Manuals / Efficient Networks / Computer Equipment / Network Router

Efficient Networks 107-0001-000 manual Firewall modify allow deny number parameter

Models: 107-0001-000

1 516

Page 478

Chapter 18: Stateful Firewall Commands	Efficient Networks® Router family
	Command Line Interface Guide

Command entered with the optional allow parameter.

-> firewall list allow

#Begin rules for firewall allow list

1.firewall allow -a NNTP -sa 10.0.0.1 -c 0 -q -d in

2.firewall allow -p TCP -sp 20:21 -c 0 -q -d in

3.firewall allow -p TCP -sp 23 -c 0 -q -d in

4.firewall allow -a SMTP -sa 192.168.113.254 -c 0 -q -d in

#End rules for firewall allow list

Response

See examples above.

firewall modify

Allows modification of an existing firewall rule.

NOTE:

If a firewall rule is modified to deny something that was previously allowed by a firewall allow rule, the change will only apply to subsequent sessions; current sessions will not be effected. When modifying a rule to allow what was previously denied, the changes will be in effect for current sessions.

Mgmt Class

Security (R/W)

Input Format

firewall modify <allow deny> <number> <parameter>

Parameters

The following identifies the firewall rule to be modified.

allow deny

Identifies the rules list of which the rule to be modified belongs.

<number>a

Rule number (of the specified rules list) to be modified.

aInteger

Page 18-12

Efficient Networks®

Page 478

Image 478

Efficient Networks 107-0001-000 Firewall modify, Command entered with the optional allow parameter, Firewall list allow

Contents

5RXWHUDPLO\ Efficient Networks Software License and Limited Warranty Limitations 001 12 Feb Revision HistoryRelease Contents File System Commands Contents Contents Remote Commands Eth ip directbcastContents Contents WAN Interface Commands Dhcp Commands L2TP Commands Remote setpppoeservice -1 pppoe close -2 pppoe list L2tp set window -16 remote setl2tpclient -17 remote setlnsContents Voice Commands User Commands Stateful Firewall Commands QoS Commands Ssh set rekey -8 ssh set status -8 system sshportThis page intentionally left blank Introduction How This Manual is OrganizedPassword Command ConventionsAccessing the Command Line UsernameCommand line is now available for use Re-enter the new password at the promptPassword change will be confirmed Terminal SessionsTerminal Session under Windows HyperTerminal Data bits Parity None Stop bits Flow control Hardware Terminal Session for Macintosh or Unix Telnet Session for Remote Access TelnetCommand Line via the Web Management Interface Mode is learning, listening, or forwarding Lists the top-level commands and keywords and aResolution Protocol ARP table Lists the contents of the bridge tableInitiates a reboot of the system Lists the current services in the IPX SAPs tableChanges the current user password Enables Sntp requestsParameters ? or helpInput Format ResponseMgmt Class Arp deleteArp list ExampleVoice R Input Format ParametersArp list Arp listBi list Bi listBi list Call remotename CallVoice R/W Remotenamea Name of the target routerDate Display when date is entered with no parametersDisplay when date is entered with parameters All R/WWhen entered with no parameters, same as erase all Admin R/WErase All R ExitIfs Voice R, Network RAn example of additional interfaces that may be displayed IpifsTypical response is shown below IpifsIproutes IproutesIpxroutes IpxroutesIpxroutes IpxsapsIpxsaps IpxsapsLogout LogoutMem MemSystem R, Debug R MemMlp summary Mlp summaryPassword old password new password PasswordAdmin101@console- password 1675309 lobster Ping Ping -I 192.168.254.254 Ping -c 2 -i 7 -s 34Ping -I 192.168.1.2 TID Name Bottom Current Size 1IDLE Reboot Reboot optionSave User is prompted to verify the commandSave Sntp disable Sntp disableDisables Sntp requests Sntp activeSntp offset Sntp enableWhen no parameter is entered, current offset is displayed Itive number is east a negative number is westSntp prefserver number When entered with no number parameterSntp prefserver Number of a server within the Sntp server listWhen entered and no sntp preferred server is defined When entered with a number parameterWhen entered while sntp function is currently disabled When entered and an sntp preferred server has been definedWhen entered with the default parameter Sntp server ipaddress default numberRequests the default server list Sntp serverTypical response Tcp statsTcp stats Tcp statsTime Dress as the source address TracerouteNetwork R/W, Debug R Hop is listed in the output messageTraceroute 172.17.20.1Traceroute -n Vers VersCopies a file from the source to the destination This command loads batch files of configurationCommands into the router Deletes the specified file from the flash filesystemCopy srcfile dstfile CopyExamples Copy tftp@128.1.210.66kernelnw kernel.f2kRefer to examples for typical responses Admin R/W, System R/WDelete Delete filenameDir DirDir Execute Execute filenameSystem R/W, Debug R/W Following is an example of the format disk commandFormat disk Format diskMsfs fix MsfsMsfs Sync Following is an example rename commandRename Commits the changes made to the file system to Flash memoryRemaps a range of local-LAN IP addresses to a Adds an address to the BootP server listLists the supported keywords Range of public IP addresses on a system-wide baChanges the Dial Backup retry period Disables the Dial Backup option in the routerEnables the Dial Backup option in the router Changes the Dial Backup stability periodManages the system Http port access Lists the default modem settingsRemoves an address from the BootP server list Lists the system settings for the target routerManages SSH port access Enables and disables the secure mode functionManages Snmp port access Manages Syslog port accessSystem ? System addbootpserverSystem addbootpserver ipaddr System ?System addbootpserver IP address of the serverSystem addhostmapping System addhttpfilter first ip addr last ip addr lan System addhttpfilterSecurity R/W Local Ethernet LANSystem addiproutingtable Response Example System addserverSystem addiproutingtable 192.168.1.5 192.168.1.12 Rosa Selects the host with this IP address as server Action One of the following command actionsRlogin port Discards the incoming server requestSystem addsnmpfilter System addsnmpfilter first ip addr last ip addr lanSystem addsyslogfilter System addsyslogfilter firstipaddr last ipaddr lanSystem addsyslogserver ipaddr System addsyslogserverSystem R/W IP address to be added to the Syslog server address listSystem addtelnetfilter System addtelnetfilter first ip addr last ip addr lanFirst port in the UDP port range to be created System addudprelayWarded Incorporates all the available UDP ports in the new rangeCally System authenSystem authen none pap chap Chap is performedIP address to be added to the list System backup addSystem backup add ipaddr gw dns group AddressFollowing command deletes all addresses from group System backup deleteFollowing command deletes the gateway address from group IP address to be deleted from the listSystem backup disable System backup disableFollowing command clears all addresses from the list System backup delete all allSystem backup enable System backup enableNumber of seconds in the ping interval for the group System backup pingintervalSystem backup pinginterval seconds group Optional, number of a groupSystem backup pingsamples System backup pingsamplesSystem backup pingsamples samples group System backup pingsamples 0Following command changes the retry period to 60 minutes System backup retrySystem backup retry minutes Following command changes the retry period toSystem backup stability minutes System backup stabilitySystem backup successrate Following command changes the stability period to 5 minutesSystem backup successrate System blocknetbiosdefaultSystem backup successrate percentage group System backup successrate 0System community System blocknetbiosdefault yes noSets the default to block all NetBIOS and NetBUI requests System community snmp community nameSystem defaultmodem System default modemSystem delbootpserver System delbootpserver ipaddr allSystem delbootpserver all Removes all addresses from the BootP server listSystem delbootpserver System delhostmappingSystem delhttpfilter first ip addr last ip addr lan System delhttpfilterSystem deliproutingtable First IP address of the rangeSystem delserver Following command deletes the virtual routing table RosaDeletes an entry created by the system addserver command System deliproutingtable 192.168.1.5 192.168.1.6 RosaAction One of the following command actions System delsnmpfilter first ip addr last ip addr lan System delsnmpfilterFirst IP address of the client range System delsyslogfilter firstipaddr last ipaddr lan System delsyslogfilterSystem delsyslogserver System delsyslogserver ipaddrSystem deltelnetfilter System deltelnetfilter first ipaddr last ipaddr lanDeletes all existing UDP ports System deludprelaySystem history Last port in the UDP port range to be deletedFollowing is a typical response System historySystem httpport System httpport default disabled portThis command sets the Http port to the default value CessFollowing is an example of a typical response System listSystem list System listInitiates monitoring activity System logSystem log start stop status TureSystem modem Following command changes the string for the init settingFollowing command selects pulse dialing Enter one of the following optionsSystem moveiproutingtable First ipaddra First IP address of the range to be movedSystem msg message System msg Configured on10/21/98System msg Message a,bRouter name System nameSystem name name Name a,bSystem onewandialup on off System onewandialupTions Timer value for RIP information exchange System riptimerPassworda,bAuthentication password of the target router System passwdSystem securemode set System securemode set enable disableSystem securemode list Security RSystem securemode set cli Disable Disables secure modeTypical response indicating the curent mode is displayed System securemode set cli valueSystem securemode set wan Mode is enabledSystem securemode set lan System securemode set lan trusted untrustedSystem securitytimer minutes System securitytimerSystem securemode set wan trusted untrusted Will be applied System selnat addpolicySpecifies the destination IP address to which the policy Policy will be appliedSystem selnat delpolicy policy number System selnat delpolicySystem selnat list Number of the policy to be deletedSystem snmpport default disabled port System snmpportThis command disables the existing Snmp port This command sets the Snmp port to the default valueThis command remaps the Snmp port to port System sshport System supporttraceSystem supporttrace Debug R/WSystem supporttrace === Processes === TID Name FL P Bottom Current Size 1IDLE DSP ATZ QA-LABPC === Interfaces === NW PRM Efficient Networks === END of Tech Support Data System syslogport default disabled port System syslogportThis command remaps the syslog port to port This command sets the Syslog port to the default valueThis command disables the existing Syslog port System telnetport default disabled portThis command sets the Telnet port to the default value Disables the existing Telnet portMote access This command disables the existing telnet portSystem wan2wanforwarding on System wan2wanforwardingLink Subnets That the router can provide service to multiple IPAdds a logical interface onto an Ethernet port so Deletes a logical interface from an Ethernet portEnables IP routing across the Ethernet LAN Removes a route from the default routing tableDisables IP routing across the Ethernet LAN Enables and disables Ethernet Firewall FilteringClears the password in a Vrrp attribute record for Vrid Disables IPX routing across the Ethernet LANEnables IPX routing across the Ethernet LAN Sets the IPX network number for the Ethernet LAN ConnectionEth ? Eth ?Eth add port#logical# Eth addEth add Ethernet interface from which logical port will be deleted Eth deleteEth delete port#logical# Logical interface number to be deletedEth ip addhostmapping Typical usageEthernet LAN IP address Eth ip addrEth ip addr ipaddr ipnetmask interface IP network maskIP address of the IP gateway Eth ip addrouteEth ip addroute ipaddr ipnetmask gateway hops interface Ethernet interface through which the packet is sentEth ip addserver Eth ip bindroute Ethernet LAN IP address Eth ip defgateway Eth ip defgateway ipaddr interfaceEth ip delhostmapping Eth ip delroute 10.9.2.0 Eth ip delrouteEth ip addroute ipaddr ipnetmask interface Eth ip delroute 10.1.3.0 255.255.255.0Eth ip delserver Hypettext Transfer Protocol Http port Protocolid a Numerical protocol IDMP port Disables the forwarding of packets broadcast to a subnet Eth ip disableEnables the forwarding of packets broadcast to a subnet Eth ip directbcastEth ip disable Eth ip enableEth ip enable Eth ip filter append Eth ip filter command type action parameters interfaceEth ip filter Eth ip filter insertEth ip filter clear Eth ip filter deleteEth ip filter flush Eth ip filter delete type action parameters interfaceEth ip filter list Eth ip filter checkEth ip filter watch Protocol TCP UDP Icmp Dp Icmp type first dest portlast dest port Eth ip filter flush input Eth ip firewall on off list Disables the firewall filtering featureEth ip firewall To be performedPing -I 192.168.1.2 Eth ip mgmtEth ip mgmt ipaddr ipnetmask interface Eth ip options Eth ip mgmt 10.0.0.1 255.255.255.0 Save RebootEth ip options option on off interface OptionMust be one of the following Eth ip ripmulticastEth ip ripmulticast ipaddr Eth ip translate on Eth ip translateEth ip translate on off interface Eth ip translate offEth ip unbindroute Eth ip unbindroute ipaddr tablename interfaceEth ip vrid Eth ip vrid vrid interfaceEth ipx addr ipxnet port# Eth ipx disableEth ipx addr Eth ip vrid 7Eth ipx disable port# Eth ipx enableThis command requires a reboot Eth ipx enable port#Eth list Eth ipx enable typeEth ipx frame Eth list interfaceGlobal BRIDGING/ROUTING Settings Eth listEth restart Eth mtuEth mtu size interface Interfacea,b Logical Ethernet interface Eth startEth restart interface Eth start interfaceEth stop Interfacea,b Logical Ethernet interfaceEth vrrp add Eth vrrp addEth vrrp add vrid port# Eth vrrp add 2Eth vrrp clear password vrid port# Eth vrrp clear passwordEth clear password Eth vrrp delete vrid port# Eth vrrp deleteEth vrrp delete Eth vrrp set multicast Eth vrrp listEth vrrp list port# Eth vrrp set multicast ipaddr Eth vrrp set optionEth vrrp multicast Preempt immediately Eth vrrp set passwordTribute record was created by the command eth vrrp add Do not preempt a router with lower priorityAttribute record was created by the command eth vrrp add Eth vrrp set password password vrid port#Password Eth vrrp set password AbCdEfGhEth vrrp set priority Eth vrrp set priority priority vrid port#Eth vrrp set priority 255 Eth vrrp set timeintervalEth vrrp set priority 50 7 Virtual router ID of the Vrrp attribute record Eth vrrp set timeinterval seconds vrid port#Time interval value in seconds Eth vrrp set timeinterval 2Removes the source routing option. Default value Eth ip remsrcrouteopt enable disableAdds the source routing option Remote Commands Remote bindipvirtualroute Remote disbridge Remote setcompression Remote setppppretrytimer Adds a remote router entry into the remote router database Remote ?Remote add Remotenamea Name of the tunnel. bAll MAC addresses Remote addbridgeRemote addbridge * macaddr remotename MAC addressRemote addhostmapping Remote addiproute Examples IPX network number Remote addipxrouteRemote addIpxRoute ipxne# metric ticks remotename Network/stationIPX node address Name of serviceRemote addipxsap ErsRemote addserver T120 SmtpSntp TelnetRoute Enter a gateway only if you are configuring a MER interfaceRemote bindipvirtualroute Address of a router on the remote LANDisables NetBIOS filtering Remote blocknetbiosEnables NetBIOS filtering Remote delATM forum encoding Remote delatmsnapRemote delbridge ITU E164 encodingDeletes encryption files associated with a remote router Remote delencryptionRemote delencryption remotename Remote deliproute Remote delhostmappingRemote deliproute ipaddr remotename Remote delipxroute Remote delIpxRoute ipxnet remotenameRemote delipxSap servicename remotename Remote delipxsapRemote delourpasswd remotename Remote delourpasswdRemote deloursysname Remote deloursysname remotenameRemote delphone Remote delserverAction One of the following command actions Remote disauthen Remote disableRemote disable remotename Remote disauthen remotenameRemote disbridge Remote disbridge remotenameRemote enaauthen Remote enableRemote enable remotename Remote enaAuthen remotenameRemote enablebridge remotename Remote enabridgeRemote ipfilter append Remote ipfilter command type action parameters remotenameRemote ipfilter Remote ipfilter insertRemote ipfilter clear Remote ipfilter deleteRemote ipfilter flush Remote ipfilter checkRemote ipfilter list For example, the commandManagement Protocol error message Remote ipfilter watchProtocol TCP UDP Icmp Tcp syn ack noflag rst Remote ipfilter flush receive internet Remote listRemote list remotename Remote ipfilter list input internetIf entered with no parameters, all remote router entries Are listedRemote listbridge If entered with no parameters, bridge settings for all reTypical response when entered with no remotename parameter Mote routers entries are listedDest Remote listiproutesRemote listiproutes remotename Private YesRemote listipxroutes remotename Remote listipxroutesRemote listipxsaps Remote listipxsaps remotenameRem listipxsaps hq Remote listphonesRemote listphones remotename Rem listphones hqRemote setatmnsap Remote restartRemote restart remotename Nsap Remote setauthenRemote setatmnasp atmf e164 partial full nsap remotename Remote setauthen protocol remotenameRemote setbod Remote setBOD in out both remotenameRemote setbroptions Default is onAny traffic, including PPPoE traffic. The default is off Remote setBrOptions option on off remotenameRemote setBWthresh threshold remotename Default is 0, in which case, whenever data transmissionRemote setbwthresh Occurs, the maximum number of links is allocatedRemote setencryption Disables compression negotiation. The default is offRemote setcompression They both share a common compression protocolRemote setEncryption DESE1KEYDESE2KEY filename remoteName Remote setipoptions Remote setipoptions option on off remotenameUse periodic echo Slave mode setting. The default is noRemote setipslaveppp Remote setipslaveppp yes no remotenameRemote setipxaddr Enables or disables NATRemote setiptranslate Remote setiptranslate on off remotenameRemote setipxoptions Remote setIpxOptions ripsap on off remotenameRemote setmgmtipaddr Default isRemote setmaxline Remote setMaxLine 1 2 remotenameIP address Remote setmgmtipaddr ipaddr mask remotenameIP sub-network mask Remote setminline Is allocated for the connection only when needed.Remote setMinLine 0 PPPoEuser Remote settimer 600 PPPoEuser Remote setminline minlines remotenameRemote setmtu size remotename Remote setmtuRemote setmtu 1400 HQ Remote setoursysname Remote setourpasswd password remotenameRemote setourpasswd Remote routerRemote setpasswd Remote setpasswd password remotenameAuthentication password of the remote router Remote setphoneRemote setphone async 1 5552000&5554000 backup Remote setspeed 115200 async 2 backupRemote setPhone async isdn 1 2 phone# remotename Remote setpppoptions option on off remotename Desired setting for the optionRemote setpppoptions Use IPX RIP/SAP protocolsRemote setpppretrytimer timervalue remotename Remote setppppretrytimerValue to Bers and bit rates in the remote profile Remote setpreferRemote setprefer async fr hsd remotename Frame RelayRemote setPrefer async backup Remote list backup Remote setprotocol Virtual Path ID number that identifies the link formed by Remote setpvcRemote setpvc vpi number*vci number remotename Virtual pathIP address of the remote router Remote setrmtipaddrRemote setrmtipaddr ipaddr mask remotename IP network mask of the remote routerBit rate to be used for the phone number Use the default speedRemote setspeed Primary phone numberRemote setsrcipaddr ipaddr mask remotename Remote setsrcipaddrTarget IP address of the WAN connection to the remote rout Remote settimer seconds remotename Remote settimerNumber of seconds in the timeout period Remote start Remote start remotenameRemote stats remotename Remote statsTotal connect time +011148 Total bytes out 15896 Remote stop Remote stop remotenameIP virtual routing table to which the route is removed Remote unbindipvirtualrouteRemote unbindipvirtualroute ipaddr tablename remotename Remote unbindIPVirtualRoute 10.1.2.0 Francisco HQThis page intentionally left blank WAN Interface Commands Adsl Commands Adsl ?Adsl restart Adsl restartAdsl speed Adsl speedStatistical information displayed Adsl statsAdsl stats clear Adsl speedAtm ? ATM CommandsAtm ? Atm pcr Following command requests the current speedTypical response when entered with no parameter Atm pcr cells/secondAtm speed Saves the ATM configuration settingsAtm save Atm saveRemote setATMTraffic scr mbs remoteName Remote setatmtrafficUpstream speed requested in kilobits/second Atm speedRemote setATMtraffic 47 31 HQ Sustained Cell Rate cells per secondRemote setATMTraffic 0 0 HQ Remote setATMtraffic 47 1 HQDmt ? DMT CommandsDmt ? Dmt link Dmt mode ansi notrellisansi uawg Dmt modeAnsi notrellisansi Selects the DMT mode used Dual-Ethernet Router ETH Commands Eth br enable Eth br enableEth br disable Eth br disableEth br options option on off port# Eth br optionsEthernet port number Eth br options stp off Eth br options pppoeonly onFrame ? Frame CommandsFrame ? Frame cmpplay Selects bridging modeSelects bridging mode, default value Frame lmiFrame stats Frame statsDisplays frame relay statistics Frame statsDisplays the voice Dlci for voice routers Frame voiceFrame voice Gti ? GTI CommandsGti speed Gti stats Gti statsGti speed Gti speedGTI Adsl Version information is displayed Gti versionGti version Hdsl ? Hdsl CommandsHdsl ? Hdsl speed Saves the HDSL-related changes across restarts and rebootsHdsl save Hdsl saveCommand example displaying current mode Sets the terminal operation mode to CPESets the terminal operation mode to CO Hdsl terminalIdsl list Idsl CommandsIdsl list Typical responseIdsl save Idsl saveIdsl set speed Idsl set speed 64 128Link speed of 64 Kbps Idsl set switchRemote setdlci Link speed of 128 KbpsRemote setProtocol ppp fr mer remotename Remote setprotocolFrame Relay number identifying the data-link connection PPP protocol with no encapsulationSdsl ? Sdsl CommandsSdsl ? Sdsl preact on off Disables pre-activationSdsl preact CPE end. aSdsl save Sdsl saveSdsl speed Sdsl speed speed noautoSee examples above This command example requests a line speed of 1152 Kb/sSdsl speed Terminal operation is displayed Sdsl terminalSdsl terminal cpe co Sdsl terminalShdsl Commands Shdsl annex Enables the selected annexShdsl ? Lists the supported Shdsl keywordsShdsl list Lists the current configuration of the G.shdsl interfaceShdsl list Shdsl listShdsl ratemode Selects adaptive or fixed rate modeShdsl margin Noise margin in decibelsShdsl restart Selects adaptive modeSelects fixed mode Current ratemode is displayedShdsl speed Shdsl saveShdsl save Speed in Kbps This command usage requests a line speed of 1096 Kb/sShdsl speed speed auto Selects auto-speed detectionShdsl stats Shdsl statsShdsl stats clear Shdsl stats clearShdsl terminal Shdsl terminalShdsl ver Shdsl verDisplays the G.shdsl version level of the modem firmware Shdsl verThis page intentionally left blank Specifies the boot file name kernel and the sub Allows a BootP request to be processed for a parDenies processing of a BootP request for a partic Lists the supported Dhcp keywordsEnables a subnetwork or a client lease Specifies the Tftp server boot serverDisables a subnetwork or a client lease Clears the values from a pool of addressesTo define a subnetwork Dhcp ?Dhcp add To define a client leaseDhcp add Command usage defining a subnetworkCommand usage defining a client lease Dhcp add 128 1 4 ipAddressDhcp addrelay ipaddr Command usage defining, then listing a Dhcp relay serverDhcp addrelay Dhcp addrelayIP address of the subnetwork lease Dhcp bootp allowDhcp bootp disallow IP address of the client leaseDhcp bootp file net ipaddr name Dhcp bootp fileName of the file to boot from Dhcp clear addresses Dhcp bootp tftpserverDhcp bootp tftpserver net ipaddr tftpserver ipaddr IP address of the Tftp serverDhcp clear expire Word records cannot be abbreviated in the commandDhcp clear all records Dhcp clear all recordsDhcp clear valueoption net ipaddr code Dhcp clear valueoptionIpaddra IP address of the subnetwork lease User defined code cExample command deleting the user-defined option with code Example command to delete the defined subnetworkExample command usage deleting a client lease Dhcp delDhcp delrelay Dhcp disableDhcp disable all net ipaddr Dhcp delrelay ipaddr allEnables all subnets Dhcp enableDisables all subnets IIP address of the subnetwork leaseLists global, subnetwork, and client lease information Following example command lists global informationDhcp list Dhcp list net ipaddrFollowing example command lists information for client GatewayPredefined or user-defined number or keyword Dhcp list definedoptionsDhcp list definedoptions code string Character stringEfficient Networks Dhcp list lease Dhcp list leaseDhcp list definedoptions ga Dhcp set addresses Default lease duration is displayedDhcp set expire ipaddr hours default infinite Dhcp set expireDhcp set lease Dhcp set mask Example command sets client lease time to the default valueExample command sets lease time to infinite for this subnet Dhcp set mask net maskDhcp set otherserver Dhcp set otherserver net continue stopSubnetwork lease Dhcp set valueoptionLease Code specifying the option to be setThis page intentionally left blank Nels, except for the authentication password/se Configures the router to forward all incoming callsDisplay of the current configuration settings for tun Lists the supported L2TP keywordsCreates the host name of the remote tunnel Creates a Chap secretCreates local router’s host name Defines the type of L2TP support for the tunnelL2tp add Example command adding the tunnel named PacingAtWorkL2tp ? Tunnelnamea Name of the tunnel. bL2tp call tunnelname L2tp callL2tp close L2tp call PacingAtWorkL2tp del No incoming calls are allowed to be forwarded through L2tp forwardForward all incoming calls through the tunnel to an LNS Tunnel to an LNSTunnelname a Name of the tunnel. b L2tp listL2tp list tunnelname L2tp listL2tp set address ipaddr tunnelname L2tp set addressIP address of the remote LAC or LNS L2tp set authen Enables authenticationDisables authentication L2tp set chapsecretL2tp set hiddenavp Chap secret used to authenticate the creation of the tunnelL2tp set dialout L2tp set dialout yes no tunnelnameL2tp set ouraddress Allows the router hide AVPs. Default valueDisables hidden AVPs Source IP address used for this tunnelLenged by another router L2tp set ourpasswordL2tp set oursysname Name of the tunnelName of the local router L2tp set ourtunnelnameL2tp set remotename Tunnelnamea,b Name of the tunnelL2tp set type L2tp set wanif remote tunnelname L2tp set wanifLishing the L2TP tunnel L2tp set window Remote setl2tpclient tunnelnameremotename Remote setl2tpclientName of the remote entry Remote setlns Remote setLNS tunnelname remotenameFilter br ? Lists the supported Bridge Filtering keywordsHexadecimal number up to 6 bytes Filter br addByte offset within a packet Allows forwarding of the packetsFilter br del pos data allow deny Filter br delFilter br del 12 8035 deny Filter br list Filter br listLists the bridging filters in the filtering database Filter br listFilter br use This page intentionally left blank Remote setpppoeservice Pppoe close ifsnumber Pppoe closeIfsnumber Session to be closed.a Pppoe list Pppoe listLists information about the currently active PPPoE sessions Pppoe listThis page intentionally left blank IKE/IPSEC Commands Defines a proposal filtering parameter value for Defines a peer filtering parameter value for the pol IcyDefines the pfs filtering parameter value for Policy Defines a protocol filtering parameter value forLists the defined IKE peers Message authentication doneDisables a defined IPSec security association SA Entry Sets the local ID for the IKE peer connectionClears all IPSec definitions Enables a defined IPSec security association en TrySpecifies the identifier Spid for the IPSec tunnel Ike ipsec ? Ike flush Commit bit is not set. Default valueIke commit Displays help messageIke ipsec policies add policyname Ike ipsec policies addIke ipsec policies delete Policynamea New name for an IPsec policy.bName of an existing IPsec policy. b Ike ipsec policies disableIke ipsec policies disable policyname Policynamea Name of an existing IPsec policy.bIke ipsec policies enable policyname Ike ipsec policies enableIke ipsec policies enable mypolicy Ike ipsec policies list Ike ipsec policies list IKE IPSec policies mypolicy enabledIke ipsec policies list IP address allowed to be the destination of the data Ike ipsec policies set destIke ipsec policies set destport Name of the IPsec policy to which the destination parameterPortnumber Telnet Http Snmp Tftp Policynamea Ike ipsec policies set interface Ike ipsec policies set interface interface all policynameIke ipsec policies set interface backup corporate Ike ipsec policies set modeIke ipsec policies set mode tunnel transport policyname Ike ipsec policies set interface all mypolicyParameter value is added. a Name of the IPsec policy to which the encapsulation modeIke ipsec policies set peer Ike ipsec policies set peer peerpame policynameNegotiation Ike ipsec policies set pfsIke ipsec policies set pfs 1 2 none policyname Ike ipsec policies set pfs 2 mypolicyIke ipsec policies set proposal proposalname policyname Ike ipsec policies set proposalIke ipsec policies set proposal myproposal mypolicy Ike ipsec policies set protocol Ue is added. bIP address allowed to be the source of the data Ike ipsec policies set sourceIke ipsec policies set source ipaddress ipmask policyname Is added. cIke ipsec policies set sourceport Ike ipsec policies set translate Ike ipsec policies set translate on off policynameIke ipsec proposals add Ike ipsec proposals add proposalnameName of an existing IPsec proposal. b Ike ipsec proposals deleteIke ipsec proposals delete proposalname Ike ipsec proposals add myproposalIke ipsec proposals list Ike ipsec proposals listIke ipsec proposals list Ike ipsec proposals set ahauth md5 sha1 none proposalname Use AH encapsulation and authenticate using hash algorithmIke ipsec proposals set ahauth Secure Hash Algorithm-1Auth command Use ESP encapsulation and authenticate using hash algorithmNo ESP encapsulation and no ESP message authentication. If Ike ipsec proposals set espauthUse ESP encapsulation and 168-bit encryption if 3DES is en Ike ipsec proposals set espencUse ESP encapsulation and 56-bit encryption Abled in the routerIke ipsec proposals set lifedata Compress using the LZS algorithmIke ipsec proposals set ipcomp Ike ipsec proposals set ipcomp none lzs proposalnameMeans unlimited Ike ipsec proposals set lifetimeIke ipsec proposals set lifedata kbytes proposalname Ike ipsec proposals set lifetime seconds proposalnameIke peers add peername Ike peers addUnlimited Peernamea New name for an IKE peer.bIke peers delete peername Ike peers deleteIke peers list Peernamea Name of the IKE peer to delete.bIke peers set address ipaddress peername Ike peers set addressIke peers list IKE Peers Ike peers set localid aggressivemodeid peername Ike peers set localidIke peers set address 0.0.0.0 myaggressivepeer Name of the IKE peer whose local ID is specified. c Ike peers set localidtypeExample Response Ike peers set localidtype ipaddr domainname email peernameIke peers set localidtype domainname myaggressivepeer Selects aggressive mode one end can change Ike peers set modeSelect main mode both ends constant Name of the IKE peer whose mode is specified. bIke peers set peerid aggressivemodeid peername Ike peers set peeridIke peers set peeridtype Name of the IKE peer whose peer ID is specified. cIke peers set secret secret peername Ike peers set secretIke peers set peeridtype ipaddr domainname email peername Ike peers set peeridtype domainname myaggressivepeerIke proposals add ProposalName Ike proposals addIke proposals delete Proposalnamea New name for an IKE proposal.bIke proposals list Ike proposals listProposalnamea Name of the IKE proposal to delete.b Ike proposals delete myikeproposalNo DH group is used Ike proposals set dhgroupIke proposals set dhgroup none 1 2 proposalname Use DH groupIke proposals set lifetime Use 3DES 168-bit encryption if 3DES encryption is enabledIke proposals set encryption Use DES 56-bit encryptionIke proposals set messageauth none md5 sha1 proposalName Ike proposals set messageauthMaximum number of seconds before renegotiation Ike proposals set lifetime 86400 myikeproposalIke proposals set sessionauth Ipsec add saname IPSec CommandsIpsec add Sanamea Name for the new IPSec SA.bSanamea Name of the IPSec SA to be disabled.b Ipsec disableDisables a defined IPSec security association entry Ipsec deleteSanamea Name of the IPSec SA to be enabled.b Ipsec enableIpsec enable saname Ipsec disable showrxIpsec flush Ipsec flushIpsec list Ipsec list sanameIpsec list Specifies the authentication key for the IPSec SA Ipsec set authenticationIpsec set authentication md5 sha1 saname Ipsec set authkeyDefines the direction of the IPSec SA Hexadecimal authentication keyIpsec set direction Ipsec set direction inbound outbound sanameIpsec set compression none lzs saname Ipsec set compressionIpsec set enckey Specifies the encryption key for the IPSec SAIpsec set encryption Defines the IP address of the IP gateway of the IPSec SA Ipsec set gatewayIpsec set ident Ipaddressa IP address of the IP gatewaySpid for the IPSec tunnel Ipsec set modeIpsec set mode tunnel transport saname Name of the IPSec SA. bAH authentication Ipsec set serviceIpsec set service esp ah both saname Use Both ESP encryption and authenticationDisplays the current voice rate and encoding type Lists the top-level voice or dsp commandsKeywords and a brief description of their function Clears the L2 control channel statisticsDsp ? / voice ? Dsp voice ?Selects the voice encoding method for all voice ports Typical response when entered with no parametersDsp ecode Sets encoding method to alawIs displayed Dsp jitterDsp jitter milliseconds Optional, Length of jitter buffer in millisecondsDsp provision Dsp vr Voice port to configureDsp save Dsp saveVoice profile profile Voice l2clearVoice l2stats Voice l2statsVoice l2stats Example response confirming the configuration changeVoice profile Voice profileMode Voice refreshcasVoice refreshcas active always An idle stateThis page intentionally left blank Attempting the next radius server, if configured Lists the supported radius commands and keyDeletes a configured radius server entry WordsRad ? Rad ?Rad deleteserver Rad deleteserver integerRad list secret Rad list secretRad list secret Rad list server Rad list serverRad list server Rad set retries Radius set serverRadius set secret Radius set timeoutAuthentication secret for the specified radius server Number of seconds between retry attemptsDeletes an access path from the specified user ac Adds an access privilege to for the specified userConfigures the managements class with read-only Disables an existing user accountAdmin R Displays the contents of the user account data BaseLists the characteristics of the pre-defined user Templates User ?Adds user access through the WAN connection User add accessAdds user access through a LAN connection Adds user access through the console serial portUser add class User add user username password template enable disable User add userRemoves user access through a LAN connection User delete accessUser delete access lan wan console username Removes user access through the WAN connectionUser delete class mgtclass read write username Enabled for read-onlyUser delete class Must be one of the followingUser delete user User delete class admin write Admin1User delete class voice read Admin1 User delete user username1 username2 usernameNUser delete user Admin1 staff001 User disableUser disable username User disable VoiceAdminUser enable Admin1 User enableUser enable username User listUser list User list lookup User list lookupUser list template Displays the pre-defined user template informationEfficient Networks User set lookup User setpassword username newpassword User set passwordChanges the password of an existing user account Newpassworda New password for the user accountThis page intentionally left blank Deletes a feature key from the key-enabled feature Lists the supported key commandsValidates and adds a key to the key-enabled fea Ture databaseUnrevokes a revoked feature key Disables a key-enabled featureRevokes a key-enabled feature key Updates the expiration date of an expired feature KeyKey add Example response when adding a key for L2TPKey add keystring Example response when deleting the key for Radius Key delete featurenameFeaturenamea Name of the feature to be deleted.b Key deleteFeaturename Name of the feature to be disabled.a Key disableKey disable featurename Key disable l2tpFeaturenamea Name of the feature to be enabled.b Key enableKey enable featurename Key listInstalled Typical response with the -lparameter is shown belowKey revoke Key revoke featureFeaturenamea Name of the feature key to be revoked Key unrevokeKeystringa Key string for the feature Key updateKey update keystring Key unrevoke keystringThis page intentionally left blank Enables or disables transmission of unsolicited Disables Snmp access from the specified interEnables Snmp access from the specified inter Sets an authentication password for an SnmpSnmp addsnmpfilter Snmp ?Snmp ? Snmp addstrapdest ip addr Snmp addtrapdestSnmp addsnmpfilter first ip addr last ip addr lan IP address of the trap managerSnmp community name Snmp communitySnmp community snmp community name Following example sets the Snmp community name to iadsSnmp delsnmpfilter Snmp delsnmpfilter first ip addr last ip addr lanSnmp deltrapdest Snmp disablesnmpifSnmp disablesnmpif wanlan Snmp deltrapdest ip addrSnmp enablesnmpif wanlan Snmp enablesnmpifWan lan Interface from which Snmp access will be disabled Wan lan Interface from which Snmp access will be enabledSnmp list Snmp settrapenableSnmp settrapenable on off Snmp listSnmp Manager authentication password Enables trap event message transmissionCurrent password Example response when a password parameter is enteredSnmp snmpport default disabled port Snmp snmpportEnables or disables the stateful firewall function Displays the current stateful firewall settingsConfigured rules Due to firewall rules that when exceeded, will logSets the threshold value for the number of SYN Firewall ?Sets the threshold value for the number of Icmp Sets the threshold value for the number of UDPFirewall allow protocol application parameters Packets must match the assigned application characteristicsFirewall allow Packet must have the specified protocolExamples Firewall allow -a FTP -sa 192.168.1.34 -d out Firewall -a netmeeting -sa 192.168.1.23 -d outIndicates the specified rule is in the deny rules list Firewall clearcounterIndicates the specified rule is in the allow rules list Firewall clearcounter 13 allowFirewall delete Firewall clearcounter allFirewall clearcounter all Firewall delete all allow deny Example command deletes rule 3 from the deny rules listFirewall delete all Will delete all rules from the allow rules listFirewall deny protocol application parameters Firewall denyFirewall delete all allow Both Firewall list allow deny Command entered with no parametersFirewall list Optional parameter will display only allow rules listFirewall modify allow deny number parameter Command entered with the optional allow parameterFirewall modify Following identifies the firewall rule to be modifiedModifies the source IP address or specified address range Specifies the protocol a packet must haveModifies the firewall rule type Modifies the specified source ip maskFirewall set Enables the firewall as currently configuredDisables the firewall Firewall setdroppktthresholdThreshold value in packets per seconds Firewall seticmpfloodthresholdFirewall seticmpfloodthreshold number Firewall setdroppkthresholdFirewall setsynfloodthreshold Firewall setsynfloodthreshold numberFirewall setudpfloodthreshold number Firewall setudpfloodthresholdFirewall viewdroppkts Firewall viewdroppkts numberTypical response using the optional number parameter Firewall viewdroppktsFirewall watch on off Firewall watchNo messages are printed to the console or Syslog server This page intentionally left blank Configured SSH port List the supported SSH sub-commandsDisplays the current SSH configuration with the ex Sets the idle timeout period for SSH connectionsSsh ? Ssh ?Ssh keygen Generates the Private-Public key-pair for the local serverSsh list Ssh listSsh load privatekey Ssh load publickey tftp@server-addrpriv-key-fileKey file to load Ssh load publickeySsh load publickey TFTP@server-addrpub-key-file Ssh load privatekey tftp@192.168.13.174mykeySets the types of encryption the SSH connections will use Multiple types are allowed on the command lineSsh set encryption DES 56-bit encryptionIdle timeout period in seconds Ssh set idletimeoutSsh set idletimeout seconds Ssh set keepalive enable disableKeepalive messages are sent Ssh set keepalive enableSsh set mac Ssh set mac md5 sha1Ssh set rekey Enables and disables SSH server connectionsSsh set status enable disable Ssh set statusSsh set status enable Allows SSH connectionsThis page intentionally left blank Services field List the supported QoS commands and a brief deEnables and disables marking of the differentiated Scription of their functionsQos append Saves the current QoS configuration and QoS pol IciesQos ? Defines a proposal filtering parameter value for PolicyPolicy namea Specifies the QoS policy name to be added Specifies that all disabled QoS policies will be deletedQos del Specifies the QoS policy to be deletedQos diffserv Qos disableExample command that deletes all disabled QoS policies QOS will mark Diffserv field in IP headerQos enable policy name Qos enablePolicy namea Specifies the QoS policy to be disabled Specifies the QoS policy to be enabledQos del policy name insert before this policy Qos insertQos list Qos list policy nameQos list mypolicy3 LOWQos move policy name move to before this policy Qos moveQos movetoend Specifies the QoS policy to be movedQos off Qos offQos save Saves the current QoS feature and policy configurationsQos on Qos onQos set Specifies the priority, with normal the default valueQos set parameter policy name Specifies the incoming code point Specifies the outgoing code pointQos setweight highmeduimnormallow weight Qos setweightQueue This page intentionally left blank Disables the specified Ethernet port Lists the supported Switch sub-commandsSpecifies the aging time of the switch Configures port traffic mirroringSwitch ? help Switch ?Switch agetime Switch agetime secondsEthernet port to be disabled Switch blockSwitch block port Switch blockSwitch mirror on off capture port map port unmap port Switch mirrorSwitch mirror capture 6 switch mirror map Switch mirror map Switch status Switch statusDisplays the current port states for the Ethernet switch Switch mirror captureEthernet port to be enabled Switch unblockSwitch unblock port Switch status