User manual ZYXEL ZYWALL USG CLI REFERENCE GUIDE
DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual ZYXEL ZYWALL USG CLI. We hope that this ZYXEL ZYWALL USG CLI user guide will be useful to you.
Manual abstract: user guide ZYXEL ZYWALL USG CLIREFERENCE GUIDE
Detailed instructions for use are in the User's Guide.
[. . . ] ZyWALL (ZLD)
CLI Reference Guide
Version 2. 11 6/2009 Edition 2
DEFAULT LOGIN
User Name admin Password 1234
www. zyxel. com
About This CLI Reference Guide
About This CLI Reference Guide
Intended Audience This manual is intended for people who want to configure ZLD-based ZyWALLs via Command Line Interface (CLI). You should have at least a basic knowledge of TCP/IP networking concepts and topology. Generally, it is organized by feature as outlined in the web configurator.
This guide is intended as a command reference for a series of products. Therefore many commands or command options in this guide may not be available in your product. [. . . ] no snmp-server rule rule_number show snmp status Deletes a service control rule for SNMP service. Displays SNMP Settings.
34. 8. 4 SNMP Commands Examples
The following command sets a service control rule that allowed the computers with the IP addresses matching the specified address object to access the specified zone using SNMP service.
Router# configure terminal Router(config)# snmp-server rule 11 access-group Example zone WAN action accept
The following command sets the password (secret) for read-write (rw) access.
Router# configure terminal Router(config)# snmp-server community secret rw
The following command sets the IP address of the host that receives the SNMP notifications to 172. 23. 15. 84 and the password (sent with each trap) to qwerty.
Router# configure terminal Router(config)# snmp-server host 172. 23. 15. 84 qwerty
266
ZyWALL (ZLD) CLI Reference Guide
Chapter 34 System Remote Management
34. 9 ICMP Filter
The ip icmp-filter commands are obsolete. See Chapter 14 on page 111 to configure firewall rules for ICMP traffic going to the ZyWALL to discard or reject ICMP packets destined for the ZyWALL.
34. 10 Dial-in Management
Connect an external serial modem to the DIAL BACKUP port (or AUX port depending on your model) to provide a remote management connection in case the ZyWALL's other WAN connections are down. This is like an auxiliary interface, except it is used for management connections coming into the ZyWALL instead of as a backup WAN connection.
34. 10. 1 AT Command Strings
For regular telephone lines, the default Dial string tells the modem that the line uses tone dialing. If your switch requires pulse dialing, change the string to ATDP.
34. 10. 2 DTR Signal
The majority of WAN devices default to hanging up the current call when the DTR (Data Terminal Ready) signal is dropped by the DTE. When the Drop DTR When Hang Up check box is selected, the ZyWALL uses this hardware signal to force the WAN device to hang up, in addition to issuing the drop command ATH.
34. 10. 3 Response Strings
The response strings tell the ZyWALL the tags, or labels, immediately preceding the various call parameters sent from the serial modem. The response strings have not been standardized; please consult the documentation of your serial modem to find the correct tags.
34. 10. 4 Dial-in Management Commands
The following table describes the commands available for dial-in management. You must use the configure terminal command to enter the configuration mode before you can use these commands.
Table 159 Command Summary: Dial-in Management
COMMAND dial-in [no] activate [no] answer-rings DESCRIPTION Enters sub-command mode. Sets how many times the ZyWALL lets the incoming dialin management session ring before processing it. The no command sets it to one.
ZyWALL (ZLD) CLI Reference Guide
267
Chapter 34 System Remote Management
Table 159 Command Summary: Dial-in Management
COMMAND [no] description description DESCRIPTION Specifies the description for the dial-in management connection. description: You can use alphanumeric and ()+/ :=?!*#@$_%- characters, and it can be up to 60 characters long. The
[no] initial-string initial_string
no command removes the initial string.
initial_string: You can use up to 64 characters. [no] mute Stops the external serial modem from making audible sounds during a dial-in management session. Displays dial-in management settings.
[no] port-speed {9600 | 19200 | 38400 | 57600 | 115200} show dial-in
34. 10. 4. 1 Dial-in Management Command Examples The following commands show you how to set up dial-in management with the following parameters: active, port speed 57600, initial-string ATDT, and description "I am dial-in management".
Router# configure terminal Router(config)# dial-in Router(config-dial-in)# activate Router(config-dial-in)# port-speed 57600 Router(config-dial-in)# initial-string ATDT Router(config-dial-in)# description I am dial-in management Router(config-dial-in)# exit
34. 11 Vantage CNM
Vantage CNM (Centralized Network Management) is a browser-based global management solution that allows an administrator from any location to easily configure, manage, monitor and troubleshoot ZyXEL devices located worldwide. If you allow your ZyWALL to be managed by the Vantage CNM server, then you should not do any configurations directly to the ZyWALL (using either the web configurator or commands) without notifying the Vantage CNM administrator.
268
ZyWALL (ZLD) CLI Reference Guide
Chapter 34 System Remote Management
34. 11. 1 Vantage CNM Commands
The following table describes the commands available for dial-in management. You must use the configure terminal command to enter the configuration mode before you can use these commands.
Table 160 Command Summary: Vantage CNM
COMMAND [no] cnm-agent manager url DESCRIPTION Sets up the URL of the Vantage server that the ZyWALL registers with. Displays the Vantage CNM configuration.
[no] cnm-agent activate cnm-agent keepalive interval <10. . 90> [no] cnm-agent periodicinform activate cnm-agent periodic-inform interval <10. . 86400> cnm-agent trigger-inform [interval] [no] cnm-agent auth activate show cnm-agent configuration
34. 11. 1. 1 Vantage CNM Command Examples The following example turns on Vantage CNM management and sets the ZyWALL to register with a server at https://1. 2. 3. 4/vantage/TR069.
Router# configure terminal Router(config)# cnm-agent activate Router(config)# cnm-agent manager https://1. 2. 3. 4/vantage/TR069 Router(config)# show cnm-agent configuration Activate: YES ACS URL: https://1. 2. 3. 4/vantage/TR069 Keepalive: ENABLE Keepalive Interval: 60 Periodic Inform: DISABLE Periodic Inform Interval: 3600 Custom IP: NO HTTPS Authentication: NO Vantage Certificate: zw1050. cer456
ZyWALL (ZLD) CLI Reference Guide
269
Chapter 34 System Remote Management
34. 12 Language Commands
Use the language commands to display what language the web configurator is using or change it. You must use the configure terminal command to enter the configuration mode before you can use these commands.
Table 161 Command Summary: Language
COMMAND language <English | Simplified_Chinese | Traditional_Chinese> show language {setting | all} DESCRIPTION Specifies the language used in the web configurator screens. setting displays the current display language in the web configurator screens. all displays the available languages.
270
ZyWALL (ZLD) CLI Reference Guide
PART X
Maintenance
File Manager (273) Logs (291) Reports and Reboot (297) Diagnostics (305) Maintenance Tools (307)
271
272
CHAPTER
35
File Manager
This chapter covers how to work with the ZyWALL's firmware, certificates, configuration files, custom IDP signatures, packet trace results, shell scripts and temporary files.
35. 1 File Directories
The ZyWALL stores files in the following directories.
Table 162 FTP File Transfer Notes
DIRECTORY FILE TYPE
A
FILE NAME EXTENSION bin cer conf rules
Firmware (upload only) Non-PKCS#12 certificates Configuration files IDP custom signatures Packet trace results (download only) Shell scripts Temporary system maintenance files and crash dumps for technical support use (download only)
cert conf idp packet_trace script tmp
. zysh
A. After you log in through FTP, you do not need to change directories in order to upload the firmware.
35. 2 Configuration Files and Shell Scripts Overview
You can store multiple configuration files and shell script files on the ZyWALL. When you apply a configuration file, the ZyWALL uses the factory default settings for any features that the configuration file does not include. [. . . ] 166 udp-filtered-distributed-portscan | udp-filtered-portsweep} details . . . . . . . . . . . . . 167 unlock lockout-users ip | console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 upstream <0. . 1048576> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 use-defined-mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE ZYXEL ZYWALL USG CLI
Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual ZYXEL ZYWALL USG CLI will begin.