1. Home
    2. /
  2. Manuals
    3. /
  3. Netopia
    4. /
  4. Netopia-3000
    5. /
  5. 29
Page 141 / 161 Scroll up to view Page 136 - 140
141
Appendix A
CONFIG Commands
Command Line Interface Preference Settings
You can set command line interface preferences to customize your environment.
Specifies whether you want command help and prompting information dis-
played. By default, the command line interface verbose preference is turned off. If
you turn it on, the command line interface displays help for a node when you
navigate to that node.
Specifies how many lines of information you want the command line interface to
display at one time. The lines argument specifies the number of lines you want to
see at one time. By default, the command line interface shows you 16 lines of text
before displaying the prompt:
More …[y|n] ?
.
If you enter 0 for the lines argument, the command line interface displays infor-
mation as an uninterrupted stream (which is useful for capturing information to a
text file).
Port Renumbering Settings
If you use NAT pinholes to forward HTTP or telnet traffic through your Cayman
Gateway to an internal host, you must change the port numbers the Cayman
Gateway uses for its own configuration traffic. For example, if you set up a NAT
pinhole to forward network traffic on Port 80 (HTTP) to another host, you would
have to tell the Cayman Gateway to listen for configuration connection requests
on a port number other than 80, such as 6080.
After you have changed the port numbers the Cayman Gateway uses for its con-
figuration traffic, you must use those port numbers instead of the standard num-
bers when configuring the Cayman Gateway. For example, if you move the
router's Web service to port “6080” on a box with a DNS name of “superbox”,
you would enter the URL
http://superbox:6080
in a Web browser to open the
Cayman Gateway graphical user interface. Similarly, you would have to configure
your telnet application to use the appropriate port when opening a configuration
connection to your Cayman Gateway.
Specifies the port number for HTTP (web) communication with the Cayman
Gateway. Because port numbers in the range 0-1024 are used by other protocols,
you should use numbers in the range 2000-32767 when assigning new port
numbers to the Cayman Gateway web configuration interface.
BOTH
set preference verbose { on | off }
set define verbose { on | off }
BOTH
set preference more
lines
set define more
lines
BOTH
set servers web-http [ 0 - 32767 ]
Downloaded from
www.Manualslib.com
manuals search engine
Page 142 / 161
142
Appendix A
CONFIG Commands
Specifies the port number for telnet (CLI) communication with the Cayman Gate-
way. Because port numbers in the range 0-1024 are used by other protocols, you
should use numbers in the range 2000-32767 when assigning new port numbers
to the Cayman Gateway telnet configuration interface.
Security Settings
Security settings include the Firewall and IPSec parameters. All of the security
functionality is keyed.
Firewall Settings (for BreakWater Firewall).
The 3 settings for BreakWater are discussed in detail on
page 69
.
SafeHarbour IPSec Settings
SafeHarbour VPN is a tunnel between the local network and another geographi-
cally dispersed network that is interconnected over the Internet. This VPN tunnel
provides a secure, cost-effective alternative to dedicated leased lines. Internet Pro-
tocol Security (IPsec) is a series of services including encryption, authentication,
integrity, and replay protection. Internet Key Exchange (IKE) is the key manage-
ment protocol of IPsec that establishes keys for encryption and decryption.
Because this VPN software implementation is built to these standards, the other
side of the tunnel can be either another Cayman unit or another IPsec/IKE based
security product. For VPN you can choose to have traffic authenticated,
encrypted, or both.
When connecting the Cayman unit in a telecommuting scenario, the corporate
VPN settings will dictate the settings to be used in the Cayman unit. If a parame-
ter has not been specified from the other end of the tunnel, choose the default
unless you fully understand the ramifications of your parameter choice.
This enables Network Address Translation (NAT) over the SafeHarbour tunnel.
Turns on the SafeHarbour IPsec tunnel capability.
The name of the tunnel can be quoted to allow special characters and embedded
spaces.
BOTH
set servers telnet-tcp [ 0 - 32767 ]
BOTH
set ip security firewall option (ClearSailing)
{ClearSailing | SilentRunning | LANdLocked}
BOTH
set security ipsec nat-enable (off) {on | off}
BOTH
set security ipsec option (off) {on | off}
BOTH
set security ipsec tunnels name "123"
Downloaded from
www.Manualslib.com
manuals search engine
Page 143 / 161
143
Appendix A
CONFIG Commands
This enables this particular tunnel. Currently, one tunnel is supported.
Specifies the IP address of the destination gateway.
Specifies the IP address of the destination computer or internal network.
Specifies the subnet mask of the destination computer or internal network. The
subnet mask specifies which bits of the 32-bit IP address respresents network
information. The default subnet mask for most networks is 255.255.255.0 (class C
subnet mask).
See
page 73
for details about SafeHarbour IPsec tunnel capability.
See
page 73
for details about SafeHarbour IPsec tunnel capability.
See
page 73
for details about SafeHarbour IPsec tunnel capability.
See
page 73
for details about SafeHarbour IPsec tunnel capability.
Example:
0x1234
)
See
page 73
for details about SafeHarbour IPsec tunnel capability.
Note:
Aggressive Mode
is a little faster, but it does not provide identity protection
for negotiations nodes.
BOTH
set security ipsec tunnels name "123" tun-enable
(on) {on | off}
BOTH
set security ipsec tunnels name "123" dest-ext-address
ip-address
BOTH
set security ipsec tunnels name "123" dest-int-network
ip-address
BOTH
set security ipsec tunnels name "123" dest-int-netmask
netmask
BOTH
set security ipsec tunnels name "123" encrypt-protocol
(ESP) { ESP | none }
BOTH
set security ipsec tunnels name "123" auth-protocol
(ESP) {AH | ESP | none}
BOTH
set security ipsec tunnels name "123" IKE-mode
pre-shared-key-type (hex) {ascii | hex}
BOTH
set security ipsec tunnels name "123" IKE-mode
pre-shared-key ("") {hex string}
BOTH
set security ipsec tunnels name "123" IKE-mode
neg-method (main) {main | aggressive}
Downloaded from
www.Manualslib.com
manuals search engine
Page 144 / 161
144
Appendix A
CONFIG Commands
See
page 73
for details about SafeHarbour IPsec tunnel capability.
See
page 73
for details about SafeHarbour IPsec tunnel capability.
See
page 73
for details about SafeHarbour IPsec tunnel capability.
See
page 73
for details about SafeHarbour IPsec tunnel capability.
Internet Key Exchange (IKE) Settings
The following four IPsec parameters configure the rekeying event.
The
soft
parameters designate when the system negotiates a new key. For
example, after 82800 seconds (23 hours) or 1 Gbyte has been transferred
(whichever comes first) the key will be renegotiated.
The
hard
parameters indicate that the renegotiation must be complete or the
tunnel will be disabled. For example, 86400 seconds (24 hours) means that
the renegotiation must be complete within one day.
Both ends of the tunnel set parameters, and typically they will be the same. If they
are not the same, the rekey event will happen when the longest time period
expires or when the largest amount of data has been sent.
BOTH
set security ipsec tunnels name "123" IKE-mode
DH-group (1) { 1 | 2 | 5}
BOTH
set security ipsec tunnels name "123" IKE_mode
isakmp-SA-encrypt (DES) {DES | 3DES | Blowfish | CAST}
BOTH
set security ipsec tunnels name "123" isakmp-SA-hash
(MD5) {MD5 | SHA1}
BOTH
set security ipsec tunnels name "123"PFS-DH-group
(off) {off | 1 | 2 | 5 }
BOTH
set security ipsec tunnels name "123" IKE-mode
ipsec-soft-mbytes (1000) {1-1000000}
BOTH
set security ipsec tunnels name "123" IKE-mode
ipsec-soft-seconds (82800) {60-1000000}
BOTH
set security ipsec tunnels name "123" IKE-mode
ipsec-hard-mbytes (1200) {1-1000000}
BOTH
set security ipsec tunnels name "123" IKE-mode
ipsec-hard-seconds (86400) {60-1000000}
Downloaded from
www.Manualslib.com
manuals search engine
Page 145 / 161
145
Appendix A
CONFIG Commands
SNMP Settings
The Simple Network Management Protocol (SNMP) lets a network administrator
monitor problems on a network by retrieving settings on remote network devices.
The network administrator typically runs an SNMP management station program
on a local host to obtain information from an SNMP agent such as the Cayman
Gateway.
Adds the specified name to the list of communities associated with the Cayman
Gateway. By default, the Cayman Gateway is associated with the public commu-
nity. You can associate as many as 16 communities with the Cayman Gateway.
Enables or disables SNMP trapping. If SNMP trapping is enabled, your Cayman
Gateway sends authentication traps to all SNMP trap destinations. You must
enable trap authentication before you set up your trap destinations.
Identifies the destination for SNMP trap messages. The
ip-address
argument is
the IP address of the host acting as an SNMP console. The optional
community
community-name
identifies the name of the Cayman Gateway
community, which is included in the trap message the device sends to the man-
agement console. This name, which is not used for authentication, does not have
to match a predefined community name.
Identifies the system contact, such as the name, phone number, beeper number,
or email address of the person responsible for the Cayman Gateway. You can
enter up to 256 characters for the
contact_info
argument. You must put the
contact_info
argument in double-quotes if it contains embedded spaces. .
Identifies the location, such as the building, floor, or room number, of the Cay-
man Gateway. You can enter up to 256 characters for the
location_info
argu-
ment. You must put the
location_info
argument in double-quotes if it
contains embedded spaces.
System Settings
You can configure system settings to assign a name to your Cayman Gateway and
to specify what types of messages you want the diagnostic log to record.
Specifies the name of your Cayman Gateway. Each Cayman Gateway is assigned
a name as part of its factory initialization. The default name for a Cayman Gate-
way consists of the word “Cayman-2E” and the serial number of the device; for
example, Cayman-2E810700. A system name can be 1-64 characters long. Once
BOTH
set snmp community
name
BOTH
set snmp traps authentication-traps { on | off }
BOTH
set snmp traps ip-traps
ip-address
[ community
community-name
]
BOTH
set snmp sysgroup contact
contact_info
BOTH
set snmp sysgroup location
location_info
BOTH
set system name
name
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4 / 5 based on 1 vote.

Popular Netopia Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top