Zyxel UAG5100 [172/361] Firewall commands

Содержание

• Cli reference guide 1
• Default login details 1
• Quick start guide 1
• Uag series 1
• Unified access gateway 1
• Important read carefully before use keep this guide for future reference 2
• It is recommended you use the web configurator to configure the uag 2
• About this cli reference guide 3
• How to use this guide 3
• Intended audience 3
• Note some features cannot be configured in both the web configurator and cli 3
• Note the version number on the cover page refers to the latest firmware version supported by the uag this guide applies to versions 2 0 4 0 4 1 and 4 0 at the time of writing 3
• Note this guide is intended as a command reference for a series of products therefore many commands or command options in this guide may not be available in your product see your user s guide for a list of supported features and details about feature implementation 3
• Document conventions 4
• Icons used in figures 4
• Note notes tell you other important information for example other things you may need to configure or helpful tips or recommendations 4
• Syntax conventions 4
• Warnings and notes 4
• Warnings tell you about things that could harm you or your device 4
• Document conventions 5
• Uag cli reference guide 5
• Contents overview 6
• Introduction 2 6
• Reference 1 6
• About this cli reference guide 8
• Chapter 1 command line interface 4 8
• Contents overview 8
• Document conventions 8
• Part i introduction 22 8
• Table of contents 8
• Chapter 2 user and privilege modes 7 9
• Chapter 3 object reference 3 9
• Chapter 4 status 5 9
• Chapter 5 registration 8 9
• Chapter 6 ap management 5 9
• Chapter 7 wireless lan profiles 9 9
• Part ii reference 41 9
• Chapter 10 dynamic channel selection 7 10
• Chapter 11 wireless load balancing 9 10
• Chapter 12 auto healing 2 10
• Chapter 13 interfaces 4 10
• Chapter 8 rogue ap 1 10
• Chapter 9 wireless frame capture 5 10
• Chapter 14 trunks 06 11
• Chapter 15 ip drop in 111 11
• Chapter 16 route 114 11
• Chapter 17 routing protocol 21 12
• Chapter 18 zones 25 12
• Chapter 19 ddns 28 12
• Chapter 20 virtual servers 31 12
• Chapter 21 vpn 1 1 mapping 36 12
• Chapter 22 http redirect 40 13
• Chapter 23 smtp redirect 42 13
• Chapter 24 alg 45 13
• Chapter 25 upnp 48 13
• Chapter 26 ip mac binding 51 13
• Chapter 27 layer 2 isolation 53 13
• Chapter 28 ipnp 56 14
• Chapter 29 web authentication 58 14
• Chapter 30 walled garden 66 14
• Chapter 31 advertisement 68 14
• Chapter 32 rtls 69 14
• Chapter 33 firewall 71 14
• Chapter 34 billing 77 15
• Chapter 35 payment service 81 15
• Chapter 36 printer manager 84 15
• Chapter 37 free time 86 15
• Chapter 38 sms 88 15
• Chapter 39 bandwidth management 90 15
• Chapter 40 ipsec vpn 95 16
• Chapter 41 ssl vpn 05 16
• Chapter 42 application patrol 10 16
• Chapter 43 content filtering 13 16
• Chapter 44 user group 24 16
• Chapter 45 application object 32 17
• Chapter 46 addresses 35 17
• Chapter 47 services 38 17
• Chapter 48 schedules 41 17
• Chapter 49 aaa server 43 17
• Chapter 50 authentication objects 50 18
• Chapter 51 certificates 53 18
• Chapter 52 isp accounts 58 18
• Chapter 53 ssl application 60 18
• Chapter 54 endpoint security 62 18
• Chapter 55 dynamic guest accounts 69 18
• Chapter 56 system 72 19
• Chapter 57 system remote management 81 19
• Chapter 58 file manager 91 20
• Chapter 59 logs 04 20
• Chapter 60 reports and reboot 09 20
• Chapter 61 session timeout 15 21
• Chapter 62 diagnostics 16 21
• Chapter 63 packet flow explore 17 21
• Chapter 64 maintenance tools 21 21
• Chapter 65 watchdog timer 26 21
• List of commands alphabetical 30 21
• Introduction 22
• Accessing the cli 24
• Command line interface 24
• Overview 24
• The configuration file 24
• Console port 25
• Note before you can access the cli through the web configurator make sure your computer supports the java runtime environment you will be prompted to download and install the java plug in if it is not already installed 25
• Note the default login username is admin and password is 1234 the username and password are case sensitive 25
• Web configurator console 25
• Configure termina 27
• Note the default login username is admin it is case sensitive 27
• Router config 27
• How to find commands in this guide 28
• Note the default login username is admin and password is 1234 the username and password are case sensitive 28
• Ssh secure shell 28
• Telnet 28
• Telnet 192 68 28
• Background information optional 29
• Command examples optional 29
• Command input values optional 29
• Command summary 29
• Command syntax 29
• How commands are explained 29
• Note see the user s guide for background information about most features 29
• Service objec 29
• At the time of writing there is not much difference between user and privilege mode for admin users this is reserved for future use 30
• Changing the password 30
• Chapter 1 command line interface 30
• Cli modes 30
• Exactly as it appears followed by two numbers between 1 and 65535 30
• It is highly recommended that you change the password for accessing the uag see section 44 on page 225 for the appropriate commands 30
• See chapter 44 on page 224 for more information about the user types user users can only log in look at but not run the available commands in user mode and log out limited admin users can look at the configuration in the web configurator and cli and they can run basic diagnostics in the cli admin users can configure the uag in the web configurator or cli 30
• Table 2 cli modes 30
• Uag cli reference guide 30
• User privilege configuration sub command 30
• You run cli commands in one of several modes 30
• A list of valid commands can be found by typing 31
• At the command prompt to view a list of available commands within a command group enter 31
• Chapter 1 command line interface 31
• Figure 10 help available command example 2 31
• Figure 11 help sub command information example 31
• Figure 12 help required user input example 31
• Figure 9 help available commands example 1 31
• List of available commands 31
• List of sub commands or required user input 31
• Shortcuts and help 31
• To view detailed help information for a command enter 31
• Uag cli reference guide 31
• Command history 32
• Configur 32
• Entering a in a command 32
• Entering partial commands 32
• Erase current command 32
• Navigation 32
• The no commands 32
• Chapter 1 command line interface 33
• Description 33
• Input values 33
• Table 3 input value formats for strings in cli commands 33
• Tag values legal values 33
• The following table provides more information about input values like 33
• Uag cli reference guide 33
• You can use the or tab to get more information about the next input value that is required for a command in some cases the next input value is a string whose length and allowable characters may not be displayed in the screen for example in the following example the next input value is a string called 33
• Chapter 1 command line interface 34
• Table 3 input value formats for strings in cli commands continued 34
• Tag values legal values 34
• Uag cli reference guide 34
• Chapter 1 command line interface 35
• Table 3 input value formats for strings in cli commands continued 35
• Tag values legal values 35
• Uag cli reference guide 35
• Ethernet interfaces 36
• Logging out 36
• Note always save the changes before you log out after each management session all unsaved changes will be lost after the system restarts 36
• Saving configuration changes 36
• User and privilege modes 37
• Chapter 2 user and privilege modes 38
• Command mode description 38
• Command syntax description linux command equivalent 38
• Debug commands 38
• Debug commands marked with an asterisk are not available when the debug flag is on and are for zyxel service personnel use only the debug commands follow a linux based syntax so if there is a linux equivalent it is displayed in this chapter for your reference you must know a command listed here well before you use it otherwise it may cause undesired results 38
• Note these commands are for zyxel s internal manufacturing process 38
• Subsequent chapters in this guide describe the configuration commands user privilege mode commands that are also configuration commands for example show are described in more detail in the related configuration command chapter 38
• Table 4 user u and privilege p mode commands continued 38
• Table 5 debug commands 38
• Uag cli reference guide 38
• Chapter 2 user and privilege modes 39
• Command syntax description linux command equivalent 39
• Table 5 debug commands continued 39
• Uag cli reference guide 39
• Chapter 2 user and privilege modes 40
• Command syntax description linux command equivalent 40
• Table 5 debug commands continued 40
• Uag cli reference guide 40
• Reference 41
• Object reference 43
• Object reference commands 43
• Chapter 3 object reference 44
• Command description 44
• Object reference command example 44
• Table 6 show reference commands continued 44
• This example shows how to check which configuration is using an address object named lan1_subnet for the command output firewall rule 3 named lan1 to uag is using the address object 44
• Uag cli reference guide 44
• Status 45
• Chapter 4 status 46
• Here are examples of the commands that display the fan speed mac address memory usage ram size and serial number 46
• Here is an example of the command that displays the listening ports 46
• Here is an example of the command that displays the open ports 46
• Uag cli reference guide 46
• Chapter 4 status 47
• Here are examples of the commands that display the system uptime and model firmware and build information 47
• This example shows the current led states on the uag the sys led lights on and green 47
• Uag cli reference guide 47
• Content filtering subscription service 48
• Myzyxel com overview 48
• Registration 48
• Subscription services available on the uag 48
• Configure termina 49
• Maximum number of managed aps 49
• Registration commands v2 0 only 49
• Command examples 50
• Configure termina 50
• Registration status commands v4 0 and later only 50
• Chapter 5 registration 51
• Command examples 51
• Country code 51
• Country code country name country code country name 51
• Table 11 country codes 51
• The following command displays the service registration status and type and how many days remain before the service expires 51
• The following table displays the number for each country 51
• Uag cli reference guide 51
• Chapter 5 registration 52
• Country code country name country code country name 52
• Table 11 country codes continued 52
• Uag cli reference guide 52
• Chapter 5 registration 53
• Country code country name country code country name 53
• Table 11 country codes continued 53
• Uag cli reference guide 53
• Chapter 5 registration 54
• Country code country name country code country name 54
• Table 11 country codes continued 54
• Uag cli reference guide 54
• Ap management 55
• Ap management commands 55
• Ap management overview 55
• Chapter 6 ap management 56
• Command description 56
• Command to enter the configuration mode before you can use these commands 56
• Configure termina 56
• Table 13 command summary ap management 56
• The following table describes the commands available for ap management you must use the 56
• Uag cli reference guide 56
• Chapter 6 ap management 57
• Command description 57
• Table 13 command summary ap management continued 57
• Uag cli reference guide 57
• Ap management commands example 58
• Chapter 6 ap management 58
• The following example shows you how to add an ap to the management list and then edit it 58
• Uag cli reference guide 58
• Ap radio profile commands 59
• Wireless lan profiles 59
• Wireless lan profiles overview 59
• Chapter 7 wireless lan profiles 60
• Command description 60
• Command to enter the configuration mode before you can use these commands 60
• Configure termina 60
• Label description 60
• Table 14 input values for general radio profile commands continued 60
• Table 15 command summary radio profile 60
• The following table describes the commands available for radio profile management you must use the 60
• Uag cli reference guide 60
• Chapter 7 wireless lan profiles 61
• Command description 61
• Table 15 command summary radio profile continued 61
• Uag cli reference guide 61
• Chapter 7 wireless lan profiles 62
• Command description 62
• Table 15 command summary radio profile continued 62
• Uag cli reference guide 62
• 2 g band with channel 6 63
• A beacon interval of 100ms 63
• A dtim period of 2 63
• A short guard interval 63
• Ampdu frame aggregation enabled 63
• Amsdu frame aggregation enabled 63
• An ampdu buffer limit of 65535 bytes 63
• An ampdu subframe limit of 64 frames 63
• An amsdu buffer limit of 4096 63
• An output power of 100 63
• Ap profile commands example 63
• Block acknowledgement enabled 63
• Channel width of 20mhz 63
• Chapter 7 wireless lan profiles 63
• Command description 63
• Table 15 command summary radio profile continued 63
• The following example shows you how to set up the radio profile named radio01 activate it and configure it to use the following settings 63
• Uag cli reference guide 63
• Ap monitor profile commands 64
• Configure termina 64
• Ssid profile commands 65
• Chapter 7 wireless lan profiles 66
• Command description 66
• Command to enter the configuration mode before you can use these commands 66
• Configure termina 66
• Label description 66
• Note the managed aps must be dual band capable 66
• Table 18 input values for general ssid profile commands continued 66
• Table 19 command summary ssid profile 66
• The following table describes the commands available for ssid profile management you must use the 66
• Uag cli reference guide 66
• Chapter 7 wireless lan profiles 67
• Command description 67
• Ssid profile example 67
• Table 19 command summary ssid profile continued 67
• The following example creates an ssid profile with the name zyxel it makes the assumption that both the security profile security01 and the mac filter profile macfilter01 already exist 67
• Uag cli reference guide 67
• Chapter 7 wireless lan profiles 68
• Command description 68
• Command to enter the configuration mode before you can use these commands 68
• Configure termina 68
• Label description 68
• Security profile commands 68
• Table 20 input values for general security profile commands 68
• Table 21 command summary security profile 68
• The following table describes the commands available for security profile management you must use the 68
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 68
• Uag cli reference guide 68
• Chapter 7 wireless lan profiles 69
• Command description 69
• Security profile example 69
• Table 21 command summary security profile continued 69
• The following example creates a security profile with the name security01 69
• Uag cli reference guide 69
• Chapter 7 wireless lan profiles 70
• Command description 70
• Command to enter the configuration mode before you can use these commands 70
• Configure termina 70
• Label description 70
• Mac filter profile commands 70
• Mac filter profile example 70
• Table 22 input values for general mac filter profile commands 70
• Table 23 command summary mac filter profile 70
• The following example creates a mac filter profile with the name macfilter01 70
• The following table describes the commands available for security profile management you must use the 70
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 70
• Uag cli reference guide 70
• Rogue ap 71
• Rogue ap detection commands 71
• Rogue ap detection overview 71
• Chapter 8 rogue ap 72
• Command description 72
• Rogue ap detection examples 72
• Table 25 command summary rogue ap detection continued 72
• This example displays the rogue ap detection list 72
• This example sets the device associated with mac address 00 13 49 11 11 11 as a rogue ap and the device associated with mac address 00 13 49 11 11 22 as a friendly ap it then removes mac address from the rogue ap list with the assumption that it was misidentified 72
• Uag cli reference guide 72
• Note containing a rogue ap means broadcasting unviable login data at it preventing legitimate wireless clients from connecting to it this is a kind of denial of service attack 73
• Rogue ap containment overview 73
• Chapter 8 rogue ap 74
• Command description 74
• Command to enter the configuration mode before you can use these commands 74
• Configure termina 74
• Label description 74
• Rogue ap containment commands 74
• Rogue ap containment example 74
• Table 26 input values for rogue ap containment commands 74
• Table 27 command summary rogue ap containment 74
• The following table describes the commands available for rogue ap containment you must use the 74
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 74
• This example contains the device associated with mac address 00 13 49 11 11 12 then displays the containment list for confirmation 74
• Uag cli reference guide 74
• Wireless frame capture 75
• Wireless frame capture commands 75
• Wireless frame capture overview 75
• Chapter 9 wireless frame capture 76
• Command description 76
• Command to enter the configuration mode before you can use these commands 76
• Configure termina 76
• Table 29 command summary wireless frame capture 76
• The following table describes the commands available for wireless frame capture you must use the 76
• This example configures the wireless frame capture parameters for an ap located at ip address 192 68 76
• This example shows frame capture status and configuration 76
• Uag cli reference guide 76
• Wireless frame capture examples 76
• Dcs commands 77
• Dcs overview 77
• Dynamic channel selection 77
• Chapter 10 dynamic channel selection 78
• Command description 78
• Dcs examples 78
• Table 31 command summary dcs continued 78
• This example creates a dcs configuration 78
• This example displays the dcs configuration created in the previous example 78
• Uag cli reference guide 78
• Wireless load balancing 79
• Wireless load balancing commands 79
• Wireless load balancing overview 79
• Chapter 11 wireless load balancing 80
• Command description 80
• Note this parameter has been optimized for the uag and should not be changed unless you have been specifically directed to do so by zyxel support 80
• Table 32 command summary load balancing continued 80
• The following example shows you how to configure ap load balancing in by station mode the maximum number of stations is set to 1 80
• Uag cli reference guide 80
• Wireless load balancing examples 80
• Chapter 11 wireless load balancing 81
• The following example shows you how to configure ap load balancing in by traffic mode the traffic level is set to low and disassociate station is enabled 81
• Uag cli reference guide 81
• Auto healing 82
• Auto healing commands 82
• Auto healing overview 82
• Auto healing examples 83
• Chapter 12 auto healing 83
• Command description 83
• Table 34 command summary auto healing continued 83
• This example enables auto healing and sets the power level in dbm to which the neighbor aps of the failed ap increase their output power 83
• Uag cli reference guide 83
• Interface overview 84
• Interfaces 84
• Types of interfaces 84
• Chapter 13 interfaces 85
• Characteristics ethernet ethernet vlan bridge ppp virtual 85
• In the uag interfaces are usually created on top of other interfaces only ethernet interfaces are created directly on top of the physical ports or port groups the relationships between interfaces are explained in the following table 85
• Interface required port interface 85
• Port groups and trunks have a lot of characteristics that are specific to each type of interface these characteristics are listed in the following tables and discussed in more detail farther on 85
• Relationships between interfaces 85
• Table 35 ethernet vlan bridge ppp and virtual interface characteristics 85
• Table 36 relationships between different types of interfaces 85
• Uag cli reference guide 85
• Chapter 13 interfaces 86
• Interface general commands summary 86
• Interface required port interface 86
• Label description 86
• Table 36 relationships between different types of interfaces continued 86
• Table 37 input values for general interface commands 86
• The following sections introduce commands that are supported by several types of interfaces 86
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 86
• Uag cli reference guide 86
• Basic interface properties and ip address commands 87
• Chapter 13 interfaces 87
• Command description 87
• Table 38 interface general commands basic properties and ip address assignment 87
• This table lists basic properties and ip address commands 87
• Uag cli reference guide 87
• Basic interface properties command examples 88
• Chapter 13 interfaces 88
• Command description 88
• Table 38 interface general commands basic properties and ip address assignment continued 88
• The following commands make ethernet interface wan1 a dhcp client 88
• Uag cli reference guide 88
• Chapter 13 interfaces 89
• This example shows how to change the user defined name from vip to partner note that you have to use the interface rename command if you do not know the system name of the interface to use the interface name command you have to find out the corresponding system name first ge4 in this example this example also shows how to change the user defined name from partner to customer using the interface name command 89
• This example shows how to modify the name of interface lan2 to vip first you have to check the interface system name ge4 in this example on the uag then change the name and display the result 89
• Uag cli reference guide 89
• Chapter 13 interfaces 90
• Command description 90
• Dhcp setting commands 90
• Table 39 interface commands dhcp settings 90
• This example shows how to restart an interface you can check all interface names on the uag then use either the system name or user defined name of an interface ge4 or customer in this example to restart it 90
• This table lists dhcp setting commands dhcp is based on dhcp pools create a dhcp pool if you want to assign a static ip address to a mac address or if you want to specify the starting ip address and pool size of a range of ip addresses that can be assigned to dhcp clients there are different commands for each configuration afterwards in either case you have to bind the dhcp pool to the interface 90
• Uag cli reference guide 90
• Chapter 13 interfaces 91
• Command description 91
• Note the dhcp pool must have the same subnet as the interface to which you plan to bind it 91
• Note the ip address must be in the same subnet as the interface to which you plan to bind the dhcp pool 91
• Table 39 interface commands dhcp settings continued 91
• Uag cli reference guide 91
• Chapter 13 interfaces 92
• Command description 92
• Note you must specify the network number first and the start address must be in the same subnet 92
• Table 39 interface commands dhcp settings continued 92
• Uag cli reference guide 92
• Chapter 13 interfaces 93
• Dhcp extended option setting command example 93
• Dhcp setting command examples 93
• The following example configures the dhcp_test pool with a sip server code 120 extended dhcp option with one ip address to provide to the sip clients 93
• The following example uses these commands to configure dhcp pool dhcp_test 93
• Uag cli reference guide 93
• Chapter 13 interfaces 94
• Command description 94
• Interface parameter command examples 94
• Rip commands 94
• Table 40 examples for different interface parameters ethernet virtual interface pppoe pptp 94
• Table 41 interface commands rip settings 94
• This table lists the commands for rip settings 94
• This table shows an example of each interface type s sub commands the sub commands vary for different interface types 94
• Uag cli reference guide 94
• Vlan bridge 94
• Chapter 13 interfaces 95
• Command description 95
• Ospf commands 95
• Table 41 interface commands rip settings continued 95
• Table 42 interface commands ospf settings 95
• This table lists the commands for ospf settings 95
• Uag cli reference guide 95
• Chapter 13 interfaces 96
• Command description 96
• Table 42 interface commands ospf settings continued 96
• Uag cli reference guide 96
• Chapter 13 interfaces 97
• Command description 97
• Connectivity check ping check commands 97
• Table 43 interface commands ping check 97
• This table lists the ping check commands 97
• Uag cli reference guide 97
• Use these commands to have an interface regularly check the connection to the gateway you specified to make sure it is still available you specify how often the interface checks the connection how long to wait for a response before the attempt is a failure and how many consecutive failures are required before the uag stops routing to the gateway the uag resumes routing to the gateway the first time the gateway passes the connectivity check 97
• Chapter 13 interfaces 98
• Command description 98
• Connectivity check command example 98
• Ethernet interface specific commands 98
• Label description 98
• Mac address setting commands 98
• Table 44 input values for ethernet interface commands 98
• Table 45 interface commands mac setting 98
• The following commands show you how to set the wan1 interface to use a tcp handshake on port 8080 to check the connection to ip address 1 98
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 98
• This section covers commands that are specific to ethernet interfaces 98
• This table lists the commands you can use to set the mac address of an interface 98
• Uag cli reference guide 98
• Chapter 13 interfaces 99
• Command description 99
• Note in cli representative interfaces are also called representative ports 99
• Port grouping commands 99
• Table 45 interface commands mac setting continued 99
• Table 46 basic interface setting commands 99
• This section covers commands that are specific to port grouping 99
• Uag cli reference guide 99
• Chapter 13 interfaces 100
• Port grouping command examples 100
• The following commands add physical port 5 to interface lan1 100
• The following commands set port 1 to use auto negotiation auto and port 2 to use a 10 mbps connection speed and half duplex 100
• The following commands set up a virtual interface on top of ethernet interface lan1 the virtual interface is named lan1 1 with the following parameters ip 1 subnet 255 55 55 100
• Uag cli reference guide 100
• Virtual interface command examples 100
• Virtual interface specific commands 100
• Virtual interfaces use many of the general interface commands discussed at the beginning of section 13 on page 86 there are no additional commands for virtual interfaces 100
• Chapter 13 interfaces 101
• Command description 101
• Gateway 4 upstream bandwidth 345 downstream bandwidth 123 and description i am vir interface 101
• Label description 101
• Pppoe pptp specific commands 101
• Table 47 input values for pppoe pptp interface commands 101
• Table 48 interface commands pppoe pptp interfaces 101
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 101
• This section covers commands that are specific to pppoe pptp interfaces pppoe pptp interfaces also use many of the general interface commands discussed at the beginning of section 13 on page 86 101
• This table lists the pppoe pptp interface commands 101
• Uag cli reference guide 101
• Chapter 13 interfaces 102
• Command description 102
• Note for the uag which supports more than one usb ports these commands only apply to the usb storage device that is first attached to the uag 102
• Pppoe pptp interface command examples 102
• Table 48 interface commands pppoe pptp interfaces continued 102
• Table 49 usb storage general commands 102
• The following commands show you how to configure pppoe pptp interface ppp0 with the following characteristics base interface wan1 isp account hinet local address 1 remote address 2 mtu 1200 upstream bandwidth 345 downstream bandwidth 123 description i am ppp0 and dialed only when used 102
• The following commands show you how to connect and disconnect ppp0 102
• Uag cli reference guide 102
• Usb storage specific commands 102
• Use these commands to configure settings that apply to the usb storage device connected to the uag 102
• Chapter 13 interfaces 103
• Command description 103
• Table 49 usb storage general commands continued 103
• This example shows how to display the status of the connected usb storage device 103
• This section covers commands that are specific to vlan interfaces vlan interfaces also use many of the general interface commands discussed at the beginning of section 13 on page 86 103
• Uag cli reference guide 103
• Usb storage general commands example 103
• Vlan interface specific commands 103
• Bridge specific commands 104
• Chapter 13 interfaces 104
• Command description 104
• Label description 104
• Table 50 input values for vlan interface commands 104
• Table 51 interface commands vlan interfaces 104
• The following commands show you how to set up vlan vlan100 with the following parameters vlan id 100 interface lan1 ip 1 subnet 255 55 55 mtu 598 gateway 2 description i am vlan100 upstream bandwidth 345 and downstream bandwidth 123 104
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 104
• This section covers commands that are specific to bridge interfaces bridge interfaces also use many of the general interface commands discussed at the beginning of section 13 on page 86 104
• This table lists the vlan interface commands 104
• Uag cli reference guide 104
• Vlan interface command examples 104
• Bridge interface command examples 105
• Chapter 13 interfaces 105
• Command description 105
• Label description 105
• Table 52 input values for bridge interface commands 105
• Table 53 interface commands bridge interfaces 105
• The following commands show you how to set up a bridge interface named br0 with the following parameters member lan1 ip 1 subnet 255 55 55 mtu 598 gateway 2 upstream bandwidth 345 downstream bandwidth 123 and description i am br0 105
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 105
• This table lists the bridge interface commands 105
• Uag cli reference guide 105
• Trunk scenario examples 106
• Trunks 106
• Trunks overview 106
• Chapter 14 trunks 107
• Command description 107
• Command to enter the configuration mode before you can use these commands see table 54 on page 107 for details about the values you can input with these commands 107
• Commands 107
• Commands you must use the 107
• Configure termina 107
• Interface grou 107
• Interface group 107
• Label description 107
• Table 54 interface group command input values 107
• Table 55 interface group commands summary 107
• The following table explains the values you can input with the 107
• The following table lists the 107
• Trunk commands input values 107
• Trunk commands summary 107
• Uag cli reference guide 107
• Chapter 14 trunks 108
• Command description 108
• Table 55 interface group commands summary continued 108
• The following example creates a least load first trunk for ethernet interface lan1 and vlan 5 which will only apply to outgoing traffic through the trunk the uag sends new session traffic through the least utilized of these interfaces 108
• The following example creates a spill over trunk for ethernet interfaces wan1 and wan2 which will apply to both incoming and outgoing traffic through the trunk the uag sends traffic through wan1 until it hits the limit of 1000 kbps the uag sends anything over 1000 kbps through wan2 108
• The following example creates a weighted round robin trunk for ethernet interfaces wan1 and wan2 the uag sends twice as much traffic through ge1 108
• Trunk command examples 108
• Uag cli reference guide 108
• Configure termina 109
• Link sticking 109
• Link sticking commands summary 109
• Wan1 wan2 109
• Chapter 14 trunks 110
• Command description 110
• Link sticking command example 110
• Mode before you can use these commands see table 54 on page 107 for details about the values you can input with these commands 110
• Table 56 ip load balancing link sticking commands summary 110
• This example shows how to activate link sticking and set the timeout to 600 seconds ten minutes 110
• Uag cli reference guide 110
• Drop in mode overview 111
• Ip drop in 111
• Chapter 15 ip drop in 112
• Command description 112
• Command to enter the configuration mode before you can use these commands 112
• Configure termina 112
• Drop in commands 112
• Drop in limitations 112
• Label description 112
• Table 57 input values for general drop in commands 112
• Table 58 ip drop in commands 112
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 112
• The interfaces in drop in mode cannot be part of a bridge interface 112
• The interfaces in drop in mode cannot join the port group of the interfaces that are not in drop in mode but other interfaces can join a drop in interface s port group 112
• This table lists the ip drop in commands you must use the 112
• Uag cli reference guide 112
• You cannot create a policy route static route nat rule or vpn 1 1 mapping rule for an interface in drop in mode 112
• You cannot enable ipnp upnp or layer 2 isolation on a lan interface in drop in mode the interface cannot be used for printer management and web authentication nor provide sms free time and billing services 112
• You must configure a drop in wan interface s ip address before setting it to work in drop in mode 112
• Chapter 15 ip drop in 113
• The following example shows you how to set the drop in wan interface and lan interface set a wan host turn on the dop in mode and show the settings 113
• Uag cli reference guide 113
• Policy route 114
• Policy route commands 114
• Chapter 16 route 115
• Command description 115
• Command to enter the configuration mode before you can use these commands 115
• Configure termina 115
• Table 60 command summary policy route 115
• The following table describes the commands available for policy route you must use the 115
• Uag cli reference guide 115
• Chapter 16 route 116
• Command description 116
• Table 60 command summary policy route continued 116
• Uag cli reference guide 116
• Assured forwarding af behavior is defined in rfc 2597 the af behavior group defines four af classes inside each class packets are given a high medium or low drop precedence the drop precedence determines the probability that routers in the network will drop packets when congestion occurs if congestion occurs between classes the traffic in the higher class smaller 117
• Assured forwarding af phb for diffserv 117
• Chapter 16 route 117
• Command description 117
• Table 60 command summary policy route continued 117
• Uag cli reference guide 117
• Chapter 16 route 118
• Class 1 class 2 class 3 class 4 118
• Numbered class is generally given priority combining the classes and drop precedence produces the following twelve dscp encodings from af11 through af43 the decimal equivalent is listed in brackets 118
• Policy route command example 118
• Table 61 assured forwarding af behavior group 118
• The following commands create two address objects tw_subnet and gw_1 and insert a policy that routes the packets with the source ip address tw_subnet and any destination ip address through the interface wan1 to the next hop router gw_1 this route uses the ip address of the outgoing interface as the matched packets source ip address 118
• Uag cli reference guide 118
• Configure termina 119
• Ip static route 119
• Static route commands 119
• Static route commands examples 120
• Routing protocol 121
• Routing protocol commands summary 121
• Routing protocol overview 121
• Chapter 17 routing protocol 122
• Command description 122
• General ospf commands 122
• Rip commands 122
• Table 65 router commands rip 122
• Table 66 router commands general ospf configuration 122
• This table lists the commands for general ospf configuration 122
• This table lists the commands for rip 122
• Uag cli reference guide 122
• Chapter 17 routing protocol 123
• Command description 123
• Ospf area commands 123
• Table 67 router commands ospf areas 123
• Table 68 router commands virtual links in ospf areas 123
• This table lists the commands for ospf areas 123
• This table lists the commands for virtual links in ospf areas 123
• Uag cli reference guide 123
• Virtual link commands 123
• Chapter 17 routing protocol 124
• Command description 124
• Learned routing information commands 124
• Show ip route command example 124
• Table 69 ip route commands learned routing information 124
• The following example shows learned routing information on the uag 124
• This table lists the commands to look at learned routing information 124
• Uag cli reference guide 124
• Zones overview 125
• Chapter 18 zones 126
• Command description 126
• Label description 126
• Table 70 input values for zone commands 126
• Table 71 zone commands 126
• The following table describes the values required for many zone commands other values are discussed with the corresponding commands s 126
• This table lists the zone commands 126
• Uag cli reference guide 126
• Zone commands summary 126
• Chapter 18 zones 127
• The following commands add interfaces vlan123 and vlan234 to zone a and block intra zone traffic 127
• Uag cli reference guide 127
• Zone command examples 127
• Ddns overview 128
• Chapter 19 ddns 129
• Command description 129
• Ddns commands summary 129
• Label description 129
• Table 73 input values for ddns commands 129
• Table 74 ip ddns commands 129
• The following table describes the values required for many ddns commands other values are discussed with the corresponding commands 129
• The following table lists the ddns commands 129
• Uag cli reference guide 129
• Chapter 19 ddns 130
• Command description 130
• Ddns commands example 130
• Table 74 ip ddns commands continued 130
• The following example sets up a ddns profile where the interface is wan1 and uses http 130
• Uag cli reference guide 130
• 1 1 nat and many 1 1 nat 131
• Virtual server commands summary 131
• Virtual server overview 131
• Virtual servers 131
• Chapter 20 virtual servers 132
• Command description 132
• Table 76 ip virtual server commands 132
• The following table lists the virtual server commands 132
• Uag cli reference guide 132
• Chapter 20 virtual servers 133
• Command description 133
• Table 76 ip virtual server commands continued 133
• The following command creates virtual server wan lan_h323 on the wan1 interface that maps ip addresses 10 to 192 68 6 for tcp protocol traffic on port 1720 it also adds a nat loopback entry 133
• Uag cli reference guide 133
• Virtual server command examples 133
• Chapter 20 virtual servers 134
• Configure address object 134
• Configure nat 134
• Create two address objects one is named dmz_http for the http server s private ip address of 192 68 the other one is named wan1_http for the wan1 public ip address of 1 134
• Figure 17 public server example network topology 134
• Follow the following steps for the setting 134
• The following command shows information about all the virtual servers in the uag 134
• The nat rule sends this traffic to the http server s private ip address of 192 68 defined in the dmz_http object 134
• This is an example of making an http web server in the dmz zone accessible from the internet the wan zone you will use a public ip address of 1 on the wan1 interface and map it to the http server s private ip address of 192 68 134
• This nat rule is for any http traffic coming in on wan1 to ip address 1 134
• Tutorial how to allow public access to a server 134
• Uag cli reference guide 134
• You need a nat rule to send http traffic coming to ip address 1 on wan1 to the http server s private ip address of 192 68 use the following settings 134
• Chapter 20 virtual servers 135
• Configure firewall 135
• Create a firewall rule to allow http traffic from the wan zone to the dmz web server 135
• Http traffic and the http server in this example both use tcp port 80 so you set the port mapping type to port the protocol type to tcp and the original and mapped ports to 80 135
• Now the public can go to ip address 1 to access the http server 135
• Uag cli reference guide 135
• Vpn 1 1 mapping 136
• Vpn 1 1 mapping commands 136
• Vpn 1 1 mapping overview 136
• Chapter 21 vpn 1 1 mapping 137
• Command description 137
• Command to enter the configuration mode before you can use the configuration commands 137
• Configure termina 137
• Table 78 command summary vpn 1 1 map 137
• The following table describes the commands available for vpn 1 1 mapping you must use the 137
• Uag cli reference guide 137
• Chapter 21 vpn 1 1 mapping 138
• Command description 138
• Note it s recommended that the ip addresses of the configured address object and the wan interface are in the same subnet so that the uag can receive response packets from the remote node 138
• Note you cannot configure an address group object at the time of writing 138
• Table 79 vpn 1 1 map pool sub commands 138
• Table 80 vpn 1 1 map rule sub commands 138
• The following commands create a pool profile and display the settings 138
• The following table describes the sub commands for several vpn 1 1 map rule commands note that not all rule commands use all the sub commands listed here 138
• The following table describes the sub commands for the vpn 1 1 map pool command 138
• Uag cli reference guide 138
• Vpn 1 1 map pool command examples 138
• Vpn 1 1 map pool sub commands 138
• Vpn 1 1 map rule sub commands 138
• Chapter 21 vpn 1 1 mapping 139
• Command description 139
• Table 80 vpn 1 1 map rule sub commands continued 139
• The following command shows statistics for each of the vpn 1 1 mapping rules this displays how many times the uag applied the rule to a user successfully or failed to apply the rule to a user this also shows the maximum number of times the uag has applied the rule to a user successfully 139
• The following commands create a vpn 1 1 mapping rule enable it and display the settings 139
• Uag cli reference guide 139
• Vpn 1 1 map rule command examples 139
• Vpn 1 1 map statistics command examples 139
• Http redirect 140
• Http redirect commands 140
• Http redirect overview 140
• Web proxy server 140
• Chapter 22 http redirect 141
• Command description 141
• Http redirect command examples 141
• Table 82 command summary http redirect continued 141
• The following commands create a http redirect rule disable it and display the settings 141
• Uag cli reference guide 141
• Smtp redirect 142
• Smtp redirect commands 142
• Smtp redirect overview 142
• Chapter 23 smtp redirect 143
• Command description 143
• Command to enter the configuration mode before you can use the configuration commands 143
• Configure termina 143
• Smtp redirect sub commands 143
• Table 84 command summary smtp redirect 143
• Table 85 smtp redirect sub commands 143
• The following table describes the commands available for smtp redirection you must use the 143
• The following table describes the sub commands for several smtp redirect commands note that not all rule commands use all the sub commands listed here 143
• Uag cli reference guide 143
• Chapter 23 smtp redirect 144
• Smtp redirect command examples 144
• The following commands create a smtp redirect rule enable it and display the settings 144
• Uag cli reference guide 144
• Alg introduction 145
• Alg commands 146
• Chapter 24 alg 146
• Command description 146
• Command to enter the configuration mode before you can use these commands 146
• Commands you must use the 146
• Configure termina 146
• Table 86 alg commands 146
• The following table lists the 146
• Uag cli reference guide 146
• Alg commands example 147
• Upnp and nat pmp commands 148
• Upnp and nat pmp overview 148
• Chapter 25 upnp 149
• Command description 149
• Table 87 ip upnp commands continued 149
• The following example turns on upnp and nat pmp on the uag and it s two lan interfaces it also shows the upnp and nat pmp settings 149
• Uag cli reference guide 149
• Upnp nat pmp commands example 149
• Chapter 25 upnp 150
• The following example displays the uag s port mapping entries and removes the entry with the specified port number and protocol type 150
• Uag cli reference guide 150
• Ip mac binding 151
• Ip mac binding commands 151
• Ip mac binding overview 151
• Chapter 26 ip mac binding 152
• Ip mac binding commands example 152
• The following example enables ip mac binding on the lan1 interface and displays the interface s ip mac binding status 152
• Uag cli reference guide 152
• Layer 2 isolation 153
• Layer 2 isolation overview 153
• Chapter 27 layer 2 isolation 154
• Command description 154
• Command to enter the configuration mode before you can use these commands 154
• Configure terminal 154
• Layer 2 isolation commands 154
• Layer 2 isolation white list sub commands 154
• Table 89 l2 isolation commands 154
• Table 90 l2 isolation white list sub commands 154
• The following table describes the sub commands for l2 isolation white list commands 154
• The following table lists the l2 isolation commands you must use the 154
• Uag cli reference guide 154
• Chapter 27 layer 2 isolation 155
• Command description 155
• Layer 2 isolation commands example 155
• Table 90 l2 isolation white list sub commands continued 155
• The following example enables layer 2 isolation on the uag and interface lan2 it also creates a rule in the white list to allow access to the device with ip address 172 7 6 it then displays the layer 2 isolation settings 155
• Uag cli reference guide 155
• Ipnp commands 156
• Ipnp overview 156
• Chapter 28 ipnp 157
• Ipnp commands example 157
• The following example enables ipnp on the uag and interface lan1 it also displays the ipnp settings 157
• Uag cli reference guide 157
• Web authentication 158
• Web authentication commands 158
• Web authentication overview 158
• Chapter 29 web authentication 159
• Command description 159
• Table 92 web auth commands continued 159
• Uag cli reference guide 159
• Chapter 29 web authentication 160
• Command description 160
• Note if you select the external option you cannot use endpoint security to make sure that users computers meet specific security requirements before they can access the network 160
• Table 93 web auth login setting sub commands 160
• The following table describes the sub commands for the web auth login setting command 160
• Uag cli reference guide 160
• Web auth login setting sub commands 160
• Chapter 29 web authentication 161
• Command description 161
• Table 93 web auth login setting sub commands continued 161
• Table 94 web auth policy sub commands 161
• The following table describes the sub commands for several web auth policy commands note that not all rule commands use all the sub commands listed here 161
• Uag cli reference guide 161
• Web auth policy sub commands 161
• Chapter 29 web authentication 162
• Command description 162
• Table 94 web auth policy sub commands continued 162
• Table 95 web auth type default user agreement sub commands 162
• Table 96 web auth type default web portal sub commands 162
• The following table describes the sub commands for several web auth type default user agreement commands note that not all rule commands use all the sub commands listed here 162
• The following table describes the sub commands for several web auth type default web portal commands note that not all rule commands use all the sub commands listed here 162
• Uag cli reference guide 162
• Web auth type default user agreement sub commands 162
• Web auth type default web portal sub commands 162
• Chapter 29 web authentication 163
• Command description 163
• Note you can upload zipped custom web portal files to the uag using the web configurator 163
• Table 97 web auth type profile sub commands 163
• The following table describes the sub commands for several web auth type profile commands note that not all rule commands use all the sub commands listed here 163
• Uag cli reference guide 163
• Web auth type profile sub commands 163
• Chapter 29 web authentication 164
• Command description 164
• Table 97 web auth type profile sub commands continued 164
• Table 98 web auth user agreement sub commands 164
• The following table describes the sub commands for several web auth user agreement commands note that not all rule commands use all the sub commands listed here 164
• Uag cli reference guide 164
• Web auth user agreement sub commands 164
• Web authentication policy insert command example 165
• Walled garden 166
• Walled garden commands 166
• Walled garden overview 166
• Activate yes 167
• Chapter 30 walled garden 167
• Command description 167
• Name example1 167
• Table 100 walled garden rule sub commands 167
• The following table describes the sub commands for several walled garden rule commands note that not all rule commands use all the sub commands listed here 167
• This example shows how to enable the walled garden feature and insert a walled garden link rule at position 1 of the checking order this example also displays the rule settings the link rule uses the following settings 167
• Uag cli reference guide 167
• Url www example com 167
• Walled garden command example 167
• Walled garden rule sub commands 167
• Advertisement 168
• Advertisement command example 168
• Advertisement commands 168
• Advertisement overview 168
• Rtls overview 169
• Chapter 32 rtls 170
• Command description 170
• Rtls configuration commands 170
• Rtls configuration examples 170
• Table 103 rtls commands 170
• The following command displays the commands run on the ap 170
• The following commands show how to enable rtls on the uag specify the ip address of the ekahau rtls controller and then show the configuration settings 170
• Uag cli reference guide 170
• Use these commands to configure rtls on the uag 170
• Firewall 171
• Firewall overview 171
• Chapter 33 firewall 172
• Command description 172
• Command to enter the configuration mode before you can use the configuration commands 172
• Configure termina 172
• Firewall commands 172
• Label description 172
• Note in the uag running firmware version v4 0 or later use secure policy to configure the firewall settings 172
• Table 104 input values for general firewall commands 172
• Table 105 command summary firewall 172
• The following table describes the commands available for the firewall you must use the 172
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 172
• Uag cli reference guide 172
• Chapter 33 firewall 173
• Command description 173
• Table 105 command summary firewall continued 173
• Uag cli reference guide 173
• Chapter 33 firewall 174
• Command description 174
• Firewall sub commands 174
• Table 106 firewall sub commands 174
• The following table describes the sub commands for several firewall commands 174
• Uag cli reference guide 174
• Chapter 33 firewall 175
• Command description 175
• Create a service object 175
• Create an ip address object 175
• Enter configuration command mode 175
• Enter the firewall sub command mode to add a firewall rule 175
• Firewall command examples 175
• Set the action the uag is to take on packets which match this rule 175
• Set the destination ip address es 175
• Set the direction of travel of packets to which the rule applies 175
• Set the service to which this rule applies 175
• Table 106 firewall sub commands continued 175
• The following command displays the default ipv4 firewall rule that applies to the wan to uag packet direction the firewall rule number is in the rule s priority number in the global rule list 175
• The following example shows you how to add an ipv4 firewall rule to allow a myservice connection from the wan zone to the ip addresses dest_1 in the lan zone 175
• These are ipv4 firewall configuration examples 175
• Uag cli reference guide 175
• Configure termina 176
• Session limit commands 176
• Billing 177
• Billing commands 177
• Billing overview 177
• Billing profile sub commands 178
• Chapter 34 billing 178
• Command description 178
• Table 109 billing commands continued 178
• Table 110 billing profile sub commands 178
• The following table describes the sub commands for the billing profile command 178
• Uag cli reference guide 178
• Billing command example 179
• Chapter 34 billing 179
• Command description 179
• Note when the limit is exceeded the user is not allowed to access the internet through the uag 179
• Table 110 billing profile sub commands continued 179
• This example enables and creates a custom discount pricing plan it uses button a to assign the base charge and also shows the discount status and plan settings 179
• This example sets the accounting method to time to finish and configures the idle timeout that elapses before the uag disconnects a user 179
• Uag cli reference guide 179
• Chapter 34 billing 180
• This example applies the billing profile billing_1hour to button a of the web based account generator and button a on a connected statement printer it also displays the default discount price plan settings that is the billing profile settings for button a when it is selected as the button to assign the base charge 180
• This example creates a billing profile named billing_1hour and displays the profile settings 180
• Uag cli reference guide 180
• Payment service 181
• Payment service commands 181
• Payment service overview 181
• Chapter 35 payment service 182
• Command description 182
• Table 112 payment service commands continued 182
• Uag cli reference guide 182
• Chapter 35 payment service 183
• Command description 183
• Payment service command example 183
• Payment service provider paypal sub commands 183
• Table 113 payment service provider paypal sub commands 183
• The following table describes the sub commands for the payment service provider paypal command 183
• This example configures the paypal account information and displays the settings it also enables online payment service and sets how the uag provides dynamic guest account information after the user s online payment is done 183
• Uag cli reference guide 183
• Printer manager 184
• Printer manager commands 184
• Printer manager overview 184
• Chapter 36 printer manager 185
• Command description 185
• Printer manager command example 185
• Printer manager printer sub commands 185
• Table 114 printer manager commands continued 185
• Table 115 printer manager printer sub commands 185
• The following table describes the sub commands for the printer manager printer command 185
• This example adds a printer to the managed printer list and displays the printer settings 185
• Uag cli reference guide 185
• Free time 186
• Free time commands 186
• Free time overview 186
• Chapter 37 free time 187
• Free time commands example 187
• The following example enables the free time feature and sets the uag to provide user account information in the web screen and also sent account information via sms text messages it then displays the free time settings 187
• Uag cli reference guide 187
• Sms commands 188
• Sms overview 188
• Chapter 38 sms 189
• Sms commands example 189
• The following example enables the sms service on the uag to provide and configures the vianett account information it then displays the sms settings 189
• Uag cli reference guide 189
• Bandwidth management 190
• Bandwidth management commands 190
• Bandwidth management overview 190
• Bwm type 190
• Bandwidth sub commands 191
• Chapter 39 bandwidth management 191
• Command description 191
• Table 118 bwm commands continued 191
• Table 119 bwm sub commands 191
• The following table describes the sub commands for several bwm commands 191
• Uag cli reference guide 191
• Chapter 39 bandwidth management 192
• Command description 192
• Table 119 bwm sub commands continued 192
• Uag cli reference guide 192
• Chapter 39 bandwidth management 193
• Command description 193
• Table 119 bwm sub commands continued 193
• Uag cli reference guide 193
• Bandwidth management commands example 194
• Chapter 39 bandwidth management 194
• The following example adds a new bandwidth management policy for trial users to limit incoming and outgoing bandwidth and sets the traffic priority to 3 it then displays the policy settings 194
• Uag cli reference guide 194
• Ipsec vpn 195
• Ipsec vpn overview 195
• Ipsec vpn commands summary 196
• Chapter 40 ipsec vpn 197
• Command description 197
• Ike sa commands 197
• Label description 197
• Table 120 input values for ipsec vpn commands continued 197
• Table 121 isakmp commands ike sas 197
• The following sections list the ipsec vpn commands 197
• This table lists the commands for ike sas vpn gateways 197
• Uag cli reference guide 197
• Aaa authentication 198
• Chapter 40 ipsec vpn 198
• Command description 198
• Table 121 isakmp commands ike sas continued 198
• Uag cli reference guide 198
• Chapter 40 ipsec vpn 199
• Command description 199
• Ipsec sa commands except manual keys 199
• Table 122 crypto commands ipsec sas 199
• This table lists the commands for ipsec sas excluding manual keys vpn connections using vpn gateways 199
• Uag cli reference guide 199
• Chapter 40 ipsec vpn 200
• Command description 200
• Note you must allow traffic whose source and destination ip addresses do not match the local and remote policy if you want to use the ipsec sa in a vpn concentrator 200
• Table 122 crypto commands ipsec sas continued 200
• Uag cli reference guide 200
• Chapter 40 ipsec vpn 201
• Command description 201
• Table 122 crypto commands ipsec sas continued 201
• Uag cli reference guide 201
• Chapter 40 ipsec vpn 202
• Command description 202
• Ipsec sa commands for manual keys 202
• Table 123 crypto map commands ipsec sas manual keys 202
• Table 124 vpn concentrator commands vpn concentrator 202
• This table lists the additional commands for ipsec sas using manual keys vpn connections using manual keys 202
• This table lists the commands for the vpn concentrator 202
• Uag cli reference guide 202
• Vpn concentrator commands 202
• Chapter 40 ipsec vpn 203
• Command description 203
• Table 124 vpn concentrator commands vpn concentrator continued 203
• Table 125 vpn configuration provision commands vpn configuration provisioning 203
• This table lists the commands for vpn configuration provisioning 203
• Uag cli reference guide 203
• Vpn configuration provisioning commands 203
• Chapter 40 ipsec vpn 204
• Command description 204
• Sa monitor commands 204
• Table 126 sa commands sa monitor 204
• This table lists the commands for the sa monitor 204
• Uag cli reference guide 204
• Ssl access policy 205
• Ssl access policy limitations 205
• Ssl application objects 205
• Ssl vpn 205
• Ssl vpn commands 205
• Chapter 41 ssl vpn 206
• Command description 206
• Command to enter the configuration mode before you can use these commands 206
• Configure termina 206
• Label description 206
• Ssl vpn commands 206
• Table 127 input values for ssl vpn commands continued 206
• Table 128 ssl vpn commands 206
• The following sections list the ssl vpn commands 206
• This table lists the commands for ssl vpn you must use the 206
• Uag cli reference guide 206
• Chapter 41 ssl vpn 207
• Command description 207
• Here is an example ssl vpn configuration the ssl vpn rule defines 207
• Only users using the tester account can use the ssl vpn 207
• Setting an ssl vpn rule tutorial 207
• Table 128 ssl vpn commands 207
• The ssl vpn users are allowed to access the uag s local network 172 6 0 24 defined in object network1 207
• The uag will assign an ip address from 192 68 00 to 192 68 00 0 defined in object ip pool to the computers which match the rule s criteria 207
• The uag will assign two dns server settings 172 6 and 172 6 defined in objects dns1 and dns2 to the computers which match the rule s criteria 207
• Trendmicro pc cillin internet security 2007 is installed and activated 207
• Uag cli reference guide 207
• Users have to access the ssl vpn using a computer that complies with all the following criteria defined in object eps 1 207
• Windows xp is installed 207
• Chapter 41 ssl vpn 208
• Create an endpoint security profile named eps 1 ssl vpn users computers must install windows xp and trendmicro pc cillin internet security 2007 besides the pc cillin anti virus must be activated 208
• Create an ssl vpn rule named ssl_vpn_test enable it and apply objects you just created 208
• Create four address objects for the ssl vpn dhcp pool dns servers and the local network for ssl vpn authenticated users to access 208
• Create the ssl vpn user account named tester with password 1234 208
• First of all configure 10 54 24 for the ip address of interface wan1 which is an external interface for public ssl vpn to access configure 172 6 0 54 24 for the ip address of interface lan2 which is an internal network 208
• Uag cli reference guide 208
• Chapter 41 ssl vpn 209
• Displays the ssl vpn rule settings 209
• Uag cli reference guide 209
• Application patrol 210
• Application patrol commands summary 210
• Application patrol overview 210
• Application patrol command examples 211
• Application patrol commands 211
• Chapter 42 application patrol 211
• Command description 211
• Table 130 app commands application patrol 211
• This command shows details of an application patrol profile created 211
• This table lists the application patrol commands 211
• Uag cli reference guide 211
• Chapter 42 application patrol 212
• These are some other example application patrol usage commands 212
• Uag cli reference guide 212
• Content filtering 213
• Content filtering overview 213
• Content filtering policies 213
• External web filtering service 213
• Chapter 43 content filtering 214
• Commands 214
• Content filte 214
• Content filter command input values 214
• Label description 214
• Table 131 content filter command input values 214
• The following table explains the values you can input with the 214
• Uag cli reference guide 214
• Chapter 43 content filtering 215
• Command to enter the configuration 215
• Configure termina 215
• General content filter commands 215
• Label description 215
• Table 131 content filter command input values continued 215
• The following table lists the commands that you can use for general content filter configuration such as enabling content filtering viewing and ordering your list of content filtering policies creating a denial of access message or specifying a redirect url and checking your external web filtering service registration status use the 215
• Uag cli reference guide 215
• Chapter 43 content filtering 216
• Command description 216
• Mode to be able to use these commands see table 131 on page 214 for details about the values you can input with these commands 216
• Table 132 content filter general commands 216
• Uag cli reference guide 216
• Chapter 43 content filtering 217
• Command 217
• Command description 217
• Command to enter the configuration mode to be able to use these commands 217
• Configure termina 217
• Content filter profile commands 217
• Content filter report commands 217
• See the web configurator user s guide for more information about how to view content filtering reports after you have activated the category based content filtering subscription service 217
• Table 132 content filter general commands continued 217
• Table 133 content filter report commands summary 217
• The following table lists the commands that you can use to configure a content filtering policy a content filtering policy defines which content filter profile should be applied when it should be applied and to whose web access it should be applied use the 217
• Uag cli reference guide 217
• Use the 217
• Chapter 43 content filtering 218
• Command description 218
• Table 134 content filter profile commands summary 218
• To enter the configuration mode to be able to use these commands see table 131 on page 214 for details about the values you can input with these commands 218
• Uag cli reference guide 218
• Chapter 43 content filtering 219
• Command description 219
• Table 134 content filter profile commands summary continued 219
• Uag cli reference guide 219
• Chapter 43 content filtering 220
• Command description 220
• Command to enter the configuration mode to be able to use these commands see table 131 on page 214 for details about the values you can input with these commands 220
• Configure termina 220
• Content filter url cache commands 220
• Table 134 content filter profile commands summary continued 220
• Table 135 content filter url cache commands 220
• The following table lists the commands that you can use to view and configure your uag s url caching you can configure how long a categorized web site address remains in the as well as view those web site addresses to which access has been allowed or blocked based on the responses from the external content filtering server the uag only queries the external content filtering database for sites not found in the cache 220
• Uag cli reference guide 220
• Use the 220
• Chapter 43 content filtering 221
• Command description 221
• Command to enter the configuration mode before you can use these commands 221
• Configure termina 221
• Content filtering commands example 221
• Content filtering statistics 221
• Content filtering statistics example 221
• Create a filtering profile for the group 221
• Enable the external web filtering service 221
• First create a sales address object this example uses a subnet that covers ip addresses 172 6 to 172 6 54 221
• Table 136 commands for content filtering statistics 221
• The following example shows how to limit the web access for a sales group 221
• The following table describes the commands for collecting and displaying content filtering statistics you must use the 221
• Then create a schedule for all day 221
• This example shows how to collect and display content filtering statistics 221
• Uag cli reference guide 221
• You can use the following commands to block sales from accessing adult and pornography websites 221
• Activate the customization 222
• Append a content filter policy 222
• Chapter 43 content filtering 222
• Chapter 5 on page 48 222
• Note you must register for the external web filtering service before you can use it see 222
• Uag cli reference guide 222
• You can also customize the filtering profile the following commands block active x java and proxy access 222
• Chapter 43 content filtering 223
• Uag cli reference guide 223
• Use this command to display the settings of the profile 223
• User account overview 224
• User group 224
• User types 224
• Chapter 44 user group 225
• Command description 225
• Commands 225
• Commands other input values are discussed with the corresponding commands 225
• Label description 225
• Table 138 username groupname command input values 225
• Table 139 username groupname commands summary users 225
• The first table lists the commands for users 225
• The following sections list the 225
• The following table identifies the values required for many 225
• Uag cli reference guide 225
• User commands 225
• User group commands summary 225
• Username groupnam 225
• Chapter 44 user group 226
• Command description 226
• Table 139 username groupname commands summary users continued 226
• Table 140 username groupname commands summary groups 226
• The following commands create a new user account and show the user information 226
• This table lists the commands for groups 226
• Uag cli reference guide 226
• User group commands 226
• Username setting command examples 226
• Chapter 44 user group 227
• Command description 227
• Table 141 username groupname commands summary settings 227
• This table lists the commands for user settings except for forcing user authentication 227
• Uag cli reference guide 227
• User setting commands 227
• Chapter 44 user group 228
• Command description 228
• Mac auth commands 228
• Table 141 username groupname commands summary settings continued 228
• Table 142 mac auth commands summary 228
• The following commands show the current settings for the number of simultaneous logins 228
• This table lists the commands for mappings mac addresses to mac address user accounts 228
• Uag cli reference guide 228
• User setting command examples 228
• Chapter 44 user group 229
• Command description 229
• Create a mac role mac address user type user account named zyxel mac 229
• Mac auth example 229
• Map a wireless client s mac address of 00 13 49 11 a0 c4 to the zyxel mac mac role mac address user account 229
• Modify the wlan security profile named securewlan1 as follows 229
• Table 142 mac auth commands summary 229
• The following commands 229
• This example uses an external server to authenticate wireless clients by mac address after authentication the uag maps the wireless client to a mac address user account mac role configure user aware features to control mac address user access to network services 229
• Turn on mac authentication 229
• Uag cli reference guide 229
• Use colons to separate the two character pairs within account mac addresses 229
• Use the authentication method named auth1 229
• Use upper case letters in the account mac addresses 229
• Additional user command examples 230
• Additional user commands 230
• Chapter 44 user group 230
• Command description 230
• Table 143 username groupname commands summary additional 230
• The following commands display the users that are currently logged in to the uag and forces the logout of all logins from a specific ip address 230
• This table lists additional commands for users 230
• Uag cli reference guide 230
• Chapter 44 user group 231
• The following commands display the users that are currently locked out and then unlocks the user who is displayed 231
• Uag cli reference guide 231
• Application object 232
• Application object commands 232
• Application object commands summary 232
• Application object examples 233
• Application object group commands 233
• Chapter 45 application object 233
• Command description 233
• Table 146 object group application commands 233
• These are some example usage commands 233
• This table lists the application object group commands 233
• Uag cli reference guide 233
• Chapter 45 application object 234
• Object group application examples 234
• These are some example usage commands 234
• Uag cli reference guide 234
• Address commands summary 235
• Address overview 235
• Addresses 235
• Address group commands 236
• Address object command examples 236
• Address object commands 236
• Chapter 46 addresses 236
• Command description 236
• Table 148 address object and address6 object commands 236
• Table 149 object group commands address groups 236
• The following example creates three ipv4 address objects and then deletes one 236
• This table lists the commands for address groups 236
• This table lists the commands for address objects 236
• Uag cli reference guide 236
• Address group command examples 237
• Chapter 46 addresses 237
• Command description 237
• Table 149 object group commands address groups continued 237
• The following commands create three address objects a0 a1 and a2 and add a1 and a2 to address group rd 237
• Uag cli reference guide 237
• Service object commands 238
• Services 238
• Services commands summary 238
• Services overview 238
• Chapter 47 services 239
• Command description 239
• Service group commands 239
• Service object command examples 239
• Table 151 service object commands service objects continued 239
• Table 152 object group commands service groups 239
• The first table lists the commands for service groups 239
• The following commands create four services displays them and then removes one of them 239
• Uag cli reference guide 239
• Chapter 47 services 240
• Command description 240
• Service group command examples 240
• Table 152 object group commands service groups continued 240
• The following commands create service icmp_echo create service group sg1 and add icmp_echo to sg1 240
• Uag cli reference guide 240
• Schedule commands summary 241
• Schedule overview 241
• Schedules 241
• Chapter 48 schedules 242
• Command description 242
• Schedule command examples 242
• Table 154 schedule commands continued 242
• The following commands create recurring schedule schedule1 and one time schedule schedule2 and then delete schedule1 242
• Uag cli reference guide 242
• Aaa server 243
• Aaa server overview 243
• Ad server commands 243
• Authentication server command summary 243
• Chapter 49 aaa server 244
• Command description 244
• Commands you use to set the default ldap server 244
• Ldap server 244
• Ldap server commands 244
• Table 155 ad server commands continued 244
• Table 156 ldap server commands 244
• The following table lists the 244
• Uag cli reference guide 244
• Aaa group server ad 245
• Aaa group server ad commands 245
• Chapter 49 aaa server 245
• Command description 245
• Commands you use to configure a group of ad servers 245
• Commands you use to set the default radius server 245
• Note you can not delete a server group that is currently in use 245
• Radius server 245
• Radius server command example 245
• Radius server commands 245
• Table 157 radius server commands 245
• Table 158 aaa group server ad commands 245
• The following example sets the secret key and timeout period of the default radius server 172 6 0 00 to 87643210 and 80 seconds 245
• The following table lists the 245
• Uag cli reference guide 245
• Aaa group server ldap 246
• Aaa group server ldap commands 246
• Chapter 49 aaa server 246
• Command description 246
• Commands you use to configure a group of ldap servers 246
• Note you can not delete a server group that is currently in use 246
• Table 158 aaa group server ad commands continued 246
• Table 159 aaa group server ldap commands 246
• The following table lists the 246
• Uag cli reference guide 246
• Aaa group server radius 247
• Aaa group server radius commands 247
• Chapter 49 aaa server 247
• Command description 247
• Commands you use to configure a group of radius servers 247
• Note you can not delete a server group that is currently in use 247
• Table 159 aaa group server ldap commands continued 247
• Table 160 aaa group server radius commands 247
• The following table lists the 247
• Uag cli reference guide 247
• Chapter 49 aaa server 248
• Command description 248
• Table 160 aaa group server radius commands continued 248
• Uag cli reference guide 248
• Aaa group server command example 249
• Chapter 49 aaa server 249
• Command description 249
• Table 160 aaa group server radius commands continued 249
• The following example creates a radius server group with two authentication members and sets the secret key to 12345678 and the timeout to 100 seconds this example also sets two accounting members in this group then this example also shows how to view the radius group settings 249
• Uag cli reference guide 249
• Aaa authentication commands 250
• Authentication objects 250
• Authentication objects overview 250
• Aaa authentication command example 251
• Base dn dc zyxel dc com 251
• Chapter 50 authentication objects 251
• Command description 251
• Command you use to teat a user account on an authentication server 251
• Ip address 172 6 0 251
• Note you must specify at least one member for each profile each type of member can only be used once in a profile 251
• Port 389 251
• Table 161 aaa authentication commands continued 251
• Table 162 test aaa command 251
• Test a user account command example 251
• Test aa 251
• Test aaa command 251
• The following example creates an authentication profile to authentication users using the ldap server group and then the local user database 251
• The following example shows how to test whether a user account named userabc exists on the ad authentication server which uses the following settings 251
• The following table lists the 251
• Uag cli reference guide 251
• Bind dn zyxel engineerabc 252
• Chapter 50 authentication objects 252
• Login name attribute samaccountname 252
• Password abcdefg 252
• The result shows the account exists on the ad server otherwise the uag responds an error 252
• Uag cli reference guide 252
• Certificate commands 253
• Certificates 253
• Certificates commands input values 253
• Certificates overview 253
• Certificates commands summary 254
• Chapter 51 certificates 254
• Command description 254
• Command to enter the configuration mode to be able to use these commands 254
• Configure termina 254
• Label description 254
• Table 163 certificates commands input values continued 254
• Table 164 ca commands summary 254
• The following table lists the commands that you can use to display and manage the uag s summary list of certificates and certification requests you can also create certificates or certification requests use the 254
• Uag cli reference guide 254
• Chapter 51 certificates 255
• Command description 255
• Table 164 ca commands summary continued 255
• Uag cli reference guide 255
• Chapter 51 certificates 256
• Command description 256
• Table 164 ca commands summary continued 256
• Uag cli reference guide 256
• Certificates commands examples 257
• Chapter 51 certificates 257
• The following example creates a self signed x 09 certificate with ip address 10 8 as the common name it uses the rsa key type with a 512 bit key then it displays the list of local certificates finally it deletes the pkcs12request certification request 257
• Uag cli reference guide 257
• Isp accounts 258
• Isp accounts overview 258
• Pppoe and pptp account commands 258
• Chapter 52 isp accounts 259
• Command description 259
• Table 165 pppoe and pptp isp account commands continued 259
• Uag cli reference guide 259
• Ssl application 260
• Ssl application object commands 260
• Ssl application overview 260
• Chapter 53 ssl application 261
• Command description 261
• Ssl application command examples 261
• Table 166 ssl application object commands 261
• The following commands create and display a server type ssl application object named example for a link to the website at http www example com 261
• Uag cli reference guide 261
• Endpoint security 262
• Endpoint security overview 262
• Chapter 54 endpoint security 263
• Command description 263
• Command to enter the configuration mode before you can use these commands 263
• Configure termina 263
• Endpoint security commands summary 263
• Endpoint security object commands 263
• Label description 263
• Requirements 263
• Table 167 input values for endpoint security commands 263
• Table 168 endpoint security object commands 263
• The following sections list the endpoint security object commands 263
• The following table describes the values required for many endpoint security object commands other values are discussed with the corresponding commands 263
• This table lists the commands for creating endpoint security objects you must use the 263
• Uag cli reference guide 263
• User computers must have sun s java java runtime environment or jre installed and enabled with a minimum version of 1 263
• Chapter 54 endpoint security 264
• Command description 264
• Table 168 endpoint security object commands 264
• Uag cli reference guide 264
• Chapter 54 endpoint security 265
• Command description 265
• Table 168 endpoint security object commands 265
• Uag cli reference guide 265
• Anti virus kaspersky anti virus v2011 installed and enabled 266
• Chapter 54 endpoint security 266
• Endpoint security object command example 266
• However he needs to check the anti virus software name defined on the uag the following example shows how to check all available anti virus software packages for which the uag s endpoint security can check copy and paste the name of the output item 17 for the setting later 266
• Operating system windows xp 266
• Personal firewall windows firewall installed and enabled 266
• Peter wants to create and display an endpoint security object named eps example only the computers that match the following criteria can access the company s ssl vpn 266
• Uag cli reference guide 266
• Windows auto update enabled 266
• Windows service pack 2 or above 266
• Chapter 54 endpoint security 267
• Now peter can create the eps object profile as the example shown next note that he uses the matching criteria all command to make sure all users computers have the required software installed and settings being configured before they access the company s ssl vpn 267
• Then he also needs to check the personal firewall software name defined on the uag copy and paste the name of the output item 4 for the setting later 267
• Uag cli reference guide 267
• Chapter 54 endpoint security 268
• For users who fail the endpoint security checking peter decides to show them an error message of endpoint security checking failed contact helpdesk at 7777 if you have any questions the following shows how to configure the error message 268
• See chapter 41 on page 205 for how to configure an ssl vpn using this eps object 268
• Then he leaves the sub command mode and uses the show command to view the eps object settings 268
• Uag cli reference guide 268
• Dynamic guest accounts 269
• Dynamic guest accounts overview 269
• Dynamic guest commands 269
• Chapter 55 dynamic guest accounts 270
• Command description 270
• Dynamic guest sub commands 270
• Note when the limit is exceeded the user is not allowed to access the internet through the uag 270
• Table 169 dynamic guest commands continued 270
• Table 170 dynamic guest sub commands 270
• The following table describes the sub commands for several dynamic guest commands note that not all rule commands use all the sub commands listed here 270
• Uag cli reference guide 270
• Chapter 55 dynamic guest accounts 271
• Command description 271
• Dynamic guest command example 271
• Table 170 dynamic guest sub commands continued 271
• This example shows how to create a dynamic guest account configure the account related settings and displays the account information 271
• Uag cli reference guide 271
• Customizing the www login page 272
• System 272
• System overview 272
• Configure termina 273
• Logo title 273
• Message color of all text 273
• Note message last line of text 273
• Window background 273
• Configure termina 274
• Host name commands 274
• Time and date 274
• Configure termina 275
• Console port speed 275
• Date time commands 275
• Configure termina 276
• Dns commands 276
• Dns overview 276
• Domain zone forwarder 276
• Authentication server overview 277
• Chapter 56 system 277
• Command description 277
• Dns command example 277
• Table 176 command summary dns continued 277
• The uag can also work as a radius server to exchange messages with other aps for user authentication and authorization 277
• This command sets an a record that specifies the mapping of a fully qualified domain name www abc com to an ip address 210 7 3 277
• Uag cli reference guide 277
• Authentication server commands 278
• Chapter 56 system 278
• Command description 278
• Defaul 278
• Table 177 command summary authentication server 278
• The following table lists the authentication server commands you use to configure the uag s built in authentication server settings 278
• Uag cli reference guide 278
• Authentication server command examples 279
• Chapter 56 system 279
• Lldp is a layer 2 protocol that allows a network device to advertise its identity and capabilities on the local network it also allows the device to maintain and store information from adjacent devices which are directly connected to the network device this helps you discover network changes and perform necessary network reconfiguration and management 279
• The following example shows you how to enable the authentication server feature on the uag and sets a trusted radius client profile this example also shows you the authentication server and client profile settings 279
• The zon utility issues requests via zdp and in response to the query the zyxel device responds with basic information including ip address firmware version location system and model name the information is then displayed in the zon utility screen and you can perform tasks like basic configuration of the devices and batch firmware upgrade in it you can download the zon utility at www zyxel com and install it on a computer 279
• The zyxel one network zon utility uses the zyxel discovery protocol zdp for discovering and configuring zdp aware zyxel devices in the same broadcast domain as the computer on which zon is installed 279
• Uag cli reference guide 279
• Zon overview 279
• Chapter 56 system 280
• Command description 280
• Command to enter the configuration mode before you can use these commands 280
• Configure termina 280
• Table 178 command summary zon 280
• The following table describes the commands available for zon you must use the 280
• This example enables lldp discovery and displays whether lldp discovery is enabled on the uag 280
• Uag cli reference guide 280
• Zon commands 280
• Zon examples 280
• Remote management limitations 281
• Remote management overview 281
• System remote management 281
• System timeout 281
• Chapter 57 system remote management 282
• Command description 282
• Command to enter the configuration mode before you can use these commands 282
• Common system command input values 282
• Configure termina 282
• Defaul 282
• Http https commands 282
• Label description 282
• Table 179 input values for general system commands 282
• Table 180 command summary http https 282
• The following table describes the commands available for http https you must use the 282
• The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 282
• Uag cli reference guide 282
• Chapter 57 system remote management 283
• Command description 283
• Defaul 283
• Table 180 command summary http https continued 283
• Uag cli reference guide 283
• Http https command examples 284
• Requirements for using ssh 284
• Ssh implementation on the uag 284
• Chapter 57 system remote management 285
• Command description 285
• Command to enter the configuration mode before you can use these commands 285
• Configure termina 285
• Defaul 285
• Ssh command examples 285
• Ssh commands 285
• Table 181 command summary ssh 285
• The following table describes the commands available for ssh you must use the 285
• This command sets a certificate default to be used to identify the uag 285
• This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using ssh service 285
• Uag cli reference guide 285
• Chapter 57 system remote management 286
• Command description 286
• Command to enter the configuration mode before you can use these commands 286
• Configure termina 286
• Table 182 command summary telnet 286
• Telnet 286
• Telnet commands 286
• Telnet commands examples 286
• The following table describes the commands available for telnet you must use the 286
• This command displays telnet settings 286
• This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using telnet service 286
• Uag cli reference guide 286
• You can configure your uag for remote telnet access 286
• Configure termina 287
• Configuring ftp 287
• Ftp commands 287
• Ftp commands examples 287
• Chapter 57 system remote management 288
• Object label object id description 288
• Simple network management protocol is a protocol used for exchanging management information between network devices your uag supports snmp agent functionality which allows a manager station to manage and monitor the uag through the network the uag supports snmp version one snmpv1 and version two snmpv2c 288
• Snmp traps 288
• Supported mibs 288
• Table 184 snmp traps 288
• The uag supports mib ii that is defined in rfc 1213 and rfc 1215 the uag also supports private mibs enterprise mib and private mib to collect information about cpu and memory usage and vpn total throughput the focus of the mibs is to let administrators collect statistical data and monitor status and performance you can download the uag s mibs from www zyxel com 288
• The uag will send traps to the snmp manager when any one of the following events occurs 288
• This command displays ftp settings 288
• Uag cli reference guide 288
• Chapter 57 system remote management 289
• Command description 289
• Command to enter the configuration mode before you can use these commands 289
• Configure termina 289
• Snmp commands 289
• Snmp commands examples 289
• Table 185 command summary snmp 289
• The following command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using snmp service 289
• The following table describes the commands available for snmp you must use the 289
• Uag cli reference guide 289
• Access 290
• Chapter 57 system remote management 290
• Command description 290
• Command to enter the configuration mode before you can use these commands 290
• Configure termina 290
• Configure the icmp filter to help keep the uag hidden from probing attempts you can specify whether or not the uag is to respond to probing for unused ports 290
• Icmp filter 290
• Table 186 command summary icmp filter 290
• The following command sets the ip address of the host that receives the snmp notifications to 172 6 5 4 and the password sent with each trap to qwerty 290
• The following command sets the password secret for read write 290
• The ip icmp filter commands are obsolete see chapter 33 on page 171 to configure firewall rules for icmp traffic going to the uag to discard or reject icmp packets destined for the uag 290
• Uag cli reference guide 290
• You must use the 290
• Configuration files and shell scripts overview 291
• File directories 291
• File manager 291
• Chapter 58 file manager 292
• Comments in configuration files or shell scripts 292
• Figure 24 configuration file shell script example 292
• In a configuration file or shell script use or as the first character of a command line to have the uag treat the line as a comment 292
• Note exit or must follow sub commands if it is to make the uag exit sub command mode 292
• Table 188 configuration files and shell scripts in the uag 292
• These files have the same syntax which is also identical to the way you run cli commands manually an example is shown below 292
• Uag cli reference guide 292
• While configuration files and shell scripts have the same syntax the uag applies configuration files differently than it runs shell scripts this is explained below 292
• You have to run the example in table 24 on page 292 as a shell script because the first command is run in privilege mode if you remove the first command you have to run the example as a configuration file because the rest of the commands are executed in configuration mode see section 1 on page 30 for more information about cli modes 292
• Your configuration files or shell scripts can use exit or a command line consisting of a single to have the uag exit sub command mode 292
• Errors in configuration files or shell scripts 293
• Setenv stop on error off 293
• Uag configuration file details 293
• Configuration file flow at restart 294
• File manager commands input values 294
• Setenv startup stop on error of 294
• Chapter 58 file manager 295
• Command description 295
• File manager commands summary 295
• Table 190 file manager commands summary 295
• The following table lists the commands that you can use for file management 295
• Uag cli reference guide 295
• Chapter 58 file manager 296
• Command description 296
• Command line ftp file upload 296
• Connect to the uag 296
• Enter bin to set the transfer mode to binary 296
• File manager command examples 296
• Ftp file transfer 296
• Table 190 file manager commands summary continued 296
• These commands run the aaa zysh script at noon every day on the first day of every month and on every monday wednesday and friday 296
• This example saves a back up of the current configuration before applying a shell script file 296
• Uag cli reference guide 296
• You can upload the firmware after you log in through ftp to upload other files use cd to change to the corresponding directory 296
• You can use ftp to transfer files to and from the uag for advanced maintenance and support 296
• Command line ftp configuration file upload example 297
• Command line ftp file download 297
• Note uploading a custom signature file named custom rules overwrites all custom signatures on the uag 297
• The firmware update can take up to five minutes do not turn off or reset the uag while the firmware update is in progress if you lose power during the firmware upload you may need to refer to section 58 on page 299 to recover the firmware 297
• Boot module 298
• Chapter 58 file manager 298
• Command line ftp configuration file download example 298
• Figure 26 ftp configuration file download example 298
• Figure 27 uag file usage at startup 298
• Firmware 298
• Recovery image 298
• The boot module performs a basic hardware test you cannot restore the boot module if it is damaged the boot module also checks and loads the recovery image the uag notifies you if the recovery image is damaged 298
• The following example gets a configuration file named today conf from the uag and saves it on the computer as current conf 298
• The recovery image checks and loads the firmware the uag notifies you if the firmware is damaged 298
• The uag uses the following files at system startup 298
• Uag cli reference guide 298
• Uag file usage at startup 298
• Note do not press any keys at this point wait to see what displays next 299
• Notification of a damaged recovery image or firmware 299
• Note you only need to use this section if you need to restore the recovery image 300
• Restoring the recovery image 300
• Chapter 58 file manager 301
• Enter y and wait for the starting xmodem upload message before activating xmodem upload on your terminal 301
• Figure 32 atuk command for restoring the recovery image 301
• Figure 33 starting xmodem upload 301
• Figure 34 example xmodem upload 301
• Figure 35 recovery image upload complete 301
• Note you only need to use the atuk or atur command if the recovery image is damaged 301
• This is an example xmodem configuration upload using hyperterminal click transfer then send file to display the following screen 301
• Uag cli reference guide 301
• Wait for about three and a half minutes for the xmodem upload to finish 301
• Note this section is not for normal firmware uploads you only need to use this section if you need to recover the firmware 302
• Restoring the firmware 302
• Chapter 58 file manager 303
• Enter quit to exit the ftp prompt 303
• Figure 38 ftp firmware transfer complete 303
• Figure 39 firmware recovery complete and restart 303
• Figure 40 restart complete 303
• The console session displays done when the firmware recovery is complete then the uag automatically restarts 303
• The username prompt displays after the uag starts up successfully the firmware recovery process is now complete and the uag is ready to use 303
• Uag cli reference guide 303
• Log commands summary 304
• Log entries commands 304
• Chapter 59 logs 305
• Command description 305
• System log command examples 305
• System log commands 305
• Table 193 logging commands system log settings 305
• The following command displays the current status of the system log 305
• This table lists the commands for the system log settings 305
• Uag cli reference guide 305
• Chapter 59 logs 306
• Command description 306
• Debug log commands 306
• Table 194 logging commands debug log settings 306
• Table 195 logging commands remote syslog server settings 306
• This table lists the commands for the debug log settings 306
• This table lists the commands for the remote syslog server settings 306
• Uag cli reference guide 306
• Chapter 59 logs 307
• Command description 307
• E mail profile commands 307
• Table 196 logging commands e mail profile settings 307
• This table lists the commands for the e mail profile settings 307
• Uag cli reference guide 307
• Chapter 59 logs 308
• Command description 308
• Console port logging commands 308
• E mail profile command examples 308
• Table 196 logging commands e mail profile settings continued 308
• Table 197 logging commands console port settings 308
• The following commands set up e mail log 1 308
• This table lists the commands for the console port settings 308
• Uag cli reference guide 308
• Report commands 309
• Report commands summary 309
• Reports and reboot 309
• Chapter 60 reports and reboot 310
• Command description 310
• Email daily report commands 310
• Label description 310
• Report command examples 310
• Session commands 310
• Table 199 session commands 310
• Table 200 input values for email daily report commands 310
• The following commands start collecting data display the traffic reports and stop collecting data 310
• The following table identifies the values used in some of these commands other input values are discussed with the corresponding commands 310
• This table lists the commands to display the current sessions for debugging or statistical analysis 310
• Uag cli reference guide 310
• Chapter 60 reports and reboot 311
• Command description 311
• Command to enter the configuration mode before you can use these commands 311
• Configure termina 311
• Table 201 email daily report commands 311
• Uag cli reference guide 311
• Use these commands to have the uag e mail you system statistics every day you must use the 311
• Email daily report example 312
• Chapter 60 reports and reboot 313
• This displays the email daily report settings and has the uag send the report 313
• Turns on the daily e mail reporting 313
• Uag cli reference guide 313
• Reboot 314
• Session timeout 315
• Diagnosis commands 316
• Diagnosis commands example 316
• Diagnostics 316
• Packet flow explore 317
• Packet flow explore commands 317
• Chapter 63 packet flow explore 318
• Packet flow explore commands example 318
• The following example shows all activated 1 to 1 snat rules 318
• The following example shows all activated dynamic vpn rules 318
• The following example shows all activated policy routes 318
• The following example shows all activated site to site vpn rules 318
• The following example shows all routing related functions and their order 318
• The following example shows all snat related functions and their order 318
• The following example shows the default wan trunk s settings 318
• Uag cli reference guide 318
• Chapter 63 packet flow explore 319
• The following example shows all activated 1 to 1 nat rules 319
• The following example shows all activated dynamic vpn rules 319
• The following example shows all activated policy routes which use snat 319
• The following example shows all activated policy routes which use snat and enable nat loopback 319
• The following example shows all activated static dynamic vpn rules 319
• The following example shows all activated vpn 1 1 mapping rules 319
• Uag cli reference guide 319
• Chapter 63 packet flow explore 320
• The following example shows all activated 1 to 1 nat rules 320
• The following example shows the default wan trunk settings 320
• Uag cli reference guide 320
• Maintenance tools 321
• Chapter 64 maintenance tools 322
• Command description 322
• Here are maintenance tool commands that you can use in configure mode 322
• Note use the packet capture configure command to configure the packet capture settings before using this command 322
• Table 206 maintenance tools commands in privilege mode 322
• Uag cli reference guide 322
• Chapter 64 maintenance tools 323
• Command description 323
• Here are maintenance tool commands that you can use in configure mode 323
• Maintenance command examples 323
• Some packet trace command examples are shown below 323
• Table 207 maintenance tools commands in configuration mode 323
• Uag cli reference guide 323
• Chapter 64 maintenance tools 324
• Command description 324
• Duration 150 seconds 324
• File size 10 megabytes 324
• File suffix example 324
• Host ip any 324
• Host port any then you do not need to configure this setting 324
• Ip address any 324
• Packet capture command example 324
• Save the captured packets to usb storage device 324
• Table 207 maintenance tools commands in configuration mode continued 324
• The following example creates an arp table entry for ip address 192 68 0 and mac address 01 02 03 04 05 06 then it shows the arp table and finally removes the new entry 324
• The following examples show how to configure packet capture settings and perform a packet capture first you have to check whether a packet capture is running this example shows no other packet capture is running then you can also check the current packet capture settings 324
• Then configure the following settings to capture packets going through the uag s wan1 interface only 324
• Uag cli reference guide 324
• Use the ring buffer no 324
• Chapter 64 maintenance tools 325
• Check current packet capture status and list all stored packet captures 325
• Exit the sub command mode and have the uag capture packets according to the settings you just configured 325
• Manually stop the running packet capturing 325
• The maximum size of a packet capture file 100 megabytes 325
• Uag cli reference guide 325
• You can use ftp to download a capture file open and study it using a packet analyzer tool for example ethereal or wireshark 325
• Hardware watchdog timer 326
• Software watchdog timer 326
• Watchdog timer 326
• App watchdog 327
• Application watchdog 327
• Chapter 65 watchdog timer 327
• Command description 327
• Command to enter the configuration mode to be able to use these commands 327
• Commands use the 327
• Configure termina 327
• Table 210 app watchdog commands 327
• The application watchdog has the system restart a process that fails these are the 327
• Uag cli reference guide 327
• Application watchdog commands example 328
• Chapter 65 watchdog timer 329
• Uag cli reference guide 329
• List of commands alphabetical 330