Upload File

quidway eudemon 200 firewall command reference(v200r001c03b6_01)

  • Home
  • Documents
  • Quidway Eudemon 200 Firewall Command Reference(V200R001C03B6_01)
1148
Quidway Eudemon 200 Firewall V200R001C03B6 Command Reference Issue 01 Date 2008-11-15 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

Upload: tomasz-kamzol

Post on 28-Mar-2015

2.560 views

Category:

Documents


81 download

Report

TRANSCRIPT

Quidway Eudemon 200 Firewall V200R001C03B6

Command Reference

Issue Date

01 2008-11-15

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local office or company headquarters.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China http://www.huawei.com [email protected]

Website: Email:

Copyright Huawei Technologies Co., Ltd. 2008. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissionsand other Huawei trademarks are the property of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.

NoticeThe information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but the statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway Eudemon 200 Firewall Command Reference

Contents

ContentsAbout This Document.....................................................................................................................1 1 System Management.................................................................................................................1-11.1 Basic Configuration Commands.....................................................................................................................1-2 1.1.1 clock.......................................................................................................................................................1-2 1.1.2 command-privilege.................................................................................................................................1-4 1.1.3 display clock...........................................................................................................................................1-5 1.1.4 display history-command.......................................................................................................................1-6 1.1.5 display hotkey........................................................................................................................................1-7 1.1.6 display version........................................................................................................................................1-9 1.1.7 header...................................................................................................................................................1-10 1.1.8 hotkey...................................................................................................................................................1-11 1.1.9 language-mode.....................................................................................................................................1-13 1.1.10 lock (User View)................................................................................................................................1-13 1.1.11 quit (All Views)..................................................................................................................................1-14 1.1.12 return..................................................................................................................................................1-15 1.1.13 super...................................................................................................................................................1-16 1.1.14 super password...................................................................................................................................1-17 1.1.15 sysname..............................................................................................................................................1-18 1.1.16 system-view........................................................................................................................................1-19 1.2 User Login Configuration Commands..........................................................................................................1-20 1.2.1 acl.........................................................................................................................................................1-21 1.2.2 authentication-mode.............................................................................................................................1-22 1.2.3 auto-execute command.........................................................................................................................1-24 1.2.4 databits.................................................................................................................................................1-25 1.2.5 debugging rsa.......................................................................................................................................1-26 1.2.6 debugging ssh server............................................................................................................................1-26 1.2.7 debugging telnet...................................................................................................................................1-27 1.2.8 display rsa local-key-pair public..........................................................................................................1-28 1.2.9 display rsa peer-public-key..................................................................................................................1-30 1.2.10 display ssh server...............................................................................................................................1-31 1.2.11 display ssh user-information..............................................................................................................1-32 1.2.12 display tcp..........................................................................................................................................1-33 1.2.13 display user-interface.........................................................................................................................1-35 Issue 01 (2008-11-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. i

Contents

Quidway Eudemon 200 Firewall Command Reference 1.2.14 display user-interface maximum-vty..................................................................................................1-36 1.2.15 display users.......................................................................................................................................1-37 1.2.16 flow-control........................................................................................................................................1-38 1.2.17 free user-interface...............................................................................................................................1-39 1.2.18 history-command max-size................................................................................................................1-40 1.2.19 idle-timeout........................................................................................................................................1-41 1.2.20 lock authentication-count...................................................................................................................1-42 1.2.21 lock lock-timeout................................................................................................................................1-43 1.2.22 modem................................................................................................................................................1-43 1.2.23 modem auto-answer...........................................................................................................................1-44 1.2.24 modem timer answer..........................................................................................................................1-45 1.2.25 parity...................................................................................................................................................1-46 1.2.26 peer-public-key end............................................................................................................................1-47 1.2.27 protocol inbound................................................................................................................................1-48 1.2.28 public-key-code begin........................................................................................................................1-49 1.2.29 public-key-code end...........................................................................................................................1-50 1.2.30 redirect................................................................................................................................................1-51 1.2.31 rsa local-key-pair create.....................................................................................................................1-51 1.2.32 rsa local-key-pair destroy...................................................................................................................1-53 1.2.33 rsa peer-public-key.............................................................................................................................1-53 1.2.34 screen-length......................................................................................................................................1-54 1.2.35 send.....................................................................................................................................................1-55 1.2.36 set authentication password................................................................................................................1-56 1.2.37 shell....................................................................................................................................................1-57 1.2.38 speed (User Interface View)...............................................................................................................1-58 1.2.39 ssh server authentication-retries.........................................................................................................1-59 1.2.40 ssh server rekey-interval.....................................................................................................................1-60 1.2.41 ssh server timeout...............................................................................................................................1-61 1.2.42 ssh user assign rsa-key.......................................................................................................................1-62 1.2.43 ssh user authentication-type...............................................................................................................1-63 1.2.44 stopbits...............................................................................................................................................1-64 1.2.45 telnet...................................................................................................................................................1-64 1.2.46 user privilege......................................................................................................................................1-65 1.2.47 user-interface......................................................................................................................................1-66 1.2.48 user-interface maximum-vty..............................................................................................................1-67

1.3 Working Mode Configuration Commands....................................................................................................1-68 1.3.1 debugging firewall transparent-mode...................................................................................................1-69 1.3.2 display firewall mode...........................................................................................................................1-70 1.3.3 display firewall transparent-mode config.............................................................................................1-70 1.3.4 display firewall transparent-mode address-table..................................................................................1-71 1.3.5 display firewall transparent-mode traffic.............................................................................................1-72 1.3.6 display firewall transparent-mode trunk-port.......................................................................................1-74 ii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-11-15)

Quidway Eudemon 200 Firewall Command Reference

Contents

1.3.7 firewall arp-learning enable..................................................................................................................1-74 1.3.8 firewall ethernet-frame-filter................................................................................................................1-75 1.3.9 firewall mode........................................................................................................................................1-76 1.3.10 firewall system-ip...............................................................................................................................1-77 1.3.11 firewall transparent-mode aging-time................................................................................................1-78 1.3.12 firewall transparent-mode fast-forwarding.........................................................................................1-79 1.3.13 firewall transparent-mode transmit....................................................................................................1-80 1.3.14 firewall unknown-mac........................................................................................................................1-81 1.3.15 port trunk pvid....................................................................................................................................1-82 1.3.16 port trunk vlan allow-pass all.............................................................................................................1-83 1.3.17 reset firewall transparent-mode address-table....................................................................................1-84 1.3.18 reset firewall transparent-mode traffic...............................................................................................1-84 1.4 File Management Configuration Commands................................................................................................1-85 1.4.1 ascii.......................................................................................................................................................1-87 1.4.2 binary....................................................................................................................................................1-87 1.4.3 bye........................................................................................................................................................1-88 1.4.4 cd (User View).....................................................................................................................................1-89 1.4.5 cd (FTP Client View)...........................................................................................................................1-90 1.4.6 cdup......................................................................................................................................................1-91 1.4.7 close......................................................................................................................................................1-92 1.4.8 compare configuration..........................................................................................................................1-93 1.4.9 copy......................................................................................................................................................1-94 1.4.10 debugging (FTP Client View)............................................................................................................1-95 1.4.11 delete (User View).............................................................................................................................1-95 1.4.12 delete (FTP Client View)...................................................................................................................1-96 1.4.13 dir (User View)..................................................................................................................................1-97 1.4.14 dir (FTP Client View)........................................................................................................................1-98 1.4.15 disconnect...........................................................................................................................................1-99 1.4.16 display current-configuration...........................................................................................................1-100 1.4.17 display ftp-server..............................................................................................................................1-101 1.4.18 display ftp-users...............................................................................................................................1-102 1.4.19 display saved-configuration.............................................................................................................1-103 1.4.20 display startup..................................................................................................................................1-104 1.4.21 display this........................................................................................................................................1-105 1.4.22 execute..............................................................................................................................................1-106 1.4.23 file prompt........................................................................................................................................1-107 1.4.24 format...............................................................................................................................................1-108 1.4.25 ftp.....................................................................................................................................................1-108 1.4.26 ftp server enable...............................................................................................................................1-109 1.4.27 ftp timeout........................................................................................................................................1-110 1.4.28 get.....................................................................................................................................................1-111 1.4.29 lcd.....................................................................................................................................................1-112 Issue 01 (2008-11-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. iii

Contents

Quidway Eudemon 200 Firewall Command Reference 1.4.30 ls.......................................................................................................................................................1-113 1.4.31 mkdir (User View)...........................................................................................................................1-114 1.4.32 mkdir (FTP Client View)................................................................................................................1-114 1.4.33 more..................................................................................................................................................1-115 1.4.34 move.................................................................................................................................................1-116 1.4.35 open..................................................................................................................................................1-117 1.4.36 passive..............................................................................................................................................1-118 1.4.37 put.....................................................................................................................................................1-119 1.4.38 pwd (User View)..............................................................................................................................1-120 1.4.39 pwd (FTP Client View)....................................................................................................................1-120 1.4.40 quit (FTP Client View).....................................................................................................................1-121 1.4.41 remotehelp........................................................................................................................................1-122 1.4.42 rename..............................................................................................................................................1-123 1.4.43 reset recycle-bin...............................................................................................................................1-124 1.4.44 reset saved-configuration.................................................................................................................1-124 1.4.45 rmdir (User View)............................................................................................................................1-125 1.4.46 rmdir (FTP Client View)..................................................................................................................1-126 1.4.47 save...................................................................................................................................................1-127 1.4.48 startup system-software....................................................................................................................1-128 1.4.49 startup saved-configuration..............................................................................................................1-129 1.4.50 tftp....................................................................................................................................................1-129 1.4.51 tftp-server acl....................................................................................................................................1-130 1.4.52 undelete............................................................................................................................................1-131 1.4.53 user...................................................................................................................................................1-132 1.4.54 verbose.............................................................................................................................................1-133 1.4.55 xmodem get......................................................................................................................................1-134

1.5 System Maintenance Configuration Commands.........................................................................................1-134 1.5.1 debugging (User View)......................................................................................................................1-136 1.5.2 debugging firewall packet-capture.....................................................................................................1-137 1.5.3 debugging firewall packet-capture error............................................................................................1-139 1.5.4 debugging firewall packet-capture event...........................................................................................1-140 1.5.5 display channel...................................................................................................................................1-141 1.5.6 display cpu-usage-for-user.................................................................................................................1-142 1.5.7 display debugging..............................................................................................................................1-143 1.5.8 display diagnostic-information...........................................................................................................1-143 1.5.9 display device.....................................................................................................................................1-144 1.5.10 display environment.........................................................................................................................1-145 1.5.11 display firewall logtime....................................................................................................................1-146 1.5.12 display firewall packet-capture configuration..................................................................................1-146 1.5.13 display firewall packet-capture queue..............................................................................................1-148 1.5.14 display firewall packet-capture statistic...........................................................................................1-149 1.5.15 display info-center............................................................................................................................1-151 iv Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-11-15)

Quidway Eudemon 200 Firewall Command Reference

Contents

1.5.16 display logbuffer..............................................................................................................................1-152 1.5.17 display patch-information................................................................................................................1-154 1.5.18 display schedule reboot....................................................................................................................1-155 1.5.19 display trapbuffer.............................................................................................................................1-156 1.5.20 firewall log-time...............................................................................................................................1-157 1.5.21 firewall packet-capture.....................................................................................................................1-158 1.5.22 firewall packet-capture send host.....................................................................................................1-159 1.5.23 firewall packet-capture send queue..................................................................................................1-160 1.5.24 firewall packet-capture startup.........................................................................................................1-161 1.5.25 firewall session log-type binary discard enable...............................................................................1-161 1.5.26 firewall session log-type...................................................................................................................1-162 1.5.27 info-center channel...........................................................................................................................1-163 1.5.28 info-center console channel..............................................................................................................1-164 1.5.29 info-center enable.............................................................................................................................1-165 1.5.30 info-center logbuffer........................................................................................................................1-166 1.5.31 info-center loghost............................................................................................................................1-167 1.5.32 info-center loghost source................................................................................................................1-168 1.5.33 info-center monitor channel.............................................................................................................1-169 1.5.34 info-center snmp channel.................................................................................................................1-170 1.5.35 info-center source.............................................................................................................................1-171 1.5.36 info-center timestamp.......................................................................................................................1-173 1.5.37 info-center trapbuffer.......................................................................................................................1-174 1.5.38 patch.................................................................................................................................................1-175 1.5.39 ping...................................................................................................................................................1-176 1.5.40 reset firewall log-buf........................................................................................................................1-179 1.5.41 reset firewall packet-capture............................................................................................................1-179 1.5.42 reset logbuffer..................................................................................................................................1-180 1.5.43 reset trapbuffer.................................................................................................................................1-181 1.5.44 service modem-callback...................................................................................................................1-181 1.5.45 session log enable.............................................................................................................................1-182 1.5.46 schedule reboot.................................................................................................................................1-183 1.5.47 terminal debugging...........................................................................................................................1-184 1.5.48 terminal logging...............................................................................................................................1-185 1.5.49 terminal monitor...............................................................................................................................1-186 1.5.50 terminal trapping..............................................................................................................................1-186 1.5.51 tracert................................................................................................................................................1-187 1.6 Web Management Commands....................................................................................................................1-189 1.6.1 debugging ssl......................................................................................................................................1-189 1.6.2 debugging web-manager....................................................................................................................1-190 1.6.3 display web-manager..........................................................................................................................1-191 1.6.4 web-manager......................................................................................................................................1-192 1.6.5 reset web-manager statistics...............................................................................................................1-193 Issue 01 (2008-11-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. v

Contents

Quidway Eudemon 200 Firewall Command Reference

1.7 NTP Configuration Commands...................................................................................................................1-194 1.7.1 debugging ntp-service........................................................................................................................1-195 1.7.2 display ntp-service sessions...............................................................................................................1-196 1.7.3 display ntp-service status...................................................................................................................1-196 1.7.4 display ntp-service trace.....................................................................................................................1-198 1.7.5 ntp-service access...............................................................................................................................1-199 1.7.6 ntp-service authentication enable.......................................................................................................1-200 1.7.7 ntp-service authentication-keyid........................................................................................................1-201 1.7.8 ntp-service broadcast-client................................................................................................................1-202 1.7.9 ntp-service broadcast-server...............................................................................................................1-203 1.7.10 ntp-service in-interface disable........................................................................................................1-204 1.7.11 ntp-service max-dynamic-sessions...................................................................................................1-205 1.7.12 ntp-service multicast-client..............................................................................................................1-206 1.7.13 ntp-service multicast-server.............................................................................................................1-207 1.7.14 ntp-service refclock-master..............................................................................................................1-208 1.7.15 ntp-service reliable authentication-keyid.........................................................................................1-208 1.7.16 ntp-service source-interface.............................................................................................................1-209 1.7.17 ntp-service unicast-peer....................................................................................................................1-210 1.7.18 ntp-service unicast-server.................................................................................................................1-211 1.8 SNMP Configuration Commands...............................................................................................................1-212 1.8.1 debugging snmp-agent.......................................................................................................................1-213 1.8.2 display snmp-agent.............................................................................................................................1-214 1.8.3 display snmp-agent community.........................................................................................................1-215 1.8.4 display snmp-agent group..................................................................................................................1-216 1.8.5 display snmp-agent mib-view............................................................................................................1-217 1.8.6 display snmp-agent statistics..............................................................................................................1-218 1.8.7 display snmp-agent sys-info...............................................................................................................1-220 1.8.8 display snmp-agent usm-user.............................................................................................................1-221 1.8.9 enable snmp trap updown...................................................................................................................1-222 1.8.10 ifindex constant................................................................................................................................1-223 1.8.11 set constant-ifindex max-number.....................................................................................................1-224 1.8.12 set constant-ifindex subinterface......................................................................................................1-225 1.8.13 snmp-agent.......................................................................................................................................1-226 1.8.14 snmp-agent community....................................................................................................................1-227 1.8.15 snmp-agent group.............................................................................................................................1-228 1.8.16 snmp-agent local-engineid...............................................................................................................1-229 1.8.17 snmp-agent mib-view.......................................................................................................................1-230 1.8.18 snmp-agent packet max-size............................................................................................................1-231 1.8.19 snmp-agent sys-info.........................................................................................................................1-232 1.8.20 snmp-agent target-host.....................................................................................................................1-233 1.8.21 snmp-agent trap enable.....................................................................................................................1-234 1.8.22 snmp-agent trap enable ospf.............................................................................................................1-236 vi Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-11-15)

Quidway Eudemon 200 Firewall Command Reference

Contents

1.8.23 snmp-agent trap life..........................................................................................................................1-237 1.8.24 snmp-agent trap queue-size..............................................................................................................1-238 1.8.25 snmp-agent trap source.....................................................................................................................1-239 1.8.26 snmp-agent usm-user........................................................................................................................1-240 1.9 VPN Manager Configuration Commands...................................................................................................1-241 1.9.1 secoway-server...................................................................................................................................1-241

2 Security Defense.........................................................................................................................2-12.1 ACL Configuration Commands......................................................................................................................2-3 2.1.1 acl accelerate enable...............................................................................................................................2-3 2.1.2 acl (System View)..................................................................................................................................2-4 2.1.3 address....................................................................................................................................................2-5 2.1.4 description (ACL View).........................................................................................................................2-6 2.1.5 description (Address Set View or Port Set View)..................................................................................2-7 2.1.6 display acl...............................................................................................................................................2-7 2.1.7 display ip address-set.............................................................................................................................2-9 2.1.8 display ip port-set.................................................................................................................................2-11 2.1.9 display time-range................................................................................................................................2-13 2.1.10 ip address-set......................................................................................................................................2-14 2.1.11 ip port-set............................................................................................................................................2-15 2.1.12 port.....................................................................................................................................................2-16 2.1.13 reset acl counter..................................................................................................................................2-17 2.1.14 rule......................................................................................................................................................2-17 2.1.15 step.....................................................................................................................................................2-21 2.1.16 time-range...........................................................................................................................................2-22 2.2 Security Zone Configuration Commands......................................................................................................2-24 2.2.1 add interface (Security Zone View).....................................................................................................2-24 2.2.2 description (Security Zone View)........................................................................................................2-25 2.2.3 display interzone..................................................................................................................................2-26 2.2.4 display zone..........................................................................................................................................2-27 2.2.5 firewall interzone..................................................................................................................................2-27 2.2.6 firewall zone.........................................................................................................................................2-28 2.2.7 set priority............................................................................................................................................2-29 2.3 Session Configuration Commands................................................................................................................2-30 2.3.1 debugging firewall sessionreuse...........................................................................................................2-31 2.3.2 display firewall fragment.....................................................................................................................2-32 2.3.3 display firewall session aging-time......................................................................................................2-32 2.3.4 display firewall session no-pat.............................................................................................................2-35 2.3.5 display firewall session table................................................................................................................2-36 2.3.6 firewall long-link..................................................................................................................................2-38 2.3.7 firewall long-link aging-time...............................................................................................................2-39 2.3.8 firewall session aging-time...................................................................................................................2-40 2.3.9 firewall session aging-time accelerate enable......................................................................................2-42 Issue 01 (2008-11-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. vii

Contents

Quidway Eudemon 200 Firewall Command Reference 2.3.10 reset firewall session table..................................................................................................................2-43

2.4 Packet Filter Configuration Commands........................................................................................................2-44 2.4.1 debugging firewall packet-filter...........................................................................................................2-44 2.4.2 display firewall packet-filter default....................................................................................................2-45 2.4.3 firewall packet-filter default.................................................................................................................2-46 2.4.4 packet-filter..........................................................................................................................................2-47 2.5 Attack Defence and Packet Statistics Configuration Commands.................................................................2-48 2.5.1 debugging firewall defend....................................................................................................................2-50 2.5.2 debugging statistic................................................................................................................................2-51 2.5.3 display firewall defend flag..................................................................................................................2-52 2.5.4 display firewall flow-control statistics.................................................................................................2-52 2.5.5 display firewall statistic........................................................................................................................2-53 2.5.6 firewall defend all enable.....................................................................................................................2-54 2.5.7 firewall defend arp-flood enable interface...........................................................................................2-55 2.5.8 firewall defend arp-spoofing enable.....................................................................................................2-56 2.5.9 firewall defend based-session...............................................................................................................2-57 2.5.10 firewall defend fraggle enable............................................................................................................2-58 2.5.11 firewall defend ftp-bounce enable......................................................................................................2-59 2.5.12 firewall defend icmp-flood.................................................................................................................2-60 2.5.13 firewall defend icmp-flood enable.....................................................................................................2-61 2.5.14 firewall defend icmp-redirect enable..................................................................................................2-62 2.5.15 firewall defend icmp-unreachable enable...........................................................................................2-63 2.5.16 firewall defend ip-fragment enable....................................................................................................2-63 2.5.17 firewall defend ip-spoofing enable.....................................................................................................2-64 2.5.18 firewall defend ip-sweep....................................................................................................................2-65 2.5.19 firewall defend ip-sweep enable.........................................................................................................2-66 2.5.20 firewall defend land enable................................................................................................................2-66 2.5.21 firewall defend large-icmp.................................................................................................................2-67 2.5.22 firewall defend large-icmp enable......................................................................................................2-68 2.5.23 firewall defend packet-header check enable......................................................................................2-69 2.5.24 firewall defend ping-of-death enable.................................................................................................2-69 2.5.25 firewall defend port-scan....................................................................................................................2-70 2.5.26 firewall defend port-scan enable........................................................................................................2-71 2.5.27 firewall defend route-record enable...................................................................................................2-72 2.5.28 firewall defend smurf enable..............................................................................................................2-73 2.5.29 firewall defend source-route enable...................................................................................................2-73 2.5.30 firewall defend syn-flood...................................................................................................................2-74 2.5.31 firewall defend syn-flood enable........................................................................................................2-76 2.5.32 firewall defend tcp-flag enable...........................................................................................................2-77 2.5.33 firewall defend teardrop enable..........................................................................................................2-77 2.5.34 firewall defend time-stamp enable.....................................................................................................2-78 2.5.35 firewall defend tracert enable.............................................................................................................2-79 viii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-11-15)

Quidway Eudemon 200 Firewall Command Reference

Contents

2.5.36 firewall defend udp-flood...................................................................................................................2-79 2.5.37 firewall defend udp-flood enable.......................................................................................................2-81 2.5.38 firewall defend winnuke enable.........................................................................................................2-82 2.5.39 firewall flow-control acl.....................................................................................................................2-82 2.5.40 firewall flow-control car.....................................................................................................................2-83 2.5.41 firewall flow-control h323 enable......................................................................................................2-84 2.5.42 firewall flow-control on.....................................................................................................................2-85 2.5.43 firewall fragment-discard enable........................................................................................................2-85 2.5.44 firewall http-authentication................................................................................................................2-86 2.5.45 firewall session link-state check.........................................................................................................2-87 2.5.46 firewall statistic system connect-number...........................................................................................2-88 2.5.47 firewall statistic system enable...........................................................................................................2-89 2.5.48 firewall statistic system flow-percent.................................................................................................2-90 2.5.49 firewall statistic system last_five_min enable....................................................................................2-91 2.5.50 reset firewall statistic ip......................................................................................................................2-91 2.5.51 reset firewall statistic system..............................................................................................................2-92 2.5.52 reset firewall statistic zone.................................................................................................................2-93 2.5.53 statistic connect-number.....................................................................................................................2-93 2.5.54 statistic connect-speed........................................................................................................................2-95 2.5.55 statistic enable....................................................................................................................................2-96 2.6 ASPF Configuration Commands...................................................................................................................2-97 2.6.1 debugging firewall aspf........................................................................................................................2-97 2.6.2 debugging firewall fragment-forward..................................................................................................2-98 2.6.3 detect....................................................................................................................................................2-99 2.6.4 detect user-define...............................................................................................................................2-100 2.6.5 display firewall servermap.................................................................................................................2-101 2.6.6 firewall cache refresh enable..............................................................................................................2-102 2.6.7 firewall fragment-cache enable..........................................................................................................2-102 2.6.8 firewall fragment-cache max-number one-packet..............................................................................2-103 2.6.9 firewall fragment-cache max-number total........................................................................................2-104 2.6.10 firewall fragment-forward enable.....................................................................................................2-105 2.7 Blacklist Configuration Commands............................................................................................................2-106 2.7.1 debugging firewall blacklist...............................................................................................................2-106 2.7.2 display firewall blacklist....................................................................................................................2-107 2.7.3 firewall blacklist aging-time...............................................................................................................2-108 2.7.4 firewall blacklist authentication-count...............................................................................................2-108 2.7.5 firewall blacklist enable.....................................................................................................................2-109 2.7.6 firewall blacklist item.........................................................................................................................2-111 2.8 MAC and IP Address binding Configuration Commands..........................................................................2-112 2.8.1 debugging firewall mac-binding........................................................................................................2-112 2.8.2 display firewall mac-binding..............................................................................................................2-112 2.8.3 firewall mac-binding..........................................................................................................................2-113 Issue 01 (2008-11-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. ix

Contents

Quidway Eudemon 200 Firewall Command Reference

2.9 Port Mapping Configuration Commands....................................................................................................2-114 2.9.1 display port-mapping..........................................................................................................................2-114 2.9.2 port-mapping......................................................................................................................................2-115 2.10 NAT Configuration Commands................................................................................................................2-116 2.10.1 debugging nat...................................................................................................................................2-117 2.10.2 destination-nat..................................................................................................................................2-118 2.10.3 display nat........................................................................................................................................2-119 2.10.4 firewall permit local ip.....................................................................................................................2-120 2.10.5 nat.....................................................................................................................................................2-121 2.10.6 nat address-group.............................................................................................................................2-122 2.10.7 nat alg enable....................................................................................................................................2-123 2.10.8 nat arp-gratuitous send.....................................................................................................................2-124 2.10.9 nat inbound.......................................................................................................................................2-125 2.10.10 nat outbound...................................................................................................................................2-126 2.10.11 nat server........................................................................................................................................2-128 2.10.12 nat server zone................................................................................................................................2-129 2.11 IDS Cooperation Configuration Commands.............................................................................................2-131 2.11.1 debugging firewall ids......................................................................................................................2-131 2.11.2 display firewall ids...........................................................................................................................2-132 2.11.3 firewall ids authentication type........................................................................................................2-133 2.11.4 firewall ids enable............................................................................................................................2-134 2.11.5 firewall ids port................................................................................................................................2-135 2.11.6 firewall ids server.............................................................................................................................2-136 2.12 AAA Configuration Commands................................................................................................................2-137 2.12.1 { cmd | outbound | system } recording-scheme................................................................................2-137 2.12.2 aaa.....................................................................................................................................................2-138 2.12.3 accounting interim-fail.....................................................................................................................2-139 2.12.4 accounting realtime..........................................................................................................................2-140 2.12.5 accounting start-fail..........................................................................................................................2-141 2.12.6 accounting-mode..............................................................................................................................2-142 2.12.7 accounting-scheme (AAA View).....................................................................................................2-142 2.12.8 authentication-mode (Authentication Scheme View)......................................................................2-143 2.12.9 authentication-scheme (AAA View)................................................................................................2-144 2.12.10 authorization-mode.........................................................................................................................2-145 2.12.11 authorization-scheme (AAA View)................................................................................................2-146 2.12.12 display aaa configuration...............................................................................................................2-147 2.12.13 display accounting-scheme............................................................................................................2-148 2.12.14 display authentication-scheme.......................................................................................................2-150 2.12.15 display authorization-scheme.........................................................................................................2-151 2.12.16 display ip pool................................................................................................................................2-152 2.12.17 display recording-scheme...............................................................................................................2-153 2.12.18 display user-car..............................................................................................................................2-154 x Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-11-15)

Quidway Eudemon 200 Firewall Command Reference

Contents

2.12.19 ip address ppp-negotiate.................................................................................................................2-155 2.12.20 ip pool.............................................................................................................................................2-155 2.12.21 recording-mode..............................................................................................................................2-156 2.12.22 recording-scheme...........................................................................................................................2-157 2.12.23 user-car (AAA View).....................................................................................................................2-158 2.13 RADIUS Server Configuration Commands..............................................................................................2-159 2.13.1 debugging radius..............................................................................................................................2-160 2.13.2 display radius-server accounting-stop-packet..................................................................................2-161 2.13.3 display radius-server configuration..................................................................................................2-161 2.13.4 radius-server accounting..................................................................................................................2-162 2.13.5 radius-server accounting-stop-packet resend...................................................................................2-163 2.13.6 radius-server authentication.............................................................................................................2-164 2.13.7 radius-server nas-port-format...........................................................................................................2-165 2.13.8 radius-server nas-port-id-format.......................................................................................................2-166 2.13.9 radius-server retransmit....................................................................................................................2-167 2.13.10 radius-server shared-key................................................................................................................2-168 2.13.11 radius-server template....................................................................................................................2-169 2.13.12 radius-server timeout......................................................................................................................2-170 2.13.13 radius-server traffic-unit.................................................................................................................2-171 2.13.14 radius-server type...........................................................................................................................2-171 2.13.15 radius-server user-name domain-included.....................................................................................2-172 2.13.16 reset radius-server accounting-stop-packet....................................................................................2-173 2.14 HWTACACS Server Configuration Commands......................................................................................2-174 2.14.1 debugging hwtacacs.........................................................................................................................2-174 2.14.2 display hwtacacs-server accounting-stop-packet.............................................................................2-175 2.14.3 display hwtacacs-server template.....................................................................................................2-176 2.14.4 hwtacacs-server accounting..............................................................................................................2-177 2.14.5 hwtacacs-server accounting-stop-packet..........................................................................................2-178 2.14.6 hwtacacs-server authentication.........................................................................................................2-179 2.14.7 hwtacacs-server authorization..........................................................................................................2-180 2.14.8 hwtacacs-server shared-key..............................................................................................................2-181 2.14.9 hwtacacs-server source-ip................................................................................................................2-182 2.14.10 hwtacacs-server template...............................................................................................................2-183 2.14.11 hwtacacs-server timer quiet............................................................................................................2-183 2.14.12 hwtacacs-server timer response-timeout........................................................................................2-184 2.14.13 hwtacacs-server traffic-unit............................................................................................................2-185 2.14.14 hwtacacs-server user-name domain-included................................................................................2-186 2.14.15 reset hwtacacs-server accounting-stop-packet...............................................................................2-187 2.14.16 reset hwtacacs-server statistics.......................................................................................................2-187 2.15 Domain Configuration Commands...........................................................................................................2-188 2.15.1 access-limit.......................................................................................................................................2-189 2.15.2 accounting-scheme (AAA Domain View).......................................................................................2-189 Issue 01 (2008-11-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xi

Contents

Quidway Eudemon 200 Firewall Command Reference 2.15.3 acl-number........................................................................................................................................2-190 2.15.4 authentication-scheme (AAA Domain View)..................................................................................2-191 2.15.5 authorization-scheme (AAA Domain View)....................................................................................2-192 2.15.6 display domain.................................................................................................................................2-193 2.15.7 dns....................................................................................................................................................2-194 2.15.8 domain..............................................................................................................................................2-195 2.15.9 hwtacacs-server (AAA Domain View)............................................................................................2-196 2.15.10 idle-cut............................................................................................................................................2-196 2.15.11 nbns................................................................................................................................................2-197 2.15.12 radius-server...................................................................................................................................2-198 2.15.13 state (AAA Domain View).............................................................................................................2-199 2.15.14 user-car (AAA Domain View).......................................................................................................2-200 2.15.15 user-priority....................................................................................................................................2-201 2.15.16 web-server......................................................................................................................................2-201

2.16 Local User Configuration Commands.......................................................................................................2-202 2.16.1 cut access-user (AAA View)............................................................................................................2-203 2.16.2 display access-user...........................................................................................................................2-204 2.16.3 display local-user..............................................................................................................................2-207 2.16.4 local-user access-limit......................................................................................................................2-208 2.16.5 local-user callback-nocheck.............................................................................................................2-209 2.16.6 local-user callback-number..............................................................................................................2-210 2.16.7 local-user call-number......................................................................................................................2-211 2.16.8 local-user ftp-directory.....................................................................................................................2-211 2.16.9 local-user idle-cut.............................................................................................................................2-212 2.16.10 local-user level...............................................................................................................................2-213 2.16.11 local-user mac-address...................................................................................................................2-214 2.16.12 local-user password........................................................................................................................2-215 2.16.13 local-user service-type....................................................................................................................2-216 2.16.14 local-user state................................................................................................................................2-217 2.16.15 local-user user-car..........................................................................................................................2-217 2.16.16 vlan-batch user access-limit...........................................................................................................2-218 2.16.17 vlan-batch user acl-number............................................................................................................2-220 2.16.18 vlan-batch user idle-cut..................................................................................................................2-221 2.16.19 vlan-batch user interface................................................................................................................2-222 2.16.20 vlan-batch user service-type...........................................................................................................2-223 2.16.21 vlan-batch user state.......................................................................................................................2-224 2.16.22 vlan-batch user user-car..................................................................................................................2-225 2.17 L2TP Configuration Commands...............................................................................................................2-226 2.17.1 allow l2tp..........................................................................................................................................2-227 2.17.2 debugging l2tp..................................................................................................................................2-228 2.17.3 display l2tp session...........................................................................................................................2-229 2.17.4 display l2tp tunnel............................................................................................................................2-230 xii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-11-15)

Quidway Eudemon 200 Firewall Command Reference

Contents

2.17.5 interface virtual-template.................................................................................................................2-231 2.17.6 l2tp domain suffix-separator............................................................................................................2-232 2.17.7 l2tp enable........................................................................................................................................2-233 2.17.8 l2tp-group.........................................................................................................................................2-234 2.17.9 mandatory-chap................................................................................................................................2-234 2.17.10 mandatory-lcp.................................................................................................................................2-235 2.17.11 reset l2tp tunnel local-id.................................................................................................................2-236 2.17.12 reset l2tp tunnel peer-name............................................................................................................2-237 2.17.13 start l2tp..........................................................................................................................................2-238 2.17.14 tunnel authentication......................................................................................................................2-239 2.17.15 tunnel avp-hidden...........................................................................................................................2-240 2.17.16 tunnel name....................................................................................................................................2-241 2.17.17 tunnel password..............................................................................................................................2-241 2.17.18 tunnel timer hello...........................................................................................................................2-242 2.18 GRE Configuration Commands................................................................................................................2-243 2.18.1 debugging tunnel..............................................................................................................................2-243 2.18.2 destination........................................................................................................................................2-244 2.18.3 display interface tunnel....................................................................................................................2-245 2.18.4 gre checksum....................................................................................................................................2-247 2.18.5 gre key..............................................................................................................................................2-248 2.18.6 interface tunnel.................................................................................................................................2-249 2.18.7 source...............................................................................................................................................2-250 2.18.8 tunnel-protocol gre...........................................................................................................................2-251 2.19 SLB Configuration Commands.................................................................................................................2-252 2.19.1 addrserver.........................................................................................................................................2-253 2.19.2 display slb group..............................................................................................................................2-254 2.19.3 display slb rserver.............................................................................................................................2-255 2.19.4 display slb vserver............................................................................................................................2-257 2.19.5 group (SLB Configuration View)....................................................................................................2-257 2.19.6 metric................................................................................................................................................2-258 2.19.7 rserver...............................................................................................................................................2-259 2.19.8 slb.....................................................................................................................................................2-261 2.19.9 slb enable..........................................................................................................................................2-262 2.19.10 vserver............................................................................................................................................2-262 2.20 P2P Traffic Limiting Configuration Commands.......................................................................................2-264 2.20.1 cir......................................................................................................................................................2-265 2.20.2 cir default..........................................................................................................................................2-266 2.20.3 debugging firewall p2p-car..............................................................................................................2-267 2.20.4 display p2p-car class........................................................................................................................2-267 2.20.5 display p2p-car pattern-file..............................................................................................................2-269 2.20.6 display p2p-car protocol...................................................................................................................2-270 2.20.7 display p2p-car relation-table aging-time.........................................................................................2-271 Issue 01 (2008-11-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xiii

Contents

Quidway Eudemon 200 Firewall Command Reference 2.20.8 display p2p-car statistic class...........................................................................................................2-271 2.20.9 display p2p-car statistic protocol......................................................................................................2-273 2.20.10 display p2p-car statistic relation-table............................................................................................2-274 2.20.11 firewall p2p-car default-permit......................................................................................................2-275 2.20.12 firewall p2p-car include.................................................................................................................2-276 2.20.13 firewall p2p-car pattern-file active.................................................................................................2-277 2.20.14 firewall p2p-car relation-table aging-time......................................................................................2-278 2.20.15 firewall p2p-detect behavior enable...............................................................................................2-279 2.20.16 firewall p2p-detect default-permit..................................................................................................2-280 2.20.17 firewall p2p-detect packet-number.................................................................................................2-280 2.20.18 p2p-car............................................................................................................................................2-281 2.20.19 p2p-class.........................................................................................................................................2-282 2.20.20 p2p-detect enable............................................................................................................................2-283 2.20.21 p2p-detect mode.............................................................................................................................2-284 2.20.22 reset p2p-car relation-table.............................................................................................................2-285 2.20.23 reset p2p-car statistic......................................................................................................................2-286 2.20.24 undo cir index.................................................................................................................................2-286

2.21 Secospace Cooperation Configuration Commands...................................................................................2-287 2.21.1 cut access-user (Secospace Cooperation Configuration View)........................................................2-288 2.21.2 debugging right-manager.................................................................................................................2-288 2.21.3 default acl 3099................................................................................................................................2-290 2.21.4 display right-manager online-users..................................................................................................2-291 2.21.5 display right-manager role-id rule....................................................................................................2-293 2.21.6 display right-manager role-info........................................................................................................2-294 2.21.7 display right-manager server-group.................................................................................................2-295 2.21.8 display right-manager statistics........................................................................................................2-296 2.21.9 local..................................................................................................................................................2-297 2.21.10 right-manager server-group.........................................................................


Product Description - lantel.hu TECHNOLOGIES CO., ... 40 Quidway S2700 Series Ethernet Switches ... Quidway S2700 Series Ethernet Switches Product Description 1 …

2 Quidway - Comten · 2015. 10. 28. · 6 Quidway® AR28 Series Router Quidway® AR 28-10/11 Adopting the modular structure, high speed CPU technology and fast routing policy, Quidway

1 Quidway Series Routers Over

Quidway Eudemon 200 Firewall Manual

2 Quidway - Comten · 4 Quidway® AR28 Series Router Quidway® AR 28-09 Quidway AR 28-09 Modular Router is the border access router developed by Huawei Technologies, providing not

Eudemon1000E N(USG6600) Series Firewall Security Target Security... · Eudemon1000EN(USG6600) Series Firewall - Security Target ... Eudemon 1000E/USG Eudemon1000E‐N7E 210235G7FYZ0C8000001

Quidway-Getting Started Command

Quidway s5300 Series Switches Brochure

CloudEngine Series Data Center Switchesteling.by/upload/medialibrary/Huawei_CloudEngine_Series_Switches... · CE12812 CE12808 CE12804 CE6800/5800 OSN 1800 OSN 8800 Eudemon 1000E Eudemon

DIRECTORIO FES ARAGÓN - UNAM · V. NETWORK SECURITY (SEGURIDAD EN LA RED) M. en I. Erick Zúñiga Carrillo Firewall Product Basis (Bases de los productos de Firewall). Eudemon Basic

Huawei Firewall Eudemon

Brochure Quidway S3000(S3026-3026E)

 · target Huawei Eudemon firewall as a boot ROM upgrade. ... tower location, etc. Command, control, and data exfiltration can occur over SMS

HUAWEI - db0fhn.efi.fh-nuernberg.dedb0fhn.efi.fh-nuernberg.de/~dg8ygz/PDF/Quidway... · HUAWEI Quidway S3026C-PWR Ethernet Switch Installation Manual VRP3.10 ... HUAWEI OptiX, C&C08

Quidway S5300 Series Manual

Test Report: Eudemon 8000

Quidway® S3300 Switches - Huawei

Quidway S3300 Configuration Guide - Multicast(V100R003C00_04)

Quidway S2300 Series Switches - LANTELlantel.hu/l/lantel.hu/files/Huawei/S2300/Download/Quidway S2300...The Quidway S2300 series switches (hereinafter referred to as the S2300s) are

Quidway S9300 Terabit Routing Switch

BUDI U CENTRU ZBIVANJA! - mtel.ba¡to su Advanced Juniper Networks Routing-M/T-series, Advances Policy-M/T-series, Eudemon Firewall Attack-Defense Operation and ... (200-310), Cisco

Quidway S Series Network Product

Quidway S2008_S2016 Ethernet Switches Installation_Manual Text

Quidway® S2300 Switches

Hardware Description - lantel.hulantel.hu/l/lantel.hu/files/Huawei/S5300/Download/Quidway S5300... · Quidway S5300 Series Ethernet Switches V100R005C01 Hardware Description Issue

Quidway S3300 Series

Carrier Ethernet Title - EANTC Stratex Networks Eclipse (Gigabit) Radio Huawei Technologies Quidway CX600 Quidway CX300A Quidway CX300B Quidway CX200A Quidway CX200B Tellabs 6305 …

Quidway S3300 Product Description(V100R003C00_01)

13 Eudemon Basic Function and Configuration

ANT Product Data - The Eyethe-eye.eu/public/concen.org/Gsxrjunkie99 Compilation 49/NSA's Spy... · target Huawei Eudemon firewall as a boot ROM upgrade. When the target reboots, the

HUAWEI QUIDWAY R2600

Quidway AR 4945 Router System Description

Huawei Quidway S9300 Terabit Router

2 Quidway LAN Switches Overvi

Huawei Quidway S2300 Switches