Siemens SCALANCE S615 Скачать руководство пользователя страница 398

Страница: 398 / 442

Security and authentication

9.3 IPsec VPN

SCALANCE S615 Command Line Interface

398

Configuration Manual, 06/2015, C79000-G8976-C406-02

Further notes

You display this setting and other information with the

show ipsec conn-phase2

command.

You enable the setting with the

auto-fwrules

command.

9.3.8.3

default-ciphers

Description

With this command, you specify that a preset list (default list) is transferred to the VPN

connection partner during connection establishment. The list contains a combination of the

three algorithms (Encryption, Authentication, Key Derivation).
To establish a VPN connection, the VPN connection partner must support at least one of

these combinations. The combinations depend on the phase und the key exchange method

IKE).

Combination

Phase 1

Phase 2

Encryption

Authentica-

tion

Key Derivation

IKEv1

IKEv2

IKEv1

IKEv2

AES128

SHA1

DH Group 14

AES256

SHA512

DH Group 16

AES128 CCM 16 SHA256

DH Group 14

AES256 CCM 16 SHA512

DH Group 16

AES128

SHA1

none

AES256

SHA512

none

AES128 CCM 16 SHA256

none

AES256 CCM 16 SHA512

none

x: is supported

-: is not supported
none: For phase 2, no separate keys are exchanged. This means that Perfect Forward Secrecy PFS) is disabled.

Requirement

You are in the IPSEC PHASE configuration mode.
The command prompt is as follows:

cli(config-conn-phsX)#

X: 1 (Phase 1)

2 (Phase 2)

Syntax

Call the command without parameter assignment:

default-ciphers

Содержание SCALANCE S615

Страница 1: ...__________ ___________________ ___________________ SIMATIC NET Industrial Ethernet Security SCALANCE S615 Command Line Interface Configuration Manual 06 2015 C79000 G8976 C406 02 Preface Description 1 Configuration 2 Functions specific to SCALANCE 3 System time 4 Network structures 5 Network protocols 6 Load control 7 Layer 3 functions 8 Security and authentication 9 Diagnostics 10 ...

Страница 2: ... be operated only by personnel qualified for the specific task in accordance with the relevant documentation in particular its warning notices and safety instructions Qualified personnel are those who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Note the following WARNI...

Страница 3: ...umentation Apart from the Configuration Manual you are currently reading the following documentation is also available on the topic of Remote Network Configuration manual SCALANCE S615 Web Based Management This document is intended to provide you with the information you require to commission and configure SCALANCE S615 devices using the Web Based Management Getting Started SCALANCE S615 Based on ...

Страница 4: ...ll find the SIMATIC NET glossary here SIMATIC NET Manual Collection or product DVD The DVD ships with certain SIMATIC NET products On the Internet under the following entry ID 50305045 http support automation siemens com WW view en 50305045 Security information Siemens provides products and solutions with industrial security functions that support the secure operation of plants solutions machines ...

Страница 5: ...tions Note Open source software Read the license conditions for open source software carefully before using the product You will find license conditions in the following documents on the supplied data medium DOC_OSS SCALANCE S_74 pdf DC_LicenseSummaryScalanceS615_76 htm Trademarks The following and possibly other names not identified by the registered trademark sign are registered trademarks of Si...

Страница 6: ...Preface SCALANCE S615 Command Line Interface 6 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Страница 7: ...put 31 1 6 5 1 help 31 1 6 5 2 The command 32 1 6 5 3 Completion of command entries 33 1 6 5 4 Abbreviated notation of commands 34 1 6 5 5 Reusing the last used commands 34 1 6 5 6 Working through a command sequence 35 1 6 5 7 clear history 35 1 6 5 8 show history 36 2 Configuration 37 2 1 System 37 2 1 1 show commands 37 2 1 1 1 show cli console timeout 37 2 1 1 2 show coordinates 38 2 1 1 3 show...

Страница 8: ...0 5 lldp 62 2 1 10 6 no lldp 63 2 1 10 7 negotiation 64 2 1 10 8 no negotiation 64 2 1 10 9 mtu 65 2 1 10 10 shutdown complete 66 2 1 10 11 no shutdown 67 2 1 10 12 speed 68 2 2 Load and Save 69 2 2 1 show commands 69 2 2 1 1 show loadsave files 69 2 2 1 2 show loadsave tftp 70 2 2 2 load tftp 70 2 2 3 save filetype 71 2 2 4 Commands in the global configuration mode 72 2 2 4 1 loadsave 72 2 2 5 Co...

Страница 9: ... close 95 3 3 3 2 digital output open 96 3 4 SRS 97 3 4 1 show srs overview 97 3 4 2 Commands in the global configuration mode 98 3 4 2 1 srs 98 3 4 3 Commands in the SRS configuration mode 99 3 4 3 1 interval 99 3 4 3 2 logon 100 3 4 3 3 logon addr 101 3 4 3 4 no logon 102 3 4 3 5 logon idx addr 103 3 4 3 6 logon idx group 104 3 4 3 7 logon idx name 105 3 4 3 8 logon idx pw 106 3 4 3 9 logon show...

Страница 10: ...status 132 4 3 4 show sntp unicast mode status 132 4 3 5 Commands in the global configuration mode 133 4 3 5 1 sntp 133 4 3 6 Commands in the SNTP configuration mode 134 4 3 6 1 sntp time diff 134 4 3 6 2 sntp unicast server ipv4 135 4 3 6 3 no sntp unicast server ipv4 136 4 3 6 4 sntp client addressing mode 137 5 Network structures 139 5 1 VLAN 139 5 1 1 The show commands 139 5 1 1 1 show subnet ...

Страница 11: ...e show commands 171 6 1 1 1 show ip dns 171 6 1 1 2 show dcp forwarding 172 6 1 1 3 show dcp server 172 6 1 1 4 show ip route 173 6 1 1 5 show ip routing 174 6 1 1 6 show ip static route 174 6 1 1 7 show ip telnet 175 6 1 2 Commands in the global configuration mode 175 6 1 2 1 dcp server 176 6 1 2 2 no dcp server 176 6 1 2 3 ip echo reply 177 6 1 2 4 no ip echo reply 178 6 1 2 5 ip route 178 6 1 2...

Страница 12: ...4 3 6 pool enable 202 6 4 3 7 no pool enable 203 6 4 3 8 set interface 204 6 4 3 9 static lease mac 205 6 4 3 10 no static lease 206 6 5 DNS 207 6 5 1 The show commands 207 6 5 1 1 show dnsclient information 207 6 5 1 2 show ddnsclient information 208 6 5 2 Commands in the global configuration mode 208 6 5 2 1 Introductory sentence for the global configuration mode 208 6 5 2 2 dnsclient 208 6 5 2 ...

Страница 13: ...index 233 6 6 2 7 no snmp community index 234 6 6 2 8 snmp filterprofile 235 6 6 2 9 no snmp filterprofile 236 6 6 2 10 snmp group 237 6 6 2 11 no snmp group 238 6 6 2 12 snmp notify 239 6 6 2 13 no snmp notify 240 6 6 2 14 snmp targetaddr 241 6 6 2 15 no snmp targetaddr 243 6 6 2 16 snmp targetparams 243 6 6 2 17 no snmp targetparams 245 6 6 2 18 snmp v1 v2 readonly 246 6 6 2 19 no snmp v1 v2 rea...

Страница 14: ... send test mail 273 6 11 SSH server 274 6 11 1 show ip ssh 274 6 11 2 Commands in the Global Configuration mode 274 6 11 2 1 ssh server 275 6 11 2 2 no ssh server 276 7 Load control 277 7 1 Flow control 277 7 1 1 show flow control 277 7 1 2 Commands in the interface configuration mode 278 7 1 2 1 flowcontrol 278 7 2 Dynamic MAC aging 280 7 2 1 show commands 280 7 2 1 1 show mac address table aging...

Страница 15: ... account 305 9 1 4 2 no user account 307 9 1 4 3 username 307 9 2 Firewall 309 9 2 1 Introduction to the Firewall section 309 9 2 2 The show commands 309 9 2 2 1 show firewall icmp services ipv4 309 9 2 2 2 show firewall information 310 9 2 2 3 show firewall ip protocols 310 9 2 2 4 show firewall ip rules ipv4 311 9 2 2 5 show firewall pre rules ipv4 311 9 2 2 6 show firewall ip services 312 9 2 3...

Страница 16: ...7 service name 348 9 2 4 38 no service 349 9 2 4 39 service name set prot 350 9 2 4 40 service name set dst 351 9 2 4 41 service name set src 352 9 2 4 42 service show names 353 9 2 4 43 shutdown 353 9 2 4 44 no shutdown 354 9 3 IPsec VPN 355 9 3 1 The show commands 355 9 3 1 1 show ipsec conn authentication 355 9 3 1 2 show ipsecvpn connections 355 9 3 1 3 show ipsec conn phase1 356 9 3 1 4 show ...

Страница 17: ... 9 3 6 6 no local id 383 9 3 6 7 rem id 384 9 3 6 8 no rem id 384 9 3 7 Commands in the IPSEC PHASE1 configuration mode 385 9 3 7 1 aggressive 385 9 3 7 2 no aggressive 386 9 3 7 3 default ciphers 387 9 3 7 4 no default ciphers 388 9 3 7 5 dpd 388 9 3 7 6 no dpd 389 9 3 7 7 dpd period 390 9 3 7 8 dpd timeout 391 9 3 7 9 ike auth 391 9 3 7 10 ike encryption 392 9 3 7 11 ike keyderivation 394 9 3 7 ...

Страница 18: ...power line state 416 10 1 1 9 show seclog 417 10 1 2 clear fault counter 418 10 1 3 clear fwlog 419 10 1 4 clear logbook 419 10 1 5 clear seclog 420 10 1 6 fault report ack 420 10 1 7 no logging console 421 10 1 8 logging console 422 10 1 9 Commands in the global configuration mode 422 10 1 9 1 events 423 10 1 10 Commands in the Events configuration mode 423 10 1 10 1 add log 424 10 1 10 2 client ...

Страница 19: ...rious modes The commands of the Command Line Interface are grouped according to various modes Apart from a few exceptions help exit commands can only be called up in the mode to which they are assigned This grouping allows different levels of access rights for each individual group of commands The following graphic is an overview of the available modes ...

Страница 20: ...you can you display the configuration data and change it If you log with the admin user you change directly to the Privileged EXEC mode To change from the User EXEC Mode to the Privileged EXEC mode enter the enable command When the command executes you will be prompted to enter the password for the admin user You are logged out with the exit command ...

Страница 21: ...special interfaces or functions for example to configure a VLAN or a PLUG You change to this mode by entering configure terminal in the Privileged EXEC mode You exit this mode by entering end or exit Other configuration modes From the Global configuration mode you can change to other configuration modes for special tasks These are either general configuration modes for example line configuration i...

Страница 22: ...make sure that the functions required for this are enabled in Windows 7 Starting the CLI in a Windows console Follow the steps outlined below to start the Command Line Interface in a Windows console 1 Open a Windows console and type in the command telnet followed by the IP address of the device you are configuring C telnet IP address 2 Enter your login and password As an alternative you can also e...

Страница 23: ... placeholder is replaced by the identifier of the Interface You select the Interface by setting suitable parameters for the interface command An identifier when the Trial mode is enabled If you first test changes to the configuration and then want to discard them disable the Auto save function with the no auto save command You are then in Trial mode Changes to the configuration that you have not s...

Страница 24: ...tions to describe mandatory and optional entries There is a general description of some of these combinations below Character combinations Meaning Parameter Instead of the expression in parentheses enter a permitted value Unit a b Instead of the expression in parentheses enter a value from the range a to b The unit to be used is specified before the brackets and is also replaced by the entry Param...

Страница 25: ...lash The interfaces permanently installed in the device are identified with module 0 Example Fast Ethernet interface fa 0 1 Addressing logical interfaces This notation also applies to other commands that address a logical interface Enter the command interface Enter the keyword for the VLAN interface After a space enter the number of the VLAN interface you assigned when you created it Example VLAN ...

Страница 26: ...nterface 1 5 2 Address types address ranges and address masks Overview Since the various types of addresses can be represented by different notations the notations used in the Command Line Interface are shown below IPv4 addresses Addresses for the Internet Protocol version 4 are written in the decimal notation of four numbers from the range 0 to 255 separated by a period Note With leading zeros th...

Страница 27: ... Each byte is represented in decimal with a dot separating it from the previous one XXX XXX XXX XXX XXX stands for a number between 0 and 255 The IPv4 address consists of two parts The address of the sub network The address of the node generally also called end node host or network node Range of values for subnet mask The subnet mask consists of four decimal numbers with the range from 0 to 255 ea...

Страница 28: ... 192 168 0 0 with subnet mask 255 255 255 0 The network part of the address covers 3 x 8 bits in binary representation in other words 24 bits This results in the CIDR notation 192 168 0 0 24 The host part covers 1 x 8 bits in binary notation This results in an address range of 2 to the power 8 in other words 256 possible addresses Value range for gateway address The address consists of four decima...

Страница 29: ...yed Syntax Call the command without parameters clear screen Result The screen is cleared The command prompt is displayed 1 6 2 do Description With this command you can execute the commands from the Privileged EXEC mode in any configuration mode Syntax Call up the command with the following parameters do command To do this you replace command with the command from the Privileged EXEC mode that you ...

Страница 30: ...quirement You are in a configuration mode Syntax Call the command without parameters end Result You are in the Privileged EXEC mode The command prompt is as follows cli 1 6 4 exit Description With this command you close the current mode Syntax Call the command without parameters exit Result The current mode was exited You are then at the next higher level If you are in Privileged EXEC Modus or in ...

Страница 31: ... completion of incomplete commands Paging in the list of most recently used commands Display of the list of most recently used commands show history 1 6 5 1 help Description With this command you display the help entry for a command or the command list Syntax Call up help with the following parameters help command Here you replace command with the command for which you require help If the command ...

Страница 32: ...all up the command list Syntax Enter a question mark to obtain a list of all permitted commands in the current mode For this command you do not need to press the enter key The command executes immediately after you type the character Result The mode specific as well as the global commands are displayed Note Incomplete command names If you have specified an incomplete command when calling the help ...

Страница 33: ...uous This can be repeated after entering further characters Procedure Enter the first characters of the command Press the tab key Result The command interpreter completes the input as long as the command is unambiguous If you enter a character string that cannot be completed to form a command an error message is displayed The command is not unique Ambiguous Command The command is unknown Invalid C...

Страница 34: ...he last 14 commands used in a list assigned to the particular mode This can then only be called up in the relevant mode Example In the Global Configuration mode all entered commands are saved If you entered commands earlier in the Interface Configuration mode these commands are not included in the list of the Global Configuration mode You can only call up and reuse these commands in the Interface ...

Страница 35: ... vlan 1 no ip address dhcp ip address 192 168 1 1 255 255 255 0 end write startup has the same effect as CLI conf t CLI config int vlan 1 CLI config if vlan 1 no ip address dhcp CLI config if vlan 1 ip address 192 168 1 1 255 255 255 0 CLI config if vlan 1 end CLI write startup 1 6 5 7 clear history Description This command deletes the last commands you entered Requirement You are in the User EXEC...

Страница 36: ... show history command is listed as the last command to be entered The list depends on the mode In the Global configuration mode the last 14 commands entered in this mode are displayed These commands are not included in the list of the Interface configuration mode Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the com...

Страница 37: ... display various settings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 2 1 1 1 show cli console timeout Description This command shows the global configuration for the timeout of the CLI console Requirement You are in the User EXEC mode or i...

Страница 38: ...e Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show coordinates Result The system coordinates are displayed 2 1 1 3 show device information Description This command shows information about the device Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the comm...

Страница 39: ...ates whether or not the current configuration has been saved Login Authentication mode This indicates whether the authentication is made locally or on the RADIUS server 2 1 1 4 show interfaces Description This command shows the status and the configuration of one several or all interfaces Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli ...

Страница 40: ...rmation on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you do not select any parameters from the parameter list the status and configuration of all available interfaces will be displayed Result The status and the configuration of the selected interfaces are displayed 2 1 1 5 show im Description This command shows information on device...

Страница 41: ...th the following parameters show interface mtu Vlan vlan id 1 4094 interface type interface id The parameters have the following meaning Parameter Description Range of values Vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface For information on ident...

Страница 42: ...ion Range of values note interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you do not select any parameter from the parame...

Страница 43: ... EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show lldp status port interface type interface id The parameters have the following meaning Parameter Description Values port Keyword for a port description interface type Type or speed of the interface Enter a valid interface interface id Module no and por...

Страница 44: ...following meaning Parameter Description Range of values note vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface loopback Loopback For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page...

Страница 45: ...hout parameters show versions Result The following settings are displayed Basic device Name Revision Order ID Firmware Bootloader Description Version Date 2 1 2 clear counters Description With this command you reset the counters of an interface Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the fo...

Страница 46: ... identifiers and addresses Page 25 If no parameters are specified the counters for all interfaces are reset Result The counters of the interface are reset Further notes You can display the statistical information of the interfaces with the show interfaces counters command 2 1 3 configure terminal Description With this command you change to the Global configuration mode Requirement You are in the P...

Страница 47: ...not reacting Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call up the command with the following parameters clear line vty line number 2 9 all forceful clear The parameters have the following meaning Parameter Description Range of values note line number Number of the connection that will be terminated 2 9 all terminates all connections forceful clear...

Страница 48: ...mode Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters disable Result You are in the User EXEC mode The command prompt is as follows cli 2 1 6 enable Description With this command you change to the Privileged EXEC mode Requirement You are in the User EXEC mode The command prompt is as follows cli Syntax Call the command ...

Страница 49: ...nnected to the device via telnet the session is closed Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters logout Result The CLI session is ended and the Windows Login prompt is displayed 2 1 8 ping Description With this command you request a response from a device in the network This allows...

Страница 50: ... Keyword for the size of the packets in bytes 0 2080 count Keyword for the number of packets to be requested packet_count Number of packets 1 10 timeout Response wait time If this time expires the request is reported as timed out seconds Time to the timeout in seconds 1 100 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you ...

Страница 51: ...s You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 2 1 9 1 coordinates height Description With this command you enter a height coordinate Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters coordinates height meter The parameter has...

Страница 52: ...tude latitude The parameter has the following meaning Parameter Description Range of values note latitude Input box for the latitude coordinate max 32 characters To use spaces in the entry enter the latitude coordinate in quotes coordinates latitude 123 456 Result The latitude coordinate is created 2 1 9 3 coordinates longitude Description With this command you enter a longitude coordinate Require...

Страница 53: ...he parameters of this command If you specify a logical interface that does not exist it will be created The name of the selected interface is displayed in the command prompt Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters interface vlan vlan id 1 4094 interface type interface id The parameters...

Страница 54: ...on the hardware configuration Further notes You exit the Interface configuration mode with the end or exit command You delete a logical interface with the no interface command You display the status and the configuration of the interfaces with the show interfaces command 2 1 9 5 no interface Description With this command you delete a logical interface Requirement You are in the Global Configuratio...

Страница 55: ...e check the setting of the keepalive function on the Telnet client If the set interval is shorter than the configured time the lower value applies You have set for example 300 seconds for the automatic logout and 120 seconds for the keepalive function In this case a packet is sent every 120 seconds that keeps the connection up Requirement You are in the Global configuration mode The command prompt...

Страница 56: ...tic logout Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no cli console timeout Result Automatic logout is disabled Further notes You enable automatic logout with the cli console timeout command You display the current timeout setting with the show cli console timeout command 2 1 9 8 system contact Descri...

Страница 57: ...esult The contact information is created in the system 2 1 9 9 system location Description With this command you enter the location information for the system Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters system location string The parameter has the following meaning Parameter Description Ra...

Страница 58: ...haracters Result The name is created in the system 2 1 10 Commands in the Interface configuration mode This section describes commands that you can call up in the interface configuration mode Depending on the Interface selected various command sets are available In the Global configuration mode enter the interface command to change to this mode Commands relating to other topics that can be called ...

Страница 59: ...pt is as follows cli config if Syntax Call up the command with the following parameters alias port name The parameter has the following meaning Parameter Description Range of values note port name Name of the interface max 63 characters Result The interface was assigned a name Further notes You delete the name of the interface with the no alias command 2 1 10 2 no alias Description With this comma...

Страница 60: ...onnections are always operated in full duplex mode since they have a fiber for each transmission direction With this command you configure the duplex mode of an interface The same mode must be set for connected interfaces Requirement Autonegotiation is disabled You are in the Interface configuration mode of an electrical interface The command prompt is as follows cli config if Syntax Call up the c...

Страница 61: ...tonegotiation with the no negotiation command 2 1 10 4 no duplex Description With this command you reset the duplex mode of an interface to the default value The default value is full Requirement You are in the Interface configuration mode The command prompt is as follows cli config if Syntax Call the command without parameters no duplex Result The duplex mode of the Interface is reset to the defa...

Страница 62: ...he following meaning Parameters Description transmit the sending of LLDP packets is enabled receive the receipt of LLDP packets is enabled At system start or when using the restart command with the option memoryor factory the following defaults apply Sending and receipt of LLDP packets are enabled Note Enabling both options When you call this command you can only select one option If you want to e...

Страница 63: ...command with the following parameters no lldp transmit receive The parameters have the following meaning Parameters Description transmit the sending of LLDP packets is enabled receive the receipt of LLDP packets is disabled Note Disabling both options When you call this command you can only select one option If you want to disable both options call up the command again Result The setting is config...

Страница 64: ...mmand prompt is as follows cli config if Syntax Call the command without parameters negotiation Result The automatic negotiation of connection parameters on an interface is activated Further notes You disable the autonegotiation of connection parameters with the no negotiation command 2 1 10 8 no negotiation Description With this command you disable autonegotiation of connection parameters on an i...

Страница 65: ...uration mode The command prompt is as follows cli config if Syntax Call up the command with the following parameters mtu frame size 64 1500 The parameter has the following meaning Parameter Description Range of values frame size Size of the MTU in bytes 64 1500 At system start or when using the restart command with the option memoryor factory the following defaults apply The size of the MTU is con...

Страница 66: ...eters shutdown complete Result The Interface is shut down Note If you use this command in the Interface Configuration mode for a VLAN input prompt CLI config if vlan management access to the device is no longer possible This relates to configuration using CLI WBM and SNMP Access is only possible again after resetting the device to the factory settings with the Reset button Further notes You activa...

Страница 67: ...n an interface Requirement You are in the Interface Configuration mode The command prompt is as follows cli config if Syntax Call the command without parameters no shutdown Result The Interface is activated Further notes You activate the interface with the shutdown complete command You can display the status of this function and other information with the show interfacescommand ...

Страница 68: ...eed can only be configured for electrical data transfer On optical connections the transmission speed is fixed Requirement You are in the Interface configuration mode The command prompt is as follows cli config if Syntax Call up the command with the following parameters speed 10 100 The parameters have the following meaning Parameter Description 10 Transmission speed 10 Mbps 100 Transmission speed...

Страница 69: ...stalled 2 2 1 show commands This section describes commands with which you display various settings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 2 2 1 1 show loadsave files Description This command shows the current Load Save file informatio...

Страница 70: ...ommand prompt is as follows cli or cli Syntax Call the command without parameters show loadsave tftp Result The current configuration of the TFTP server for Load Save is displayed 2 2 2 load tftp Description With this command you load the files from a TFTP server Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the ...

Страница 71: ...x 100 characters filetype Keyword for the file type to be loaded filetype Name of the file type max 100 characters For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The file is loaded on the device from the TFTP server Further notes With the show loadsave files command you can display the file types 2 2 3 save filetyp...

Страница 72: ... of the file max 100 characters For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The file is saved on the TFTP server Further notes With the show loadsave files command you can display the file types 2 2 4 Commands in the global configuration mode This section describes commands that you can call up in the Global con...

Страница 73: ...configuration mode This section describes commands that you can call up in the LOADSAVE configuration mode In the Global Configuration mode enter the loadsave command to change to this mode You display the valid file types for the commands in the LOADSAVE Configuration mode with the global command show loadsave tftp If you exit the LOADSAVE configuration mode with the exitcommand you return to the...

Страница 74: ...letype Name of the file type max 100 characters Result The files are displayed or the file is deleted Further notes With the show loadsave files command you can display the file types 2 2 5 2 tftp filename Description With this command you assign a name to a file type The file type decides the type that is affected by the tftp load or tftp save action The name decides the file to be copied to or f...

Страница 75: ...rther notes With the show loadsave files command you can display the file types 2 2 5 3 tftp load Description With this command you load a file from a TFTP server into the file system of the device The TFTP protocol is used for the transfer You can also display a list of available files Requirement The name of the file is specified You are in the LOADSAVE configuration mode The command prompt is c...

Страница 76: ...nsfer You can also display a list of available files Requirement The name of the file is specified You are in the LOADSAVE configuration mode The command prompt is cli config loadsave Syntax Call up the command with the following parameters tftp save showfiles filetype filetype The parameters have the following meaning Parameter Description Range of values note showfiles Shows the available files ...

Страница 77: ...ameters tftp server ipv4 ipv4 address port tcp port 1 65535 The parameters have the following meaning Parameter Description Range of values note ipv4 Keyword for an IPv4 address ipv4 address Value for an IPv4 unicast address Enter a valid IPv4 unicast ad dress port Keyword for the port of the server via which the TFTP connection runs tcp port Number of the port 1 65535 For information on identifie...

Страница 78: ...yntax Call up the command with the following parameters password showfiles filetype filetype pw password The parameters have the following meaning Parameter Description Values showfiles Shows the available files filetype Shows that the file type follows that will be loaded filetype Name of the file type max 100 characters pw Keyword for the password password Password Enter the password for the fil...

Страница 79: ...is as follows cli config loadsave Syntax Call up the command with the following parameters no password showfiles filetype filetype The parameters have the following meaning Parameter Description Values showfiles Shows the available files filetype Shows that the file type follows that will be loaded filetype Name of the file type max 100 characters Result The password for the file is disabled Furth...

Страница 80: ...e device Select one of the following configuration settings Device restart with the current configuration Device restart with the factory configuration settings with the exception of the following parameters IP addresses Subnet mask IP address of the default gateway DHCP client ID DHCP System name System location System contact User names and passwords Mode of the device Device restart with the fa...

Страница 81: ...the current configuration Parameter Description memory Resets the system to the factory configuration settings and restarts the system The parameters listed above are unaffected by a reset factory Resets the system to the factory configuration settings and restarts the system Note By resetting to the factory configuration settings the device loses its configured IP address and is reachable again w...

Страница 82: ... http auto logout time ntp auto save events firewall firewallnat sinemarc proxyserver srs all The parameters have the following meaning Parameter Description Range of values syslog Shows the configuration settings of the Syslog function dhcp Shows the configuration settings of the Dynam ic Host Configuration Protocol vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 in...

Страница 83: ...ows the configuration settings of the auto save function events Shows the configuration settings of the system events firewall Shows the configuration settings of the firewall firewallnat Shows the configuration settings of the NAT sinemarc Shows the configuration settings of the SINEMA RC connection proxyserver Shows the configuration settings of the proxy servers srs Shows the configuration sett...

Страница 84: ... the configuration file Use the restart command without parameters to restart the system with this configuration Further notes You enable the auto save function or disable the Trial mode with the auto save command You disable the auto save function or enable the Trial mode with the no auto save command 2 4 3 Commands in the global configuration mode This section describes commands that you can cal...

Страница 85: ...n asterisk in front of the command prompt cli You save the changes to the configuration with the write startup config command With the auto save command you enable the auto save function Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters auto save As default the function is enabled Result The auto save functio...

Страница 86: ...l Configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no auto save Result The auto save function is disabled The Trial mode is activated Further notes You enable the function with the auto save command You can display the status of this function and other information with the show device informationcommand You save changes to the configuration ...

Страница 87: ...e when a device is replaced In addition to the configuration the KEY PLUG also contains a license that enables the use of certain functions This section describes commands relevant for working with the C PLUG or KEY PLUG 3 1 1 show plug Description This command shows the current C PLUG or KEY PLUG information Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prom...

Страница 88: ...led in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 3 1 2 1 plug Description With this command you change to the Plug Configuration mode Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command with...

Страница 89: ...ration mode with the exit command you return to the Global Configuration mode If you exit the Plug Configuration mode with the end command you return to the Privileged EXEC mode 3 1 3 1 factoryclean Description With this command you delete the device configuration stored on the C PLUG or KEY PLUG Requirement There is a device configuration on the C PLUG or KEY PLUG You are in the Plug Configuratio...

Страница 90: ... command you format the C PLUG or KEY PLUG and copy the current device configuration to it Requirement The C PLUG or KEY PLUG is formatted You are in the Plug Configuration mode The command prompt is cli config plug Syntax Call the command without parameter assignment write Result The current device configuration has been copied to the formatted C PLUG or KEY PLUG ...

Страница 91: ...are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show web session timeout Result The timeout setting for the WBM is displayed 3 2 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure t...

Страница 92: ...ommand prompt is as follows cli config Syntax Call up the command with the following parameters web session timeout seconds 60 3600 The parameter has the following meaning Parameter Description Range of values note seconds Time in seconds until automatic logout after the last entry 60 3600 Default 900 Result The time is configured and automatic logout is enabled Further notes You disable automatic...

Страница 93: ...you disable the automatic logoff Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no web session timeout Result Automatic logoff is disabled Further notes You enable automatic logoff with the web session timeout command You display the current timeout setting with the show web session timeout command ...

Страница 94: ...CLI commands you can open or close the digital output Application examples Digital input to signal one item of information for example door open door closed Digital output for example for go to sleep for devices on an automated guided transport system 3 3 1 show digital input Description This command shows the current setting of the digital input Requirement You are in the User EXEC mode or in the...

Страница 95: ...digital output is displayed 3 3 3 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configurat...

Страница 96: ...ou can display the setting of the digital output with the show digital output command 3 3 3 2 digital output open Description This command opens the digital output Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters digital output open Result The digital output is opened Further notes You close the digital outp...

Страница 97: ...ested in SRS call your local Siemens contact or visit http support automation siemens com WW view en 42346681 http support automation siemens com WW view en 42346681 3 4 1 show srs overview Note This command is only available with a KEY PLUG Description This command shows the configured destination server of the Siemens Remote Service SRS Requirement You are in the Privileged EXEC mode The command...

Страница 98: ...guration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 3 4 2 1 srs Note This command is only available with a KEY PLUG Description With this command you change to the SRS configuration mode Requirement You are in the Global configuration mode The command prompt is as follows cli config S...

Страница 99: ...the end command you return to the Privileged EXEC mode 3 4 3 1 interval Note This command is only available with a KEY PLUG Description With this command you configure the time after which the IPv4 address will be transferred to the required destination server Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call up the command with the follo...

Страница 100: ...The parameters have the following meaning Parameter Description Range of values note idx Keyword for the number of the destina tion server index Number corresponding to a specific destination server Enter the required number 1 100 all Uses all destination servers enabled Enables the entry disabled Disables the entry Result The specified destination server is enabled Further notes You display this ...

Страница 101: ...he following meaning Parameter Description Range of values note ip_addr IPv4 address Enter the IPv4 address of the proxy server dns DNS host name Enter the DNS host name of the proxy server Maximum of 50 characters group Keyword for the group name descr Group name Enter a group name name Keyword for the user name name User name for access to the destina tion server Specify the negotiated user name...

Страница 102: ...and logon idx pw commands You delete the destination server entry with the no logon command 3 4 3 4 no logon Note This command is only available with a KEY PLUG Description With this command you delete a specific destination server or all destination servers Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call up the command with the followi...

Страница 103: ... this command you change address of a specific destination server Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call up the command with the following parameters logon idx num 1 100 addr ip_addr dns 50 The parameters have the following meaning Parameter Description Range of values note num Number corresponding to a specific destination ser...

Страница 104: ...ss to a specific destination server Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call up the command with the following parameters logon idx num 1 100 group string 255 The parameters have the following meaning Parameter Description Range of values note num Number corresponding to a specific destination server Enter the required number gro...

Страница 105: ...s follows cli config srs Syntax Call up the command with the following parameters logon idx num 1 100 name string 255 The parameters have the following meaning Parameter Description Range of values note num Number corresponding to a specific destination server Enter the required number name Keyword for the user name string User name Specify the user name Maximum of 255 characters Result The user n...

Страница 106: ...s follows cli config srs Syntax Call up the command with the following parameters logon idx num 1 100 pw string 100 The parameters have the following meaning Parameter Description Range of values note num Number corresponding to a specific destination server Enter the required number pw Keyword for the password string Password Specify the user name Maximum of 100 characters Result The password for...

Страница 107: ...ment You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call the command without parameter assignment logon show idx Result The destination servers are listed Further notes You create a destination server entry with the logon addr command 3 4 3 10 shutdown Note This command is only available with a KEY PLUG Description With this command you disable the use...

Страница 108: ...Further notes You enable the use with the no shutdown command 3 4 3 11 no shutdown Note This command is only available with a KEY PLUG Description With this command you enable the use of SRS Requirement You are in the SRS configuration mode The command prompt is as follows cli config srs Syntax Call the command without parameter assignment no shutdown Result The use of SRS is enabled Further notes...

Страница 109: ...vailable with a KEY PLUG Description This command shows information on SINEMA RC Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters show sinemarc Result The information is displayed 3 5 3 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Priv...

Страница 110: ... this command you change to the SINEMARC configuration mode Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters sinemarc Result You are now in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Further notes You exit the SINEMARC configuration mode with the end or exit command ...

Страница 111: ... PLUG Description With this command you configure the IPv4 address or the DNS host name of the SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters addr ip_addr dns 50 The parameters have the following meaning Parameter Description Range of values note ip_addr IPv4 addre...

Страница 112: ...Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment autofwnat Result The automatic firewall and NAT rules are created The connections between the configured exported subnets and the subnets that can be reached via the SINEMA RC Server are allowed The NAT settings are implemented as configur...

Страница 113: ...on With this command you disable the firewall and NAT rules Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment autofwnat Result The firewall and NAT rules are disabled Further notes You enable the setting with the autofwnat command You display this setting and other information with the sh...

Страница 114: ...this in the Operating Instructions of the SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment device id number 0 20000 Syntax Call up the command with the following parameters device id number 0 20000 The parameter has the following meaning Parameter Description Range of va...

Страница 115: ...MA RC Server You will find further information on this in the Operating Instructions of the SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters device pw password 256 The parameter has the following meaning Parameter Description Range of values note password Device pass...

Страница 116: ... the SINEMA RC Server can be reached Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters port number 1 65535 The parameter has the following meaning Parameter Description Range of values note number Port number Specify the port 1 65535 Result The port is configured Further notes You dis...

Страница 117: ...uration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters proxy string 128 The parameter has the following meaning Parameter Description Range of values note string Proxy server name Specify the proxy server name Maximum of 128 characters Result The proxy server via which the connection is established is configured Further notes You ...

Страница 118: ...escription With this command you remove the proxy server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment no proxy Result The proxy server is removed Further notes You configure the proxy server with the proxy command You display this setting and other information with the show sinemarc ...

Страница 119: ...d you disable the connection to the configured SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment shutdown Result The connection to the SRC server is terminated Further notes You enable the connection with the no shutdown command You display this setting and other informat...

Страница 120: ... this command you establish a connection to the configured SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call the command without parameter assignment no shutdown Result The connection is enabled Further notes You disable the connection with the shutdown command You display this setting and other information with...

Страница 121: ...ed You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters verification cacert name 256 The parameter has the following meaning Parameter Description Range of values note name Name of the server certificate Enter the name of the server certificate Maximum of 256 characters Result The CA certificate of ...

Страница 122: ...tructions of the SINEMA RC Server Requirement You are in the SINEMARC configuration mode The command prompt is as follows cli config sinemarc Syntax Call up the command with the following parameters verification fingerprint string 59 The parameter has the following meaning Parameter Description Range of values note string Fingerprint of the device Specify the fingerprint of the device Maximum of 5...

Страница 123: ...the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show time Result The settings for the system clock are displayed 4 1 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Comma...

Страница 124: ... config Syntax Call up the command with the following parameters time manual ntp sntp SINEC The parameters have the following meaning Parameter Description manual The system time is entered by the user ntp The system time is obtained from an NTP server sntp The system time is obtained from an SNTP server SINEC The system time is obtained using the SIMATIC time protocol Result The method of obtaini...

Страница 125: ...rameters time set hh mm ss day 1 31 january february march april may june july august september october november decembe r year 2000 2035 The parameters have the following meaning Parameter Description Range of values note hh mm ss Time of day Hour minute second each sepa rated by no link day Day of the month 1 31 Month january february march april may june july august septem ber october november ...

Страница 126: ...mmand prompt is as follows cli or cli Syntax Call the command without parameters show ntp info Result The current NTP settings are displayed 4 2 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that ca...

Страница 127: ...s follows cli config ntp Further notes You exit the NTP configuration mode with the end or exit command 4 2 3 Commands in the NTP configuration mode This section describes commands that you can call up in the NTP configuration mode In the Global configuration mode enter the ntp command to change to this mode If you exit the NTP configuration mode with the exit command you return to the Global conf...

Страница 128: ...he time server Enter a valid IPv4 address port UDP port of the time server 123 1025 36564 Default 123 poll Keyword for the time after which the time of day is re quested again seconds Value for the time in seconds 64 1024 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The connection to a server is configured on the NTP c...

Страница 129: ...ence between the device and the NTP server Requirement You are in the NTP configuration mode The command prompt is as follows cli config ntp Syntax Call up the command with the following parameters ntp time diff hh mm The parameter has the following meaning Parameter Description Time zones to the west of the NTP server time zone Time zones to the east of the NTP server time zone hh Number of hours...

Страница 130: ...System time 4 2 NTP client SCALANCE S615 Command Line Interface 130 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Страница 131: ...mmand with the show command that you want to execute Example do show cli console timeout This section describes commands relevant for configuration of the SNTP client 4 3 2 show sntp broadcast mode status Description This command shows the current configuration of the broadcast mode of SNTP Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cl...

Страница 132: ...nd prompt is as follows cli or cli Syntax Call the command without parameters show sntp status Result The settings of SNTP are displayed 4 3 4 show sntp unicast mode status Description This command shows the current configuration of the unicast mode of SNTP Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command w...

Страница 133: ...n the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 4 3 5 1 sntp Description With this command you change to the SNTP configuration mode Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without p...

Страница 134: ...p time diff Description With this command you configure the time difference of the system time relative to the UTC time Requirement The SNTP server must have started up You are in the SNTP Configuration mode The command prompt is cli config sntp Syntax Call up the command with the following parameters sntp time diff hh mm The parameter has the following meaning Parameter Description Time zones to ...

Страница 135: ...nicast server ipv4 ucast_addr port 1025 36564 poll seconds 16 16284 The parameter has the following meaning Parameter Description Range of values note ucast_addr Value for an IPv4 unicast address Enter a valid IPv4 unicast address port UDP port of the time server 1025 36564 Default 123 poll Keyword for the time after which the time of day is requested again seconds Value for the time in seconds 16...

Страница 136: ...nd with the following parameters no sntp unicast server ipv4 ucast_addr The parameters have the following meaning Parameter Description Range of values ucast_addr Value for an IPv4 unicast address Enter a valid IPv4 unicast address For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The SNTP unicast server is reset to the def...

Страница 137: ...wing parameters sntp client addressing mode unicast broadcast The parameters have the following meaning Parameter Description Range of values note unicast configures the SNTP client in unicast mode Default unicast enabled broadcast configures the SNTP client in broad cast mode Result The addressing mode of the SNTP client is configured Further notes You display this setting and other information w...

Страница 138: ...System time 4 3 SNTP client SCALANCE S615 Command Line Interface 138 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Страница 139: ...execute Example do show cli console timeout 5 1 1 1 show subnet vlan mapping Description This command shows the subnets for the selected interface or for all interfaces Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show subnet vlan mapping interface interface type interfa...

Страница 140: ...VLAN Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show vlan brief id vlan range summary The parameters have the following meaning Parameter Description Range of values note brief Shows brief information about all VLANs id Keyword for a VLAN or VLAN range vlan range Numbe...

Страница 141: ...ow vlan device info Description This command shows all the global information that is valid for all VLANs Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show vlan device info Result The global information is displayed ...

Страница 142: ... the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show vlan learning params vlan vlan range The parameters have the following meaning Parameter Description Range of values note vlan Keyword for a VLAN or VLAN range vlan range Number of the addressed VLAN or VLAN range 1 4094 If you do not select any parameter from the par...

Страница 143: ...owing parameters show vlan port config port interface type interface id The parameters have the following meaning Parameter Description Range of values note port Keyword for a port interface type Type of interface Enter a valid interface interface id Module no and port no of the interface For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addr...

Страница 144: ...mmand without parameter assignment show vlan protocols group Result The table of protocol groups is displayed 5 1 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global confi...

Страница 145: ...The command prompt is as follows cli config Syntax Call up the command with the following parameters base bridge mode dot1d bridge dot1q vlan The parameters have the following meaning Parameter Description Range of values notes dot1d bridge Sets the mode VLAN unaware for the device VLAN tags are not taken into account or changed but are forwarded transparently dot1q vlan Sets the mode VLAN aware f...

Страница 146: ...f values note interface type Keyword for an interface Enter a valid interface 0 a b 0 c Module no and port no of the interface vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 vlan id Number of the addressed VLAN 2 4094 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you want to address several V...

Страница 147: ...ge vlan vlan id 1 4094 vlan id 2 4094 The parameters have the following meaning Parameter Description Range of values note vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 vlan id Number of the addressed VLAN 2 4094 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you address several VLANs you mus...

Страница 148: ...e following meaning Parameter Description Range of values note ip Internet Protocol v4 HEX 08 00 novell Novell Netware protocol HEX 81 38 netbios Netbios via TCP IP HEX f0 f0 appletalk Appletalk HEX 80 9b other Other protocol enter the hexadecimal protocol value other aa aa IPV6 86 DD LLDP 88 CC PTP IEEE1588 88 F7 EAP 802 1X 88 8E enet v2 Frame structure is Ethernet II protocols group Keyword for ...

Страница 149: ... v2 The parameters have the following meaning Parameter Description Range of values note ip Internet Protocol v4 HEX 08 00 novell Novell Netware protocol HEX 81 38 netbios Netbios via TCP IP HEX f0 f0 appletalk Appletalk HEX 80 9b other Other protocol enter the hexadecimal protocol value other aa aa IPV6 86 DD LLDP 88 CC PTP IEEE1588 88 F7 EAP 802 1X 88 8E enet v2 Frame structure is Ethernet II Re...

Страница 150: ...sed classification on all interfaces Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no protocol vlan Result The classification is disabled Further notes You enable the setting with the protocol vlan command You can display the status of this function and other information with the show vlan device infocomm...

Страница 151: ...yntax Call the command without parameters protocol vlan Result The classification is enabled Further notes You disable the setting with the protocol vlan command You can display the status of this function and other information with the show vlan device infocommand 5 1 2 8 subnet vlan Description With this command you enable the subnet based VLAN classification on all interfaces Requirement You ar...

Страница 152: ...vlan device info command 5 1 2 9 no subnet vlan Description With this command you disable the subnet based VLAN classification on all interfaces Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no subnet vlan Result The classification is disabled Further notes You enable the setting with the subnet vlan comm...

Страница 153: ...ment You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters vlan vlan id 1 4094 The parameter has the following meaning Parameters Description Range of values vlan id Number of the addressed VLAN 1 4094 Do not enter any leading zeros with the number of the VLAN Result The VLAN is created You are now in the VLAN ...

Страница 154: ... vlan command you create a VLAN on the device You can display information about the VLAN with the show vlan command 5 1 3 Commands in the interface configuration mode This section describes commands that you can call up in the interface configuration mode Depending on the Interface selected various command sets are available In the Global configuration mode enter the interface command to change to...

Страница 155: ... note ip subnet address IP subnet address Enter a valid subnet address vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 mask Subnet mask aaa bbb ccc ddd arp Keyword ARP protocol suppress Suppress the ARP protocol allow Allow the ARP protocol For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you do ...

Страница 156: ...meters no map subnet ip subnet address The parameters have the following meaning Parameter Description Range of values note ip subnet address IP subnet address Enter a valid subnet address For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The subnet with subnet mask and subnet address is assigned to a VLAN Further notes You...

Страница 157: ...ommand prompt is as follows cli config if Syntax Call the command without parameters shutdown complete Result The Interface is shut down A connection continues to be indicated if a switch port is turned off The LED for the port status flashes 3 times cyclically However no data is sent or received Further notes You activate the interface with the no shutdown command You can display the status of th...

Страница 158: ...t down an interface Requirement You are in the Interface configuration mode The command prompt is as follows cli config if Syntax Call the command without parameters no shutdown Result The Interface is activated Further notes You deactivate the interface with the shutdown command You can display the status of this function and other information with the show interfacescommand ...

Страница 159: ...ce configuration mode The command prompt is cli config if Syntax Call the command without parameters switchport Result The interface is configured as a switch port Activate the interface again Further notes You shut down the interface with the shutdown command You activate the interface with the no shutdown command You configure the interface with the no switchport command You can display the stat...

Страница 160: ...re in the Interface configuration mode The command prompt is cli config if Syntax Call the command without parameters no switchport Result The interface is configured as a router port Activate the interface again Further notes You shut down the interface with the shutdown complete command You activate the interface with the no shutdown command You configure the interface as a switch port with the ...

Страница 161: ... port Requirement You are in the Interface configuration mode The command prompt is as follows cli config if Syntax Call up the command with the following parameters switchport pvid vlan id 1 4094 The parameter has the following meaning Parameter Description Range of values note vlan id Number of the addressed VLAN 1 4094 Result The PVID is configured Further notes You can reset the setting to the...

Страница 162: ...u configure the VLAN ID with the switchport access vlan command You can display the status of this function and other information with the show vlan port config command 5 1 4 Commands in the VLAN configuration mode This section describes commands that you can call up in the VLAN Configuration mode In the Global Configuration mode enter the vlan command to change to this mode When doing this you ne...

Страница 163: ...e parameter has the following meaning Parameter Description Range of values note ip address IP address Specify a valid IP address subnet mask Subnet mask Enter a valid subnet mask prefix length Decimal representation of the mask as a number of 1 bits 0 32 For information on names of addresses and interfaces refer to the section Auto Hotspot Result The IP address is assigned Note Effectiveness of t...

Страница 164: ...ter if you want to disable the DHCP function explicitly For information on names of addresses and interfaces refer to the section Auto Hotspot Result If DHCP was enabled on this interface DHCP is now disabled Any existing dynamically learned IP address will be automatically converted to a static IP address If static IP addresses were configured and if no explicit IP address was transferred as a pa...

Страница 165: ...in the VLAN Configuration mode The command prompt is as follows cli config vlan Syntax Call up the command with the following parameters name vlan name The parameter has the following meaning Parameter Description Range of values note vlan name Name that will be assigned to the VLAN max 32 characters Result The VLAN is assigned a name Further notes You delete name assignment for a VLAN with the no...

Страница 166: ...pecifies the behavior of the interfaces and replaces the existing VLAN configuration Member ports tagged ports The interface is added permanently to the list of incoming and outgoing connections Tagged and untagged frames are transferred Untagged Ports The interface transfers untagged frames If the VLAN ID PVID is set incoming untagged frames are given a tag with the VLAN ID specified there If the...

Страница 167: ...aning Parameter Description Values interface type Type or speed of the interface Specify a valid interface a b 0 c Port no of the interface untagged Keyword for interfaces or ports that transfer data packets without VLAN marking all Specifies that all interfaces or ports are set to untagged forbidden Keyword for forbidden interfaces or ports name Keyword for the name assignment vlan name Name of t...

Страница 168: ...b 0 c all forbidden interface type 0 a b 0 c interface type 0 a b 0 c all name vlan name The parameters have the following meaning Parameter Description Values interface type Type or speed of the interface Enter a valid interface a b 0 c Port no of the interface untagged Keyword for interfaces or ports that transfer data packets without VLAN marking all Specifies that all interfaces or ports are s...

Страница 169: ... this command you enable or disable the TIA interface property The interface can only be used for PNIO Requirement The interface is activated You are in the VLAN configuration mode of the VLAN interface with the ID The command prompt is cli config if vlan Syntax Call the command without parameters tia interface Result The TIA interface is enabled exclusively for the specified VLAN The function was...

Страница 170: ...Network structures 5 1 VLAN SCALANCE S615 Command Line Interface 170 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Страница 171: ...ings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 1 1 1 show ip dns Description This command shows information about the DNS client for example the status of the DNS client and parameters for querying the DNS server Requirement You are in ...

Страница 172: ...lowing meaning Parameter Description Range of values note port Keyword for a an interface description interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The overview of the DCP forwarding behavior is disp...

Страница 173: ...XEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show ip route ip address mask connected static The parameters have the following meaning Parameter Description Range of values ip address Shows the information for a specific IP address Specify a valid IP address mask Defines an address range using the subnet mask 8 16 or 24 connected Show...

Страница 174: ...rivileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show ip routing Result The routing function is enabled 6 1 1 6 show ip static route Description This command shows the routes that were generated statically Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the com...

Страница 175: ...mmand without parameters show ip telnet Result The admin status and the port number of the Telnet server are displayed 6 1 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Glo...

Страница 176: ...th the following parameters dcp server read only read write The parameters have the following meaning Parameter Description Range of values note read only only reading is permitted on the DCP server read write reading and writing is permitted on the DPC server Default read write Result The read and write permissions for the DPC server are configured The DCP server is enabled Further notes You disa...

Страница 177: ...eck the availability of a network node packets of the Internet Control Message Protocol ICMP can be sent to it These packets of type 8 request the recipient to send a packet back to the sender echo reply With this command you enable the network node to react to ping queries Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command with...

Страница 178: ...onfig Syntax Call the command without parameters no ip echo reply Result ICMP echo reply messages are disabled The network node does not react to ping queries Further notes You change the setting with the ip echo reply command 6 1 2 5 ip route Description With this command you configure a static entry in the IP routing table Requirement You are in the Global configuration mode The command prompt i...

Страница 179: ...ress distance The value for the administrative dis tance 1 255 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The entry in the IP routing table is configured Further notes You delete an entry from the IP routing table with the no ip route command You display the IP routing table with the show ip route command 6 1 2 6 no ...

Страница 180: ... distance The value for the administrative dis tance 1 255 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The entry is deleted Further notes You configure an entry from the IP routing table with the ip route command You display the IP routing table with the show ip route command 6 1 2 7 ip routing Description With this c...

Страница 181: ...on With this command you disable IPv4 routing function on the device Note IPv6 routing If IPv6 routing is enabled on the device this is also disabled with this function Note This command is available only with layer 3 Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no ip routing Result IPv4 routing is disab...

Страница 182: ...mpt is as follows cli config Syntax Call the command without parameters telnet server As default the function is enabled Result The Telnet server is enabled Further notes You disable the Telnet server with the no telnet server command 6 1 2 10 no telnet server Description With this command you disable the Telnet server Requirement You are in the Global configuration mode The command prompt is as f...

Страница 183: ...topics that can be called in the interface configuration mode can be found in the relevant sections If you exit the Interface configuration mode with the exit command you return to the Global configuration mode If you exit the Interface configuration mode with the end command you return to the Privileged EXEC mode 6 1 3 1 ip address Description With this command you assign an IP address to a VLAN ...

Страница 184: ...n Interface identifiers and addresses Page 25 Result The IP address is assigned to the VLAN interface Note Effectiveness of the command The command is effective immediately If you configure the interface via which you access the device the connection will be lost Further notes You delete the settings with the no ip address command You display this setting and other information with the show ip int...

Страница 185: ... with the following parameters no ip address ucast_addr The parameter has the following meaning Parameter Description Values ucast_addr IP Address of the VLAN interface that will be deleted enter a valid IP address For information on names of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The assignment of the IP address to a VLAN interface is dele...

Страница 186: ... have the following meaning Parameter Description Range of values note Vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface ip address Shows the IP addresses of the entries in the ARP table mac address Shows the MAC addresses of the en tries in the ARP...

Страница 187: ...s of the DHCP client Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show ip dhcp client Result The configuration settings of the DHCP client are displayed 6 3 2 renew dhcp Description This command reassigns an IP address to the selected interface via DHCP Requirement The IP address of t...

Страница 188: ...is assigned again This address can be a different address from the previously assigned address Further notes You can display the statistical information of the DHCP client with the show ip dhcp client stats command You show the statistical information and the configuration of the IP interface with the show ip interface command See also Interface identifiers and addresses Page 25 6 3 3 Commands in ...

Страница 189: ...is file With this command you enable the DHCP config file request option Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters ip dhcp config file request Result The DHCP config file request option is enabled Further notes You disable the DHCP config file request option with the no ip dhcp config file request com...

Страница 190: ...he type of identifier with which the DHCP client logs on with its DHCP server Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters ip dhcp client mode mac client id client id sysname The parameters have the following meaning Parameter Description Range of values mac The client registers with its MA...

Страница 191: ...splay various settings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 4 1 1 show ip dhcp server bindings Description This command shows the current assignments of IPv4 addresses of the DHCP server Requirement You are in the User EXEC mode or...

Страница 192: ...hcp server pools pool id 1 5 The parameter has the following meaning Parameter Description Range of values note pool id ID of the addressed IPv4 address band 1 5 Result The configuration of the DHCP server and the DHCP options is displayed 6 4 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode en...

Страница 193: ...of IPv4 addresses that the DHCP server supports is 100 In other words a total of 100 IPv4 addresses dynamic static With the static assignments you can create a maximum of 20 entries Requirement NAT is enabled in Client mode You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameter assignment ip dhcp server Result The DHCP server ...

Страница 194: ...ver is disabled Further notes You enable the DHCP server with the ip dhcp server command 6 4 2 3 no ip dhcp server icmp probe Description With this command you disable the Probe address with ICMP Echo before offer function Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameter assignment no ip dhcp server icmp prob...

Страница 195: ...ip dhcp server pool Description With this command you have two options of changing to the DHCPPOOL configuration mode and to assign an interface to the IPv4 address band 1 If you call the command ip dhcp server pool with the parameter pool id 1 5 you change directly to the DHCPPOOL configuration mode If the ID of the addressed IPv4 address band does not yet exist it is first created and assigned t...

Страница 196: ... options Displays the possible options for the interface For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The ID of the addressed IPv4 address band is configured You are now in the DHCPPOOL configuration mode The command prompt is as follows cli config dhcp pool ID Further notes You exit the DHCPPOOL configuration mo...

Страница 197: ...tion describes commands that you can call up in the DHCPPOOL Configuration mode In the Global Configuration mode enter the ip dhcp server pool command to change to this mode If you exit the DHCPPOOL Configuration mode with the exit command you return to the Global Configuration mode If you exit the DHCPPOOL Configuration mode with the end command you return to the Privileged EXEC mode 6 4 3 1 leas...

Страница 198: ...2 network Description With this command you configure the IPv4 address band from which the DHCP client receives any IPv4 address Note Maximum number of IP addresses The maximum number of IPv4 addresses that the DHCP server supports is 100 In other words a total of 100 IPv4 addresses dynamic static With the static assignments you can create a maximum of 20 entries Assignment of IP addresses The req...

Страница 199: ...ess band is configured The DHCP options 1 3 6 66 and 67 are created automatically With the exception of option 1 the options can be deleted Further notes You display the setting with the show ip dhcp server pools command You assign an IP address to an interface with the set interface command You configure the DHCP option 67 with the option value string command You configure the DHCP options 3 6 an...

Страница 200: ...Pv4 address of the interface that is assigned to the IPv4 address band Result The DHCP option is created In total a maximum of 20 DHCP options are possible Further notes You display the setting with the show ip dhcp server pools command You disable the IPv4 address band with the no pool enable command You delete the DHCP option with the no option command You configure the DHCP option 67 with the o...

Страница 201: ...HCP options 3 6 and 66 with the option command You configure all other DHCP options with the option value hex command 6 4 3 5 option value hex Description With this command you create DHCP options that contain a hexadecimal value as DHCP parameter The various DHCP options are defined in RFC 2132 The exceptions are the DHCP options 1 3 66 and 67 You configure the DHCP options 3 6 and 66 with the co...

Страница 202: ...lue Format XXXXX e g C0A86402 Result The DHCP option is configured In total a maximum of 20 DHCP options are possible Further notes You display the setting with the show ip dhcp server pools command You disable the IPv4 address band with the no pool enable command You delete the DHCP option with the no option command 6 4 3 6 pool enable Description With this command you specify that this IPv4 addr...

Страница 203: ...hcp server pools command You disable the setting with the no pool enable command 6 4 3 7 no pool enable Description With this command you specify that this IPv4 address band will not be used Requirement You are in the DHCPPOOL configuration mode The command prompt is as follows cli config dhcp pool ID Syntax Call the command without parameter assignment no pool enable Result The setting is disable...

Страница 204: ...all up the command with the following parameters set interface vlan vlan id 1 4094 interface type interface id The parameters have the following meaning Parameter Description Range of values note vlan Keyword for a VLAN connection vlan id Number of the addressed VLAN 1 4094 interface type Type or speed of the interface Enter a valid interface interface id Module no and port no of the interface For...

Страница 205: ... config dhcp pool ID Syntax Call up the command with the following parameters static lease mac mac address ip address The parameters have the following meaning Parameter Description Range of values note mac address Unicast MAC address Specify the MAC address aa bb cc dd ee ff ip address Unicast IPv4 address Enter a valid IPv4 address The IPv4 address must match the subnet of the IPv4 address band ...

Страница 206: ...rement You are in the DHCPPOOL configuration mode The command prompt is as follows cli config dhcp pool ID Syntax Call up the command with the following parameters no static lease mac mac address The parameter has the following meaning Parameter Description Range of values note mac address Unicast MAC address Specify a valid MAC address Result The assignment is deleted Further notes You configure ...

Страница 207: ...he command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 5 1 1 show dnsclient information Description This command shows the configuration of the DNS client Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the...

Страница 208: ...n mode 6 5 2 1 Introductory sentence for the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration m...

Страница 209: ...You exit the DNS CLIENT configuration mode with the end or exit command 6 5 2 3 dnsproxy Description With this command you change to the DNS PROXY configuration mode Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameter assignment dnsproxy Result You are now in the DNS PROXY configuration mode The command prompt i...

Страница 210: ... configuration mode The command prompt is as follows cli config ddnsclient Further notes You exit the DDNS Client configuration mode with the end or exit command 6 5 3 Commands in the DNS CLIENT configuration mode This section describes commands that you can call up in the DNS CLIENT configuration mode In the Global configuration mode enter the dnsclient command to change to this mode If you exit ...

Страница 211: ...and with the following parameters manual srv ip_addr The parameter has the following meaning Parameter Description Range of values note ip_addr IPv4 address Enter a valid IPv4 address Result The DNS server is configured Further notes You display this setting and other information with the show dnsclient informationen command You configure the DNS server type with the server type command You delete...

Страница 212: ... for DNS server ip address IPv4 address Enter the IPv4 address of the DNS server all Deletes all DNS servers Result The specified DNS server is deleted Further notes You create a DNS server entry with the manual srv command You display this setting and other information with the show dnsclient information command 6 5 3 3 server type Description With this command you specify which DNS server the de...

Страница 213: ... automatically Result The device uses the specified DNS servers Further notes You display this setting and other information with the show dnsclient information command You create a manually configured DNS server with the manual srv command 6 5 3 4 shutdown Description With this command you end the DNS client Requirement You are in the DNS CLIENT configuration mode The command prompt is as follows...

Страница 214: ...assignment no shutdown Result The DNS client of the device is enabled and when necessary sends queries to the DNS server Further notes You end the DNS client with the shutdown command You display this setting and other information with the show dnsclient information command 6 5 4 Commands in the DNS PROXY configuration mode This section describes commands that you can call up in the DNS PROXY conf...

Страница 215: ...DNS PROXY configuration mode The command prompt is as follows cli config dnsproxy Syntax Call the command without parameter assignment cache nxdomain Result The setting is enabled Further notes You disable the setting with the no cachenxdomain command 6 5 4 2 no cachenxdomain Description With this command you disable the caching of NXDOMAIN responses Requirement You are in the DNS PROXY configurat...

Страница 216: ...y of the DNS server Requirement You are in the DNS PROXY configuration mode The command prompt is as follows cli config dnsproxy Syntax Call the command without parameter assignment shutdown Result The setting is disabled Further notes You enable the setting with the no shutdown command 6 5 4 4 no shutdown Description With this command you enable the proxy of the DNS server Requirement You are in ...

Страница 217: ...configuration mode In the Global configuration mode enter the ddnsclient command to change to this mode If you exit the DDNS CLIENT configuration mode with the exit command you return to the Global configuration mode If you exit the DDNS CLIENT configuration mode with the end command you return to the Privileged EXEC mode 6 5 5 1 service Description With this command you enable the dynamic DNS pro...

Страница 218: ...ith the show ddnsclient information command You disable an entry with the no service command 6 5 5 2 no service Description With this command you disable the dynamic DNS provider Requirement You are in the DDNS Client configuration mode The command prompt is as follows cli config ddnsclient Syntax Call up the command with the following parameters no service show services index The parameters have ...

Страница 219: ...S Client configuration mode The command prompt is as follows cli config ddnsclient Syntax Call up the command with the following parameters userhost show services index host The parameters have the following meaning Parameter Description Range of values note show services Lists the available providers index Number corresponding to a specific provider Specify a valid number host Host name Specify t...

Страница 220: ...s username show services index username The parameters have the following meaning Parameter Description Range of values note show services Lists the available providers index Number corresponding to a specific provider Specify a valid number username User names Specify the negotiated user name Result The user name is configured Further notes You display this setting and other information with the ...

Страница 221: ...ers password show services index password The parameters have the following meaning Parameter Description Range of values note show services Lists the available providers index Number corresponding to a specific provider Specify a valid number password Password Enter the negotiated password Result The password is configured Further notes You display this setting and other information with the show...

Страница 222: ...ngs With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 6 1 1 show snmp Description This command shows the status information of SNMP Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or...

Страница 223: ...d prompt is as follows cli or cli Syntax Call the command without parameters show snmp community Result The details of the configured SNMP communities are displayed 6 6 1 3 show snmp engineID Description This command shows the SNMP identification number of the device Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the...

Страница 224: ...XEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show snmp filter Result The configured SNMP filters are displayed 6 6 1 5 show snmp group Description This command shows the configured SNMP groups Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without paramet...

Страница 225: ...ompt is as follows cli or cli Syntax Call the command without parameters show snmp group access Result The rights of the configured SNMP groups are displayed 6 6 1 7 show snmp inform statistics Description This command shows the statistics of the Inform Messages Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the comm...

Страница 226: ...The command prompt is as follows cli or cli Syntax Call the command without parameters show snmp notif Result The configured SNMP notification types are displayed 6 6 1 9 show snmp targetaddr Description This command shows the configured SNMP target addresses Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command...

Страница 227: ...ode The command prompt is as follows cli or cli Syntax Call the command without parameters show snmp targetparam Result The configured SNMP target parameters are displayed 6 6 1 11 show snmp tcp Description This command shows the configuration for SNMP via TCP Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the comman...

Страница 228: ...command prompt is as follows cli or cli Syntax Call the command without parameters show snmp user Result The settings for the SNMP user are displayed 6 6 1 13 show snmp viewtree Description This command shows the settings for the SNMP tree views Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without param...

Страница 229: ...topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 6 6 2 1 snmpagent Description With this command you enable the SNMP agent function Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax C...

Страница 230: ...onfig Syntax Call the command without parameters no snmpagent Result The SNMP agent function is disabled Further notes You enable the SNMP agent function with the snmpagent command 6 6 2 3 snmp agent version Description With this command you configure whether all SNMP queries or only SNMPv3 queries are processed Requirement You are in the Global configuration mode The command prompt is as follows ...

Страница 231: ...re in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters snmp access GroupName v1 v2c v3 auth noauth priv read ReadView none write WriteView none notify NotifyView none volatile nonvolatile The parameters have the following meaning Parameter Description Range of values note GroupName Name of the group to which access i...

Страница 232: ...estart The keywords need to be specified If optional parameters are not specified when configuring a group the default value will be used Result The settings for access to an SNMP group are configured Further notes You delete the access to an SNMP group with the no snmp access command You display the configured SNMP groups with the show snmp group command You display the access configurations for ...

Страница 233: ...s the authentication method auth noauth priv Result The access to an SNMP group is deleted Further notes You configure the setting with the snmp access command You display the configured SNMP groups with the show snmp group command You display the access configurations for SNMP groups with the show snmp group access command You display the configured SNMP tree views with the show snmp viewtree com...

Страница 234: ... max 32 characters Storage type specifies whether the settings remain following a restart volatile volatile The settings are lost after a restart nonvolatile non volatile The settings are retained after a restart If optional parameters are not specified when configuring a community the default values apply Result The settings are configured Further notes You delete the details of an SNMP community...

Страница 235: ... SNMP community with the show snmp community command You show the status information of the SNMP communication with the show snmp command 6 6 2 8 snmp filterprofile Description With this command you configure a filter that describes the access rights to the MIB tree Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the ...

Страница 236: ... nonvolatile non volatile The saved settings are used after a restart Note that the meaning of the filter mask changes depending on the included excluded parameter 0 and included means Access denied 0 and excluded means Access permitted 1 and included means Access permitted 1 and excluded means Access denied Result The filter is created Further notes You delete a filter with the no snmp filterprof...

Страница 237: ...p filterprofile command You display the created filter with the show snmp filter table command 6 6 2 10 snmp group Description With this command you configure the details of an SNMP group Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters snmp group GroupName user UserName security model v1 v2c v...

Страница 238: ...ers are not specified when configuring a group the default values apply Result The details of the group are configured Further notes You delete the details of an SNMP group with the no snmp group command You display the created SNMP groups with the show snmp group command You display the created SNMP user with the show snmp user command 6 6 2 11 no snmp group Description With this command you dele...

Страница 239: ...the snmp group command You display the created SNMP groups with the show snmp group command You display the created SNMP user with the show snmp user command 6 6 2 12 snmp notify Description With this command you configure the details of the SNMP notifications Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the follow...

Страница 240: ...The settings are retained after a restart Result The details of the SNMP notifications are configured Further notes You delete the details of an SNMP group with the no snmp notify command You display the configured SNMP notifications with the show snmp notif command You display the configured SNMP target addresses with the show snmp targetaddr command 6 6 2 13 no snmp notify Description With this ...

Страница 241: ...mmand 6 6 2 14 snmp targetaddr Description With this command you configure the SNMP target addresses Requirement The SNMP target parameters are configured You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters snmp targetaddr TargetAddressName param ParamName ipv4 IPAddress timeout Seconds 1 1500 retries RetryCo...

Страница 242: ...cifies whether the settings re main following a restart volatile The default settings are used af ter a restart nonvolatile The saved settings are used af ter a restart port Keyword for the port number at which the SNMP manager receives traps and inform messages integer Port number 1 65535 For information on names of addresses and interfaces refer to the section Interface identifiers and addresses...

Страница 243: ...o snmp targetaddr TargetAddressName The parameter has the following meaning Parameter Description Range of values note TargetAddressName SNMP target address max 32 characters Result The SNMP target address is deleted Further notes You change the SNMP target address with the snmp targetaddr command You display the SNMP target address with the show snmp targetaddr command 6 6 2 16 snmp targetparams ...

Страница 244: ...MP version is used With SNMPv3 a security level authen tication encryption can also be con figured SNMP version v1 v2c v3 Security level for v3 auth Authentication enabled no encryption enabled noauth No authentication enabled no encryption enabled priv Authentication enabled encryption enabled message processing Specifies which SNMP version is used for processing the messages and whether the sett...

Страница 245: ...w snmp user command 6 6 2 17 no snmp targetparams Description With this command you delete the SNMP target parameters Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters no snmp targetparams ParamName The parameter has the following meaning Parameter Description Range of values note ParamName Name...

Страница 246: ... cli config Syntax Call the command without parameters snmp v1 v2 readonly Result Write access for SNMPv1 and SNMPv2 PDUs is blocked Further notes You release write access for SNMPv1 and SNMPv2 PDUs with the no snmp v1 v2 readonly command 6 6 2 19 no snmp v1 v2 readonly Description With this command you enable write access for SNMPv1 and SNMPv2 PDUs Requirement You are in the Global configuration ...

Страница 247: ... UserName auth md5 sha passwd priv DES passwd volatile nonvolatile The parameters have the following meaning Parameter Description Range of values note UserName Name of the user max 32 characters auth specifies that authentication takes place and which algorithm is used md5 Message Digest 5 sha Secure Hash Algorithm Default No authentication passwd Password for authentication max 32 characters pri...

Страница 248: ...p user command 6 6 2 21 no snmp user Description With this command you delete the details of an SNMP user Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters no snmp user UserName The parameter has the following meaning Parameter Description Range of values note UserName Name of the user max 32 ch...

Страница 249: ...Parameter Description Range of values note ViewName Name of the SNMP view max 32 characters OIDTree Object ID Path information of the MIB tree mask Keyword for the OID mask OIDMask Mask that filters access to the ele ments of the MIB tree A series of 0 and 1 separated by dots in keeping with the path information of the MIB tree View type Specifies whether the filtered elements are used or excluded...

Страница 250: ...d 6 6 2 23 no snmp view Description With this command you delete an SNMP view Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters no snmp view ViewName OIDTree The parameters have the following meaning Parameter Description Range of values note ViewName Name of the view max 32 characters OIDTree O...

Страница 251: ...is as follows cli or cli Syntax Call the command without parameters show ip http server status Result The status of the HTTP server is displayed 6 7 2 Commands in the Global Configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics tha...

Страница 252: ...e command without parameters ip http As default the function is enabled Result HTTP is enabled on the device Further notes You can display the setting of this function and other information with the show ip http server statuscommand You deactivate HTTP on the device with the no ip http command 6 7 2 2 no ip http Description With this command you disable HTTP on the device Requirement You are in th...

Страница 253: ...ce Configuration Manual 06 2015 C79000 G8976 C406 02 253 no ip http Result HTTP is disabled on the device Further notes You can display the setting of this function and other information with the show ip http server statuscommand You enable HTTP with the ip http command ...

Страница 254: ...rement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show ip http secure server status Result The status cipher suite and version of the HTTPS server are displayed 6 8 2 show ssl server cert Description This command shows the SSL server certificate Requirement You are in the User EXEC mode or in t...

Страница 255: ...Network protocols 6 8 HTTPS server SCALANCE S615 Command Line Interface Configuration Manual 06 2015 C79000 G8976 C406 02 255 Result The SSL server certificate is displayed ...

Страница 256: ...ers show proxyserver table Result The configuration is displayed 6 9 2 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant se...

Страница 257: ...ommand 6 9 3 Commands in the PROXYSERVER configuration mode This section describes commands that you can call up in the PROXYSERVER configuration mode In the Global configuration mode enter the proxyserver command to change to this mode If you exit the PROXYSERVER configuration mode with the exit command you return to the Global configuration mode If you exit the PROXYSERVER configuration mode wit...

Страница 258: ...using HTTP socks Universal proxy server port Keyword for port num Port number 0 65535 Specify the port on which the proxy ser vice runs auth Keyword for the authentication method basic Standard authentication User name and password are sent unencrypted ntlm Authentication according to the NTML standard Windows user logon none No authentication addr Keyword for IPv4 address ip_addr IPv4 address Ent...

Страница 259: ...y server name has been created and is not being used anywhere You are in the PROXYSERVER configuration mode The command prompt is as follows cli config proxysrv Syntax Call up the command with the following parameters no srv name string 128 all The parameters have the following meaning Parameter Description Range of values note name Keyword for proxy server name string Proxy server name Specify a ...

Страница 260: ...and with the following parameters srv name string 128 addr ip_addr dns 50 The parameters have the following meaning Parameter Description Range of values note string Proxy server name Specify the proxy server name Maximum of 128 characters ip_addr IPv4 address Enter the IPv4 address of the proxy server dns DNS host name Enter the DNS host name of the proxy server Maximum of 50 characters Result Th...

Страница 261: ...tring 128 auth none basic ntlm The parameters have the following meaning Parameter Description Range of values note string Proxy server name Specify the proxy server name Maximum of 128 characters none No authentication basic Standard authentication The user name and password are sent unencrypted ntlm Authentication according to the NTML standard Windows user logon Result The authentication method...

Страница 262: ...note string Proxy server name Specify the proxy server name Maximum of 128 characters Port Port number Specify the port number on which the proxy service runs 0 65535 Result The port has been changed Further notes You display the available proxy server names with the srv show names command You create the proxy server with the srv name command 6 9 3 6 srv name pw Description With this command you c...

Страница 263: ... Specify the changed pass word for access to the proxy server Maximum of 255 characters Result The password is changed Further notes You display the available proxy server names with the srv show names command You create the proxy server with the srv name command 6 9 3 7 srv name type Description With this command you change the type of the proxy server Requirement The proxy server name has been c...

Страница 264: ... server has been changed Further notes You display the available proxy server names with the srv show names command You create the proxy server with the srv name command 6 9 3 8 srv name user Description With this command you change the user name for access to the proxy server Requirement When selecting the authentication method basic is used The proxy server name has been created You are in the P...

Страница 265: ...characters Result The user name has been changed Further notes You display the available proxy server names with the srv show names command You create the proxy server with the srv name command 6 9 3 9 srv show names Description With this command you display the available proxy server names Requirement You are in the PROXYSERVER configuration mode The command prompt is as follows cli config proxys...

Страница 266: ...ds in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 6 10 1 1 show events smtp server Description This command shows the configured SMTP servers Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters sho...

Страница 267: ...ddress is displayed 6 10 1 3 show events smtp port Description This command shows the configured SNMP port Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show events smtp port Result The configured SMTP port is displayed 6 10 2 Commands in the Events configuration mode This section desc...

Страница 268: ... With this command you configure the e mail name of the sender Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters sender mail address mail address The parameter has the following meaning Parameter Description Range of values note mail address Email name of the sender max 100 characters Res...

Страница 269: ... You display the setting with the show events sender email command 6 10 2 3 smtp server Description With this command you configure an entry for an SMTP server Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters smtp server ipv4 ucast_addr fqdn name FQDN 100 receiver mail address The parame...

Страница 270: ...smtp server command 6 10 2 4 no smtp server Description With this command you delete an SMTP server entry Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters no smtp server ipv4 ucast_addr fqdn name FQDN 100 The parameters have the following meaning Parameter Description Range of values not...

Страница 271: ... SMTP port Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters smtp port smtp port 1 65535 The parameter has the following meaning Parameter Description Range of values note smtp port Value for the SMTP port 1 65535 Default 25 Result An SMTP port is configured Further notes You can reset th...

Страница 272: ...t the SMTP port to the default The default value is 25 Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call the command without parameters no smtp port Result The SMTP port is reset to the default value Further notes You configure the setting with the smtp port command You display the setting with the show smtp port command ...

Страница 273: ... mail according to the currently configured SMTP settings Requirement You are in the EVENTS configuration mode The command prompt is as follows cli config events Syntax Call the command without parameters send test mail Result An e mail according to the currently configured SMTP settings was sent Further notes You can display the current SMTP settings with the show events emailserver command ...

Страница 274: ...follows cli or cli Syntax Call the command without parameters show ip ssh Result The settings for the SSH server are displayed 6 11 2 Commands in the Global Configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called i...

Страница 275: ...this command you enable the SSH protocol on the device Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters ssh server As default the function is enabled Result The SSH protocol is enabled on the device Further notes You disable the SSH protocol with the no ssh server command ...

Страница 276: ...r Description With this command you disable the SSH protocol on the device Requirement You are in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no ssh server Result The SSH protocol is disabled on the device Further notes You enable the SSH protocol with the ssh server command ...

Страница 277: ... of the flow control function 7 1 1 show flow control Description This command shows the settings of the flow control function Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show flow control interface interface type interface id The parameters have the following meaning P...

Страница 278: ... relating to other topics that can be called in the interface configuration mode can be found in the relevant sections If you exit the Interface configuration mode with the exit command you return to the Global configuration mode If you exit the Interface configuration mode with the end command you return to the Privileged EXEC mode 7 1 2 1 flowcontrol Description The flow control function monitor...

Страница 279: ...up the command with the following parameters flowcontrol on off The parameters have the following meaning Parameter Description on Enables the function off Disables the function Result The settings for the flow control function are configured Further notes You can display the status of this function with the show flow control command ...

Страница 280: ...very configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 7 2 1 1 show mac address table aging time Description To ensure that the address entries are up to date MAC addresses are only kept in the address table for a specified time This command shows the time after which the MAC addresses are removed from the address t...

Страница 281: ... mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged E...

Страница 282: ...address table aging time command You disable the Aging function with the no mac address table aging command 7 2 2 2 no mac address table aging Description With this command you disable the Aging function Requirement You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call the command without parameters no mac address table aging Result The Aging function is ...

Страница 283: ...and prompt is as follows cli config Syntax Call up the command with the following parameters mac address table aging time seconds 10 1000000 The parameter has the following meaning Parameter Description Range of values seconds Life of the entry in seconds 10 1000000 At system start or when using the restart command with the option memoryor factory the following defaults apply The default value is ...

Страница 284: ...Load control 7 2 Dynamic MAC aging SCALANCE S615 Command Line Interface 284 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Страница 285: ... for NAT NAPT 8 1 1 The show commands 8 1 1 1 show firewallnat masquerading Description This command shows the interfaces on which IP masquerading is enabled Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show firewallnat masquerading Result The interfaces are displayed ...

Страница 286: ...mand prompt is as follows cli Syntax Call the command without parameter assignment show firewallnat napt Result The configured NAPT rules are displayed 8 1 1 3 show firewallnat netmap map Description This command shows the configured NETMAP rules Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show firewallna...

Страница 287: ...s in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and...

Страница 288: ...ion mode enter the firewallnat command to change to this mode If you exit the FIREWALL NAT configuration mode with the exit command you return to the Global configuration mode If you exit the FIREWALL NAT configuration mode with the end command you return to the Privileged EXEC mode Available interfaces As the source and destination interfaces the following interfaces are available Interface masqu...

Страница 289: ... Parameter Description Range of values note interface type Type or speed of the interface Specify a valid interface num Number of the addressed VLAN Specify a valid interface index 0 4094 For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL NAT configuration mode Page 288 Result The rules for IP masquerading are enabled on the specified interface...

Страница 290: ...ce num Number corresponding to a specific interface Enter the required number 0 10 all int Disables the rules for IP masquerading on all interfaces show int Lists the available interfaces For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL NAT configuration mode Page 288 Result The rules for IP masquerading are disabled on the relevant interface...

Страница 291: ...ord for a protocol UDP Address assignment for UDP valid TCP Address assignment for TCP valid dstip Keyword for the destination IP ad dress auto Uses the IP address of the selected interface ip_addr IPv4 address Enter a valid IPv4 address transip Keyword for the IP address of the node to which this frame will be for warded ip_addr IPv4 address Enter a valid IPv4 address dstport Keyword for destinat...

Страница 292: ... with a unique number index is created Further notes You delete a NAPT rule with the no napt command You delete all NAPT rules with the no napt all command You display the numbers of the NAPT rules with the napt show idx command You display the NAPT rule with the show firewallnat napt command 8 1 3 4 no napt Description With this command you delete a specific NAPT rule Requirement VLAN interface w...

Страница 293: ... You display the numbers of the NAPT rules with the napt show idx command You delete all NAPT rules with the no napt all command You create a NAPT rule with the napt type ipv4 command 8 1 3 5 no napt all Description With this command you delete all NAPT rules Requirement You are in the FIREWALL NAT configuration mode The command prompt is as follows cli config fwnat Syntax Call the command without...

Страница 294: ...nat Syntax Call the command without parameter assignment napt show idx Result The numbers are listed Further notes You delete a NAPT rule with the no napt command You create a NAPT rule with the napt command 8 1 3 7 netmap destination type ipv4 Description With this command you create the NETMAP rule for the address translation of the destination IP address Requirement You are in the FIREWALL NAT ...

Страница 295: ...ord for the destination subnet subnet The subnet can also be a single PC or another subset of the subnet Specify the subnet in the CIDR notation transip Keyword for the subnet with which the destina tion subnet is replaced subnet The subnet can also be a single PC or another subset of the subnet Specify the subnet in the CIDR notation For information on identifiers of addresses and interfaces refe...

Страница 296: ...um Number of the addressed interface 0 4094 dstint Keyword for the destination interface if type Type or speed of the interface Specify a valid interface num Number of the addressed interface 0 4094 idx Keyword for the number of the NETMAP rule num Number corresponding to a specific NETMAP rule Specify a valid number 0 200 For information on identifiers of addresses and interfaces refer to the sec...

Страница 297: ...at Syntax Call the command without parameter assignment no netmap all Result All NETMAP rules are deleted Further notes You create a NETMAP rule with the commands netmap source type ipv4 and netmap destination type ipv4 8 1 3 10 netmap show idx Description With this command you show the numbers of the configured NETMAP rules Requirement You are in the FIREWALL NAT configuration mode The command pr...

Страница 298: ...and with the following parameters src nat srcint if type num 0 4094 dstint if type num 0 4094 type ipv4 srcip ip_addr ip_range subnet dstip ip_addr ip_range subnet transip auto ip_addr The parameters have the following meaning Parameter Description Range of values note srcint Keyword for the source interface if type Type or speed of the interface Specify a valid interface num Number of the address...

Страница 299: ...ss of the interface is used Enter a valid IPv4 address For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL NAT configuration mode Page 288 Result The source NAT rule is created During creation an entry with a unique number index is created Further notes You delete a source NAT rule with the no src nat command You delete all source NAT rules with...

Страница 300: ...nterface num Number of the addressed interface 0 4094 idx Keyword for the number of the source NAT rule num Number corresponding to a specific source NAT rule Specify a valid number 0 200 For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL NAT configuration mode Page 288 Result The specified source NAT rule is deleted Further notes You delete al...

Страница 301: ...4 src nat show idx Description With this command you show the numbers of the configured source NAT rules Requirement You are in the FIREWALL NAT configuration mode The command prompt is as follows cli config fwnat Syntax Call the command without parameter assignment src nat show idx Result The numbers are listed Further notes You delete a source NAT rule with the no src nat command You delete all ...

Страница 302: ...Layer 3 functions 8 1 NAT SCALANCE S615 Command Line Interface 302 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Страница 303: ... 9 1 User rights management This section describes commands for access as administrator and the configuration of the authentication methods 9 1 1 show users Description This command displays the users that logged on via Telnet or SSH Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters show users Result The logged in users ...

Страница 304: ...ileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters show user accounts Result The created users are shown 9 1 3 whoami Description This command shows the user name of the logged in user Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters whoami Re...

Страница 305: ...XEC mode again 9 1 4 1 user account Description With this command you specify a new user You can also change the password role of an already created user If the logged in user has the admin role he or she can create a new user or change the password role of a user When the logged in users have the user role they can can only change their password Note You can create up to 16 additional user accoun...

Страница 306: ...r at least 1 number privilege Keyword for the role of the user user The user only has read rights admin The user can create edit or delete entries Result The new user has been created or the password role has been changed Note User name cannot be changed After creating a user the user name can no longer be modified because the user name is used for encryption of the password If a user name needs t...

Страница 307: ... role You are in the Global Configuration mode The command prompt is as follows cli config Syntax Call up the command with the following parameters no user account user name The parameter has the following meaning Parameter Description Range of values note user name User name Enter a valid user name Result The user has been deleted Further notes You create a user with the user account command You ...

Страница 308: ...e admin User name Specify the user name password Keyword for a password passwd Value for the password Enter the password The password must meet the following password policies Password length at least 8 characters at least 1 uppercase letter at least 1 special character at least 1 number Result The password is changed Note Changing the password in Trial mode Even if you change the password in Tria...

Страница 309: ...ttings With the command do command you can execute the show commands in every configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 9 2 2 1 show firewall icmp services ipv4 Description This command shows the configured ICMPv4 services Requirement You are in the Privileged EXEC mode The command prompt is as follows cli S...

Страница 310: ... EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show firewall information Result The configuration is displayed 9 2 2 3 show firewall ip protocols Description This command displays the configured protocols Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment sho...

Страница 311: ...he command prompt is as follows cli Syntax Call the command without parameter assignment show firewall ip rules ipv4 Result The overview of the IPv4 firewall rules is displayed 9 2 2 5 show firewall pre rules ipv4 Description This command shows the predefined IPv4 rules available on the interface Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call up th...

Страница 312: ...Shows the information for all interfaces if id Number corresponding to a specific interface Specify a valid number Result The predefined IPv4 rules are displayed 9 2 2 6 show firewall ip services Description This command shows the configured IP services Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show fir...

Страница 313: ...You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 9 2 3 1 firewall Description With this command you change to the FIREWALL configuration mode Requirement You are now in the Global configuration mode The command prompt is as follows cli config Syntax Call the command without parameters firewall Result You are now in the FIREWALL conf...

Страница 314: ...fined firewall rules own firewall rules VLAN VLANs with configured subnet x x vlan 1 x PPP M874 M876 3 WAN interface EGPRS GPRS UMTS x x ppp 0 USB M876 4 WAN interface LTE x x usb 0 IPsecVPN All IPsecVPN connections x ipsecALL Specific IPsecVPN connection x ipsec num SINEMA RC Connection to SINEMA RC Server x sinemarcall Device Connection to the device x device x available not available 9 2 4 1 ic...

Страница 315: ...e required number Default 256 ver Keyword for the version of the ICMP protocol ipv4 IP Version4 Result The ICMP service is configured Further notes You display the available service names with the icmp show names command You show the available ICMP packet types and codes with the icmp show types codes command You delete this service with the no icmp command You display this setting and other infor...

Страница 316: ...names Result The corresponding ICMP service is deleted Further notes You create the ICMP service with the icmp name command You display the available service names with the icmp show names command You show the available ICMP packet types and codes with the icmp show types codes command 9 2 4 3 icmp name set Description With this command you change the ICMP packet type and the code Requirement The ...

Страница 317: ... Enter the required number The selection depends on the ICMP packet type Result The ICMP packet type and code have been changed Further notes You display the available service names with the icmp show names command You show the available ICMP packet types and codes with the icmp show types codes command You delete this service with the no icmp command You display this setting and other information...

Страница 318: ... You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the command without parameter assignment icmp show types codes Result The list is displayed Further notes You create a protocol with the icmp name command 9 2 4 6 idle timeout icmp Description With this command you configure the required period for ICMP If no data exchange takes place the ICMP co...

Страница 319: ... You display this setting and other information with the show firewall information command 9 2 4 7 idle timeout udp Description With this command you configure the required period for UDP If no data exchange takes place the UDP connection is terminated automatically when this time has elapsed Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Synt...

Страница 320: ...time has elapsed Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters idle timeout tcp second 1 4294967295 The parameter has the following meaning Parameter Description Range of values note second Interval in seconds 1 4294967295 Result The interval is configured Further notes You display this...

Страница 321: ...4 packet Specify a valid interface Maximum of 50 characters integer Number of the interface 0 4094 to Keyword for the incoming direc tion to string Interface that receives the IPv4 packet Specify a valid interface Maximum of 50 characters integer Number of the interface 0 4094 srcip Keyword for the source string Address that sends IPv4 packets Individual IP address Specify the IP address IP addres...

Страница 322: ...about event severity information are logged war Messages about event severity warning are logged cri Messages about event severity critical are logged prior Keyword for the priority integer Priority Enter the priority for the IPv4 rule 0 64 For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The IPv4 rule is cr...

Страница 323: ...ewall configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters no ipv4rule all idx integer 1 64 The parameters have the following meaning Parameter Description Range of values note ALL Deletes all IPv4 rules idx Keyword for index integer Number corresponding to a specific IPv4 rule Enter the required number 1 64 Result The correspon...

Страница 324: ... The parameters have the following meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 action Keyword for the action with in coming IPv4 packets acc The data packets can pass through drop The data packets are discarded without any notification to the sender rej The data packets are rejected an...

Страница 325: ... have the following meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 dstip Keyword for the destination string Address that receives IPv4 pack ets Individual IP address Specify the IP address IP range Specify the range with the start address end address e g 192 168 100 10 192 168 100 20 All ...

Страница 326: ...g meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 from Keyword for the outgoing direc tion from string Interface that sends the IPv4 packet Specify a valid interface Maximum of 50 characters integer Number of the interface 0 4094 For information on identifiers of addresses and interfaces r...

Страница 327: ...ters have the following meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 integer Number of the interface 0 4094 log Keyword for making entries in the firewall log none The rule coming into effect is not logged info Messages about event severity information are logged war Messages about even...

Страница 328: ...ber 1 100 set prior number 0 64 The parameters have the following meaning Parameter Description Range of values note idx Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 prior Keyword for the priority integer Priority Enter the priority for the IPv4 rule 0 64 Result The priority of the corresponding IPv4 firewall rule has been changed Further n...

Страница 329: ... Keyword for index number Number corresponding to a spe cific IPv4 rule Enter the required number 1 100 integer Number of the interface 0 4094 service Keyword for service or protocol name Result The service or protocol name of the corresponding IPv4 firewall rule has been changed Further notes You display this setting and other information with the show firewall ip rules ipv4 command You obtain th...

Страница 330: ...dual IP address Specify the IP address IP range Specify the range with the start address end address e g 192 168 100 10 192 168 100 20 All IP addresses Specify 0 0 0 0 0 Result The source of the corresponding IPv4 firewall rule has been changed Further notes You display this setting and other information with the show firewall ip rules ipv4 command You obtain the numbers with the ipv4rule show rul...

Страница 331: ...integer Number of the interface 0 4094 For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Result The incoming direction of the corresponding IPv4 firewall rule has been changed Further notes You display this setting and other information with the show firewall ip rules ipv4 command You obtain the numbers with the ipv4rule sho...

Страница 332: ...s Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the command without parameter assignment ipv4rule show rules Result The IPv4 firewall rules are listed Further notes You display further information with the show firewall ip rules ipv4 command You display the IPv4 firewall rule with the ipv4rule command 9 2 4 21 prerule ipv4 show in...

Страница 333: ...onfig fw Syntax Call up the command with the following parameters prerule all ipv4 int interface type num 0 10 all int enabled disabled The parameters have the following meaning Parameter Description Range of values note int Keyword for the interface interface type Type or speed of the interface Specify a valid interface num Interface index Specify a valid interface index 0 10 all int Enables all ...

Страница 334: ...are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters prerule dhcp ipv4 int interface type num 0 10 all int enabled disabled The parameters have the following meaning Parameter Description Range of values note int Keyword for the interface interface type Type or speed of the interface Specify a valid interface...

Страница 335: ... dns ipv4 Description With this command you enable the predefined firewall rule DNS on the selected interface Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters prerule dhcp ipv4 int interface type num 0 10 all int enabled disabled The parameters have the following meaning Parameter Descript...

Страница 336: ...ipv4 show int command See also Commands in the FIREWALL configuration mode Page 313 9 2 4 25 prerule http ipv4 Description With this command you enable the predefined firewall rule HTTP on the selected interface Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters prerule http ipv4 int interfa...

Страница 337: ...other information with the show firewall pre rules ipv4 command You list the available interfaces with the prerule ipv4 show int command See also Commands in the FIREWALL configuration mode Page 313 9 2 4 26 prerule https ipv4 Description With this command you enable the predefined firewall rule for HTTPS on the selected interface Requirement You are in the FIREWALL configuration mode The command ...

Страница 338: ...t The predefined firewall rule HTTPS is enabled on the relevant interface The WBM can be accessed using HTTPS Further notes You display this setting and other information with the show firewall pre rules ipv4 command You list the available interfaces with the prerule ipv4 show int command See also Commands in the FIREWALL configuration mode Page 313 9 2 4 27 prerule ip ipv4 Description With this c...

Страница 339: ...information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Result The predefined firewall rule IPv4 services is enabled on the relevant interface Further notes You display this setting and other information with the show firewall pre rules ipv4 command You list the available interfaces with the prerule ipv4 show int command See also Comm...

Страница 340: ...n identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule IPSEC is enabled on the relevant interface IKE Internet Key Exchange data transfer from the external network to the device is allowed Further notes You display this setting and other information with the show firewall pre rules ipv4 command You lis...

Страница 341: ...le For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Result The predefined firewall rule SNMP is enabled on the relevant interface Incoming SNMP connections are possible via the interface Further notes You display this setting and other information with the show firewall pre rules ipv4 command You list the available interfac...

Страница 342: ... faces enabled Enables the predefined firewall rule disabled Disables the predefined firewall rule For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule SSH is enabled on the relevant interface Encrypted access to the CLI is possible Further notes You display this setting and other in...

Страница 343: ...r faces enabled Enables the predefined firewall rule disabled Disables the predefined firewall rule For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule Telnet is enabled on the relevant interface Unencrypted access to the CLI is possible Further notes You display this setting and ot...

Страница 344: ...ll inter faces enabled Enables the predefined firewall rule disabled Disables the predefined firewall rule For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule TFTP is enabled on the interface Communication using TFTP is allowed Further notes You display this setting and other inform...

Страница 345: ...on all inter faces enabled Enables the predefined firewall rule disabled Disables the predefined firewall rule For information on identifiers of addresses and interfaces refer to the section Commands in the FIREWALL configuration mode Page 313 Result The predefined firewall rule Ping is enabled on the relevant interface Further notes You display this setting and other information with the show fir...

Страница 346: ...net pages of iana org Result The protocol is configured If the optional parameters are not specified a protocol with this name is created and the default value is used You can adapt the parameter later Further notes You display this setting and other information with the show firewall ip protocols command You delete the protocol with the no proto command 9 2 4 35 no proto Description With this com...

Страница 347: ...ames Result The relevant protocol is deleted Further notes You create a protocol with the proto name command You display the available protocol names with the proto show names command 9 2 4 36 proto show names Description With this command you display the available protocol names Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the c...

Страница 348: ... number 0 65535 dst all port number 0 65535 range number 0 65535 number 0 65535 The parameters have the following meaning Parameter Description Range of values note string Service name Specify a unique service name Maximum of 32 characters UDP The service is valid only for UDP frames TCP The service is valid only for TCP frames Default src Keyword for the source all Applies to all ports Port Keywo...

Страница 349: ...ith the show firewall ip services command 9 2 4 38 no service Description With this command you delete all services or a specific service Requirement The corresponding service has been created and is not being used anywhere You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters no service name string 32 all...

Страница 350: ...ervice name set prot Description With this command you change the protocol Requirement The service name has been created You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters service name string 32 set proto udp tcp The parameters have the following meaning Parameter Description Range of values note string...

Страница 351: ...reated You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters service name string 32 set dst all port number 0 65535 range number 0 65535 number 0 65535 The parameters have the following meaning Parameter Description Range of values note string Service name Specify a valid service name Maximum of 32 charact...

Страница 352: ...reated You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call up the command with the following parameters service name string 32 set src all port number 0 65535 range number 0 65535 number 0 65535 The parameters have the following meaning Parameter Description Range of values note string Service name Specify a valid service name Maximum of 32 charact...

Страница 353: ... command 9 2 4 42 service show names Description With this command you display the available service names Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the command without parameter assignment service show names Result The service names are listed Further notes You create a protocol with the service cr name command 9 2 4 43 shutd...

Страница 354: ...is disabled Further notes You enable the firewall with the no shutdown command 9 2 4 44 no shutdown Description With this command you enable the firewall Requirement You are in the FIREWALL configuration mode The command prompt is as follows cli config fw Syntax Call the command without parameter assignment no shutdown Result The firewall is enabled Further notes You disable the firewall with the ...

Страница 355: ...configuration mode To do this you replace command with the show command that you want to execute Example do show cli console timeout 9 3 1 1 show ipsec conn authentication Description This command shows the security settings of the IPsec VPN connections Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show ips...

Страница 356: ...nnections Result The configurations are displayed 9 3 1 3 show ipsec conn phase1 Description This command shows the configuration of phase 1 of the IPsecVPN connections Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show ipsec conn phase1 Result The configurations are displayed 9 3 1 4 show ipsec conn phase2...

Страница 357: ...nt show ipsec conn phase2 Result The configurations are displayed 9 3 1 5 show ipsecvpn information Description This command shows the basic setting of IPsecVPN Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameter assignment show ipsec information Result The settings are displayed 9 3 1 6 show ipsec remoteend Description Thi...

Страница 358: ...t you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relating to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 9 3 2 1 ipsec Description ...

Страница 359: ...e IPSEC configuration mode with the exit command you return to the Global configuration mode If you exit the IPSEC configuration mode with the end command you return to the Privileged EXEC mode 9 3 3 1 connection name Description With this command you change to the IPSEC CONNECTION configuration mode If a suitable VPN connection does not exist a VPN connection is first created Requirement You are ...

Страница 360: ...and 9 3 3 2 no connection name Description With this command you delete a specific VPN connection Requirement The corresponding VPN connection has been created and is not being used anywhere You are in the IPSEC CONNECTION configuration mode The command prompt is as follows cli config ipsec conn X Syntax Call up the command with the following parameters no connection name name 122 The parameter ha...

Страница 361: ...pt is as follows cli config ipsec conn X Syntax Call the command without parameter assignment no connection all Result All VPN connections are deleted Further notes You display the VPN connection with the connection name command 9 3 3 4 crl policy Description With this command you specify whether the validity of the certificates is checked based on the CRL Certificate Revocation List Requirement Y...

Страница 362: ...his setting and other information with the show ipsecvpn information command 9 3 3 5 nat keep alive Description With this command you specify the interval at which sign of life frames keepalives are sent Requirement You are in the IPSEC configuration mode The command prompt is as follows cli config ipsec Syntax Call up the command with the following parameters nat keep alive sec 1 10000 The parame...

Страница 363: ...e IPSEC configuration mode The command prompt is as follows cli config ipsec Syntax Call up the command with the following parameters remote end name name 100 The parameter has the following meaning Parameter Description Range of values note name Name of the VPN remote station Enter the name for the VPN re mote station Result You are now in the IPSEC REMOTE END configuration mode The command promp...

Страница 364: ...E END configuration mode The command prompt is as follows cli config ipsec rmend X Syntax Call up the command with the following parameters no remote end name name 128 The parameter has the following meaning Parameter Description Range of values note name Name of the VPN remote station Enter the name of the VPN re mote station Result The corresponding VPN remote station is deleted Further notes Yo...

Страница 365: ... the command without parameter assignment no remote end all Result All VPN remote stations are deleted Further notes You display the VPN remote station with the remote end name command 9 3 3 9 no shutdown Description With this command you enable the IPsec method for VPN Requirement You are in the IPSEC configuration mode The command prompt is as follows cli config ipsec Syntax Call the command wit...

Страница 366: ...own Result The IPsec method is disabled Further notes You enable the IPsec method with the no shutdown command You display this setting and other information with the show ipsecvpn information command 9 3 4 Commands in the IPSEC REMOTE END configuration mode This section describes commands that you can call up in the IPSEC REMOTE END configuration mode In the global configuration mode enter the re...

Страница 367: ...meters have the following meaning Parameter Description Range of values note subnet IP subnet In Roadwarrior mode Specify the WAN IP address In standard mode Enter an IP range from which connections will be accepted 0 0 0 0 0 means all IP addresses are accepted dns DNS host name Only in standard mode Specify the DNS host name For information on identifiers of addresses and interfaces refer to the ...

Страница 368: ... values note manual Accepts the connection from remote stations with a specific address In Roadwarrior mode Only accepts connections from remote stations with a fixed IP address 32 fixed IP subnet CIDR nota tion or D DNS host name In standard mode Only establishes a connection to a specific remote station with a fixed IP address or with D DNS host name Or only accepts a connection from a specific ...

Страница 369: ...rmend X Syntax Call up the command with the following parameters conn mode roadwarrior standard The parameters have the following meaning Parameter Description Range of values note roadwarrior Roadwarrior mode The device accepts VPN connections from remote sta tions with an unknown address standard Standard mode The device establishes a connection to or from a known remote station The remote stati...

Страница 370: ... the subnet dns DNS name Specify the DNS host name For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 Result The remote subnet is configured Further notes You display this setting and other information with the show ipsec remoteend command 9 3 4 5 vir ip Description With this command you specify the subnet from which the remo...

Страница 371: ...configured Further notes You display this setting and other information with the show ipsec remoteend command You disable the setting with the no vir ip command 9 3 4 6 no vir ip Description With this command you specify that the remote station is not offered a virtual IPv4 address Requirement You are in the IPSEC REMOTE END configuration mode The command prompt is as follows cli config ipsec rmen...

Страница 372: ...the IPSEC CONNECTION configuration mode with the end command you return to the Privileged EXEC mode 9 3 5 1 authentication Description With this command you change to the IPSEC AUTHENTICATION configuration mode Requirement You are in the IPSEC CONNECTION configuration mode The command prompt is as follows cli config conn X Syntax Call the command without parameter assignment authentication Result ...

Страница 373: ...The parameters have the following meaning Parameter Description Range of values note IKE1 Uses IKEv1 IKEv2 Uses IKEv2 Result The setting is configured Further notes You display this setting and other information with the show ipsec connections command 9 3 5 3 loc subnet Description With this command you configure the local subnet Requirement You are in the IPSEC CONNECTION configuration mode The c...

Страница 374: ...d addresses Page 25 Result The local subnet is configured Further notes You display this setting and other information with the show ipsecvpn connections command 9 3 5 4 rmend name Description With this command you specify the VPN remote station for the IPsec connection Requirement The VPN remote station has been created You are in the IPSEC CONNECTION configuration mode The command prompt is as f...

Страница 375: ...the IPSEC CONNECTION configuration mode The command prompt is as follows cli config conn X Syntax Call up the command with the following parameters operation disabled start wait on demand The parameters have the following meaning Parameter Description Range of values note disabled The VPN connection is disabled start The VPN connection is initiated by the local endpoint wait The VPN connection is ...

Страница 376: ...ng parameters phase num 1 2 The parameter has the following meaning Parameter Description Range of values note num Phase of the VPN connection 1 Phase 1 2 Phase 2 Result You are now in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phsX Further notes You display this setting and other information with the show ipsec connections command 9 3 5 7 timeout Descripti...

Страница 377: ...er has the following meaning Parameter Description Range of values note sec Period Enter the period of time in sec onds Result The period of time is configured Further notes You display this setting and other information with the show ipsec connections command You configure the on demand setting with the operation command 9 3 5 8 vir ip Description With this command you specify that during connect...

Страница 378: ...uesting of a virtual IPv4 address with the no vir ip command 9 3 5 9 no vir ip Description With this command you disable the requesting of a virtual IPv4 address Requirement You are in the IPSEC CONNECTION configuration mode The command prompt is as follows cli onfig conn X Syntax Call the command without parameter assignment no vir ip Result The setting is disabled Further notes You display this ...

Страница 379: ...the Privileged EXEC mode 9 3 6 1 auth cacert Description With this command you specify that a CA certificate will be used for authentication Requirement The certificates are loaded You are in the IPSEC AUTHENTICATION configuration mode The command prompt is as follows cli config conn auth Syntax Call up the command with the following parameters auth cacert string 255 localcert string 255 The param...

Страница 380: ... command 9 3 6 2 auth psk Description With this command you specify that a key will be used for authentication Requirement You are in the IPSEC AUTHENTICATION configuration mode The command prompt is as follows cli config conn auth Syntax Call up the command with the following parameters auth psk string 255 The parameter has the following meaning Parameter Description Range of values note string V...

Страница 381: ...emcert string 255 localcert string 255 The parameters have the following meaning Remote cert Keyword for a remote station certificate string Name of the remote station certificate Specify a valid remote station certificate Local cert Keyword for a device certificate string Name of the device certificate Specify a valid device certificate Result The setting is configured Further notes You show the ...

Страница 382: ... id Description With this command you configure the local ID Requirement You are in the IPSEC AUTHENTICATION configuration mode The command prompt is as follows cli config conn auth Syntax Call up the command with the following parameters local id string 255 The parameter has the following meaning Parameter Description Range of values note string Local ID Enter the local ID If you do not specify t...

Страница 383: ...e no local id command 9 3 6 6 no local id Description With this command you remove the local ID Requirement You are in the IPSEC AUTHENTICATION configuration mode The command prompt is as follows cli config conn auth Syntax Call the command without parameter assignment no local id Result The local ID is removed Further notes You display this setting and other information with the show ipsec conn a...

Страница 384: ...eter has the following meaning Parameter Description Range of values note string Remote ID Enter the remote ID If you do not specify the remote ID the remote ID is read from the device certificate If you use PSK as the authentication the WAN IP address is used as the remote ID Result The remote ID is configured Further notes You display this setting and other information with the show ipsec conn a...

Страница 385: ... the IPSEC PHASE1 configuration mode This section describes commands that you can call up in the IPSEC PHASE configuration mode In the IPSEC CONNECTION configuration mode enter the phase 1 command to change to this mode If you exit the IPSEC PHASE1 configuration mode with the exit command you return to the IPSEC CONNECTION configuration mode If you exit the IPSEC PHASE1 configuration mode with the...

Страница 386: ... disable the aggressive mode with the no aggressive command 9 3 7 2 no aggressive Description With this command you disable the aggressive mode Requirement You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call the command without parameter assignment no aggressive Result The setting is disabled The main mode is used Further notes You displa...

Страница 387: ...e und the key exchange method IKE Combination Phase 1 Phase 2 Encryption Authentica tion Key Derivation IKEv1 IKEv2 IKEv1 IKEv2 AES128 SHA1 DH Group 14 x x x x AES256 SHA512 DH Group 16 x x x x AES128 CCM 16 SHA256 DH Group 14 x x x AES256 CCM 16 SHA512 DH Group 16 x x x AES128 SHA1 none x x AES256 SHA512 none x x AES128 CCM 16 SHA256 none x x AES256 CCM 16 SHA512 none x x x is supported is not su...

Страница 388: ...ows cli config conn phsX X 1 Phase 1 2 Phase 2 Syntax Call the command without parameter assignment no default ciphers Result The use of the default list is disabled The fixed values are used for the phase Further notes You configure the fixed values for phase 1 with the commands ike encryption ike auth and ike keyderivation You configure the fixed values for phase 2 with the commands esp encrypti...

Страница 389: ...D is enabled Using DPD it is possible to find out whether the VPN connection still exists or whether it has aborted Further notes You display this setting and other information with the show ipsec conn phase1 command You disable DPD with the no dpd command 9 3 7 6 no dpd Description With this command you disable DPD Requirement You are in the IPSEC PHASE configuration mode The command prompt is as...

Страница 390: ...ich DPD queries are sent Requirement DPD is enabled You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call up the command with the following parameters dpd period sec 10 120 The parameter has the following meaning Parameter Description Range of values note sec Period for DPD queries Enter the period of time in sec onds Result The period of t...

Страница 391: ...ou are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call up the command with the following parameters dpd timeout sec 10 1000 The parameter has the following meaning Parameter Description Range of values note sec Period for DPD queries Enter the period of time in sec onds Result The period of time is configured Further notes You display this se...

Страница 392: ...ter Description Range of values note md5 Message Digest Algorithm 5 sha1 Secure Hash Algortihm 1 with 160 bit hash length sha512 Secure Hash Algorithm 2 with 512 bit hash length sha256 Secure Hash Algorithm 2 with 256 bit hash length sha384 Secure Hash Algorithm 2 with 384 bit hash length Result The method for configuring the checksum is configured Further notes You display this setting and other ...

Страница 393: ...dvanced Encryption Standard with 128 bits in Counter mode x aes192ctr Advanced Encryption Standard with 192 bits in Counter mode x aes256ctr Advanced Encryption Standard with 256 bits in Counter mode x aes128ccm16 Advanced Encryption Standard with 128 bits in Counter mode using a 16 byte Integrity Check Value ICV x aes192ccm16 Advanced Encryption Standard with 192 bits in Counter mode using a 16 b...

Страница 394: ...re the required Diffie Hellmann group DH from which a key will be generated Requirement The default list is not used You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call up the command with the following parameters ike keyderivation dhgroup 1 2 5 14 15 16 17 18 The parameters have the following meaning Parameter Description Range of values...

Страница 395: ...HASE configuration mode The command prompt is as follows cli config conn phs1 Syntax Call up the command with the following parameters ike keytries num 0 100 The parameter has the following meaning Parameter Description Range of values note num Period for DPD queries Enter the required number With 0 there is no limit to the number of attempts to establish the connection Result The number of times ...

Страница 396: ...gured Further notes You display this setting and other information with the show ipsec conn phase1 command 9 3 8 Commands in the IPSEC PHASE2 configuration mode This section describes commands that you can call up in the IPSEC PHASE configuration mode In the IPSEC CONNECTION configuration mode enter the phase 2 command to change to this mode If you exit the IPSEC PHASE2 configuration mode with the...

Страница 397: ...es You display this setting and other information with the show ipsec conn phase2 command You disable the setting with the no auto fwrules command 9 3 8 2 no auto fwrules Description With this command you specify that the firewall rule will not be created automatically for the VPN connection Requirement You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn ...

Страница 398: ...n partner must support at least one of these combinations The combinations depend on the phase und the key exchange method IKE Combination Phase 1 Phase 2 Encryption Authentica tion Key Derivation IKEv1 IKEv2 IKEv1 IKEv2 AES128 SHA1 DH Group 14 x x x x AES256 SHA512 DH Group 16 x x x x AES128 CCM 16 SHA256 DH Group 14 x x x AES256 CCM 16 SHA512 DH Group 16 x x x AES128 SHA1 none x x AES256 SHA512 ...

Страница 399: ... PHASE configuration mode The command prompt is as follows cli config conn phsX X 1 Phase 1 2 Phase 2 Syntax Call the command without parameter assignment no default ciphers Result The use of the default list is disabled The fixed values are used for the phase Further notes You configure the fixed values for phase 1 with the commands ike encryption ike auth and ike keyderivation You configure the ...

Страница 400: ...84 The parameters have the following meaning Parameter Description Range of values note md5 Message Digest Algorithm 5 sha1 Secure Hash Algortihm 1 with 160 bit hash length sha512 Secure Hash Algorithm 2 with 512 bit hash length sha256 Secure Hash Algorithm 2 with 256 bit hash length sha384 Secure Hash Algorithm 2 with 384 bit hash length Result The method for configuring the checksum is configure...

Страница 401: ...x aes192ctr Advanced Encryption Standard with 192 bits in Counter mode x x aes256ctr Advanced Encryption Standard with 256 bits in Counter mode x x aes128ccm16 Advanced Encryption Standard with 128 bits in Counter mode using a 16 byte Integrity Check Value ICV x x aes192ccm16 Advanced Encryption Standard with 192 bits in Counter mode using a 16 byte Integrity Check Value ICV x x aes256ccm16 Advanc...

Страница 402: ...equirement The default list is not used You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs2 Syntax Call up the command with the following parameters esp keyderivation none dhgroup 1 2 5 14 15 16 17 18 The parameters have the following meaning Parameter Description Range of values note none No keys are exchanged and Perfect Forward Secrecy PFS is disa...

Страница 403: ...ure a period to specify the lifetime of the agreed keys When the time expires the key is renegotiated Requirement You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs2 Syntax Call up the command with the following parameters lifetime min 10 16666666 The parameter has the following meaning Parameter Description Range of values note min Period Specify th...

Страница 404: ... key is renegotiated Requirement You are in the IPSEC PHASE configuration mode The command prompt is as follows cli config conn phs2 Syntax Call up the command with the following parameters lifebyte integer 0 4294967295 The parameter has the following meaning Parameter Description Range of values note integer Data limit Enter the data limit in bytes Result The data limit is configured Further note...

Страница 405: ... follows cli config conn phs2 Syntax Call up the command with the following parameters proto all integer 0 255 The parameter has the following meaning Parameter Description Range of values note all Applies to all protocols integer Protocol number Enter the number for the required protocol You will find list of the protocol numbers on the Internet pages of iana org Result The protocol is configured...

Страница 406: ...mpt is as follows cli config conn phs2 Syntax Call up the command with the following parameters port all integer 0 65535 integer 0 65535 The parameters have the following meaning Result The port is configured Further notes You display this setting and other information with the show ipsec conn phase2 command You assign a VPN remote station to the VPN connection with the rmend name command Paramete...

Страница 407: ...ing to other topics that can be called in the Global configuration mode can be found in the relevant sections You exit the Global configuration mode with the end or exit command and are then in the Privileged EXEC mode again 9 4 1 1 certificate Description With this command you change to the CERT configuration mode Requirement You are now in the Global configuration mode The command prompt is as f...

Страница 408: ...o change to this mode If you exit the CERT configuration mode with the exit command you return to the Global configuration mode If you exit the CERT configuration mode with the end command you return to the Privileged EXEC mode 9 4 2 1 show idx Description The command lists the loaded certificates and their indexes Requirement Certificates are loaded You are in the CERT configuration mode The comm...

Страница 409: ...in the CERT configuration mode The command prompt is as follows cli config cert Syntax Call up the command with the following parameters show info idx integer 1 100 The parameter has the following meaning Parameter Description Range of values note idx Number corresponding to a specific certificate Enter the required number 1 100 Result The information on the certificate is displayed Further notes ...

Страница 410: ...mand prompt is as follows cli config cert Syntax Call up the command with the following parameters del idx 1 100 all The parameters have the following meaning Parameter Description Range of values note idx Number corresponding to a specific certificate Enter the required number 1 100 all Deletes all certificates Result The relevant certificate is deleted Further notes You load certificates with th...

Страница 411: ...t Syslog client Configures the transfer to the Syslog server 10 1 Event and fault handling In events and faults handling you set the events whose messages will be distributed in one of the available ways You configure the monitoring of certain system events and power supply and physical interfaces in the Events configuration mode 10 1 1 The show commands This section describes commands with which ...

Страница 412: ...and without parameters show events config Result The current configuration of the events display is displayed 10 1 1 2 show events severity Description This command shows the degree of severity of an event Info Warning or Critical starting at which a notification sending of an e mail entry in the Syslog table entry in the Syslog file is generated Requirement You are in the User EXEC mode or in the...

Страница 413: ...ring of the network connections for a change in the connection status Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show events faults config power link The parameters have the following meaning Parameter Description power Monitoring of the power supply for power outage l...

Страница 414: ...ollows cli or cli Syntax Call the command without parameters show events faults status Result A table with the status messages of the error monitoring functions is displayed 10 1 1 5 show fault counter Description This command shows the number of errors since the last startup Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax...

Страница 415: ...lows cli or cli Syntax Call up the command with the following parameters show fwlog info warning critical Parameter The parameters have the following meaning Parameter Description Range of values note info Information warning Warnings critical Critical messages If you use the command without setting parameters all messages are displayed Result The content of the firewall log is displayed 10 1 1 7 ...

Страница 416: ... The parameters have the following meaning Parameter Description info Information warning Warning critical Critical Result The content of the logbook is displayed 10 1 1 8 show power line state Description This command shows the status of the power supply Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command wit...

Страница 417: ...he event severity Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call up the command with the following parameters show seclog info warning critical Parameter The parameters have the following meaning Parameter Description Range of values note info Information warning Warnings critical Critical messages If you use the com...

Страница 418: ...th this command you reset the counter that shows the number of faults since the last startup Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters clear fault counter Result The counter is set to 0 Further notes You shows the number of faults since the last startup with the show fault counter command ...

Страница 419: ... in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters clear fwlog Result The content of the firewall log is deleted 10 1 4 clear logbook Description With this command you delete the content of the logbook Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters clear logboo...

Страница 420: ...Privileged EXEC mode The command prompt is as follows cli Syntax Call the command without parameters clear seclog Result The content of the security log is deleted 10 1 6 fault report ack Description With this command you acknowledge delete the messages of the Cold Warm start event Requirement You are in the Privileged EXEC mode The command prompt is as follows cli Syntax Call up the command with ...

Страница 421: ...ow events faults status command Result The message is acknowledged 10 1 7 no logging console Description With this command you disable the logging of inputs and outputs to the console Requirement You are in the User EXEC mode or in the Privileged EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters no logging console Result The logging function is disabl...

Страница 422: ... Result The logging function is enabled on the console Further notes You disable the setting with the no logging console command As default the function is disabled 10 1 9 Commands in the global configuration mode This section describes commands that you can call up in the Global configuration mode In Privileged EXEC mode enter the configure terminal command to change to this mode Commands relatin...

Страница 423: ...ws cli config events Further notes You exit the EVENTS configuration mode with the command end or exit 10 1 10 Commands in the Events configuration mode This section describes commands that you can call up in the EVENTS configuration mode In the Global configuration mode enter the events command to change to this mode Commands relating to other topics that can be called in the Global configuration...

Страница 424: ...er has the following meaning Parameter Description Range of values note log entry Entry in the logbook max 150 characters Result The entry has been made in the logbook 10 1 10 2 client config Description With this command you enable one of the clients that processes or forwards the messages of the device The following clients are available syslog sends the messages to the Syslog server trap sends ...

Страница 425: ...t selected for the transfer is enabled Further notes You display the status of the events and the clients with the show events config command You disable a client with the no client config command 10 1 10 3 no client config Description With this command you disable one of the clients that processes or forwards the messages of the device Requirement You are in the EVENTS Configuration mode The comm...

Страница 426: ...he following events or message types are available Message if there is cold or warm restart Message when there is a status change on a physical interface Message if there is an incorrect login Message when there is a status change in the power supply Message when there is a status change in the error monitoring Message when using VPN Message when using firewall rules Message when changing the conn...

Страница 427: ...power supply faultstate change Message when there is a status change in the error monitoring digital in Message when there is a status change of the digital input vpn tunnel Message when there is a connection change OpenVPN IPsec SINEMA RC all All messages logtable Client that processes the log entries syslog Client that sends the messages to the log server email Client that sends the e mails trap...

Страница 428: ...the command with the following parameters no event config cold warmstart linkchange authentication failure power change faultstate change digital in vpn tunnel all logtable syslog email trap faults digital out vpn tunnel all The parameters have the following meaning Parameter Description cold warmstart Message if there is cold or warm restart linkchange Message when there is a status change on a p...

Страница 429: ... Further notes You display the status of the events and the clients with the show events config command You configure which of the various message types of the device will be stored or forwarded with the event config command 10 1 10 6 link Description With this command you configure and enable the monitoring of the physical network connections for cable breaks or for pulling of the connector Requi...

Страница 430: ...rk connections for cable breaks or for pulling of the connector Requirement You are in the EVENTS Configuration mode The command prompt is as follows cli config events Syntax Call up the command with the following parameters no link up down The parameters have the following meaning Parameters Description Range of values up The message when establishing a connection is disabled down The message whe...

Страница 431: ...nge of values note mail Specifies the threshold value for send ing system event messages by e mail log Specifies the threshold value for enter ing system event messages in the log table syslog Specifies the threshold value for enter ing system event messages in the Syslog file info System events are processed as of the severity level Information warning System events are processed as of the severi...

Страница 432: ...rameters have the following meaning Parameter Description Range of values note mail The setting of the threshold value for sending system event messages by e mail is disabled log The setting of the threshold value for entering system event messages in the log table disabled syslog The setting of the threshold value the entering event messages in the Syslog file is disabled If you do not select any...

Страница 433: ...EXEC mode The command prompt is as follows cli or cli Syntax Call the command without parameters show events syslogserver Result The entries of the configured Syslog server are displayed 10 2 2 Commands in the Events configuration mode This section describes commands that you can call up in the EVENTS configuration mode In the Global configuration mode enter the events command to change to this mo...

Страница 434: ...ange of values note ipv4 Keyword for an IP address ucast_addr Syslog server IPv4 Address Enter a valid IPv4 address fqdn name Keyword for a domain name FQDN Domain name Fully Qualified Domain Name Maximum of 100 characters port Serverport 1 65535 Default 514 For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Page 25 If you do not sel...

Страница 435: ...rameters have the following meaning Parameter Description Range of values note ipv4 Keyword for an IP address ucast_addr Syslog server IPv4 Address Enter a valid IPv4 address fqdn name Keyword for a domain name FQDN Domain name Fully Qualified Domain Name Maximum of 100 characters For information on identifiers of addresses and interfaces refer to the section Interface identifiers and addresses Pa...

Страница 436: ...Diagnostics 10 2 Syslog client SCALANCE S615 Command Line Interface 436 Configuration Manual 06 2015 C79000 G8976 C406 02 ...

Страница 437: ...ook 419 clear screen 29 clear seclog 420 CLI commands Symbolic representation 24 cli console timeout 55 no cli console timeout 56 configure terminal 46 connection name 359 no connection all 361 no connection name 360 conn mode 369 coordinates height 51 coordinates latitude 52 coordinates longitude 52 crl policy 361 D dcp server 176 no dcp server 176 ddnsclient 210 default ciphers 387 398 no defaul...

Страница 438: ... config file request 189 ip dhcp server 193 no ip dhcp server 193 ip dhcp server icmp probe 195 no ip dhcp server icmp probe 194 ip dhcp server pool no ip dhcp server pool 196 ip dhcp server pool 195 ip echo reply 177 no ip echo reply 178 ip http 252 no ip http 252 ip route 178 no ip route 179 ip routing 180 ipsec 358 IPv4 Notation 27 IPv4 address 27 ipv4rule 320 326 no ipv4rule 323 ipv4rule ipsec...

Страница 439: ...7 no ntp server 128 ntp time diff 129 O operation 375 option 199 no option 200 option value hex 201 option value string no option 200 200 P password 78 220 no password 79 phase 376 ping 49 plug 88 pool enable 202 no pool enable 203 port 116 406 ports 166 no ports 168 prerule all ipv4 333 prerule dhcp ipv4 334 prerule dns ipv4 335 prerule http ipv4 336 prerule https ipv4 337 prerule ip ipv4 338 pre...

Страница 440: ...nat 287 show flow control 277 show fwlog 415 show history 36 show idx 408 show in 40 show interface mtu 41 show interfaces 39 show interfaces counters 42 show ip arp 186 show ip dhcp client 187 show ip dhcp server pools 192 show ip dhcp server bindings 191 show ip dns 171 show ip http secure server status 254 show ip http server status 251 show ip interface 44 show ip route 173 show ip routing 174...

Страница 441: ...getaddr 241 no snmp targetaddr 243 snmp targetparams 243 no snmp targetparams 245 snmp user 247 no snmp user 248 snmp v1 v2 readonly 246 no snmp v1 v2 readonly 246 snmp view 249 no snmp view 250 snmpagent 229 no snmpagent 230 sntp 133 sntp client addressing mode 137 sntp time diff 134 sntp unicast server ipv4 135 no sntp unicast server ipv4 136 speed 68 src nat show idx 301 src nat type ipv4 298 n...

Страница 442: ...8976 C406 02 U user account 305 no user account 307 userhost 219 username 220 307 V verification cacert 121 verification fingerprint 122 vir ip 370 377 no vir ip 371 378 vlan 153 no vlan 154 W web session timeout 92 no web session timeout 93 whoami 304 write 90 write startup config 84 ...

Результаты поиска

Содержание SCALANCE S615

Отзывы:

Бренды по названию

Популярные бренды

Siemens SCALANCE S615, Руководство по настройке

Результаты поиска

Содержание SCALANCE S615

Отзывы:

Бренды по названию

Популярные бренды