcip ip_addr ip_range subnet dstip ip_addr ip_range subnet transip auto ip_addr The parameters have the following meaning Parameter Description Range of values note srcint Keyword for the source interface if type Type or speed of the interface Specify a valid interface num Number of the address...

Page 299: ...ss of the interface is used Enter a valid IPv4 address For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL NAT configuration mode Page 288 Result The source NAT rule is created During creation an entry with a unique number index is created Further notes You delete a source NAT rule with the no src nat command You delete all source NAT rules with...

Page 300: ...nterface num Number of the addressed interface 0 4094 idx Keyword for the number of the source NAT rule num Number corresponding to a specific source NAT rule Specify a valid number 0 200 For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL NAT configuration mode Page 288 Result The specified source NAT rule is deleted Further notes You delete al...

Page 301: ...4 src nat show idx Description With this command you show the numbers of the configured source NAT rules Requirement You are in the FIREWALL NAT configuration mode The command prompt is as follows cli config fwnat Syntax Call the command without parameter assignment src nat show idx Result The numbers are listed Further notes You delete a source NAT rule with the no src nat command You delete all ...

Page 302: ...Layer 3 functions 8 1 NAT SCALANCE S615 Command Line Interface 302 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Page 303: ... 9 1 User rights management This section describes commands for access as administrator and the configuration of the authentication methods 9 1 1 show users Description This command displays the users that logged on via Telnet or SSH Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters show users Result The logged in users ...

Page 304: ...ileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters show user accounts Result The created users are shown 9 1 3 whoami Description This command shows the user name of the logged in user Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters whoami Re...

Page 305: ...XEC mode again 9 1 4 1 user account Description With this command you specify a new user You can also change the password role of an already created user If the logged in user has the admin role he or she can create a new user or change the password role of a user When the logged in users have the user role they can can only change their password Note You can create up to 16 additional user accoun...

Page 306: ...r at least 1 number privilege Keyword for the role of the user user The user only has read rights admin The user can create edit or delete entries Result The new user has been created or the password role has been changed Note User name cannot be changed After creating a user the user name can no longer be modified because the user name is used for encryption of the password If a user name needs t...

Page 307: ... role You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters no user account user name The parameter has the following meaning Parameter Description Range of values note user name User name Enter a valid user name Result The user has been deleted Further notes You create a user with the user account command You ...

Page 308: ...e admin User name Specify the user name password Keyword for a password passwd Value for the password Enter the password The password must meet the following password policies Password length at least 8 characters at least 1 uppercase letter at least 1 special character at least 1 number Result The password is changed Note Changing the password in Trial mode Even if you change the password in Tria...

Page 309: ...ttings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 9 2 2 1 show firewall icmp services ipv4 Description This command shows the configured ICMPv4 services Requirement You are in the Privileged EXEC mode The command prompt is as follows cli S...

Page 310: ... EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show firewall information Result The configuration is displayed 9 2 2 3 show firewall ip protocols Description This command displays the configured protocols Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment sho...

Page 311: ...he command prompt is as follows cli Syntax Call the command without parameter assignment show firewall ip rules ipv4 Result The overview of the IPv4 firewall rules is displayed 9 2 2 5 show firewall pre rules ipv4 Description This command shows the predefined IPv4 rules available on the interface Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call up th...

Page 312: ...Shows the information for all interfaces if id Number corresponding to a specific interface Specify a valid number Result The predefined IPv4 rules are displayed 9 2 2 6 show firewall ip services Description This command shows the configured IP services Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show fir...

Page 313: ...You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 9 2 3 1 firewall Description With this command you change to the FIREWALL configuration mode Requirement You are now in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters firewall Result You are now in the FIREWALL conf...

Page 314: ...fined firewall rules own firewall rules VLAN VLANs with configured subnet x x vlan 1 x PPP M874 M876 3 WAN interface EGPRS GPRS UMTS x x ppp 0 USB M876 4 WAN interface LTE x x usb 0 IPsecVPN All IPsecVPN connections x ipsecALL Specific IPsecVPN connection x ipsec num SINEMA RC Connection to SINEMA RC Server x sinemarcall Device Connection to the device x device x available not available 9 2 4 1 ic...

Page 315: ...e required number Default 256 ver Keyword for the version of the ICMP protocol ipv4 IP Version4 Result The ICMP service is configured Further notes You display the available service names with the icmp show names command You show the available ICMP packet types and codes with the icmp show types codes command You delete this service with the no icmp command You display this setting and other infor...

Page 316: ...names Result The corresponding ICMP service is deleted Further notes You create the ICMP service with the icmp name command You display the available service names with the icmp show names command You show the available ICMP packet types and codes with the icmp show types codes command 9 2 4 3 icmp name set Description With this command you change the ICMP packet type and the code Requirement The ...

Page 317: ... Enter the required number The selection depends on the ICMP packet type Result The ICMP packet type and code have been changed Further notes You display the available service names with the icmp show names command You show the available ICMP packet types and codes with the icmp show types codes command You delete this service with the no icmp command You display this setting and other information...

Page 318: ... You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the command without parameter assignment icmp show types codes Result The list is displayed Further notes You create a protocol with the icmp name command 9 2 4 6 idle timeout icmp Description With this command you configure the required period for ICMP If no data exchange takes place the ICMP co...

Page 319: ... You display this setting and other information with the show firewall information command 9 2 4 7 idle timeout udp Description With this command you configure the required period for UDP If no data exchange takes place the UDP connection is terminated automatically when this time has elapsed Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Synt...

Page 320: ...time has elapsed Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters idle timeout tcp second 1 4294967295 The parameter has the following meaning Parameter Description Range of values note second Interval in seconds 1 4294967295 Result The interval is configured Further notes You display this...

Page 321: ...4 packet Specify a valid interface Maximum of 50 characters integer Number of the interface 0 4094 to Keyword for the incoming direc tion to string Interface that receives the IPv4 packet Specify a valid interface Maximum of 50 characters integer Number of the interface 0 4094 srcip Keyword for the source string Address that sends IPv4 packets Individual IP address Specify the IP address IP addres...

Page 322: ...about event severity information are logged war Messages about event severity warning are logged cri Messages about event severity critical are logged prior Keyword for the priority integer Priority Enter the priority for the IPv4 rule 0 64 For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The IPv4 rule is cr...

Page 323: ...ewall configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters no ipv4rule all idx integer 1 64 The parameters have the following meaning Parameter Description Range of values note ALL Deletes all IPv4 rules idx Keyword for index integer Number corresponding to a specific IPv4 rule Enter the required number 1 64 Result The correspon...

Page 324: ... The parameters have the following meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 action Keyword for the action with in coming IPv4 packets acc The data packets can pass through drop The data packets are discarded without any notification to the sender rej The data packets are rejected an...

Page 325: ... have the following meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 dstip Keyword for the destination string Address that receives IPv4 pack ets Individual IP address Specify the IP address IP range Specify the range with the start address end address e g 192 168 100 10 192 168 100 20 All ...

Page 326: ...g meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 from Keyword for the outgoing direc tion from string Interface that sends the IPv4 packet Specify a valid interface Maximum of 50 characters integer Number of the interface 0 4094 For information on identifiers of addresses and interfaces r...

Page 327: ...ters have the following meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 integer Number of the interface 0 4094 log Keyword for making entries in the firewall log none The rule coming into effect is not logged info Messages about event severity information are logged war Messages about even...

Page 328: ...ber 1 100 set prior number 0 64 The parameters have the following meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 prior Keyword for the priority integer Priority Enter the priority for the IPv4 rule 0 64 Result The priority of the corresponding IPv4 firewall rule has been changed Further n...

Page 329: ... Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 integer Number of the interface 0 4094 service Keyword for service or protocol name Result The service or protocol name of the corresponding IPv4 firewall rule has been changed Further notes You display this setting and other information with the show firewall ip rules ipv4 command You obtain th...

Page 330: ...dual IP address Specify the IP address IP range Specify the range with the start address end address e g 192 168 100 10 192 168 100 20 All IP addresses Specify 0 0 0 0 0 Result The source of the corresponding IPv4 firewall rule has been changed Further notes You display this setting and other information with the show firewall ip rules ipv4 command You obtain the numbers with the ipv4rule show rul...

Page 331: ...integer Number of the interface 0 4094 For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Result The incoming direction of the corresponding IPv4 firewall rule has been changed Further notes You display this setting and other information with the show firewall ip rules ipv4 command You obtain the numbers with the ipv4rule sho...

Page 332: ...s Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the command without parameter assignment ipv4rule show rules Result The IPv4 firewall rules are listed Further notes You display further information with the show firewall ip rules ipv4 command You display the IPv4 firewall rule with the ipv4rule command 9 2 4 21 prerule ipv4 show in...

Page 333: ...onfig fw Syntax Call up the command with the following parameters prerule all ipv4 int interface type num 0 10 all int enabled disabled The parameters have the following meaning Parameter Description Range of values note int Keyword for the interface interface type Type or speed of the interface Specify a valid interface num Interface index Specify a valid interface index 0 10 all int Enables all ...

Page 334: ...are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters prerule dhcp ipv4 int interface type num 0 10 all int enabled disabled The parameters have the following meaning Parameter Description Range of values note int Keyword for the interface interface type Type or speed of the interface Specify a valid interface...

Page 335: ... dns ipv4 Description With this command you enable the predefined firewall rule DNS on the selected interface Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters prerule dhcp ipv4 int interface type num 0 10 all int enabled disabled The parameters have the following meaning Parameter Descript...

Page 336: ...ipv4 show int command See also Commands in the FIREWALL configuration mode Page 313 9 2 4 25 prerule http ipv4 Description With this command you enable the predefined firewall rule HTTP on the selected interface Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters prerule http ipv4 int interfa...

Page 337: ...other information with the show firewall pre rules ipv4 command You list the available interfaces with the prerule ipv4 show int command See also Commands in the FIREWALL configuration mode Page 313 9 2 4 26 prerule https ipv4 Description With this command you enable the predefined firewall rule for HTTPS on the selected interface Requirement You are in the FIREWALL configuration mode The command ...

Page 338: ...t The predefined firewall rule HTTPS is enabled on the relevant interface The WBM can be accessed using HTTPS Further notes You display this setting and other information with the show firewall pre rules ipv4 command You list the available interfaces with the prerule ipv4 show int command See also Commands in the FIREWALL configuration mode Page 313 9 2 4 27 prerule ip ipv4 Description With this c...

Page 339: ...information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Result The predefined firewall rule IPv4 services is enabled on the relevant interface Further notes You display this setting and other information with the show firewall pre rules ipv4 command You list the available interfaces with the prerule ipv4 show int command See also Comm...

Page 340: ...n identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule IPSEC is enabled on the relevant interface IKE Internet Key Exchange data transfer from the external network to the device is allowed Further notes You display this setting and other information with the show firewall pre rules ipv4 command You lis...

Page 341: ...le For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Result The predefined firewall rule SNMP is enabled on the relevant interface Incoming SNMP connections are possible via the interface Further notes You display this setting and other information with the show firewall pre rules ipv4 command You list the available interfac...

Page 342: ... faces enabled Enables the predefined firewall rule disabled Disables the predefined firewall rule For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule SSH is enabled on the relevant interface Encrypted access to the CLI is possible Further notes You display this setting and other in...

Page 343: ...r faces enabled Enables the predefined firewall rule disabled Disables the predefined firewall rule For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule Telnet is enabled on the relevant interface Unencrypted access to the CLI is possible Further notes You display this setting and ot...

Page 344: ...ll inter faces enabled Enables the predefined firewall rule disabled Disables the predefined firewall rule For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule TFTP is enabled on the interface Communication using TFTP is allowed Further notes You display this setting and other inform...

Page 345: ...on all inter faces enabled Enables the predefined firewall rule disabled Disables the predefined firewall rule For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule Ping is enabled on the relevant interface Further notes You display this setting and other information with the show fir...

Page 346: ...net pages of iana org Result The protocol is configured If the optional parameters are not specified a protocol with this name is created and the default value is used You can adapt the parameter later Further notes You display this setting and other information with the show firewall ip protocols command You delete the protocol with the no proto command 9 2 4 35 no proto Description With this com...

Page 347: ...ames Result The relevant protocol is deleted Further notes You create a protocol with the proto name command You display the available protocol names with the proto show names command 9 2 4 36 proto show names Description With this command you display the available protocol names Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the c...

Page 348: ... number 0 65535 dst all port number 0 65535 range number 0 65535 number 0 65535 The parameters have the following meaning Parameter Description Range of values note string Service name Specify a unique service name Maximum of 32 characters UDP The service is valid only for UDP frames TCP The service is valid only for TCP frames Default src Keyword for the source all Applies to all ports Port Keywo...

Page 349: ...ith the show firewall ip services command 9 2 4 38 no service Description With this command you delete all services or a specific service Requirement The corresponding service has been created and is not being used anywhere You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters no service name string 32 all...

Page 350: ...ervice name set prot Description With this command you change the protocol Requirement The service name has been created You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters service name string 32 set proto udp tcp The parameters have the following meaning Parameter Description Range of values note string...

Page 351: ...reated You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters service name string 32 set dst all port number 0 65535 range number 0 65535 number 0 65535 The parameters have the following meaning Parameter Description Range of values note string Service name Specify a valid service name Maximum of 32 charact...

Page 352: ...reated You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters service name string 32 set src all port number 0 65535 range number 0 65535 number 0 65535 The parameters have the following meaning Parameter Description Range of values note string Service name Specify a valid service name Maximum of 32 charact...

Page 353: ... command 9 2 4 42 service show names Description With this command you display the available service names Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the command without parameter assignment service show names Result The service names are listed Further notes You create a protocol with the service cr name command 9 2 4 43 shutd...

Page 354: ...is disabled Further notes You enable the firewall with the no shutdown command 9 2 4 44 no shutdown Description With this command you enable the firewall Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the command without parameter assignment no shutdown Result The firewall is enabled Further notes You disable the firewall with the ...

Page 355: ...configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 9 3 1 1 show ipsec conn authentication Description This command shows the security settings of the IPsec VPN connections Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show ips...

Page 356: ...nnections Result The configurations are displayed 9 3 1 3 show ipsec conn phase1 Description This command shows the configuration of phase 1 of the IPsecVPN connections Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show ipsec conn phase1 Result The configurations are displayed 9 3 1 4 show ipsec conn phase2...

Page 357: ...nt show ipsec conn phase2 Result The configurations are displayed 9 3 1 5 show ipsecvpn information Description This command shows the basic setting of IPsecVPN Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show ipsec information Result The settings are displayed 9 3 1 6 show ipsec remoteend Description Thi...

Page 358: ...t you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 9 3 2 1 ipsec Description ...

Page 359: ...e IPSEC configuration mode with the exit command you return to the Global configuration mode If you exit the IPSEC configuration mode with the end command you return to the Privileged EXEC mode 9 3 3 1 connection name Description With this command you change to the IPSEC CONNECTION configuration mode If a suitable VPN connection does not exist a VPN connection is first created Requirement You are ...

Page 360: ...and 9 3 3 2 no connection name Description With this command you delete a specific VPN connection Requirement The corresponding VPN connection has been created and is not being used anywhere You are in the IPSEC CONNECTION configuration mode The command prompt is as follows cli config ipsec conn X Syntax Call up the command with the following parameters no connection name name 122 The parameter ha...

Page 361: ...pt is as follows cli config ipsec conn X Syntax Call the command without parameter assignment no connection all Result All VPN connections are deleted Further notes You display the VPN connection with the connection name command 9 3 3 4 crl policy Description With this command you specify whether the validity of the certificates is checked based on the CRL Certificate Revocation List Requirement Y...

Page 362: ...his setting and other information with the show ipsecvpn information command 9 3 3 5 nat keep alive Description With this command you specify the interval at which sign of life frames keepalives are sent Requirement You are in the IPSEC configuration mode The command prompt is as follows cli config ipsec Syntax Call up the command with the following parameters nat keep alive sec 1 10000 The parame...

Page 363: ...e IPSEC configuration mode The command prompt is as follows cli config ipsec Syntax Call up the command with the following parameters remote end name name 100 The parameter has the following meaning Parameter Description Range of values note name Name of the VPN remote station Enter the name for the VPN re mote station Result You are now in the IPSEC REMOTE END configuration mode The command promp...

Page 364: ...E END configuration mode The command prompt is as follows cli config ipsec rmend X Syntax Call up the command with the following parameters no remote end name name 128 The parameter has the following meaning Parameter Description Range of values note name Name of the VPN remote station Enter the name of the VPN re mote station Result The corresponding VPN remote station is deleted Further notes Yo...

Page 365: ... the command without parameter assignment no remote end all Result All VPN remote stations are deleted Further notes You display the VPN remote station with the remote end name command 9 3 3 9 no shutdown Description With this command you enable the IPsec method for VPN Requirement You are in the IPSEC configuration mode The command prompt is as follows cli config ipsec Syntax Call the command wit...

Page 366: ...own Result The IPsec method is disabled Further notes You enable the IPsec method with the no shutdown command You display this setting and other information with the show ipsecvpn information command 9 3 4 Commands in the IPSEC REMOTE END configuration mode This section describes commands that you can call up in the IPSEC REMOTE END configuration mode In the global configuration mode enter the re...

Page 367: ...meters have the following meaning Parameter Description Range of values note subnet IP subnet In Roadwarrior mode Specify the WAN IP address In standard mode Enter an IP range from which connections will be accepted 0 0 0 0 0 means all IP addresses are accepted dns DNS host name Only in standard mode Specify the DNS host name For information on identifiers of addresses and interfaces refer to the ...

Page 368: ... values note manual Accepts the connection from remote stations with a specific address In Roadwarrior mode Only accepts connections from remote stations with a fixed IP address 32 fixed IP subnet CIDR nota tion or D DNS host name In standard mode Only establishes a connection to a specific remote station with a fixed IP address or with D DNS host name Or only accepts a connection from a specific ...

Page 369: ...rmend X Syntax Call up the command with the following parameters conn mode roadwarrior standard The parameters have the following meaning Parameter Description Range of values note roadwarrior Roadwarrior mode The device accepts VPN connections from remote sta tions with an unknown address standard Standard mode The device establishes a connection to or from a known remote station The remote stati...

Page 370: ... the subnet dns DNS name Specify the DNS host name For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The remote subnet is configured Further notes You display this setting and other information with the show ipsec remoteend command 9 3 4 5 vir ip Description With this command you specify the subnet from which the remo...

Page 371: ...configured Further notes You display this setting and other information with the show ipsec remoteend command You disable the setting with the no vir ip command 9 3 4 6 no vir ip Description With this command you specify that the remote station is not offered a virtual IPv4 address Requirement You are in the IPSEC REMOTE END configuration mode The command prompt is as follows cli config ipsec rmen...

Page 372: ...the IPSEC CONNECTION configuration mode with the end command you return to the Privileged EXEC mode 9 3 5 1 authentication Description With this command you change to the IPSEC AUTHENTICATION configuration mode Requirement You are in the IPSEC CONNECTION configuration mode The command prompt is as follows cli config conn X Syntax Call the command without parameter assignment authentication Result ...

Page 373: ...The parameters have the following meaning Parameter Description Range of values note IKE1 Uses IKEv1 IKEv2 Uses IKEv2 Result The setting is configured Further notes You display this setting and other information with the show ipsec connections command 9 3 5 3 loc subnet Description With this command you configure the local subnet Requirement You are in the IPSEC CONNECTION configuration mode The c...

Page 374: ...d addresses Page 25 Result The local subnet is configured Further notes You display this setting and other information with the show ipsecvpn connections command 9 3 5 4 rmend name Description With this command you specify the VPN remote station for the IPsec connection Requirement The VPN remote station has been created You are in the IPSEC CONNECTION configuration mode The command prompt is as f...

Page 375: ...the IPSEC CONNECTION configuration mode The command prompt is as follows cli config conn X Syntax Call up the command with the following parameters operation disabled start wait on demand The parameters have the following meaning Parameter Description Range of values note disabled The VPN connection is disabled start The VPN connection is initiated by the local endpoint wait The VPN connection is ...

Page 376: ...ng parameters phase num 1 2 The parameter has the following meaning Parameter Description Range of values note num Phase of the VPN connection 1 Phase 1 2 Phase 2 Result You are now in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phsX Further notes You display this setting and other information with the show ipsec connections command 9 3 5 7 timeout Descripti...

Page 377: ...er has the following meaning Parameter Description Range of values note sec Period Enter the period of time in sec onds Result The period of time is configured Further notes You display this setting and other information with the show ipsec connections command You configure the on demand setting with the operation command 9 3 5 8 vir ip Description With this command you specify that during connect...

Page 378: ...uesting of a virtual IPv4 address with the no vir ip command 9 3 5 9 no vir ip Description With this command you disable the requesting of a virtual IPv4 address Requirement You are in the IPSEC CONNECTION configuration mode The command prompt is as follows cli onfig conn X Syntax Call the command without parameter assignment no vir ip Result The setting is disabled Further notes You display this ...

Page 379: ...the Privileged EXEC mode 9 3 6 1 auth cacert Description With this command you specify that a CA certificate will be used for authentication Requirement The certificates are loaded You are in the IPSEC AUTHENTICATION configuration mode The command prompt is as follows cli config conn auth Syntax Call up the command with the following parameters auth cacert string 255 localcert string 255 The param...

Page 380: ... command 9 3 6 2 auth psk Description With this command you specify that a key will be used for authentication Requirement You are in the IPSEC AUTHENTICATION configuration mode The command prompt is as follows cli config conn auth Syntax Call up the command with the following parameters auth psk string 255 The parameter has the following meaning Parameter Description Range of values note string V...

Page 381: ...emcert string 255 localcert string 255 The parameters have the following meaning Remote cert Keyword for a remote station certificate string Name of the remote station certificate Specify a valid remote station certificate Local cert Keyword for a device certificate string Name of the device certificate Specify a valid device certificate Result The setting is configured Further notes You show the ...

Page 382: ... id Description With this command you configure the local ID Requirement You are in the IPSEC AUTHENTICATION configuration mode The command prompt is as follows cli config conn auth Syntax Call up the command with the following parameters local id string 255 The parameter has the following meaning Parameter Description Range of values note string Local ID Enter the local ID If you do not specify t...

Page 383: ...e no local id command 9 3 6 6 no local id Description With this command you remove the local ID Requirement You are in the IPSEC AUTHENTICATION configuration mode The command prompt is as follows cli config conn auth Syntax Call the command without parameter assignment no local id Result The local ID is removed Further notes You display this setting and other information with the show ipsec conn a...

Page 384: ...eter has the following meaning Parameter Description Range of values note string Remote ID Enter the remote ID If you do not specify the remote ID the remote ID is read from the device certificate If you use PSK as the authentication the WAN IP address is used as the remote ID Result The remote ID is configured Further notes You display this setting and other information with the show ipsec conn a...

Page 385: ... the IPSEC PHASE1 configuration mode This section describes commands that you can call up in the IPSEC PHASE configuration mode In the IPSEC CONNECTION configuration mode enter the phase 1 command to change to this mode If you exit the IPSEC PHASE1 configuration mode with the exit command you return to the IPSEC CONNECTION configuration mode If you exit the IPSEC PHASE1 configuration mode with the...

Page 386: ... disable the aggressive mode with the no aggressive command 9 3 7 2 no aggressive Description With this command you disable the aggressive mode Requirement You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call the command without parameter assignment no aggressive Result The setting is disabled The main mode is used Further notes You displa...

Page 387: ...e und the key exchange method IKE Combination Phase 1 Phase 2 Encryption Authentica tion Key Derivation IKEv1 IKEv2 IKEv1 IKEv2 AES128 SHA1 DH Group 14 x x x x AES256 SHA512 DH Group 16 x x x x AES128 CCM 16 SHA256 DH Group 14 x x x AES256 CCM 16 SHA512 DH Group 16 x x x AES128 SHA1 none x x AES256 SHA512 none x x AES128 CCM 16 SHA256 none x x AES256 CCM 16 SHA512 none x x x is supported is not su...

Page 388: ...ows cli config conn phsX X 1 Phase 1 2 Phase 2 Syntax Call the command without parameter assignment no default ciphers Result The use of the default list is disabled The fixed values are used for the phase Further notes You configure the fixed values for phase 1 with the commands ike encryption ike auth and ike keyderivation You configure the fixed values for phase 2 with the commands esp encrypti...

Page 389: ...D is enabled Using DPD it is possible to find out whether the VPN connection still exists or whether it has aborted Further notes You display this setting and other information with the show ipsec conn phase1 command You disable DPD with the no dpd command 9 3 7 6 no dpd Description With this command you disable DPD Requirement You are in the IPSEC PHASE configuration mode The command prompt is as...

Page 390: ...ich DPD queries are sent Requirement DPD is enabled You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call up the command with the following parameters dpd period sec 10 120 The parameter has the following meaning Parameter Description Range of values note sec Period for DPD queries Enter the period of time in sec onds Result The period of t...

Page 391: ...ou are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call up the command with the following parameters dpd timeout sec 10 1000 The parameter has the following meaning Parameter Description Range of values note sec Period for DPD queries Enter the period of time in sec onds Result The period of time is configured Further notes You display this se...

Page 392: ...ter Description Range of values note md5 Message Digest Algorithm 5 sha1 Secure Hash Algortihm 1 with 160 bit hash length sha512 Secure Hash Algorithm 2 with 512 bit hash length sha256 Secure Hash Algorithm 2 with 256 bit hash length sha384 Secure Hash Algorithm 2 with 384 bit hash length Result The method for configuring the checksum is configured Further notes You display this setting and other ...

Page 393: ...dvanced Encryption Standard with 128 bits in Counter mode x aes192ctr Advanced Encryption Standard with 192 bits in Counter mode x aes256ctr Advanced Encryption Standard with 256 bits in Counter mode x aes128ccm16 Advanced Encryption Standard with 128 bits in Counter mode using a 16 byte Integrity Check Value ICV x aes192ccm16 Advanced Encryption Standard with 192 bits in Counter mode using a 16 b...

Page 394: ...re the required Diffie Hellmann group DH from which a key will be generated Requirement The default list is not used You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call up the command with the following parameters ike keyderivation dhgroup 1 2 5 14 15 16 17 18 The parameters have the following meaning Parameter Description Range of values...

Page 395: ...HASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call up the command with the following parameters ike keytries num 0 100 The parameter has the following meaning Parameter Description Range of values note num Period for DPD queries Enter the required number With 0 there is no limit to the number of attempts to establish the connection Result The number of times ...

Page 396: ...gured Further notes You display this setting and other information with the show ipsec conn phase1 command 9 3 8 Commands in the IPSEC PHASE2 configuration mode This section describes commands that you can call up in the IPSEC PHASE configuration mode In the IPSEC CONNECTION configuration mode enter the phase 2 command to change to this mode If you exit the IPSEC PHASE2 configuration mode with the...

Page 397: ...es You display this setting and other information with the show ipsec conn phase2 command You disable the setting with the no auto fwrules command 9 3 8 2 no auto fwrules Description With this command you specify that the firewall rule will not be created automatically for the VPN connection Requirement You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn ...

Page 398: ...n partner must support at least one of these combinations The combinations depend on the phase und the key exchange method IKE Combination Phase 1 Phase 2 Encryption Authentica tion Key Derivation IKEv1 IKEv2 IKEv1 IKEv2 AES128 SHA1 DH Group 14 x x x x AES256 SHA512 DH Group 16 x x x x AES128 CCM 16 SHA256 DH Group 14 x x x AES256 CCM 16 SHA512 DH Group 16 x x x AES128 SHA1 none x x AES256 SHA512 ...

Page 399: ... PHASE configuration mode The command prompt is as follows cli config conn phsX X 1 Phase 1 2 Phase 2 Syntax Call the command without parameter assignment no default ciphers Result The use of the default list is disabled The fixed values are used for the phase Further notes You configure the fixed values for phase 1 with the commands ike encryption ike auth and ike keyderivation You configure the ...

Page 400: ...84 The parameters have the following meaning Parameter Description Range of values note md5 Message Digest Algorithm 5 sha1 Secure Hash Algortihm 1 with 160 bit hash length sha512 Secure Hash Algorithm 2 with 512 bit hash length sha256 Secure Hash Algorithm 2 with 256 bit hash length sha384 Secure Hash Algorithm 2 with 384 bit hash length Result The method for configuring the checksum is configure...

Page 401: ...x aes192ctr Advanced Encryption Standard with 192 bits in Counter mode x x aes256ctr Advanced Encryption Standard with 256 bits in Counter mode x x aes128ccm16 Advanced Encryption Standard with 128 bits in Counter mode using a 16 byte Integrity Check Value ICV x x aes192ccm16 Advanced Encryption Standard with 192 bits in Counter mode using a 16 byte Integrity Check Value ICV x x aes256ccm16 Advanc...

Page 402: ...equirement The default list is not used You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs2 Syntax Call up the command with the following parameters esp keyderivation none dhgroup 1 2 5 14 15 16 17 18 The parameters have the following meaning Parameter Description Range of values note none No keys are exchanged and Perfect Forward Secrecy PFS is disa...

Page 403: ...ure a period to specify the lifetime of the agreed keys When the time expires the key is renegotiated Requirement You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs2 Syntax Call up the command with the following parameters lifetime min 10 16666666 The parameter has the following meaning Parameter Description Range of values note min Period Specify th...

Page 404: ... key is renegotiated Requirement You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs2 Syntax Call up the command with the following parameters lifebyte integer 0 4294967295 The parameter has the following meaning Parameter Description Range of values note integer Data limit Enter the data limit in bytes Result The data limit is configured Further note...

Page 405: ... follows cli config conn phs2 Syntax Call up the command with the following parameters proto all integer 0 255 The parameter has the following meaning Parameter Description Range of values note all Applies to all protocols integer Protocol number Enter the number for the required protocol You will find list of the protocol numbers on the Internet pages of iana org Result The protocol is configured...

Page 406: ...mpt is as follows cli config conn phs2 Syntax Call up the command with the following parameters port all integer 0 65535 integer 0 65535 The parameters have the following meaning Result The port is configured Further notes You display this setting and other information with the show ipsec conn phase2 command You assign a VPN remote station to the VPN connection with the rmend name command Paramete...

Page 407: ...ing to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 9 4 1 1 certificate Description With this command you change to the CERT configuration mode Requirement You are now in the Global configuration mode The command prompt is as f...

Page 408: ...o change to this mode If you exit the CERT configuration mode with the exit command you return to the Global configuration mode If you exit the CERT configuration mode with the end command you return to the Privileged EXEC mode 9 4 2 1 show idx Description The command lists the loaded certificates and their indexes Requirement Certificates are loaded You are in the CERT configuration mode The comm...

Page 409: ...in the CERT configuration mode The command prompt is as follows cli config cert Syntax Call up the command with the following parameters show info idx integer 1 100 The parameter has the following meaning Parameter Description Range of values note idx Number corresponding to a specific certificate Enter the required number 1 100 Result The information on the certificate is displayed Further notes ...

Page 410: ...mand prompt is as follows cli config cert Syntax Call up the command with the following parameters del idx 1 100 all The parameters have the following meaning Parameter Description Range of values note idx Number corresponding to a specific certificate Enter the required number 1 100 all Deletes all certificates Result The relevant certificate is deleted Further notes You load certificates with th...

Page 411: ...t Syslog client Configures the transfer to the Syslog server 10 1 Event and fault handling In events and faults handling you set the events whose messages will be distributed in one of the available ways You configure the monitoring of certain system events and power supply and physical interfaces in the Events configuration mode 10 1 1 The show commands This section describes commands with which ...

Page 412: ...and without parameters show events config Result The current configuration of the events display is displayed 10 1 1 2 show events severity Description This command shows the degree of severity of an event Info Warning or Critical starting at which a notification sending of an e mail entry in the Syslog table entry in the Syslog file is generated Requirement You are in the User EXEC mode or in the...

Page 413: ...ring of the network connections for a change in the connection status Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show events faults config power link The parameters have the following meaning Parameter Description power Monitoring of the power supply for power outage l...

Page 414: ...ollows cli or cli Syntax Call the command without parameters show events faults status Result A table with the status messages of the error monitoring functions is displayed 10 1 1 5 show fault counter Description This command shows the number of errors since the last startup Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax...

Page 415: ...lows cli or cli Syntax Call up the command with the following parameters show fwlog info warning critical Parameter The parameters have the following meaning Parameter Description Range of values note info Information warning Warnings critical Critical messages If you use the command without setting parameters all messages are displayed Result The content of the firewall log is displayed 10 1 1 7 ...

Page 416: ... The parameters have the following meaning Parameter Description info Information warning Warning critical Critical Result The content of the logbook is displayed 10 1 1 8 show power line state Description This command shows the status of the power supply Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command wit...

Page 417: ...he event severity Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show seclog info warning critical Parameter The parameters have the following meaning Parameter Description Range of values note info Information warning Warnings critical Critical messages If you use the com...

Page 418: ...th this command you reset the counter that shows the number of faults since the last startup Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters clear fault counter Result The counter is set to 0 Further notes You shows the number of faults since the last startup with the show fault counter command ...

Page 419: ... in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters clear fwlog Result The content of the firewall log is deleted 10 1 4 clear logbook Description With this command you delete the content of the logbook Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters clear logboo...

Page 420: ...Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters clear seclog Result The content of the security log is deleted 10 1 6 fault report ack Description With this command you acknowledge delete the messages of the Cold Warm start event Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call up the command with ...

Page 421: ...ow events faults status command Result The message is acknowledged 10 1 7 no logging console Description With this command you disable the logging of inputs and outputs to the console Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters no logging console Result The logging function is disabl...

Page 422: ... Result The logging function is enabled on the console Further notes You disable the setting with the no logging console command As default the function is disabled 10 1 9 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relatin...

Page 423: ...ws cli config events Further notes You exit the EVENTS configuration mode with the command end or exit 10 1 10 Commands in the Events configuration mode This section describes commands that you can call up in the EVENTS configuration mode In the Global configuration mode enter the events command to change to this mode Commands relating to other topics that can be called in the Global configuration...

Page 424: ...er has the following meaning Parameter Description Range of values note log entry Entry in the logbook max 150 characters Result The entry has been made in the logbook 10 1 10 2 client config Description With this command you enable one of the clients that processes or forwards the messages of the device The following clients are available syslog sends the messages to the Syslog server trap sends ...

Page 425: ...t selected for the transfer is enabled Further notes You display the status of the events and the clients with the show events config command You disable a client with the no client config command 10 1 10 3 no client config Description With this command you disable one of the clients that processes or forwards the messages of the device Requirement You are in the EVENTS Configuration mode The comm...

Page 426: ...he following events or message types are available Message if there is cold or warm restart Message when there is a status change on a physical interface Message if there is an incorrect login Message when there is a status change in the power supply Message when there is a status change in the error monitoring Message when using VPN Message when using firewall rules Message when changing the conn...

Page 427: ...power supply faultstate change Message when there is a status change in the error monitoring digital in Message when there is a status change of the digital input vpn tunnel Message when there is a connection change OpenVPN IPsec SINEMA RC all All messages logtable Client that processes the log entries syslog Client that sends the messages to the log server email Client that sends the e mails trap...

Page 428: ...the command with the following parameters no event config cold warmstart linkchange authentication failure power change faultstate change digital in vpn tunnel all logtable syslog email trap faults digital out vpn tunnel all The parameters have the following meaning Parameter Description cold warmstart Message if there is cold or warm restart linkchange Message when there is a status change on a p...

Page 429: ... Further notes You display the status of the events and the clients with the show events config command You configure which of the various message types of the device will be stored or forwarded with the event config command 10 1 10 6 link Description With this command you configure and enable the monitoring of the physical network connections for cable breaks or for pulling of the connector Requi...

Page 430: ...rk connections for cable breaks or for pulling of the connector Requirement You are in the EVENTS Configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters no link up down The parameters have the following meaning Parameters Description Range of values up The message when establishing a connection is disabled down The message whe...

Page 431: ...nge of values note mail Specifies the threshold value for send ing system event messages by e mail log Specifies the threshold value for enter ing system event messages in the log table syslog Specifies the threshold value for enter ing system event messages in the Syslog file info System events are processed as of the severity level Information warning System events are processed as of the severi...

Page 432: ...rameters have the following meaning Parameter Description Range of values note mail The setting of the threshold value for sending system event messages by e mail is disabled log The setting of the threshold value for entering system event messages in the log table disabled syslog The setting of the threshold value the entering event messages in the Syslog file is disabled If you do not select any...

Page 433: ...EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show events syslogserver Result The entries of the configured Syslog server are displayed 10 2 2 Commands in the Events configuration mode This section describes commands that you can call up in the EVENTS configuration mode In the Global configuration mode enter the events command to change to this mo...

Page 434: ...ange of values note ipv4 Keyword for an IP address ucast_addr Syslog server IPv4 Address Enter a valid IPv4 address fqdn name Keyword for a domain name FQDN Domain name Fully Qualified Domain Name Maximum of 100 characters port Serverport 1 65535 Default 514 For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you do not sel...

Page 435: ...rameters have the following meaning Parameter Description Range of values note ipv4 Keyword for an IP address ucast_addr Syslog server IPv4 Address Enter a valid IPv4 address fqdn name Keyword for a domain name FQDN Domain name Fully Qualified Domain Name Maximum of 100 characters For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Pa...

Page 436: ...Diagnostics 10 2 Syslog client SCALANCE S615 Command Line Interface 436 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Page 437: ...ook 419 clear screen 29 clear seclog 420 CLI commands Symbolic representation 24 cli console timeout 55 no cli console timeout 56 configure terminal 46 connection name 359 no connection all 361 no connection name 360 conn mode 369 coordinates height 51 coordinates latitude 52 coordinates longitude 52 crl policy 361 D dcp server 176 no dcp server 176 ddnsclient 210 default ciphers 387 398 no defaul...

Page 438: ... config file request 189 ip dhcp server 193 no ip dhcp server 193 ip dhcp server icmp probe 195 no ip dhcp server icmp probe 194 ip dhcp server pool no ip dhcp server pool 196 ip dhcp server pool 195 ip echo reply 177 no ip echo reply 178 ip http 252 no ip http 252 ip route 178 no ip route 179 ip routing 180 ipsec 358 IPv4 Notation 27 IPv4 address 27 ipv4rule 320 326 no ipv4rule 323 ipv4rule ipsec...

Page 439: ...7 no ntp server 128 ntp time diff 129 O operation 375 option 199 no option 200 option value hex 201 option value string no option 200 200 P password 78 220 no password 79 phase 376 ping 49 plug 88 pool enable 202 no pool enable 203 port 116 406 ports 166 no ports 168 prerule all ipv4 333 prerule dhcp ipv4 334 prerule dns ipv4 335 prerule http ipv4 336 prerule https ipv4 337 prerule ip ipv4 338 pre...

Page 440: ...nat 287 show flow control 277 show fwlog 415 show history 36 show idx 408 show in 40 show interface mtu 41 show interfaces 39 show interfaces counters 42 show ip arp 186 show ip dhcp client 187 show ip dhcp server pools 192 show ip dhcp server bindings 191 show ip dns 171 show ip http secure server status 254 show ip http server status 251 show ip interface 44 show ip route 173 show ip routing 174...

Page 441: ...getaddr 241 no snmp targetaddr 243 snmp targetparams 243 no snmp targetparams 245 snmp user 247 no snmp user 248 snmp v1 v2 readonly 246 no snmp v1 v2 readonly 246 snmp view 249 no snmp view 250 snmpagent 229 no snmpagent 230 sntp 133 sntp client addressing mode 137 sntp time diff 134 sntp unicast server ipv4 135 no sntp unicast server ipv4 136 speed 68 src nat show idx 301 src nat type ipv4 298 n...

Page 442: ...8976 C406 02 U user account 305 no user account 307 userhost 219 username 220 307 V verification cacert 121 verification fingerprint 122 vir ip 370 377 no vir ip 371 378 vlan 153 no vlan 154 W web session timeout 92 no web session timeout 93 whoami 304 write 90 write startup config 84 ...

Search results

Summary of Contents for SCALANCE S615

Reviews:

Brands by name

Popular brands

Siemens SCALANCE S615, Configuration Manual

Search results

Summary of Contents for SCALANCE S615

Reviews:

Brands by name

Popular brands