Quidway Eudemon 200 Firewall Manual
Embed Size (px)
344 x 292
429 x 357
514 x 422
599 x 487
Citation preview
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
1/1145
8/18/2019 Quidway Eudemon 200 Firewall Manual
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
2/1145
Copyright © Huawei Technologies Co., Ltd. 2008. All rights
reserved.
No part of this document may be reproduced or transmitted in any
form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are the property of Huawei
Technologies Co., Ltd.
Notice
The information in this document is subject to change without
notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents,
but the statements, information, and
recommendations in this document do not constitute a warranty of
any kind, express or implied.
Huawei Proprietary and Confidential
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
3/1145
Copyright © Huawei Technologies Co., Ltd.
i
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
4/1145
Contents
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
5/1145
1.3.17 reset firewall transparent-mode
address-table....................................................................................1-84
1.3.18 reset firewall transparent-mode
traffic...............................................................................................1-84
1.4 File Management Configuration
Commands................................................................................................1-85
Copyright © Huawei Technologies Co., Ltd.
iii
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
6/1145
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
7/1145
1.5.16 display
logbuffer..............................................................................................................................1-152
1.5.17 display
patch-information................................................................................................................1-154
1.5.26 firewall session
log-type...................................................................................................................1-162
Copyright © Huawei Technologies Co., Ltd.
v
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
8/1145
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
9/1145
2.1.6 display
acl...............................................................................................................................................2-7
2.2.2 description (Security Zone
View)........................................................................................................2-25
2.3.6 firewall
long-link..................................................................................................................................2-38
Quidway Eudemon 200 Firewall
Copyright © Huawei Technologies Co., Ltd.
vii
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
10/1145
2.5.1 debugging firewall
defend....................................................................................................................2-50
2.5.5 display f irewall
statistic........................................................................................................................2-53
2.5.6 firewall defend all
enable.....................................................................................................................2-54
2.5.8 firewall defend arp-spoofing
enable.....................................................................................................2-56
2.5.24 firewall defend ping-of-death
enable.................................................................................................2-69
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
11/1145
2.5.50 reset firewall statistic
ip......................................................................................................................2-91
2.5.51 reset firewall statistic
system..............................................................................................................2-92
2.5.52 reset firewall statistic
zone.................................................................................................................2-93
2.8.1 debugging firewall
mac-binding........................................................................................................2-112
Copyright © Huawei Technologies Co., Ltd.
ix
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
12/1145
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
13/1145
Copyright © Huawei Technologies Co., Ltd.
xi
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
14/1145
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
15/1145
2.17.5 interface
virtual-template.................................................................................................................2-231
2.20.1
cir......................................................................................................................................................2-265
Copyright © Huawei Technologies Co., Ltd.
xiii
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
16/1145
2.21.2 debugging
right-manager.................................................................................................................2-288
2.21.14
server ip..........................................................................................................................................2-302
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
17/1145
2.22.9 ip-car
enable.....................................................................................................................................2-312
2.22.10 ip-car
filter......................................................................................................................................2-312
3
Internetworking ..........................................................................................................................3-1
3.2.1 display interface
ethernet......................................................................................................................3-14
3.3.4 loopback (AUX Interface
View)..........................................................................................................3-25
3.3.5 mtu (AUX Interface
View)..................................................................................................................3-26
3.4.1 broadcast-limit
link..............................................................................................................................3-27
3.5.6 frame-format (E1 Interface
View)........................................................................................................3-39
Quidway Eudemon 200 Firewall
Copyright © Huawei Technologies Co., Ltd.
xv
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
18/1145
3.6.6 frame-format (CE1 Interface
View).....................................................................................................3-48
3.6.7 loopback (CE1 Interface
View)............................................................................................................3-49
3.6.8 using (CE1 Interface
View)..................................................................................................................3-50
3.7 T1 Interface Configuration
Commands.........................................................................................................3-51
3.7.1 channel-set (T1 Interface
View)...........................................................................................................3-52
3.8.1 channel-set (CT1 Interface
View)........................................................................................................3-59
3.8.2 clock (CT1 Interface
View)..................................................................................................................3-60
3.8.6 frame-format (CT1 Interface
View).....................................................................................................3-64
3.8.7 loopback (CT1 Interface
View)............................................................................................................3-65
3.9 IP Address Configuration
Commands...........................................................................................................3-66
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
19/1145
3.10.20 reset tcp
statistics............................................................................................................................3-101
3.10.21 reset udp
statistics...........................................................................................................................3-102
3.10.22 tcp timer
fin-timeout.......................................................................................................................3-102
3.10.23 tcp timer
syn-timeout.....................................................................................................................3-103
3.11.1 apply
cost..........................................................................................................................................3-106
3.11.2 apply
cost-type.................................................................................................................................3-106
3.11.6 apply
i p-precedence..........................................................................................................................3-110
3.11.7 apply
output-interface......................................................................................................................3-111
3.12.1 apply i p-address next-hop
(multicast)..................................................................................
............3-124
3.12.2 debugging ip
multicast-policy..........................................................................................................3-125
3.12.3 display ip
multicast-policy...............................................................................................................3-126
3.12.4 if-match acl
(multicast)....................................................................................................................3-127
Copyright © Huawei Technologies Co., Ltd.
xvii
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
20/1145
3.13.2 display multicast
forwarding-table...................................................................................................3-132
3.13.3 display multicast
routing-table.........................................................................................................3-133
3.13.4 display multicast
rpf-info.................................................................................................................3-134
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
21/1145
3.16.23
static-rpf-peer.................................................................................................................................3-202
Copyright © Huawei Technologies Co., Ltd.
xix
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
22/1145
3.17.3 display ip routing-table (destination
specified)................................................................................3-207
3.17.4 display ip routing-table
acl...............................................................................................................3-208
3.17.5 display ip routing-table
ip-prefix......................................................................................................3-210
3.17.6 display ip routing-table
protocol......................................................................................................3-211
3.17.7 display ip routing-table
radix...........................................................................................................3-212
3.17.8 display ip routing-table
statistics......................................................................................................3-213
3.17.9 display ip routing-table
verbose.......................................................................................................3-214
3.19.17 dhcp server
forbidden-ip................................................................................................................3-244
3.19.18 dhcp server
ip-pool.........................................................................................................................3-245
Contents
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
23/1145
3.19.25 dhcp server
ping.............................................................................................................................3-253
3.19.26 dhcp server
static-bind...................................................................................................................3-253
3.19.42
nbns-list..........................................................................................................................................3-272
3.19.43
netbios-type....................................................................................................................................3-273
Copyright © Huawei Technologies Co., Ltd.
xxi
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
24/1145
3.21.33 filter- policy import (OSPF
View)...............................................................
...................................3-320 3.21.34 impor t-route
(OSPF
View).............................................................................................................3-321
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
25/1145
3.21.53 router
id..........................................................................................................................................3-339
3.23.2 debugging
pppoe-client....................................................................................................................3-375
Copyright © Huawei Technologies Co., Ltd.
xxiii
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
26/1145
3.24.7 if-match
any......................................................................................................................................3-393
3.24.8 if-match
classifier.............................................................................................................................3-394
3.24.9 if-match
dscp....................................................................................................................................3-395
3.24.10 if-match
inbound-interface.............................................................................................................3-396
3.24.11 if-match
ip-precedence...................................................................................................................3-397
3.24.12 if-match
mac...................................................................................................................................3-398
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
27/1145
Copyright © Huawei Technologies Co., Ltd.
xxv
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
28/1145
3.27.20 fr
dlci..............................................................................................................................................3-471
3.27.35 fr standby group switch
master......................................................................................................
3-486
3.27.37 fr
switch..........................................................................................................................................3-488
3.27.38 fr
switching.....................................................................................................................................3-489
3.27.39 interface
mfr...................................................................................................................................3-490
3.28 HDLC Configuration
Commands.............................................................................................................
3-504
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
29/1145
4.1.1 debugging
vrrp.......................................................................................................................................4-2
4.1.2 display
vrrp.............................................................................................................................................4-3
4.2.1 add interface (VRRP Management Group
View)................................................................................4-11
4.2.2 debugging
vrrp-group...........................................................................................................................4-13
4.2.3 display
vrrp-group................................................................................................................................4-14
4.2.4 triggerdown
interface...........................................................................................................................4-14
4.2.5 vgm p-flash
enable....................................................................................................................
............4-15
4.2.6 vrrp
group.............................................................................................................................................4-16
4.2.7 vrrp-group
enable.................................................................................................................................4-17
4.2.8 vrrp-group
group-send..........................................................................................................................4-18
4.2.9 vrrp-group
manual-preempt.................................................................................................................4-19
Copyright © Huawei Technologies Co., Ltd.
xxvii
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
30/1145
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
31/1145
Table 1-3 Description of the display rsa local-key-pair public
command
output..............................................1-29
Table 1-4 Description of the display rsa peer-public-key
command
output......................................................1-31
Table 1-5 Description of the display ssh server session
command
output.........................................................1-32
Table 1-6 Description of the ssh user-information command
output.................................................................1-33
Table 1-7 Description of the display tcp status command
output......................................................................1-34
Table 1-8 Description of the display user-interface command
output...............................................................1-36
Table 1-9 Description of the display user-interface
maximum-vty command
output........................................1-37
Table 1-10 Description of the display users command
output...........................................................................1-38
Table 1-11 Description of the display firewall
transparent-mode address-table command
output....................1-72
Table 1-12 Description of the display firewall
transparent-mode traffic command
output...............................1-73
Table 1-13 Description of the display ftp-server command
output..................................................................1-102
Table 1-14 Description of the display ftp-users command
output...................................................................
1-103 Table 1-15 Description of the display startup command
output......................................................................
1-105
Table 1-16 Description of the debugging firewall
packet-capture capture command output..........................
1-138
Table 1-17 Description of the debugging firewall
packet-capture send command
output...............................1-138
Table 1-18 Description of the debugging firewall
packet-capture error command output..............................
1-139
Table 1-19 Description of the debugging firewall
packet-capture event command output.............................
1-140
Table 1-20 Description of the display channel command
output.....................................................................1-141
Table 1-21 Description of the display firewall packet-capture
configuration command output......................1-147
Table 1-22 Description of the display firewall packet-capture
queue command output..................................1-149
Table 1-23 Description of the display firewall packet-capture
statistic command output...............................1-150
Table 1-24 Description of the display info-center command
output................................................................1-152
Table 1-25 Description of the display logbuffer command
output..................................................................
1-154
Table 1-26 Description of the display schedule reboot command
output........................................................1-156
Table 1-27 Description of the display trapbuffer command
output.................................................................
1-157
Table 1-28 Definition of eight information
levels............................................................................................1-172
Table 1-29 Description of
date.........................................................................................................................1-174
Table 1-31 Description of the display ntp-service status
command
output......................................................1-197
Table 1-32 Description of the display ntp service trace
command
output.......................................................1-199
Table 1-33 Description of the NTP access
authority........................................................................................1-200
Quidway Eudemon 200 Firewall
Copyright © Huawei Technologies Co., Ltd.
xxix
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
32/1145
Table 1-35 Description of the display snmp-agent community
command
output...........................................1-216
Table 1-36 Description of the display snmp-agent group command
output....................................................1-217
Table 1-37 Description of the display snmp-agent mib-view
command
output..............................................1-218
Table 1-38 Description of the display snmp-agent statistics
command
output................................................1-219
Table 1-39 Description of the display snmp-agent sys-info
command
output.................................................1-221
Table 1-40 Description of the display snmp-agent usm-user
command
output...............................................1-222
Table 2-1 Description of the display ip address-set all
command
output...........................................................2-10
Table 2-2 Description of the display ip port-set all command
output................................................................2-12
Table 2-3 Description of the display time-range all command
output...............................................................2-13
Table 2-4 Description of the display firewall session
aging-time command
output..........................................2-33
Table 2-5 Description of the display firewall session no-pat
command
output.................................................2-36
Table 2-6 Description of the display firewall session table
verbose command
output......................................2-37
Table 2-7 Description of the display nat command
output..............................................................................2-120
Table 2-8 Description of the display accounting-scheme command
output.....................................................2-149
Table 2-9 Description of the display user-car 3 command
output....................................................................2-154
Table 2-10 Description of the display l2tp session command
output...............................................................2-230
Table 2-11 Description of the display l2tp tunnel command
output................................................................2-231
Table 2-12 Description of the display interface tunnel 0
command
output.....................................................2-246
Table 2-13 Description of the addrserver command
output.............................................................................2-253
Table 2-14 Description of the display slb group command
output..................................................................2-255
Table 2-15 Description of the display slb rserver command
output.................................................................2-256
Table 2-16 Description of the display slb vserver command
output................................................................2-257
Table 2-17 Description of the rserver command
output...................................................................................2-261
Table 2-18 Description of the vserver command
output..................................................................................2-264
Table 2-19 Description of the display p2p-car class command
output............................................................2-268
Table 2-20 Description of the display p2p-car statistic class
command
output...............................................2-272
Table 2-21 Description of the display p2p-car statistic class
command
output...............................................2-274
Table 2-22 Description of the debugging right-manager command
output.....................................................2-289
Table 2-23 Description of the display right-manager
online-users command
output......................................2-293
Table 2-24 Description of the display right-manager role-info
command
output............................................2-294
Table 2-25 Description of the display right-manager
server-group command
output.....................................2-296
Table 2-26 Description of the display right-manager statistics
command
output............................................2-297
Table 2-27 Description of the display firewall statistic
ip-car command
output.............................................2-308
Table 2-28 Description of the display source ip monitor table
command
output............................................2-309
Table 3-1 Description of the display interface command
output.........................................................................3-5
Table 3-2 Description of the display ip interface Ethernet
0/0/0 command
output..............................................3-8
Table 3-3 Description of the display interface ethernet
command
output..........................................................3-15
Table 3-4 Description of the display interface
virtual-template command
output.............................................3-29
Table 3-5 Description of the display virtual-access command
output...............................................................3-31
Table 3-6 Description of the display controller e1 command
output.................................................................3-39
Table 3-7 Description of the display controller e1 command
output.................................................................3-47
Tables
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
33/1145
Table 3-8 Description of the display controller t1 command
output..................................................................3-56
Table 3-9 Description of the display controller t1 command
output..................................................................3-63
Table 3-10 Description of the display ip interface Ethernet
0/0/0 command
output..........................................3-68
Table 3-11 Description of the display fib command
output...............................................................................3-79
Table 3-12 Description of the display fib | command
output.............................................................................3-81
Table 3-13 Description of the display fib acl command
output.........................................................................3-82
Table 3-14 Description of the display fib ip-prefix command
output................................................................3-83
Table 3-15 Description of the display fib command
output...............................................................................3-85
Table 3-16 Description of the display fib statistics command
output................................................................3-86
Table 3-17 Description of the display icmp statistic command
output..............................................................3-87
Table 3-18 Description of the display ip interface Ethernet
0/0/0 command
output..........................................3-89
Table 3-19 Description of the display ip socket command
output.....................................................................3-93
Table 3-20 Description of the display ip statistics command
output.................................................................3-94
Table 3-21 Description of the display tcp statistics
output................................................................................3-96
Table 3-22 Description of the display tcp status command
output....................................................................3-99
Table 3-23 Description of the display udp statistics command
output.............................................................3-100
Table 3-24 Description of the display igmp group command
output...............................................................3-146
Table 3-25 Description of the display pim interface command
output............................................................3-167
Table 3-26 Description of the msdp-tracert command
domain........................................................................3-191
Table 3-27 Description of the display ip routing-table command
output.........................................................3-205
Table 3-28 Description of the display ip routing-table
statistics command
output..........................................3-214
Table 3-29 Description of the display ip routing-table verbose
command
output...........................................3-215
Table 3-30 Description of the display arp command
output............................................................................3-224
Table 3-31 Description of the display dhcp relay address
command
output....................................................3-255
Table 3-32 Description of the display dhcp relay statistics
command
output..................................................3-256
Table 3-33 Description of the display dhcp server conflict
command
output..................................................3-258
Table 3-34 Description of the display dhcp server expired
command
output..................................................3-259
Table 3-35 Description of the display dhcp server free-ip
command
output...................................................3-260
Table 3-36 Description of the display dhcp server ip-in-use
command
output................................................3-261
Table 3-37 Description of the display dhcp server statistics
command
output................................................3-262
Table 3-38 Description of the display dhcp server tree command
output........................................................3-264
Table 3-39 Description of the display debugging ospf command
output.........................................................3-298
Table 3-40 Description of the display ospf abr-asbr command
output............................................................
3-299
Table 3-41 Description of the display ospf asbr-summary
command
output...................................................3-300
Table 3-42 Description of the display ospf cumulative command
output........................................................3-303
Table 3-43 Commands included in the display ospf
diagnostic-information
command..................................3-305
Table 3-44 Description of the display interface mp-group
command
output...................................................3-349
Table 3-45 Description of the display ppp mp command
output.....................................................................3-352
Table 3-46 Description of the PPPoE Client debugging switches
type...........................................................
3-375
Table 3-47 Description of the display pppoe-client session
summary command output.................................3-377
Table 3-48 Description of the display pppoe-client session
packet command output.....................................
3-377
Table 3-49 Description of the display traffic behavior command
output.........................................................3-389
Quidway Eudemon 200 Firewall
Copyright © Huawei Technologies Co., Ltd.
xxxi
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
34/1145
Table 3-51 Description of the display rip command
output.............................................................................3-421
Table 3-52 Description of the display fr compress command
output...............................................................3-449
Table 3-53 Description of the display fr dlci-switch command
output............................................................3-451
Table 3-54 Description of the display fr inarp-info command
output..............................................................3-453
Table 3-55 Description of the display fr interface command
output................................................................3-454
Table 3-56 Description of the display fr lmi-info command
output.................................................................3-456
Table 3-57 Description of the display fr map-info command
output...............................................................3-457
Table 3-58 Description of the display fr pvc-info command
output................................................................3-459
Table 3-59 Description of the display fr standby group command
output.......................................................3-460
Table 3-60 Description of the display fr statistics command
output................................................................3-462
Table 3-61 Description of the display fr switch-table command
output..........................................................3-463
Table 3-62 Description of the display interface mfr command
output.............................................................3-464
Table 3-63 Description of the display mfr command
output............................................................................3-467
Table 3-64 Description of the debugging hdlc event command
output............................................................3-506
Table 3-65 Description of the debugging hdlc command
output.....................................................................3-507
Table 4-1 Description of the debugging hrp configuration check
command output..........................................4-26
Table 4-2 Description of the display configuration check acl
command
output................................................4-28
Table 4-3 Description of the hrp configuration check command
error
output...................................................4-32
Table 4-4 Description of the display ip-link command
output...........................................................................4-38
Tables
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
35/1145
Purpose
This document introduces the detailed command information about the
Eudemon 200, including
command function, command format, parameters description, command
views, default level,
usage guidelines, examples, and related commands.
This document describes security defense configuration commands,
internetworking
configuration commands, system management configuration commands,
and reliability
configuration commands of the Eudemon 200 firewall.
Related Versions
The following table lists the product versions related to this
document.
Product Name Version
Eudemon 200 V200R001C03B6
l Network engineers
l Network administrator
Chapter Description
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
36/1145
Chapter Description
3 Internetworking Describes the commands of internetworking.
4 Reliability Describes the commands of reliability.
Symbol Conventions
The symbols that may be found in this document are defined as
follows.
Symbol Description
DANGER
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
WARNING
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
CAUTION
performance degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save
time.
important points of the main text.
General Conventions
The general conventions that may be found in this document are
defined as follows.
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Boldface Names of files, directories, folders, and users are
in
boldface. For example, log in as user root.
Italic Book titles are in italics.
Courier New Examples of information displayed on the screen are
in
Courier New.
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
37/1145
Command Conventions
The command conventions that may be found in this document are
defined as follows.
Convention Description Boldface The keywords of a command line are
in boldface.
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in brackets [ ] are
optional.
{ x | y | ... } Optional items are grouped in braces and separated
by
vertical bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and
separated by
vertical bars. One item is selected or no item is selected.
{ x | y | ... }* Optional items are grouped in braces and separated
by vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]* Optional items are grouped in brackets and
separated by
GUI Conventions
The GUI conventions that may be found in this document are defined
as follows.
Convention Description
are in boldface. For example, click OK .
> Multi-level menus are in boldface and separated by the
">"
signs. For example, choose File > Create >
Folder.
Keyboard Operations The keyboard operations that may be found in
this document are defined as follows.
Format Description
Key Press the key. For example, press Enter and press
Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing
Ctrl+Alt
+A means the three keys should be pressed concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt,
A means
the two keys should be pressed in turn.
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
38/1145
Mouse Operations
The mouse operations that may be found in this document are defined
as follows.
Action Description
Click Select and release the primary mouse button without
moving
the pointer.
quickly without moving the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a certain position.
Updates between document issues are cumulative. Therefore, the
latest document issue contains
all updates made in previous issues.
Updates in Issue 01 (2008-11-15)
Initial commercial release
About This Document
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
39/1145
1.6 Web Management Commands
1.7 NTP Configuration Commands
1.8 SNMP Configuration Commands
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-1
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
40/1145
Function
Using the clock command, you can set the current date
and clock, name of daylight saving time,
start and end time, and local time zone of the Eudemon.
Using the undo clock command, you can restore the
default setting.
Format
offset
undo clock { summer-time |
timezone }
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
41/1145
Parameters
time: specifies the current clock in the format of HH:MM:SS. HH
ranges from 0 to 23, and MM
and SS range from 0 to 59.
date: specifies the current year, month and day in the format of
YYYY/MM/DD. YYYY ranges from 2000 to 2099, MM ranges from 1 to 12,
and DD ranges from 1 to 31.
zone-name: specifies the name of daylight saving time, a
string in a range of 1 to 32 characters.
one-off : sets the daylight saving time for a specific
year.
repeating: sets the daylight saving time for each year since a
specific year.
start-time: sets the beginning time of the daylight saving
time in the format of HH:MM:SS. HH
ranges from 0 to 23, and MM and SS range from 0 to 59.
start-date: sets the beginning date of the daylight saving
time in the format of YYYY/MM/DD.
YYYY ranges from 2000 to 2099, MM ranges from 1 to 12, and DD
ranges from 1 to 31.
end-time: sets the ending time of the daylight saving time in the
format of HH:MM:SS. HH
ranges from 0 to 23, and MM and SS range from 0 to 59.
end-date: sets the ending date of the daylight saving time in the
format of YYYY/MM/DD.
YYYY ranges from 2000 to 2099, MM ranges from 1 to 12, and DD
ranges from 1 to 31.
offset : specifies the time offset of the daylight saving time
compared with UTC time. The value
is in the format of HH:MM:SS.
add: refers to the added time compared with UTC time.
minus: refers to the minus time compared with UTC time.
Views
Usage Guidelines
In the application environment where absolute time is strictly
required, the current date and clock
of the Eudemon must be set. The input time parameter may not
include second.
The range of YYYY is 1993 to 2035 for some non-Huawei devices. If
you use both the devices
of Huawei and non-Huawei, the range is recommended to set to 2000
to 2035.
You can use the display clock command to view the setting after it
is valid. In addition, the
message time such as log time and debug time adopts the local time
adjusted by the time zone
and daylight saving time.
# Set the current date of the Eudemon to 0:0:0 01/01/2001.
<Eudemon> clock datetime 0:0:0 2001/01/01
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-3
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
42/1145
Related Topics
Function
Using the command-privilege command, you can set the command
level of the specified view.
Using the undo command-privilege command, you can remove the
configured command level.
By default, the ping, tracert, and telnet commands are of the
visit level (0). The display
command is the monitoring level (1). Most configuration commands
are of the configuration
level (2). After promotion, the command level is 10. The command to
configure the user key,
debugging commands, FTP commands, XModem commands, and file system
operation
commands are of the management level (3).
CAUTION
Format
undo command-privilege view view command
Parameters
level level : specifies the precedence of a command. The
value ranges from 0 to 3.
view view: specifies the view name.
command : specifies the command to be configured. You can
specify multiple commands in one
command.
Views
Usage Guidelines
The commands are divided into four levels, that is, visit,
monitoring, configuration, and
management, identified as 0 to 3 respectively.An administrator can
authorize the users as
required to enable them to operate in the corresponding view. A
login user can operate the
commands according to the authorizations corresponding to the user
name or user interface. If these two privileges conflict with
each other, the one corresponding to the user name is
adopted.
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
43/1145
<Eudemon> system-view
1.1.3 display clock
Function
Using the display clock command, you can display the
current date and clock of the system.
Format
Usage Guidelines
Using this command, you can adjust whether there is any mistake in
the system time and modify
the time in time.
<Eudemon> display clock
Summer-Time : test repeating 12:11:00 2008/06/20 18:00:00
2008/06/21 01:00:00
Table 1-1 Description of the display clock command
output
Item Description
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-5
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
44/1145
Related Topics
1.1.1 clock
Function
Using the display history-command command, you can see the
history command saved on the
terminal devices.
By default, 10 latest commands are displayed.
The terminal automatically saves the history commands entered by
the user, that is, records any
keyboard entry of the user with Enter as the unit. In this
case, the users can view the saved
history commands by the display history-command command.
CAUTION
l
The saved history commands are the same as that are input by users.
For example, if the user inputs an incomplete command, the
saved command also is incomplete.
l If the user executes the same command for several times, the
command earliest executed is
saved. If the same command is output in different forms, they are
considered as different
commands.
Examples
<Eudemon> display history-command display
interface
display interface Ethernet 1/0/0 interface Ethernet 1/0/0
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
45/1145
Related Topics
Function
Using the display hotkey command, you can display the
predefined, undefined and reserved
shortcut keys.
1: Monitoring level
Usage Guidelines The shortcut key can be typed where you input the
command and the system displays the
command on the screen.
<Eudemon> display hotkey ----------------- HOTKEY
-----------------
CTRL_O undo debug all
=Undefined hotkeys= Hotkeys Command
CTRL_T NULL
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line. CTRL_B
Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character.
CTRL_E Move the cursor to the end of the current line. CTRL_F Move
the cursor one character right.
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-7
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
46/1145
CTRL_K Kill outgoing connection.
CTRL_N Display the next command from the history buffer. CTRL_P
Display the previous command from the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the clipboard.
CTRL_W Delete the word left of the cursor. CTRL_X Delete all
characters up to the cursor.
CTRL_Y Delete all characters after the cursor.
CTRL_Z Return to the user view.
CTRL_] Kill incoming connection or redirect connection. ESC_B Move
the cursor one word back.
ESC_D Delete remainder of word.
ESC_F Move the cursor forward one word. ESC_N Move the cursor down
a line.
ESC_P Move the cursor up a line.
ESC_< Specify the beginning of clipboard.
ESC_> Specify the end of clipboard.
Table 1-2 Description of the display hotkey command
output
Item Description
CTRL+G Displays the current configuration.
CTRL+L Display the IP routing table.
CTRL+O Cancels outputting all debugging information.
Undefined hotkeys Indicates the undefined hot keys.
CTRL+T Undefined.
CTRL+U Undefined.
System hotkeys Indicates the system-reserved shortcut keys.
CTRL+A Moves the cursor to the beginning of current line.
CTRL+B Moves the cursor one character left.
CTRL+C Stops the current operation.
CTRL+D Deletes the character the cursor currently points.
CTRL+E Moves the cursor to the end of the current line.
CTRL+F Moves the cursor one character right.
CTRL+H Deletes the character to the left of the cursor.
CTRL+K Stops setting up connection.
CTRL+N Displays the next command in the history command
buffer.
CTRL+P Displays the previous command in the history command
buffer.
CTRL+R Redisplays the current line.
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
47/1145
Item Description
CTRL+V Pastes the text from the clipboard.
CTRL+W Deletes the character to the left of the cursor.
CTRL+X Deletes all the characters to the left of the cursor.
CTRL+Y Deletes all the characters to the right of the cursor.
CTRL+Z Return to the user view.
CTRL+ ] Cuts off the incoming connection or redirects the
connection.
ESC+B Moves the cursor one word left.
ESC+D Deletes.
Function
Using the display version command, you can display the system
version.
Format
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-9
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
48/1145
Usage Guidelines
By viewing the version information, you can get the information
about the current software
version, frame type, the active control board and the interface
board.
Examples <Eudemon> display version Huawei Versatile
Routing Platform Software Software Version: Firewall
V200R001C03B61b (VRP (R) Software, Version 3.30)
Copyright (c) 2007-2008 Huawei Technologies Co., Ltd.
Quidway E200 Firewall uptime is 0 week(s), 0 day(s), 0 hour(s), 1
minute(s)
Rpu's version information:
256M bytes SDRAM
Pcb Version : VER.B
1.1.7 header
Using the header command, you can enable displaying the
title.
Using the undo header command, you can disable displaying the
title.
Format header { login | shell } { information
text | file file-name }
undo header { login | shell }
shell: indicates the user session title.
information: indicates the title information.
text : specifies the contents of the title. The value is in
the range of 1 to 220 characters.
file: specifies the contents of the file with the indicated file
name.
file-name: specifies the file name used by the title, the
length of which is 5 to 64 characters. The
title file cannot be more than 128 KB, otherwise the part of more
than 128 KB is not displayed.
Views
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
49/1145
Usage Guidelines
When a user logs in to the firewall through the terminal line, the
firewall prompts the related
messages to the user by setting title attribute. After the terminal
connection is activated, the
login title is transmitted to the terminal. If the user
successfully logs in, the shell title is displayed.
The first English character is used as the initial and end
character of the text. After the user enters
the end character, the system automatically exits from the
interactive process.
To exit from the interactive process, as long as the initial and
the end of the text are the same
English character, just press Enter.
Examples
<Eudemon> system [Eudemon] header shell
information %
info:input banner text, and quit with the character '%'.
SHELL : Hello! Welcome use NetEngine%
[Eudemon] quit <Eudemon>
Username:Eudemon Password:******
SHELL : Hello! Welcome use NetEngine Note: The max number of VTY
users is 5, and the current number
of VTY users on line is 2.
# Specify the file to be used as login title.
<Eudemon> system-view [Eudemon] header login file
flash:/header-file.txt
1.1.8 hotkey
Function
Using the hotkey command, you can correlate a command line
with the shortcut keys.
Using the undo hotkey command, you can restore the
default.
Format
Parameters
CTRL_G: specifies a command for the shortcut keys CTRL+G.
CTRL_L: specifies a command for the shortcut keys CTRL+L.
CTRL_O: specifies a command for the shortcut keys CTRL+O.
CTRL_T: specifies a command for the shortcut keys CTRL+T.
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-11
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
50/1145
CTRL_U: specifies a command for the shortcut keys CTRL+U.
command-text : specifies the command line correlated with the
shortcut keys.
Views System view
Usage Guidelines
By default, the system specifies only CTRL_G, CTRL_L and CTRL_O to
correspond to certain
commands.
l CTRL_G corresponds to display current-configuration (used to
display current
configuration)
l CTRL_L corresponds to display ip routing-table (used to
display routing table
information)
l CTRL_O corresponds to undo debugging all (used to disable
the overall debugging
function that is disable the output of all debugging
information)
You can change the definitions of shortcut keys on your
demand.
Examples
# Correlate the display tcp status command with the shortcut
keys CTRL_G.
<Eudemon> system-view [Eudemon] hotkey ctrl_g display
tcp status [Eudemon] display hotkey ----------------- HOTKEY
-----------------
=Defined hotkeys=
CTRL_L display ip routing-table
CTRL_O undo debug all
=Undefined hotkeys=
Hotkeys Command
CTRL_T NULL
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line. CTRL_B
Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character. CTRL_E Move the cursor to the end
of the current line.
CTRL_F Move the cursor one character right.
CTRL_H Erase the character left of the cursor.
CTRL_K Kill outgoing connection. CTRL_N Display the next command
from the history buffer.
CTRL_P Display the previous command from the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the clipboard. CTRL_W Delete the word left
of the cursor.
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
51/1145
CTRL_Y Delete all characters after the cursor.
CTRL_Z Return to the user view. CTRL_] Kill incoming connection or
redirect connection.
ESC_B Move the cursor one word back.
ESC_D Delete remainder of word.
ESC_F Move the cursor forward one word. ESC_N Move the cursor down
a line.
ESC_P Move the cursor up a line.
ESC_< Specify the beginning of clipboard.
ESC_> Specify the end of clipboard.
Related Topics
1.1.9 language-mode
Function Using the language-mode command, you can change the
language mode of the command line
interface.
Format
chinese: changes the language mode of the system to Chinese.
english: changes the language mode of the system to English.
Views
By default, the language mode of the system is English.
After the system switches to Chinese mode, the prompts and echo
messages of the command
line on the system interface are displayed in Chinese.
Examples
<Eudemon> language-mode chinese Change language mode,
confirm? [Y/N] y
1.1.10 lock (User View)
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-13
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
52/1145
Function
Using the lock command, you can lock the current user
interface so as to prevent the unauthorized
users from operating on the terminal interface.
Format
lock
Parameters
None
Views
User interface includes console interface, AUX interface, and
VTY.
After you enter the command lock , the system prompts
inputting password. After you confirm
the password again, the system prompts that Lock succeeds. If you
want to enter the system
again, you must press Enter and input the correct
password.
Examples
# A user logs in from the Console port and locks the current user
interface.
<Eudemon> lock
Passwordxxxx
Againxxxx
locked !
# The user can press Enter to log in to the system after a while.
The following prompt displays:
Password:
Function
Using the quit command, you can quit the current view and
enter a view with a lower level. If the current view is the
user view, this command makes you exit from the system.
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
53/1145
Usage Guidelines
All the command modes are divided into three levels, which are as
follows from the lowest to
the highest:
l Interface view and AAA view
Examples
# Return to the system view from the interface view and then return
to the user view. <Eudemon> system-view
[Eudemon] interface Ethernet 0/0/0
[Eudemon-Ethernet0/0/0] quit [Eudemon] quit
<Eudemon>
Related Topics
1.1.16 system-view
1.1.12 return
1.1.12 return
Function
Using the return command, you can return to the user view from
other views except user view.
Format
return
Parameters
None
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-15
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
54/1145
Usage Guidelines
The shortcut key for the return command is Ctrl+Z.
Examples
[Eudemon] return<Eudemon>
Function
Using the super command, you can change the user's current
level.
User level indicates the type of the login user. There are 4 user
levels. Different from the use of
command level, a login user can only use the commands with the
levels no higher than the user
level.
Format
Parameters
level : specifies the user level. The value ranges from 0 to
15. By default, the level is 3.
Views
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
55/1145
l Visit level: Refers to network diagnosis tool commands (such as
ping and tracert), and
external commands (including Telnet client, SSH client and RLOGIN).
Saving
configuration file is not allowed on this level of commands.
l Refers to commands of this level, including the display command
and the debugging
command, which are used for system maintenance, service fault
diagnosis. Saving the configuration file is not allowed on this
level of commands.
l Configuration level: Refers to service configuration commands,
including routing
command and commands on each network layer, which are used to
provide direct network
service to the user.
l Management level: Refers to commands that affect the basic
operation of the system and
system support module, which plays a supporting role on service.
Commands of this level
involve file system commands, FTP commands, TFTP commands, XModem
downloading
commands, configuration file switching commands, power supply
control commands,
standby control commands, user management commands, and level
setting commands, and
internal parameter setting commands (not stipulated by protocols
and by RFC).
In order to prevent unauthorized users from illegal intrusion, user
ID authentication is performed when users at a lower level switch
to users at a higher level. In other word, the super
password of the higher level is needed. If no password is set,
the error prompts.
For the sake of confidentiality, the password that the user entered
is not shown on the screen.
Only when correct password is input for three times, can the user
switch to the higher level.
Otherwise, the original user level remains unchanged.
Examples
<Eudemon> super 3 Password:
Now user privilege is 3 level, and only those commands whose level
is equal to or less than this level can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
Related Topics
Function
Using the super password command, you can set the password for
changing the user from a
lower level to a higher level.
Using the undo super password command, you can cancel the
current settings.
Format
undo super password [ level user-level ]
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-17
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
56/1145
Parameters
level user-level : specifies the user level. The value
ranges from 1 to 15. By default, the password
for the user is set to Level 3.
simple: indicates the password in the plain text.
cipher: indicates the password in the encrypted text.
password : If it is in the form of simple, it must be in
the plain text, ranging from 1 to 16 characters.
If it is in the form of cipher, it can be either in the encrypted
text with 24 characters such as
(TT8F ] Y\5SQ=^Q`MAF4<1!! or in the plain text with 1 to 16
characters such as 1234567.
Views
Usage Guidelines
Input the password in plain text during the authentication no
matter the configuration is plain
text or encrypted text.
CAUTION
If simple is selected, the password is saved into the
configuration files in the plain text. Some
users at a lower level then can easily get the switch password
through viewing the configuration
files. In such a case, the network security cannot be guaranteed.
It is suggested to select
cipher to save the password in the cipher text.
After a password is set by using cipher option, the password
cannot resume in the system. Do
not lose and forget the super password.
Examples
# Set the user at a lower level to input the password "abcd" when
switching to level 3.
<Eudemon> system-view [Eudemon] super password
level 3 cipher abcd
Related Topics
1.1.13 super
1.1.15 sysname
Function
Using the sysname command, you can set the host name of the
firewall.
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
57/1145
sysname host-name
Parameters host-name: specifies the host name. It is a string of 1
to 30 characters.
Views
By default, the host name of the firewall is Eudemon.
Modifying the host name of the firewall affects the prompt of
command line interface. If the
host name of the Eudemon is "Eudemon", the prompt in the user view
is <Eudemon>.
Examples
<Eudemon> system-view
Function
Using the system-view command, you can enter the system view
from the user view.
Format
system-view
Parameters
None
Views
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-19
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
58/1145
Default Level
2: Configuration level
Usage Guidelines The user enters the user view when the user logs
in for the first time.
Examples
# Enter the system view from the user view.
<Eudemon> system-view Enter system view, return user
view with Ctrl+Z.
[Eudemon]
1.2.1 acl
1.2.2 authentication-mode
1.2.9 display rsa peer-public-key
1.2.10 display ssh server
1.2.12 display tcp
1.2.13 display user-interface
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
59/1145
1.2.19 idle-timeout
1.2.43 ssh user authentication-type
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-21
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
60/1145
Function
Using the acl command, you can restrict inbound and outbound
authorities for VTY user
interfaces (Telnet and SSH) through referencing ACL.
Using the undo acl command, you can cancel the current
settings.
By default, the incoming and outgoing calls are not
restricted.
Format
Parameters
acl-number : specifies the number of an access control list
(ACL). The value ranges from 2000
to 3999.
Views
Usage Guidelines
The command can be used to restrict the source address by the basic
ACL and restrict the
destination address by the advanced ACL.
Examples
<Eudemon> system-view [Eudemon] user-interface vty 0
[Eudemon-ui-vty0] acl 2000 outbound
# Remove the restriction on Telnet outgoing call on the user
interface VTY0.
<Eudemon> system-view [Eudemon] user-interface vty 0
[Eudemon-ui-vty0] undo acl outbound
1.2.2 authentication-mode
Function
Using the authentication-mode command, you can set the
authentication mode for logging into the user interface.
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
61/1145
Using the undo authentication-mode command, you can restore
the default authentication
mode.
By default, the authentication method for the user interface of VTY
type is password, and the
logging in to other user interfaces needs no authentication.
Format
undo authentication-mode
password: specifies the local password authentication.
local: specifies the local username and password
authentication.
user username: specifies the local username. It is a string of
1 to 16 characters.
password password : specifies the local password.
It is a string of 1 to 16 characters.
Views
Usage Guidelines
When AAA authentication is applied to the local user, the command
level accessible after the
user logs in to the Eudemon depends on the priority of the local
user of AAA configuration.
If the password authentication or non-authentication is configured,
the level of the command
that a user can access is determined by the priority of the user
interface after the user logs in to
the system.
<Eudemon> system-view [Eudemon] user-interface console 0
[Eudemon-ui-console0] authentication-mode password
[Eudemon-ui-console0] set authentication password simple
huawei
Related Topics
1.2.47 user-interface
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-23
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
62/1145
Function
Using the auto-execute command command, you can set the
automatically executed command.
Using the undo auto-execute command command, you can remove
the automatically executed
command.
Format
Views
CAUTION
Make sure that you can log in to the system by other means to
remove the configuration before
configuring auto-execute command command and saving the
configuration.
By default, the command cannot be automatically executed.
There are the following restrictions while using the auto-execute
command command:
l If there is only one Console port or one AUX port on the
firewall, the port does not support auto-execute command.
l If there are one Console port and one AUX port (two ports in
total) on the firewall, then
the Console port does not support auto-execute command while the
AUX port support.
l There is no restriction on other types of user interfaces.
Commands configured through auto-execute command are
automatically executed when the
user logs on. The user interface disconnects automatically after
the completion of this command.
Usually, the telnet command configured through auto-execute
command at the terminal user
interface enables the user to be connected with the designated host
automatically.
Be careful to use this command, for it results in the terminal,
fails to perform routineconfiguration with the system.
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
63/1145
Examples
# The telnet 10.110.100.1 command is run automatically after
the user logs on from the VTY
0 port.
Related Topics
1.2.47 user-interface
1.2.4 databits
Function
Using the databits command, you can set user interface data
bit.
Using the undo databits command, you can restore the default
data bit.
Format
Views
By default, the data bit is 8 bits.
Do not use this command generally, if changed the user interface
data bit, the hyper terminal
must be set the same data bit when users log on.
The configuration is effective only when the serial interface works
in the asynchronous
interactive mode.
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-25
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
64/1145
1.2.5 debugging rsa
Function
Using the debugging rsa command, you can send the debugging
information containing the
process of RSA and packet architecture to the information
center, and debug a certain user
interface.
Using the undo debugging rsa command, you can disable the
debugging.
Format
Examples # Enable RSA debugging.
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
65/1145
Function
Using the debugging ssh server command, you can send the
debugging information containing
the negotiation process stipulated by SSH1.5 protocol to the
information center, and debug a
certain user interface.
Using the undo debugging ssh server command, you can disable
the debugging.
Format
undo debugging ssh server { vty index |
all }
Parameters
index: specifies the debugged SSH channel whose value depends on
the number of VTY. By
default, the value ranges from 0 to 4.
all: refers to all SSH channels.
Views
Examples
# Print debugging information in running SSH.
<Eudemon> debugging ssh server vty 0 00:23:20: SSH0: starting
SSH control process
00:23:20: SSH0: sent protocol version id SSH-1.5-Eudemon-1.25
00:23:20: SSH0: protocol version id is - SSH-1.5-1.2.26
00:23:20: SSH0: SSH_SMSG_PUBLIC_KEY msg
00:23:21: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished 00:23:21: SSH: RSA decrypt
started
00:23:21: SSH: RSA decrypt finished
Related Topics
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-27
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
66/1145
Function
Using the debugging telnet command, you can enable the
debugging on Telnet.
Using the undo debugging telnet command, you can disable the
debugging.
Format
Examples
Function
Using the display rsa local-key-pair public command, you can
display the public key in the
local key pair. If no key is generated, the system prompts "RSA
keys not found."
Format
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
67/1145
Usage Guidelines
When configuring the firewall, you can run this command on the
client and copy the client public
key from the echo message to the RSA public key on the SSH
server.
Examples
<Eudemon> display rsa local-key-pair public
=====================================================
Key name: Eudemon_Host
Key code:
3047 0240
19616B29 7D347D6E E80A499C 573BABED 6841772C
44FE5117
0203
010001
Key name: Eudemon_Server
Key code:
3067 0260
1C4F9691 49D47201 62AF5908 CCD89328 A1265BFB AFDC78BF
1D133CF0 E7C9719E 1A16E59C AE6A8C8E
4B71841D DAA9E294 040092E0 CC244BA3 0203
010001
Table 1-3 Description of the display rsa local-key-pair public
command output
Item Description
Time of Key pair created Time when the public key is
generated
Key name Name of the public key
Key type Type of the public key
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-29
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
68/1145
Related Topics
Function
Using the display rsa peer-public-key command, you can display
the specified RSA public
key. If no public key is specified, all public keys are
displayed.
Format
display rsa peer-public-key [
brief | name keyname ]
Parameters brief : displays the brief information about all
the remote public keys.
name keyname: specifies the key name to be displayed. It is a
string of 1 to 30 characters.
Views
Usage Guidelines
Using this command, you can view detailed information about all
public keys or a specified
public key.
# Display the detailed information about all the RSA public
keys.
<Eudemon> display rsa peer-public-key Address Bits Name
1023 abcd
1024 hq
1024 wn1
1024 hq_all
<Eudemon> display rsa peer-public-key name rsakey001
===================================== Key name:
rsakey001
Key address:
7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E
B0D1F52D 045DE408 61B74A0E 135523CC D74CAC61 F8E58C45
2B2F3F2D A0DCC48E 3306367F E187BDD9
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
69/1145
0201
25
Table 1-4 Description of the display rsa peer-public-key
command output
Item Description
Key address Brief information about the public key
Function
Using the display ssh server command, you can display the
configuration and current session
of the SSH server.
Parameters
Views
SSH connection timeout : 60 seconds
SSH server key generating interval : 1 hours SSH Authentication
retries : 3 times
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-31
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
70/1145
# Display the current session of the SSH server.
<Eudemon> display ssh server session Conn Ver Encry
State retry Username VTY0 1.5 DES started 3 Eudemon
Table 1-5 Description of the display ssh server session
command output
Item Description
Ver Protocol version of the SSH session
Encry Name of the encryption algorithm
State Status of the SSH session
retry Number of retry times of establishing the SSH session
User-name User name of the SSH server
Using the display ssh user-information command, you can
display the configuration of the
SSH user.
Parameters
user-name: specifies a valid SSH user name defined by AAA. It is a
string of 1 to 64 characters.
Views
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
71/1145
Usage Guidelines
If no user name is specified in the command, the configuration of
all the SSH users are displayed.
Using this command, you can view information about the SSH user,
including the user name,
password, bound RSA public key, and service type.
Examples
<Eudemon> display ssh user-information Username
authentication-type user-public-key-name
Jin rsa key001
Table 1-6 Description of the ssh user-information command
output
Item Description
authentication-type Authentication mode of SSH users
user-public-key-name Peer RSA public key assigned to SSH
users
1.2.43 ssh user authentication-type
Function
Using the display tcp status command, you can view and monitor
TCP connections at any time.
Using the display tcp statistics command, you can view the
statistics of the TCP traffic.
Format
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-33
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
72/1145
Default Level
Usage Guidelines
Compared with the 1.2.15 display users command, the display
tcp status command can be
used to display more information about Telnet client and
server.
The display information of the display tcp status command
includes:
l Local address of TCP connection
l Local port number
The display information of the display tcp statistic command
includes:
l Statistics of received data
l Statistics of sent data
l Timeout times of the retransmission timer and the keepalive
timer
l Times for initiating connections
l The number of disconnected connections
l The number of dropped packets during MD5 authentication
l The number of passed packets during MD5 authentication
Examples
# Display all TCP connections with the Eudemon.
<Eudemon> display tcp status TCPCB Local Add:port Foreign
Add:port State 04c067a4 0.0.0.0:22 0.0.0.0:0 Listening
04c06564 0.0.0.0:23 0.0.0.0:0 Listening
Table 1-7 Description of the display tcp status command
output
Item Description
Local
Add:port
Local IP address of TCP connection and local port number.
Foreign
Add:port
Remote IP address of TCP connection and remote port number.
1 System Management
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
73/1145
Item Description
l Closed: indicates that the connection is closed.
l Listening: indicates that the connection is being
monitored.
l Syn_Rcvd: indicates that a SYN packet is received.
l Established: indicates that the connection has been set up.
l Close_Wait: The user sends a FIN packet to the server to close
the
connection in the Established status. The server then sends an ACK
packet
to the user after receiving the FIN packet and changes to the
Cloase_Wait
status.
l Fin_Wait1: The user changes to this status after sending an FIN
packet to
the server to close the connection.
l Fin_Wait2: The user changes to this status after receiving an ACK
packet
that responds to the sent FIN packet.
l Time_Wait: TCP enters this status after a connection is closed.
When it
keeps this status as two times long as the lifetime of the longest
packets,
the records about the closed connection are cleared.
Function
Using the display user-interface command, you can display the
information about the user
interface.
Format
Parameters
ui-number1: specifies the relative user interface ID.
ui-number : specifies the absolute user interface ID. The
minimum value is 0. The maximum
value is smaller by 1 than the number of the user interfaces that
the system supports. Different
devices support different number of user interfaces.
summary: introduces the user interface briefly.
Quidway Eudemon 200 Firewall
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-35
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
74/1145
Usage Guidelines
Using the command, you can view the authentication mode on the user
interface.
Examples
# Display the details on the user interface with the absolute ID as
0.
<Eudemon> display user-interface 0 Idx Type Tx/Rx
Modem Privi Auth
* 0 CON 0 9600 3 N
* : Current user-interface is active. I : Current
user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface. Auth : The
authentication mode of user-interface.
A: Authenticate use AAA.
N: Current user-interface need not authentication. P:
Authenticate use current UI's password.
Table 1-8 Description of the display user-interface command
output
Item Description
* The current user interface is active.
I The current user interface is active and works in the
asynchronous mode.
Idx The absolute ID of the user interface.
Type The type and relative ID of the user interface.
Privi Privilege of the user interface.
Auth Authorization mode of the user interface.
A Adopts AAA to authenticate users.
N The current user interface need not be authenticated.
Issue 01 (2008-11-15)
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
75/1145
Function
Using the display user-interface maximum-vty command, you can
view the maximum number
of VTY user interfaces.
Usage Guidelines
You can modify the maximum number of VTY user interfaces as
required.
Examples
<Eudemon> display user-interface maximum-vty Maximum of VTY
user : 15
Table 1-9 Description of the display user-interface
maximum-vty command output
Item Description
1.2.15 display users
Function
Using the display users command, you can display the login
user information on each interface.
Format
Issue 01 (2008-11-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-37
http://slidepdf.com/reader/full/quidway-eudemon-200-firewall-manual
76/1145
Parameters
all: display the information of the user who logs on in the user
view.
Views All views
Usage Guidelines
Using this command, you can view information about the users that
access the current
firewall, including the user names, addresses, authentication and
authorization.
Examples
# Use the display users command on the Console.
<Eudemon> display users User-Intf Delay Type Ipaddress
Username + 0 CON 0 00:00:00
146 VTY 0 00:01:37 TEL 3.3.3.101 zhangsan
147 VTY 1 00:00:06 TEL 3.3.3.101 123456789
Table 1-10 Description of the display users command
output
Item Description
+ Terminal line in use.
User-Intf Number in the first column indicates the absolute number
of user interface
and that in the second column indicates the relative number of user
interface.
Delay Interval from the last input by the user till now, in
seconds.
Type Connection type includes Telnet, Console, SSH.
IPaddress IP address of the starting host in connection.
LOAD MORE