![Zyxel NXC2500 [138/275] Firewall sub commands](/img/pdf.png)
Zyxel NXC2500 [138/275] Firewall sub commands
![Zyxel NXC2500 [138/275] Firewall sub commands](/views2/1169008/page138/bg8a.png)
Chapter 21 Firewall
NXC CLI Reference Guide
138
21.2.1 Firewall Sub-Commands
The following table describes the sub-commands for several firewall commands.
Table 68 firewall Sub-commands
COMMAND DESCRIPTION
action {allow|deny|reject} Sets the action the NXC takes when packets match
this rule.
[no] activate Enables a firewall rule. The
no command disables
the firewall rule.
[no] ctmatch {dnat | snat} Use dnat to block packets sent from a computer
on the NXC’s WAN network from being forwarded
to an internal network according to a virtual server
rule.
Use snat to block packets sent from a computer
on the NXC’s internal network from being
forwarded to the WAN network according to a 1:1
NAT or Many 1:1 NAT rule.
The no command forwards the matched packets.
[no] description description Sets a descriptive name (up to 60 printable ASCII
characters) for a firewall rule. The
no command
removes the descriptive name from the rule.
[no] destinationip address_object Sets the destination IP address. The
no command
resets the destination IP address(es) to the default
(any). any means all IP addresses.
[no] from zone_object Sets the zone on which the packets are received.
The
no command removes the zone on which the
packets are received and resets it to the default
(any). any means all interfaces or VPN tunnels.
[no] log [alert] Sets the NXC to create a log (and optionally an
alert) when packets match this rule. The
no
command sets the NXC not to create a log or alert
when packets match this rule.
[no] schedule schedule_object Sets the schedule that the rule uses. The no
command removes the schedule settings from the
rule.
[no] service service_name Sets the service to which the rule applies. The
no
command resets the service settings to the default
(any). any means all services.
[no] sourceip address_object Sets the source IP address(es). The
no command
resets the source IP address(es) to the default
(any). any
means all IP addresses.
[no] sourceport {tcp|udp} {eq
<1..65535>|range <1..65535> <1..65535>}
Sets the source port for a firewall rule. The no
command removes the source port from the rule.
[no] to {zone_object|EnterpriseWLAN} Sets the zone to which the packets are sent. The
no command removes the zone to which the
packets are sent and resets it to the default (any).
any means all interfaces.
[no] user user_name Sets a user-aware firewall rule. The rule is
activated only when the specified user logs into the
system. The
no command resets the user name to
the default (any). any
means all users.
Содержание
- Cli reference guide 1
- Default login details 1
- Nxc series 1
- Quick start guide 1
- Wireless lan controller 1
- Do not use commands not documented in this guide 2
- Important read carefully before use keep this guide for future reference 2
- It is recommended you use the web configurator to configure the nxc 2
- Some commands or command options in this guide may not be available in your product see your product s user s guide for a list of supported features every effort has been made to ensure that the information in this guide is accurate 2
- Contents overview 3
- Chapter 1 command line interface 5 5
- Chapter 2 user and privilege modes 1 5
- Contents overview 5
- Table of contents 5
- Chapter 3 object reference 5 6
- Chapter 4 status 7 6
- Chapter 5 registration 1 6
- Chapter 6 interfaces 7 6
- Chapter 7 route 5 6
- Chapter 10 wireless lan profiles 7 7
- Chapter 11 rogue ap 05 7
- Chapter 12 wireless frame capture 09 7
- Chapter 8 ap management 3 7
- Chapter 9 ap group 9 7
- Chapter 13 dynamic channel selection 111 8
- Chapter 14 auto healing 113 8
- Chapter 15 dynamic guest 15 8
- Chapter 16 leds 119 8
- Chapter 17 zones 21 8
- Chapter 18 alg 25 8
- Chapter 19 captive portal 27 8
- Chapter 20 rtls 33 9
- Chapter 21 firewall 35 9
- Chapter 22 user group 43 9
- Chapter 23 addresses 51 9
- Chapter 24 services 55 9
- Chapter 25 schedules 59 10
- Chapter 26 aaa server 61 10
- Chapter 27 authentication objects 67 10
- Chapter 28 authentication server 71 10
- Chapter 29 enc 73 10
- Chapter 30 certificates 77 10
- Chapter 31 system 81 11
- Chapter 32 system remote management 87 11
- Chapter 33 dhcpv6 objects 99 11
- Chapter 34 file manager 01 12
- Chapter 35 logs 19 12
- Chapter 36 reports and reboot 27 12
- Chapter 37 session timeout 33 13
- Chapter 38 diagnostics 35 13
- Chapter 39 packet flow explore 37 13
- Chapter 40 maintenance tools 39 13
- Chapter 41 watchdog timer 45 13
- Chapter 42 managed ap commands 49 13
- List of commands 55 13
- Accessing the cli 15
- Command line interface 15
- Hapter 15
- Overview 15
- The configuration file 15
- Console port 16
- The nxc might force you to log out of your session if reauthentication time lease time or idle timeout is reached see chapter 22 on page 143 for more information about these settings 16
- Web configurator console 17
- Before you use the console ensure that 18
- Chapter 1 command line interface 18
- Click the console button on the web configurator title bar 18
- Label description 18
- Nxc cli reference guide 18
- Table 2 console 18
- The following table describes the elements in this screen 18
- To login in through the console 18
- Your web browser of choice allows pop up windows from the ip address assigned to your nxc your web browser allows java programs you are using the latest version of the java program http www java com 18
- Ssh secure shell 20
- Telnet 20
- The default login username is admin and password is 1234 the username and password are case sensitive 20
- Background information 21
- Command input values 21
- How commands are explained 21
- How to find commands in this guide 21
- See the user s guide for background information about most features 21
- Changing the password 22
- Cli modes 22
- Command examples 22
- Command summary 22
- Command syntax 22
- A list of valid commands can be found by typing 23
- At the command prompt to view a list of available commands within a command group enter 23
- At the time of writing there is not much difference between user and privilege mode for admin users this is reserved for future use 23
- Chapter 1 command line interface 23
- List of available commands 23
- Nxc cli reference guide 23
- See chapter 22 on page 143 for more information about the user types user users can only log in look at but not run the available commands in user mode and log out limited admin users can look at the configuration in the web configurator and cli and they can run basic diagnostics in the cli admin users can configure the nxc in the web configurator or cli 23
- Shortcuts and help 23
- Table 3 cli modes continued 23
- Chapter 1 command line interface 24
- Figure 5 help available commands example 1 24
- Figure 6 help available command example 2 24
- Figure 7 help sub command information example 24
- Figure 8 help required user input example 24
- List of sub commands or required user input 24
- Nxc cli reference guide 24
- To view detailed help information for a command enter 24
- Command history 25
- Entering a in a command 25
- Entering partial commands 25
- Erase current command 25
- Navigation 25
- The no commands 25
- Chapter 1 command line interface 26
- Description 26
- Input values 26
- Nxc cli reference guide 26
- Table 4 input value formats for strings in cli commands 26
- The following table provides more information about input values like 26
- You can use the or tab to get more information about the next input value that is required for a command in some cases the next input value is a string whose length and allowable characters may not be displayed in the screen for example in the following example the next input value is a string called 26
- Chapter 1 command line interface 27
- Nxc cli reference guide 27
- Table 4 input value formats for strings in cli commands continued 27
- Chapter 1 command line interface 28
- Nxc cli reference guide 28
- Table 4 input value formats for strings in cli commands continued 28
- Always save the changes before you log out after each management session all unsaved changes will be lost after the system restarts 29
- Command in user mode or privilege mode to log out of the cli 29
- Command to save the current configuration to the nxc 29
- Enter the 29
- Logging out 29
- Or end command in configure mode to go to privilege mode 29
- Saving configuration changes 29
- Use the 29
- Hapter 31
- User and privilege modes 31
- Chapter 2 user and privilege modes 32
- Note these commands are for zyxel s internal manufacturing process 32
- Nxc cli reference guide 32
- Subsequent chapters in this guide describe the configuration commands user privilege mode commands that are also configuration commands for example show are described in more detail in the related configuration command chapter 32
- Table 5 user u and privilege p mode commands continued 32
- Chapter 2 user and privilege modes 33
- Debug commands 33
- Debug commands marked with an asterisk are not available when the debug flag is on and are for zyxel service personnel use only the debug commands follow a syntax that is linux based so if there is a linux equivalent it is displayed in this chapter for your reference you must know a command listed here well before you use it otherwise it may cause undesired results 33
- Nxc cli reference guide 33
- Table 6 debug commands 33
- Hapter 35
- Object reference 35
- Object reference commands 35
- Chapter 3 object reference 36
- Nxc cli reference guide 36
- Object reference command example 36
- Table 7 show reference commands continued 36
- This example shows how to check which configuration is using an address object named lan1_subnet for the command output firewall rule 3 named lan1 to nxc is using the address object 36
- Hapter 37
- Status 37
- Status show commands 37
- Chapter 4 status 38
- Here are examples of the commands that display the cpu and disk utilization 38
- Here are examples of the commands that display the fan speed mac address memory usage ram size and serial number 38
- Here is an example of the command that displays the listening ports 38
- Nxc cli reference guide 38
- Chapter 4 status 39
- Here is an example of the command that displays the open ports 39
- Nxc cli reference guide 39
- Chapter 4 status 40
- Here are examples of the commands that display the system uptime and model firmware and build information 40
- Nxc cli reference guide 40
- This example shows the current led states on the nxc the sys led lights on and green 40
- Hapter 41
- Myzyxel com overview 41
- Registration 41
- Subscription services available on the nxc 41
- Command examples 42
- Registration commands 42
- To use a subscription service you have to register the nxc and activate the corresponding service at myzyxel com through the nxc 42
- Chapter 5 registration 43
- Country code 43
- Nxc cli reference guide 43
- Table 11 country codes 43
- The following command displays the account information and whether the device is registered 43
- The following command displays the service registration status and type and how many days remain before the service expires 43
- The following table displays the number for each country 43
- Chapter 5 registration 44
- Nxc cli reference guide 44
- Table 11 country codes continued 44
- Chapter 5 registration 45
- Nxc cli reference guide 45
- Table 11 country codes continued 45
- Chapter 5 registration 46
- Nxc cli reference guide 46
- Table 11 country codes continued 46
- Hapter 47
- Interface general commands summary 47
- Interface overview 47
- Interfaces 47
- Types of interfaces 47
- Basic interface properties and ip address commands 48
- Chapter 6 interfaces 48
- Nxc cli reference guide 48
- Table 12 input values for general interface commands continued 48
- Table 13 interface general commands basic properties and ip address assignment 48
- The following sections introduce commands that are supported by several types of interfaces 48
- This table lists basic properties and ip address commands 48
- Chapter 6 interfaces 49
- Nxc cli reference guide 49
- Table 13 interface general commands basic properties and ip address assignment continued 49
- Basic interface properties command examples 50
- Chapter 6 interfaces 50
- Nxc cli reference guide 50
- Table 13 interface general commands basic properties and ip address assignment continued 50
- The following commands make ethernet interface ge1 a dhcp client 50
- Chapter 6 interfaces 51
- Nxc cli reference guide 51
- This example shows how to modify the name of interface ge4 to vip first you have to check the interface system name ge4 in this example on the nxc then change the name and display the result 51
- This example shows how to restart an interface you can check all interface names on the nxc then use either the system name or user defined name of an interface ge4 or customer in this example to restart it 51
- Chapter 6 interfaces 52
- Dhcp setting commands 52
- Hardware addres 52
- Networ 52
- Note the ip address must be in the same subnet as the interface to which you plan to bind the dhcp pool 52
- Nxc cli reference guide 52
- Table 14 interface commands dhcp settings 52
- This table lists dhcp setting commands dhcp is based on dhcp pools create a dhcp pool if you want to assign a static ip address to a mac address or if you want to specify the starting ip address and pool size of a range of ip addresses that can be assigned to dhcp clients there are different commands for each configuration afterwards in either case you have to bind the dhcp pool to the interface 52
- Chapter 6 interfaces 53
- Note the dhcp pool must have the same subnet as the interface to which you plan to bind it 53
- Nxc cli reference guide 53
- Table 14 interface commands dhcp settings continued 53
- Chapter 6 interfaces 54
- First and the start address must be in the same subnet 54
- Network numbe 54
- Note you must specify the 54
- Nxc cli reference guide 54
- Table 14 interface commands dhcp settings continued 54
- Chapter 6 interfaces 55
- Dhcp setting command examples 55
- Nxc cli reference guide 55
- The following example uses these commands to configure dhcp pool dhcp_test 55
- Chapter 6 interfaces 56
- Connectivity check ping check commands 56
- Nxc cli reference guide 56
- Table 15 interface commands ping check 56
- This table lists the ping check commands 56
- Use these commands to have an interface regularly check the connection to the gateway you specified to make sure it is still available you specify how often the interface checks the connection how long to wait for a response before the attempt is a failure and how many consecutive failures are required before the nxc stops routing to the gateway the nxc resumes routing to the gateway the first time the gateway passes the connectivity check 56
- Chapter 6 interfaces 57
- Connectivity check command example 57
- Ethernet interface specific commands 57
- Mac address setting commands 57
- Nxc cli reference guide 57
- Table 16 input values for ethernet interface commands 57
- Table 17 interface commands mac setting 57
- The following commands show you how to set the wan1 interface to use a tcp handshake on port 8080 to check the connection to ip address 1 57
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 57
- This section covers commands that are specific to ethernet interfaces 57
- This table lists the commands you can use to set the mac address of an interface 57
- In cli representative interfaces are also called representative ports 58
- Port commands 58
- This section covers commands that are specific to ports 58
- Chapter 6 interfaces 59
- Command to enter the configuration mode before you can use these commands 59
- Configure termina 59
- Nxc cli reference guide 59
- Port role commands 59
- Port role examples 59
- Table 19 command summary port role 59
- The following are two port role examples 59
- The following table describes the commands available for port role identification you must use the 59
- Usb storage specific commands 59
- Use these commands to configure settings that apply to the usb storage device connected to the nxc 59
- Chapter 6 interfaces 60
- For the nxc which supports more than one usb ports these commands only apply to the usb storage device that is first attached to the nxc 60
- Nxc cli reference guide 60
- Table 20 usb storage general commands 60
- Usb storage general commands example 61
- Vlan interface specific commands 61
- Vlan0 is the default vlan interface it cannot be deleted and its vid cannot changed 61
- Chapter 6 interfaces 62
- Command to enter the configuration mode before you can use these commands 62
- Configure termina 62
- Nxc cli reference guide 62
- Table 21 input values for vlan interface commands continued 62
- Table 22 command summary vlan interface profile 62
- The following table describes the commands available for vlan interface management you must use the 62
- Chapter 6 interfaces 63
- Nxc cli reference guide 63
- Table 22 command summary vlan interface profile continued 63
- This example changes vlan interface vlan0 to use dhcp 63
- This example creates a vlan interface called vlan0 63
- Vlan interface examples 63
- Hapter 65
- Policy route 65
- Policy route commands 65
- Chapter 7 route 66
- Command to enter the configuration mode before you can use these commands 66
- Configure termina 66
- Nxc cli reference guide 66
- Table 24 command summary policy route 66
- The following table describes the commands available for policy route you must use the 66
- Chapter 7 route 67
- Nxc cli reference guide 67
- Table 24 command summary policy route continued 67
- Assured forwarding af behavior is defined in rfc 2597 the af behavior group defines four af classes inside each class packets are given a high medium or low drop precedence the drop precedence determines the probability that routers in the network will drop packets when congestion occurs if congestion occurs between classes the traffic in the higher class smaller numbered class is generally given priority combining the classes and drop precedence produces the following twelve dscp encodings from af11 through af43 the decimal equivalent is listed in brackets 68
- Assured forwarding af phb for diffserv 68
- Chapter 7 route 68
- Nxc cli reference guide 68
- Table 24 command summary policy route continued 68
- Table 25 assured forwarding af behavior group 68
- Chapter 7 route 69
- Ip static route 69
- Nxc cli reference guide 69
- Policy route command example 69
- The following commands create two address objects tw_subnet and gw_1 and insert a policy that routes the packets with the source ip address tw_subnet and any destination ip address through the interface ge1 to the next hop router gw_1 this route uses the ip address of the outgoing interface as the matched packets source ip address 69
- The nxc has no knowledge of the networks beyond the network that is directly connected to the nxc for instance the nxc knows about network n2 in the following figure through gateway r1 however the nxc is unable to route a packet to network n3 because it doesn t know that there is a route through the same gateway r1 via gateway r2 the static routes are for you to tell the nxc about the networks beyond the network connected to the nxc directly 69
- Command to enter the configuration mode before you can use these commands 70
- Static route commands 70
- Static route commands example 70
- The following command sets a static route with ip address 10 0 0 and subnet mask 255 55 55 and with the next hop interface ge1 then use the show command to display the setting 70
- The following table describes the commands available for static route you must use the 70
- Chapter 7 route 71
- Learned routing information commands 71
- Nxc cli reference guide 71
- Show ip route command example 71
- Table 27 ip route commands learned routing information 71
- The following example shows learned routing information on the nxc 71
- This table lists the commands to look at learned routing information 71
- Ap management 73
- Ap management overview 73
- Hapter 73
- Ap management commands 74
- Chapter 8 ap management 74
- Command to enter the configuration mode before you can use these commands 74
- Configure termina 74
- Nxc cli reference guide 74
- Table 28 input values for general ap management commands 74
- Table 29 command summary ap management 74
- The following table describes the commands available for ap management you must use the 74
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 74
- Chapter 8 ap management 75
- Nxc cli reference guide 75
- Table 29 command summary ap management continued 75
- Chapter 8 ap management 76
- Nxc cli reference guide 76
- Table 29 command summary ap management continued 76
- Chapter 8 ap management 77
- Nxc cli reference guide 77
- Table 29 command summary ap management continued 77
- Ap management commands example 78
- Chapter 8 ap management 78
- Nxc cli reference guide 78
- The following example shows you how to add an ap to the management list and then edit it 78
- Ap group 79
- Ap group commands 79
- Hapter 79
- Wireless load balancing overview 79
- Chapter 9 ap group 80
- Nxc cli reference guide 80
- Table 31 command summary ap group continued 80
- Chapter 9 ap group 81
- Note this parameter has been optimized for the nxc and should not be changed unless you have been specifically directed to do so by zyxel support 81
- Nxc cli reference guide 81
- Table 31 command summary ap group continued 81
- Chapter 9 ap group 82
- Note this parameter has been optimized for the nxc and should not be changed unless you have been specifically directed to do so by zyxel support 82
- Nxc cli reference guide 82
- Table 31 command summary ap group continued 82
- Ap group examples 83
- Chapter 9 ap group 83
- Nxc cli reference guide 83
- Table 31 command summary ap group continued 83
- The following example shows you how to create an ap group profile named test and configure the ap s first radio to work in repeater mode using the default radio profile and the zymesh_test zymesh profile it also adds the ap with the mac address 00 a0 c5 01 23 45 to this ap group 83
- Chapter 9 ap group 84
- Nxc cli reference guide 84
- The following example shows you how to create an ap group profile named gp1 and configure ap load balancing in by station mode the maximum number of stations is set to 1 84
- The following example shows you how to create an ap group profile named gp2 and configure ap load balancing in by traffic mode the traffic level is set to low and disassociate station is enabled 84
- Chapter 9 ap group 85
- Nxc cli reference guide 85
- The following example shows the settings and status of the vlan s configured for the managed aps nwa5301 nj in the default ap group 85
- The following example shows the status of ethernet ports for the managed aps nwa5301 nj in the default ap group it also shows whether the lan1 port is enabled and what the port s vlan id is 85
- Ap radio monitor profile commands 87
- Hapter 87
- Wireless lan profiles 87
- Wireless lan profiles overview 87
- Chapter 10 wireless lan profiles 88
- Command to enter the configuration mode before you can use these commands 88
- Configure termina 88
- Note your choice of channel may be restricted by regional regulations 88
- Nxc cli reference guide 88
- Table 32 input values for general radio and monitor profile commands continued 88
- Table 33 command summary radio profile 88
- The following table describes the commands available for radio and monitor profile management you must use the 88
- Chapter 10 wireless lan profiles 89
- Nxc cli reference guide 89
- Table 33 command summary radio profile continued 89
- Chapter 10 wireless lan profiles 90
- Nxc cli reference guide 90
- Table 33 command summary radio profile continued 90
- Chapter 10 wireless lan profiles 91
- Nxc cli reference guide 91
- Table 33 command summary radio profile continued 91
- 2 g band with channel 6 channel width of 20mhz a dtim period of 2 a beacon interval of 100ms ampdu frame aggregation enabled an ampdu buffer limit of 65535 bytes an ampdu subframe limit of 64 frames amsdu frame aggregation enabled an amsdu buffer limit of 4096 92
- Ap radio monitor profile commands example 92
- Chapter 10 wireless lan profiles 92
- Nxc cli reference guide 92
- Table 33 command summary radio profile continued 92
- The following example shows you how to set up the radio profile named radio01 activate it and configure it to use the following settings 92
- Block acknowledgement enabled a short guard interval an output power of 100 93
- Chapter 10 wireless lan profiles 93
- It will also assign the ssid profile labeled default in order to create wlan vap wlan 1 1 functionality within the radio profile 93
- Nxc cli reference guide 93
- Ssid profile commands 93
- Table 34 input values for general ssid profile commands 93
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 93
- Chapter 10 wireless lan profiles 94
- Command to enter the configuration mode before you can use these commands 94
- Configure termina 94
- Nxc cli reference guide 94
- Table 34 input values for general ssid profile commands continued 94
- Table 35 command summary ssid profile 94
- The following table describes the commands available for ssid profile management you must use the 94
- Chapter 10 wireless lan profiles 95
- Nxc cli reference guide 95
- Security profile commands 95
- Ssid profile example 95
- Table 35 command summary ssid profile continued 95
- Table 36 input values for general security profile commands 95
- The following example creates an ssid profile with the name zyxel it makes the assumption that both the security profile security01 and the mac filter profile macfilter01 already exist 95
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 95
- Chapter 10 wireless lan profiles 96
- Command to enter the configuration mode before you can use these commands 96
- Configure termina 96
- Nxc cli reference guide 96
- Table 37 command summary security profile 96
- The following table describes the commands available for security profile management you must use the 96
- Chapter 10 wireless lan profiles 97
- Nxc cli reference guide 97
- Table 37 command summary security profile continued 97
- Chapter 10 wireless lan profiles 98
- Nxc cli reference guide 98
- Security profile example 98
- Table 37 command summary security profile continued 98
- The following example creates a security profile with the name security01 98
- Chapter 10 wireless lan profiles 99
- Command to enter the configuration mode before you can use these commands 99
- Configure termina 99
- Mac filter profile commands 99
- Mac filter profile example 99
- Nxc cli reference guide 99
- Table 38 input values for general mac filter profile commands 99
- Table 39 command summary mac filter profile 99
- The following example creates a mac filter profile with the name macfilter01 99
- The following table describes the commands available for security profile management you must use the 99
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 99
- Chapter 10 wireless lan profiles 100
- Command to enter the configuration mode before you can use these commands 100
- Configure termina 100
- Layer 2 isolation profile commands 100
- Note if a device s mac addresses is not listed in a layer 2 isolation profile it is blocked from communicating with other devices in an ssid on which layer 2 isolation is enabled 100
- Nxc cli reference guide 100
- Table 40 input values for general layer 2 isolation profile commands 100
- Table 41 command summary layer 2 isolation profile 100
- The following table describes the commands available for layer 2 isolation profile management you must use the 100
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 100
- All managed aps should be connected to the nxc directly to get the configuration file before being deployed to build a zymesh wds ensure you restart the managed ap after you change its operating mode using the wlan radio profile radio_profile_name role commands 101
- Layer 2 isolation profile example 101
- When managed aps are deployed to form a zymesh wds for the first time the root ap must be connected to an ap controller the nxc 101
- Zymesh profile commands 101
- A zymesh wds link with more hops has lower throughput 102
- Command to enter the configuration mode before you can use these commands 102
- The following table describes the commands available for zymesh profile management you must use the 102
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 102
- The maximum number of hops the repeaters beteen a wireless client and the root ap you can have in a zymesh varies according to how many wireless clients a managed ap can support 102
- When the wireless connection between the root ap and the repeater is up in order to prevent bridge loops the repeater would not be able to transmit data through its ethernet port s the repeater then could only receive power from a poe device if you use poe to provide power to the managed ap via an 8 ping etherent cable 102
- Chapter 10 wireless lan profiles 103
- Note the zymesh ssid is hidden in the outgoing beacon frame so a wireless device cannot obtain the ssid through scanning using a site survey tool 103
- Nxc cli reference guide 103
- Table 43 command summary zymesh profile continued 103
- Hapter 105
- Rogue ap 105
- Rogue ap detection commands 105
- Rogue ap detection overview 105
- Rogue ap detection examples 106
- This example displays the rogue ap detection list 106
- This example sets the device associated with mac address 00 13 49 11 11 11 as a rogue ap and the device associated with mac address 00 13 49 11 11 22 as a friendly ap it then removes mac address from the rogue ap list with the assumption that it was misidentified 106
- Chapter 11 rogue ap 107
- Nxc cli reference guide 107
- Rogue ap containment overview 107
- These commands enable rogue ap containment you can use them to isolate a device that is flagged as a rogue ap they are global in that they apply to all managed aps on the network all aps utilize the same containment list but only aps set to monitor mode can actively engage in containment of rogue aps this means if we add a mac address of a device to the containment list then every ap on the network will respect it 107
- This example shows both the status of rogue ap detection and the summary of detected aps 107
- This example shows the combined rogue and friendly ap detection list 107
- This example shows the friendly ap detection list 107
- Containing a rogue ap means broadcasting unviable login data at it preventing legitimate wireless clients from connecting to it this is a kind of denial of service attack 108
- Rogue ap containment commands 108
- Rogue ap containment example 108
- Hapter 109
- Wireless frame capture 109
- Wireless frame capture commands 109
- Wireless frame capture overview 109
- Chapter 12 wireless frame capture 110
- Command to enter the configuration mode before you can use these commands 110
- Configure termina 110
- Nxc cli reference guide 110
- Table 49 command summary wireless frame capture 110
- The following table describes the commands available for wireless frame capture you must use the 110
- This example configures the wireless frame capture parameters for an ap located at ip address 192 68 110
- This example shows frame capture status and configuration 110
- Wireless frame capture examples 110
- Dcs commands 111
- Dcs overview 111
- Dynamic channel selection 111
- Hapter 111
- Auto healing 113
- Auto healing commands 113
- Auto healing overview 113
- Hapter 113
- Auto healing examples 114
- Chapter 14 auto healing 114
- Nxc cli reference guide 114
- Table 52 command summary auto healing continued 114
- This example enables auto healing and sets the power level in dbm to which the neighbor aps of the failed ap increase their output power 114
- Dynamic guest 115
- Dynamic guest commands 115
- Dynamic guest overview 115
- Hapter 115
- Chapter 15 dynamic guest 116
- Nxc cli reference guide 116
- Table 53 command summary dynamic guest continued 116
- Chapter 15 dynamic guest 117
- Dynamic guest examples 117
- Nxc cli reference guide 117
- This example creates a guest manager user account and a dynamic guest user group then sets the nxc to generate two dynamic guest accounts automatically this also shows the dynamic guest users information 117
- Hapter 119
- Led suppression commands 119
- Led suppression mode 119
- Chapter 16 leds 120
- Led locator 120
- Led locator commands 120
- Led locator commands example 120
- Led suppression commands example 120
- Note you should run this command before enabling the led locator function 120
- Nxc cli reference guide 120
- Table 55 led locator commands 120
- The following example activates led suppression mode on the ap with the mac address 00 a0 c5 01 23 45 and displays the settings 120
- The following example turns on the led locator feature on the ap with the mac address 00 a0 c5 01 23 45 sets how long the locator led stays blinking and also displays the settings 120
- The led locator feature identifies the location of the wac ap among several devices in the network you can run this feature and set a timer 120
- Use these commands to run the led locator feature you must use the configure terminal command before you can use these commands 120
- Hapter 121
- Zones overview 121
- Chapter 17 zones 122
- Nxc cli reference guide 122
- Table 56 input values for zone commands 122
- Table 57 zone commands 122
- The following table describes the values required for many zone commands other values are discussed with the corresponding commands 122
- This table lists the zone commands 122
- Zone commands summary 122
- Chapter 17 zones 123
- Nxc cli reference guide 123
- The following commands add ethernet interfaces ge1 and ge2 to zone a and block intra zone traffic 123
- Zone command examples 123
- Alg introduction 125
- Hapter 125
- Alg commands 126
- Alg commands example 126
- Chapter 18 alg 126
- Command to enter the configuration mode before you can use these commands 126
- Commands you must use the 126
- Configure terminal 126
- Nxc cli reference guide 126
- Table 58 alg commands 126
- The following example turns on pass through for sip and turns it off for h 23 126
- The following table lists the 126
- Captive portal 127
- Captive portal overview 127
- Hapter 127
- Web authentication policy commands 127
- Chapter 19 captive portal 128
- Nxc cli reference guide 128
- Table 59 web authentication policy commands continued 128
- Table 60 web auth login setting sub commands 128
- The following table describes the sub commands for the web auth login setting command 128
- Web auth login setting sub commands 128
- Chapter 19 captive portal 129
- Here is an example of using a custom login page from an external web portal for web authentication the following commands 129
- Nxc cli reference guide 129
- Table 60 web auth login setting sub commands continued 129
- Table 61 web auth policy sub commands 129
- The following table describes the sub commands for several web auth policy commands note that not all rule commands use all the sub commands listed here 129
- Turn on web authentication set the nxc to use the authentication profile named authprofile1 set www login com as the login web page through which users authenticate their connections 129
- Web auth policy sub commands 129
- Web authentication policy insert command example 129
- Chapter 19 captive portal 130
- Have the nxc use a custom login page from an external web portal instead of the default one built into the nxc create web auth policy 1 set web auth policy 1 to use the ssid profile named ssidprofile1 set web auth policy 1 to require user authentication have the nxc automatically display the login screen when unauthenticated users try to send http traffic turn on web auth policy 1 130
- Note at the time of writing you can only configure the default profile 130
- Nxc cli reference guide 130
- Qrcode auth profile commands 130
- Table 62 qrcode auth profile commands 130
- Use these commands to create qr code authentication profiles which allow clients to authenticate themselves with a qr code a qr code is a graphical representation of data it contains which can be a url users scan the qr code on the web portal by running a scanning app on their mobile devices or desktops and pointing the camera or webcam to the qr code they then can quickly log into the website without entering a username and password 130
- Chapter 19 captive portal 131
- Nxc cli reference guide 131
- Page customization commands 131
- Table 62 qrcode auth profile commands continued 131
- Table 63 page customization commands 131
- Use these commands to use a custom login page which is either built into the nxc or uploaded to the nxc 131
- Command to enter the configuration mode before you can use these commands 132
- Customizing the user logout page 132
- Use these commands to customize the user logout screen 132
- You must use the 132
- Hapter 133
- Rtls commands 133
- Rtls introduction 133
- Firewall 135
- Firewall overview 135
- Hapter 135
- Chapter 21 firewall 136
- Command to enter the configuration mode before you can use these commands 136
- Configure termina 136
- Firewall commands 136
- For example if you want to allow a specific user from any computer to access one zone by logging in to the nxc you can set up a rule based on the user name only if you also apply a schedule to the firewall rule the user can only access the network at the scheduled time a user aware firewall rule is activated whenever the user logs in to the nxc and will be disabled after the user logs out of the nxc 136
- Nxc cli reference guide 136
- Table 66 input values for general firewall commands 136
- Table 67 command summary firewall 136
- The following table describes the commands available for the firewall you must use the 136
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 136
- Your customized rules take precedence and override the nxc s default settings the nxc checks the schedule user name user s login name on the nxc source ip address destination ip address and ip protocol type of network traffic against the firewall rules in the order you list them when the traffic matches a rule the nxc takes the action specified in the rule 136
- Chapter 21 firewall 137
- Nxc cli reference guide 137
- Table 67 command summary firewall continued 137
- Chapter 21 firewall 138
- Firewall sub commands 138
- Nxc cli reference guide 138
- Table 68 firewall sub commands 138
- The following table describes the sub commands for several firewall commands 138
- Firewall command examples 139
- Chapter 21 firewall 140
- Nxc cli reference guide 140
- Session limit commands 140
- Table 69 input values for general session limit commands 140
- The following command displays the firewall rule s including the default firewall rule that applies to the packet direction from wan to lan the firewall rule numbers in the menu are the firewall rules priority numbers in the global rule list 140
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 140
- Chapter 21 firewall 141
- Command to enter the configuration mode before you can use these commands 141
- Configure termina 141
- Nxc cli reference guide 141
- Table 70 command summary session limit 141
- The following table describes the session limit commands you must use the 141
- Hapter 143
- User account overview 143
- User group 143
- User types 143
- Chapter 22 user group 144
- Commands 144
- Commands other input values are discussed with the corresponding commands 144
- Nxc cli reference guide 144
- Table 72 username groupname command input values 144
- Table 73 username groupname commands summary users 144
- The first table lists the commands for users 144
- The following sections list the 144
- The following table identifies the values required for many 144
- User commands 144
- User group commands summary 144
- Username groupnam 144
- Username groupname 144
- Chapter 22 user group 145
- Nxc cli reference guide 145
- Table 73 username groupname commands summary users continued 145
- Table 74 username groupname commands summary groups 145
- Table 75 username groupname commands summary settings 145
- This table lists the commands for groups 145
- This table lists the commands for user settings except for forcing user authentication 145
- User group commands 145
- User setting commands 145
- Chapter 22 user group 146
- Nxc cli reference guide 146
- Table 75 username groupname commands summary settings continued 146
- The following commands show the current settings for the number of simultaneous logins 146
- User setting command examples 146
- Chapter 22 user group 147
- Create a mac role mac address user type user account named zyxel mac map a wireless client s mac address of 00 13 49 11 a0 c4 to the zyxel mac mac role mac address user account modify the wlan security profile named securewlan1 as follows turn on mac authentication use the authentication method named auth1 use colons to separate the two character pairs within account mac addresses 147
- Mac auth commands 147
- Mac auth example 147
- Nxc cli reference guide 147
- Table 76 mac auth commands summary 147
- The following commands 147
- This example uses an external server to authenticate wireless clients by mac address after authentication the nxc maps the wireless client to a mac address user account mac role configure user aware features to control mac address user access to network services 147
- This table lists the commands for mappings mac addresses to mac address user accounts 147
- Additional user commands 148
- Chapter 22 user group 148
- Nxc cli reference guide 148
- Table 77 username groupname commands summary additional 148
- This table lists additional commands for users 148
- Use upper case letters in the account mac addresses 148
- Additional user command examples 149
- Chapter 22 user group 149
- Nxc cli reference guide 149
- The following commands display the users that are currently logged in to the nxc and forces the logout of all logins from a specific ip address 149
- Chapter 22 user group 150
- Nxc cli reference guide 150
- The following commands display the users that are currently locked out and then unlocks the user who is displayed 150
- Address overview 151
- Addresses 151
- Hapter 151
- Address commands summary 152
- Address object commands 152
- Chapter 23 addresses 152
- Nxc cli reference guide 152
- Table 78 input values for address commands 152
- Table 79 address object commands address objects 152
- The following sections list the address object and address group commands 152
- The following table describes the values required for many address object and address group commands other values are discussed with the corresponding commands 152
- This table lists the commands for address objects 152
- Address group commands 153
- Address object command examples 153
- Chapter 23 addresses 153
- Nxc cli reference guide 153
- Table 80 object group commands address groups 153
- The following example creates three address objects and then deletes one 153
- This table lists the commands for address groups 153
- Address group command examples 154
- Chapter 23 addresses 154
- Nxc cli reference guide 154
- Table 80 object group commands address groups continued 154
- The following commands create three address objects a0 a1 and a2 and add a1 and a2 to address group rd 154
- Hapter 155
- Service object commands 155
- Services 155
- Services commands summary 155
- Services overview 155
- Chapter 24 services 156
- Nxc cli reference guide 156
- Service group commands 156
- Service object command examples 156
- Table 82 service object commands service objects continued 156
- Table 83 object group commands service groups 156
- The first table lists the commands for service groups 156
- The following commands create one service and display information about it 156
- Chapter 24 services 157
- Nxc cli reference guide 157
- Service group command examples 157
- Table 83 object group commands service groups continued 157
- The following commands create service icmp_echo create service group sg1 and add icmp_echo to sg1 157
- Hapter 159
- Schedule commands summary 159
- Schedule overview 159
- Schedules 159
- Chapter 25 schedules 160
- Nxc cli reference guide 160
- Schedule command examples 160
- Table 85 schedule commands 160
- The following commands create recurring schedule schedule1 and one time schedule schedule2 and then delete schedule1 160
- The following table lists the schedule commands 160
- Aaa server 161
- Aaa server overview 161
- Authentication server command summary 161
- Hapter 161
- Aaa group server ad 162
- Aaa group server ad commands 162
- Chapter 26 aaa server 162
- Commands you use to configure a group of ad servers 162
- Note you can not delete a server group that is currently in use 162
- Nxc cli reference guide 162
- Table 86 aaa group server ad commands 162
- The following table lists the 162
- Aaa group server ldap 163
- Aaa group server ldap commands 163
- Chapter 26 aaa server 163
- Commands you use to configure a group of ldap servers 163
- Note you can not delete a server group that is currently in use 163
- Nxc cli reference guide 163
- Table 86 aaa group server ad commands continued 163
- Table 87 aaa group server ldap commands 163
- The following table lists the 163
- Aaa group server radius 164
- Aaa group server radius commands 164
- Chapter 26 aaa server 164
- Commands you use to configure a group of radius servers 164
- Note you can not delete a server group that is currently in use 164
- Nxc cli reference guide 164
- Table 87 aaa group server ldap commands continued 164
- Table 88 aaa group server radius commands 164
- The following table lists the 164
- Chapter 26 aaa server 165
- Nxc cli reference guide 165
- Table 88 aaa group server radius commands continued 165
- Aaa group server command example 166
- Chapter 26 aaa server 166
- Nxc cli reference guide 166
- Table 88 aaa group server radius commands continued 166
- The following example creates a radius server group with two members and sets the secret key to 12345678 and the timeout to 100 seconds then this example also shows how to view the radius group settings 166
- Aaa authentication commands 167
- Authentication objects 167
- Authentication objects overview 167
- Hapter 167
- Aaa authentication command example 168
- Chapter 27 authentication objects 168
- Note you must specify at least one member for each profile each type of member can only be used once in a profile 168
- Nxc cli reference guide 168
- Table 89 aaa authentication commands continued 168
- The following example creates an authentication profile to authentication users using the ldap server group and then the local user database 168
- Chapter 27 authentication objects 169
- Command you use to teat a user account on an authentication server 169
- Ip address 172 6 0 port 389 base dn dc zyxel dc com bind dn zyxel engineerabc password abcdefg login name attribute samaccountname 169
- Nxc cli reference guide 169
- Table 90 test aaa command 169
- Test a user account command example 169
- Test aa 169
- Test aaa command 169
- The following example shows how to test whether a user account named userabc exists on the ad authentication server which uses the following settings 169
- The following table lists the 169
- The result shows the account exists on the ad server otherwise the nxc returns an error 169
- Authentication server 171
- Authentication server commands 171
- Authentication server overview 171
- Hapter 171
- Authentication server command examples 172
- Chapter 28 authentication server 172
- Nxc cli reference guide 172
- Table 91 command summary authentication server continued 172
- The following example shows you how to enable the authentication server feature on the nxc and sets a trusted radius client profile this example also shows you the authentication server and client profile settings 172
- Enc agent commands 173
- Enc overview 173
- Hapter 173
- Chapter 29 enc 174
- Nxc cli reference guide 174
- Table 92 command summary enc agent continued 174
- Chapter 29 enc 175
- Enc agent command examples 175
- Nxc cli reference guide 175
- Table 92 command summary enc agent continued 175
- The following example shows you how to turn on the enc agent feature on the nxc and sets the enc server s ip address this example also enables https authentication and shows you the enc agent settings 175
- Certificate commands 177
- Certificates 177
- Certificates commands input values 177
- Certificates overview 177
- Hapter 177
- Certificates commands summary 178
- Chapter 30 certificates 178
- Command to enter the configuration mode to be able to use these commands 178
- Configure termina 178
- Nxc cli reference guide 178
- Table 93 certificates commands input values continued 178
- Table 94 ca commands summary 178
- The following table lists the commands that you can use to display and manage the nxc s summary list of certificates and certification requests you can also create certificates or certification requests use the 178
- Chapter 30 certificates 179
- Nxc cli reference guide 179
- Table 94 ca commands summary continued 179
- Certificates commands examples 180
- Chapter 30 certificates 180
- Nxc cli reference guide 180
- The following example creates a self signed x 09 certificate with ip address 10 8 as the common name it uses the rsa key type with a 512 bit key then it displays the list of local certificates finally it deletes the pkcs12request certification request 180
- Customizing the www login page 181
- Hapter 181
- System 181
- System overview 181
- Chapter 31 system 182
- Color rgb enter red green and blue values in parenthesis and separate by commas for example use rgb 0 0 0 for black color name enter the name of the desired color color number enter a pound sign followed by the six digit hexadecimal number that represents the desired color for example use 000000 for black 182
- Command to enter the configuration mode before you can use these commands 182
- Configure termina 182
- Figure 15 access page customization 182
- Logo title 182
- Message color color of all text 182
- Note message last line of text 182
- Nxc cli reference guide 182
- Table 95 command summary customization 182
- The following table describes the commands available for customizing the web configurator login screen and the page that displays after an access user logs into the web configurator to access network services like the internet you must use the 182
- Window background 182
- You can specify colors in one of the following ways 182
- Chapter 31 system 183
- Command to enter the configuration mode before you can use these commands 183
- Configure termina 183
- For effective scheduling and logging the nxc system time must be accurate the nxc s real time chip rtc keeps track of the time and date there is also a software mechanism to set the time manually or get the current time and date from an external server 183
- Host name commands 183
- Nxc cli reference guide 183
- Table 95 command summary customization continued 183
- Table 96 command summary host name 183
- The following table describes the commands available for the hostname and domain name you must use the 183
- Time and date 183
- Command to enter the configuration mode before you can use these commands 184
- Date time commands 184
- The following table describes the commands available for date and time setup you must use the 184
- Command to enter the configuration mode before you can use these commands 185
- Console port speed 185
- Dns commands 185
- Dns domain name system is for mapping a domain name to its corresponding ip address and vice versa the dns server is extremely important because without it you must know the ip address of a machine before you can access it 185
- Dns overview 185
- The following table describes the commands available for dns you must use the 185
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 185
- This section shows you how to set the console port speed when you connect to the nxc via the console port using a terminal emulation program the following table describes the console port commands you must use the 185
- Chapter 31 system 186
- Dns command example 186
- Nxc cli reference guide 186
- Table 100 command summary dns continued 186
- This command sets an a record that specifies the mapping of a fully qualified domain name www abc com to an ip address 210 7 3 186
- Hapter 187
- Remote management limitations 187
- Remote management overview 187
- System remote management 187
- System timeout 187
- Chapter 32 system remote management 188
- Command to enter the configuration mode before you can use these commands 188
- Common system command input values 188
- Configure termina 188
- Defaul 188
- Http https commands 188
- Nxc cli reference guide 188
- Table 101 input values for general system commands 188
- Table 102 command summary http https 188
- The following table describes the commands available for http https you must use the 188
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 188
- Chapter 32 system remote management 189
- Http https command examples 189
- Nxc cli reference guide 189
- Table 102 command summary http https continued 189
- This following example adds a service control rule that allowed an administrator from the computers with the ip addresses matching the marketing address object to access the wan zone using http service 189
- Chapter 32 system remote management 190
- Command to enter the configuration mode before you can use these commands 190
- Configure termina 190
- Defaul 190
- Nxc cli reference guide 190
- Requirements for using ssh 190
- Ssh commands 190
- Ssh implementation on the nxc 190
- Table 103 command summary ssh 190
- The following table describes the commands available for ssh you must use the 190
- This command sets an authentication method used by the http https server to authenticate the client s 190
- This following example sets a certificate named mycert used by the https server to authenticate itself to the ssl client 190
- Unlike telnet or ftp which transmit data in clear text ssh secure shell is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network 190
- You must install an ssh client program on a client computer windows or linux operating system that is used to connect to the nxc over ssh 190
- Your nxc supports ssh versions 1 and 2 using rsa authentication and four encryption methods aes 3des archfour and blowfish the ssh server is implemented on the nxc for remote management on port 22 by default 190
- Chapter 32 system remote management 191
- Nxc cli reference guide 191
- Ssh command examples 191
- Table 103 command summary ssh continued 191
- Telnet 191
- This command sets a certificate default to be used to identify the nxc 191
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using ssh service 191
- You can configure your nxc for remote telnet access 191
- Chapter 32 system remote management 192
- Command to enter the configuration mode before you can use these commands 192
- Configure termina 192
- Nxc cli reference guide 192
- Table 104 command summary telnet 192
- Telnet commands 192
- Telnet commands examples 192
- The following table describes the commands available for telnet you must use the 192
- This command displays telnet settings 192
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using telnet service 192
- Command to enter the configuration mode before you can use these commands 193
- Configuring ftp 193
- Ftp commands 193
- Ftp commands examples 193
- The following table describes the commands available for ftp you must use the 193
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using ftp service 193
- You can upload and download the nxc s firmware and configuration files using ftp to use this feature your computer must have an ftp client 193
- Chapter 32 system remote management 194
- Nxc cli reference guide 194
- Simple network management protocol is a protocol used for exchanging management information between network devices your nxc supports snmp agent functionality which allows a manager station to manage and monitor the nxc through the network the nxc supports snmp version one snmpv1 and version two snmpv2c 194
- Snmp traps 194
- Supported mibs 194
- Table 106 snmp traps 194
- The nxc supports mib ii that is defined in rfc 1213 and rfc 1215 the nxc also supports private mibs aat private lol mib to collect information about cpu and memory usage the focus of the mibs is to let administrators collect statistical data and monitor status and performance you can download the nxc s mibs from www zyxel com 194
- The nxc will send traps to the snmp manager when any one of the following events occurs 194
- This command displays ftp settings 194
- Command to enter the configuration mode before you can use these commands 195
- Snmp commands 195
- The following table describes the commands available for snmp you must use the 195
- Snmp commands examples 196
- Tr 069 196
- Command to enter the configuration mode before you can use these commands 197
- The following table describes the commands available for tr 069 you must use the 197
- Tr 069 commands 197
- Command to enter the configuration mode before you can use these commands 198
- Language commands 198
- The following example shows you how to enable tr 069 management on the nxc set the management server address and display the tr 069 configurations 198
- Tr 069 commands examples 198
- Use the language commands to display what language the web configurator is using or change it you must use the 198
- Dhcpv6 object commands 199
- Dhcpv6 object commands summary 199
- Dhcpv6 objects 199
- Hapter 199
- Chapter 33 dhcpv6 objects 200
- Dhcpv6 object command examples 200
- Nxc cli reference guide 200
- This example creates and displays a dhcpv6 request object named test1 for dns server information 200
- Configuration files and shell scripts overview 201
- File directories 201
- File manager 201
- Hapter 201
- Chapter 34 file manager 202
- Comments in configuration files or shell scripts 202
- Figure 16 configuration file shell script example 202
- In a configuration file or shell script use or as the first character of a command line to have the nxc treat the line as a comment 202
- Nxc cli reference guide 202
- Table 113 configuration files and shell scripts in the nxc 202
- These files have the same syntax which is also identical to the way you run cli commands manually an example is shown below 202
- While configuration files and shell scripts have the same syntax the nxc applies configuration files differently than it runs shell scripts this is explained below 202
- You have to run the example in table 16 on page 202 as a shell script because the first command is run in privilege mode if you remove the first command you have to run the example as a configuration file because the rest of the commands are executed in configuration mode see section 1 on page 22 for more information about cli modes 202
- Your configuration files or shell scripts can use exit or a command line consisting of a single to have the nxc exit sub command mode 202
- Errors in configuration files or shell scripts 203
- Exit or must follow sub commands if it is to make the nxc exit sub command mode 203
- Nxc configuration file details 203
- Configuration file flow at restart 204
- File manager commands input values 204
- Chapter 34 file manager 205
- File manager commands summary 205
- Nxc cli reference guide 205
- Table 115 file manager commands summary 205
- The following table lists the commands that you can use for file management 205
- Chapter 34 file manager 206
- Command line ftp file upload 206
- Connect to the nxc 2 enter bin to set the transfer mode to binary 3 you can upload the firmware after you log in through ftp to upload other files use cd to change to the corresponding directory 4 use put to transfer files from the computer to the nxc 206
- File manager command example 206
- For example in the conf directory use put config conf today conf to upload the configuration file config conf to the nxc and rename it today conf put 1 0 xl bin transfers the firmware 1 0 xl bin to the nxc 206
- Ftp file transfer 206
- Nxc cli reference guide 206
- Table 115 file manager commands summary continued 206
- This example saves a back up of the current configuration before applying a shell script file 206
- You can use ftp to transfer files to and from the nxc for advanced maintenance and support 206
- Command line ftp configuration file upload example 207
- Command line ftp file download 207
- The firmware update can take up to five minutes do not turn off or reset the nxc while the firmware update is in progress if you lose power during the firmware upload you may need to refer to section 34 on page 209 to recover the firmware 207
- Uploading a custom signature file named custom rules overwrites all custom signatures on the nxc 207
- Chapter 34 file manager 208
- Command line ftp configuration file download example 208
- Figure 18 ftp configuration file download example 208
- Firmware update scheduling commands 208
- Nxc cli reference guide 208
- Nxc file usage at startup 208
- Table 116 firmware update scheduling commands summary 208
- The following example gets a configuration file named today conf from the nxc and saves it on the computer as current conf 208
- The following table lists the commands that you can use for firmware update scheduling 208
- The nxc can be scheduled to install the firmware you uploaded at the specified date and time 208
- The nxc uses the following files at system startup 208
- Do not press any keys at this point wait to see what displays next 209
- Notification of a damaged recovery image or firmware 209
- Restoring the recovery image nxc5200 only 210
- You only need to use this section if you need to restore the recovery image 210
- You only need to use the atuk or atur command if the recovery image is damaged 211
- Restoring the firmware 212
- This section is not for normal firmware uploads you only need to use this section if you need to recover the firmware 212
- The username prompt displays after the nxc starts up successfully the firmware recovery process is now complete and the nxc is ready to use 214
- If the default system database file is not valid the nxc displays a warning message in your console session at startup or when reloading the anti virus or idp signatures it also generates a log here are some examples use this section to restore the nxc s default system database 215
- Restoring the default system database 215
- The default system database stores information such as the default anti virus or idp signatures the nxc can still operate if the default system database is damaged or missing but related features like anti virus or idp may not function properly 215
- Using the atkz u debug command nxc5200 only 216
- You only need to use the atkz u command if the default system database is damaged 216
- The username prompt displays after the nxc starts up successfully the default system database recovery process is now complete and the nxc idp and anti virus features are ready to use again 218
- Hapter 219
- Log commands summary 219
- Chapter 35 logs 220
- Log entries commands 220
- Nxc cli reference guide 220
- System log commands 220
- Table 118 logging commands log entries 220
- Table 119 logging commands system log settings 220
- This table lists the commands for the system log settings 220
- This table lists the commands to look at log entries 220
- Chapter 35 logs 221
- Debug log commands 221
- Nxc cli reference guide 221
- System log command examples 221
- Table 120 logging commands debug log settings 221
- The following command displays the current status of the system log 221
- This table lists the commands for the debug log settings 221
- Chapter 35 logs 222
- E mail profile log commands 222
- Nxc cli reference guide 222
- Table 121 logging commands remote syslog server settings 222
- Table 122 logging commands e mail profile settings 222
- This table lists the commands for the e mail profile settings 222
- This table lists the commands for the remote syslog server settings 222
- Chapter 35 logs 223
- E mail profile command examples 223
- Nxc cli reference guide 223
- Table 122 logging commands e mail profile settings continued 223
- The following commands set up e mail log 1 223
- Access point logging commands 224
- Console port log commands 224
- For the purposes of this device s cli access points are referred to as wtps 224
- Chapter 35 logs 225
- Nxc cli reference guide 225
- Table 124 logging commands access point settings continued 225
- Hapter 227
- Report commands 227
- Report commands summary 227
- Reports and reboot 227
- Chapter 36 reports and reboot 228
- Nxc cli reference guide 228
- Report command examples 228
- Session commands 228
- Table 126 session commands 228
- The following commands start collecting data display the traffic reports and stop collecting data 228
- This table lists the command to display the current sessions for debugging or statistical analysis 228
- Chapter 36 reports and reboot 229
- Command to enter the configuration mode before you can use these commands 229
- Configure termina 229
- Email daily report commands 229
- Nxc cli reference guide 229
- Table 127 input values for email daily report commands 229
- Table 128 email daily report commands 229
- The following table identifies the values used in some of these commands other input values are discussed with the corresponding commands 229
- Use these commands to have the nxc e mail you system statistics every day you must use the 229
- Chapter 36 reports and reboot 230
- Nxc cli reference guide 230
- Table 128 email daily report commands continued 230
- Chapter 36 reports and reboot 231
- Email daily report example 231
- Nxc cli reference guide 231
- This example sets the nxc to send a daily report e mail 231
- Chapter 36 reports and reboot 232
- Command to restart the device 232
- Command to save the configuration before you reboot otherwise the changes are lost when you reboot 232
- If you made changes in the cli you have to use the 232
- Nxc cli reference guide 232
- Reboot 232
- This displays the email daily report settings and has the nxc send the report now 232
- Use the 232
- Use this to restart the device for example if the device begins behaving erratically 232
- Hapter 233
- Session timeout 233
- Diagnosis commands 235
- Diagnosis commands example 235
- Diagnostics 235
- Hapter 235
- Hapter 237
- Packet flow explore 237
- Packet flow explore commands 237
- Chapter 39 packet flow explore 238
- Nxc cli reference guide 238
- Packet flow explore commands example 238
- The following example shows all activated 1 to 1 nat rules 238
- The following example shows all activated 1 to 1 snat rules 238
- The following example shows all activated policy routes 238
- The following example shows all activated policy routes which use snat 238
- The following example shows all routing related functions and their order 238
- The following example shows all snat related functions and their order 238
- Hapter 239
- Maintenance tools 239
- Maintenance tools commands 239
- Chapter 40 maintenance tools 240
- Here are maintenance tool commands that you can use in configure mode 240
- Note if you have existing capture files you may need to set this size larger or delete existing capture files 240
- Note use the packet capture configure command to configure the packet capture settings before using this command 240
- Nxc cli reference guide 240
- Table 133 maintenance tools commands in configuration mode 240
- Chapter 40 maintenance tools 241
- Command examples 241
- Nxc cli reference guide 241
- Some packet trace command examples are shown below 241
- Table 133 maintenance tools commands in configuration mode continued 241
- Chapter 40 maintenance tools 242
- Nxc cli reference guide 242
- The following example creates an arp table entry for ip address 192 68 0 and mac address 01 02 03 04 05 06 then it shows the arp table and finally removes the new entry 242
- The following examples show how to configure packet capture settings and perform a packet capture first you have to check whether a packet capture is running this example shows no other packet capture is running then you can also check the current packet capture settings 242
- Chapter 40 maintenance tools 243
- Check current packet capture status and list all packet captures the nxc has performed 243
- Exit the sub command mode and have the nxc capture packets according to the settings you just configured 243
- Ip address any host ip any host port any then you do not need to configure this setting file suffix example file size 10000 byes duration 150 seconds 243
- Manually stop the running packet capturing 243
- Nxc cli reference guide 243
- Then configure the following settings to capture packets going through the nxc s wan1 interface only this means you have to remove lan2 and wan2 from the iface list 243
- You can use ftp to download a capture file open and study it using a packet analyzer tool for example ethereal or wireshark 243
- Hapter 245
- Hardware watchdog timer 245
- Software watchdog timer 245
- Watchdog timer 245
- Application watchdog 246
- Command to enter the configuration mode to be able to use these commands 246
- Commands use the 246
- The application watchdog has the system restart a process that fails these are the 246
- The software watchdog timer commands are for support engineers it is recommended that you not modify the software watchdog timer settings 246
- Application watchdog commands example 247
- Chapter 41 watchdog timer 247
- Nxc cli reference guide 247
- Table 136 app watchdog commands 247
- The following example displays the application watchdog configuration 247
- Chapter 41 watchdog timer 248
- Nxc cli reference guide 248
- The following example lists the processes that the application watchdog is monitoring 248
- Accessing the ap cli 249
- Hapter 249
- Managed ap commands 249
- Managed series ap commands overview 249
- Capwap client commands 250
- Chapter 42 managed ap commands 250
- Command to enter the configuration mode before you can use these commands 250
- Configure termina 250
- Nxc cli reference guide 250
- Table 137 input values for capwap client commands 250
- Table 138 command summary capwap client 250
- The following table describes commands for configuring the ap s capwap client parameters which include the management interface you must use the 250
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 250
- Use the capwap client commands to configure the ap s ip address and other related management interface settings do not use the original interface commands to configure the ip address and related settings on the ap because the ap does not save interface command settings after rebooting 250
- Capwap client commands example 251
- Chapter 42 managed ap commands 251
- Display how the ap finds the nxc set the ap s management ip address to 192 68 7 and netmask 255 55 55 set the ap s default gateway ip address to 192 68 2 sets the ap s management interface to use vlan id 2 and send tagged packets specifies the primary and secondary ip addresses of the nxc 192 68 and 192 68 to which the ap connects displays the settings it configured 251
- Nxc cli reference guide 251
- This example shows how to configure the ap s management interface and how it connects to the ap controller the nxc and check the connecting status the following commands 251
- Command to enter the configuration mode before you can use these commands 252
- Dns server commands 252
- Dns server commands example 252
- Set the ap s management ip address to 192 68 00 and netmask 255 55 55 sets the ap s management interface to use vlan id 3 set the ap s default gateway ip address to 192 68 add a domain zone forwarder record that specifies a dns server s ip address of 10 and uses the bridge 0 interface to send queries to that dns server set the ap controller s primary domain name as capwap server zyxel com and secondary domain name as capwap test com 252
- The following table describes commands for configuring the ap s dns server you must use the 252
- This example configures the ap to connect to the ap controller the nxc by dns the following commands 252
- Dns server commands and dhcp 253
- List of commands 255
- Nxc cli reference guide 255
- This section lists the root commands in alphabetical order 255
- List of commands 256
- Nxc cli reference guide 256
- List of commands 257
- Nxc cli reference guide 257
- List of commands 258
- Nxc cli reference guide 258
- List of commands 259
- Nxc cli reference guide 259
- List of commands 260
- Nxc cli reference guide 260
- List of commands 261
- Nxc cli reference guide 261
- List of commands 262
- Nxc cli reference guide 262
- List of commands 263
- Nxc cli reference guide 263
- List of commands 264
- Nxc cli reference guide 264
- List of commands 265
- Nxc cli reference guide 265
- List of commands 266
- Nxc cli reference guide 266
- List of commands 267
- Nxc cli reference guide 267
- List of commands 268
- Nxc cli reference guide 268
- List of commands 269
- Nxc cli reference guide 269
- List of commands 270
- Nxc cli reference guide 270
- List of commands 271
- Nxc cli reference guide 271
- List of commands 272
- Nxc cli reference guide 272
- List of commands 273
- Nxc cli reference guide 273
- List of commands 274
- Nxc cli reference guide 274
- List of commands 275
- Nxc cli reference guide 275
Похожие устройства
- HP laserjet pro 500 m521dn Инструкция по эксплуатации
- HP scanjet 300 Инструкция по эксплуатации
- HP scanjet 200 Инструкция по эксплуатации
- HP designjet t120 Инструкция по эксплуатации
- HP envy m6-1262er, d2g42ea Инструкция по эксплуатации
- Zyxel NXC5500 Инструкция по эксплуатации
- Zyxel NXC5500 Инструкция по установке
- Zyxel NXC5500 Технические характеристики
- Zyxel NXC5500 Справочник командного интерфейса
- Zyxel NXC5500 Рекомендации по настройке
- HP 1410-24 switch, j9663a Инструкция по эксплуатации
- HP 1405-8 v2 switch, j9793a Инструкция по эксплуатации
- Zyxel NXC5200 Инструкция по эксплуатации
- HP 1405-5g v2 switch, j9792a Инструкция по эксплуатации
- Zyxel NXC5200 Инструкция по установке
- Zyxel NXC5200 Рекомендации по настройке
- Zyxel NXC5200 Технические характеристики
- Zyxel NXC5200 Справочник командного интерфейса
- HP 1405-5 v2 switch, j9791a Инструкция по эксплуатации
- Zyxel NWA3000-N series Инструкция по эксплуатации