Vous êtes sur la page 1sur 1148

Quidway Eudemon 200 Firewall

V200R001C03B6

Command Reference

Issue 01
Date 2008-11-15

Huawei Proprietary and Confidential


Copyright © Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.

Huawei Technologies Co., Ltd.


Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website: http://www.huawei.com
Email: support@huawei.com

Copyright © Huawei Technologies Co., Ltd. 2008. All rights reserved.


No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Proprietary and Confidential


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

Contents

About This Document.....................................................................................................................1


1 System Management.................................................................................................................1-1
1.1 Basic Configuration Commands.....................................................................................................................1-2
1.1.1 clock.......................................................................................................................................................1-2
1.1.2 command-privilege.................................................................................................................................1-4
1.1.3 display clock...........................................................................................................................................1-5
1.1.4 display history-command.......................................................................................................................1-6
1.1.5 display hotkey........................................................................................................................................1-7
1.1.6 display version........................................................................................................................................1-9
1.1.7 header...................................................................................................................................................1-10
1.1.8 hotkey...................................................................................................................................................1-11
1.1.9 language-mode.....................................................................................................................................1-13
1.1.10 lock (User View)................................................................................................................................1-13
1.1.11 quit (All Views)..................................................................................................................................1-14
1.1.12 return..................................................................................................................................................1-15
1.1.13 super...................................................................................................................................................1-16
1.1.14 super password...................................................................................................................................1-17
1.1.15 sysname..............................................................................................................................................1-18
1.1.16 system-view........................................................................................................................................1-19
1.2 User Login Configuration Commands..........................................................................................................1-20
1.2.1 acl.........................................................................................................................................................1-21
1.2.2 authentication-mode.............................................................................................................................1-22
1.2.3 auto-execute command.........................................................................................................................1-24
1.2.4 databits.................................................................................................................................................1-25
1.2.5 debugging rsa.......................................................................................................................................1-26
1.2.6 debugging ssh server............................................................................................................................1-26
1.2.7 debugging telnet...................................................................................................................................1-27
1.2.8 display rsa local-key-pair public..........................................................................................................1-28
1.2.9 display rsa peer-public-key..................................................................................................................1-30
1.2.10 display ssh server...............................................................................................................................1-31
1.2.11 display ssh user-information..............................................................................................................1-32
1.2.12 display tcp..........................................................................................................................................1-33
1.2.13 display user-interface.........................................................................................................................1-35

Issue 01 (2008-11-15) Huawei Proprietary and Confidential i


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

1.2.14 display user-interface maximum-vty..................................................................................................1-36


1.2.15 display users.......................................................................................................................................1-37
1.2.16 flow-control........................................................................................................................................1-38
1.2.17 free user-interface...............................................................................................................................1-39
1.2.18 history-command max-size................................................................................................................1-40
1.2.19 idle-timeout........................................................................................................................................1-41
1.2.20 lock authentication-count...................................................................................................................1-42
1.2.21 lock lock-timeout................................................................................................................................1-43
1.2.22 modem................................................................................................................................................1-43
1.2.23 modem auto-answer...........................................................................................................................1-44
1.2.24 modem timer answer..........................................................................................................................1-45
1.2.25 parity...................................................................................................................................................1-46
1.2.26 peer-public-key end............................................................................................................................1-47
1.2.27 protocol inbound................................................................................................................................1-48
1.2.28 public-key-code begin........................................................................................................................1-49
1.2.29 public-key-code end...........................................................................................................................1-50
1.2.30 redirect................................................................................................................................................1-51
1.2.31 rsa local-key-pair create.....................................................................................................................1-51
1.2.32 rsa local-key-pair destroy...................................................................................................................1-53
1.2.33 rsa peer-public-key.............................................................................................................................1-53
1.2.34 screen-length......................................................................................................................................1-54
1.2.35 send.....................................................................................................................................................1-55
1.2.36 set authentication password................................................................................................................1-56
1.2.37 shell....................................................................................................................................................1-57
1.2.38 speed (User Interface View)...............................................................................................................1-58
1.2.39 ssh server authentication-retries.........................................................................................................1-59
1.2.40 ssh server rekey-interval.....................................................................................................................1-60
1.2.41 ssh server timeout...............................................................................................................................1-61
1.2.42 ssh user assign rsa-key.......................................................................................................................1-62
1.2.43 ssh user authentication-type...............................................................................................................1-63
1.2.44 stopbits...............................................................................................................................................1-64
1.2.45 telnet...................................................................................................................................................1-64
1.2.46 user privilege......................................................................................................................................1-65
1.2.47 user-interface......................................................................................................................................1-66
1.2.48 user-interface maximum-vty..............................................................................................................1-67
1.3 Working Mode Configuration Commands....................................................................................................1-68
1.3.1 debugging firewall transparent-mode...................................................................................................1-69
1.3.2 display firewall mode...........................................................................................................................1-70
1.3.3 display firewall transparent-mode config.............................................................................................1-70
1.3.4 display firewall transparent-mode address-table..................................................................................1-71
1.3.5 display firewall transparent-mode traffic.............................................................................................1-72
1.3.6 display firewall transparent-mode trunk-port.......................................................................................1-74

ii Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

1.3.7 firewall arp-learning enable..................................................................................................................1-74


1.3.8 firewall ethernet-frame-filter................................................................................................................1-75
1.3.9 firewall mode........................................................................................................................................1-76
1.3.10 firewall system-ip...............................................................................................................................1-77
1.3.11 firewall transparent-mode aging-time................................................................................................1-78
1.3.12 firewall transparent-mode fast-forwarding.........................................................................................1-79
1.3.13 firewall transparent-mode transmit....................................................................................................1-80
1.3.14 firewall unknown-mac........................................................................................................................1-81
1.3.15 port trunk pvid....................................................................................................................................1-82
1.3.16 port trunk vlan allow-pass all.............................................................................................................1-83
1.3.17 reset firewall transparent-mode address-table....................................................................................1-84
1.3.18 reset firewall transparent-mode traffic...............................................................................................1-84
1.4 File Management Configuration Commands................................................................................................1-85
1.4.1 ascii.......................................................................................................................................................1-87
1.4.2 binary....................................................................................................................................................1-87
1.4.3 bye........................................................................................................................................................1-88
1.4.4 cd (User View).....................................................................................................................................1-89
1.4.5 cd (FTP Client View)...........................................................................................................................1-90
1.4.6 cdup......................................................................................................................................................1-91
1.4.7 close......................................................................................................................................................1-92
1.4.8 compare configuration..........................................................................................................................1-93
1.4.9 copy......................................................................................................................................................1-94
1.4.10 debugging (FTP Client View)............................................................................................................1-95
1.4.11 delete (User View).............................................................................................................................1-95
1.4.12 delete (FTP Client View)...................................................................................................................1-96
1.4.13 dir (User View)..................................................................................................................................1-97
1.4.14 dir (FTP Client View)........................................................................................................................1-98
1.4.15 disconnect...........................................................................................................................................1-99
1.4.16 display current-configuration...........................................................................................................1-100
1.4.17 display ftp-server..............................................................................................................................1-101
1.4.18 display ftp-users...............................................................................................................................1-102
1.4.19 display saved-configuration.............................................................................................................1-103
1.4.20 display startup..................................................................................................................................1-104
1.4.21 display this........................................................................................................................................1-105
1.4.22 execute..............................................................................................................................................1-106
1.4.23 file prompt........................................................................................................................................1-107
1.4.24 format...............................................................................................................................................1-108
1.4.25 ftp.....................................................................................................................................................1-108
1.4.26 ftp server enable...............................................................................................................................1-109
1.4.27 ftp timeout........................................................................................................................................1-110
1.4.28 get.....................................................................................................................................................1-111
1.4.29 lcd.....................................................................................................................................................1-112

Issue 01 (2008-11-15) Huawei Proprietary and Confidential iii


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

1.4.30 ls.......................................................................................................................................................1-113
1.4.31 mkdir (User View)...........................................................................................................................1-114
1.4.32 mkdir (FTP Client View)................................................................................................................1-114
1.4.33 more..................................................................................................................................................1-115
1.4.34 move.................................................................................................................................................1-116
1.4.35 open..................................................................................................................................................1-117
1.4.36 passive..............................................................................................................................................1-118
1.4.37 put.....................................................................................................................................................1-119
1.4.38 pwd (User View)..............................................................................................................................1-120
1.4.39 pwd (FTP Client View)....................................................................................................................1-120
1.4.40 quit (FTP Client View).....................................................................................................................1-121
1.4.41 remotehelp........................................................................................................................................1-122
1.4.42 rename..............................................................................................................................................1-123
1.4.43 reset recycle-bin...............................................................................................................................1-124
1.4.44 reset saved-configuration.................................................................................................................1-124
1.4.45 rmdir (User View)............................................................................................................................1-125
1.4.46 rmdir (FTP Client View)..................................................................................................................1-126
1.4.47 save...................................................................................................................................................1-127
1.4.48 startup system-software....................................................................................................................1-128
1.4.49 startup saved-configuration..............................................................................................................1-129
1.4.50 tftp....................................................................................................................................................1-129
1.4.51 tftp-server acl....................................................................................................................................1-130
1.4.52 undelete............................................................................................................................................1-131
1.4.53 user...................................................................................................................................................1-132
1.4.54 verbose.............................................................................................................................................1-133
1.4.55 xmodem get......................................................................................................................................1-134
1.5 System Maintenance Configuration Commands.........................................................................................1-134
1.5.1 debugging (User View)......................................................................................................................1-136
1.5.2 debugging firewall packet-capture.....................................................................................................1-137
1.5.3 debugging firewall packet-capture error............................................................................................1-139
1.5.4 debugging firewall packet-capture event...........................................................................................1-140
1.5.5 display channel...................................................................................................................................1-141
1.5.6 display cpu-usage-for-user.................................................................................................................1-142
1.5.7 display debugging..............................................................................................................................1-143
1.5.8 display diagnostic-information...........................................................................................................1-143
1.5.9 display device.....................................................................................................................................1-144
1.5.10 display environment.........................................................................................................................1-145
1.5.11 display firewall logtime....................................................................................................................1-146
1.5.12 display firewall packet-capture configuration..................................................................................1-146
1.5.13 display firewall packet-capture queue..............................................................................................1-148
1.5.14 display firewall packet-capture statistic...........................................................................................1-149
1.5.15 display info-center............................................................................................................................1-151

iv Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

1.5.16 display logbuffer..............................................................................................................................1-152


1.5.17 display patch-information................................................................................................................1-154
1.5.18 display schedule reboot....................................................................................................................1-155
1.5.19 display trapbuffer.............................................................................................................................1-156
1.5.20 firewall log-time...............................................................................................................................1-157
1.5.21 firewall packet-capture.....................................................................................................................1-158
1.5.22 firewall packet-capture send host.....................................................................................................1-159
1.5.23 firewall packet-capture send queue..................................................................................................1-160
1.5.24 firewall packet-capture startup.........................................................................................................1-161
1.5.25 firewall session log-type binary discard enable...............................................................................1-161
1.5.26 firewall session log-type...................................................................................................................1-162
1.5.27 info-center channel...........................................................................................................................1-163
1.5.28 info-center console channel..............................................................................................................1-164
1.5.29 info-center enable.............................................................................................................................1-165
1.5.30 info-center logbuffer........................................................................................................................1-166
1.5.31 info-center loghost............................................................................................................................1-167
1.5.32 info-center loghost source................................................................................................................1-168
1.5.33 info-center monitor channel.............................................................................................................1-169
1.5.34 info-center snmp channel.................................................................................................................1-170
1.5.35 info-center source.............................................................................................................................1-171
1.5.36 info-center timestamp.......................................................................................................................1-173
1.5.37 info-center trapbuffer.......................................................................................................................1-174
1.5.38 patch.................................................................................................................................................1-175
1.5.39 ping...................................................................................................................................................1-176
1.5.40 reset firewall log-buf........................................................................................................................1-179
1.5.41 reset firewall packet-capture............................................................................................................1-179
1.5.42 reset logbuffer..................................................................................................................................1-180
1.5.43 reset trapbuffer.................................................................................................................................1-181
1.5.44 service modem-callback...................................................................................................................1-181
1.5.45 session log enable.............................................................................................................................1-182
1.5.46 schedule reboot.................................................................................................................................1-183
1.5.47 terminal debugging...........................................................................................................................1-184
1.5.48 terminal logging...............................................................................................................................1-185
1.5.49 terminal monitor...............................................................................................................................1-186
1.5.50 terminal trapping..............................................................................................................................1-186
1.5.51 tracert................................................................................................................................................1-187
1.6 Web Management Commands....................................................................................................................1-189
1.6.1 debugging ssl......................................................................................................................................1-189
1.6.2 debugging web-manager....................................................................................................................1-190
1.6.3 display web-manager..........................................................................................................................1-191
1.6.4 web-manager......................................................................................................................................1-192
1.6.5 reset web-manager statistics...............................................................................................................1-193

Issue 01 (2008-11-15) Huawei Proprietary and Confidential v


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

1.7 NTP Configuration Commands...................................................................................................................1-194


1.7.1 debugging ntp-service........................................................................................................................1-195
1.7.2 display ntp-service sessions...............................................................................................................1-196
1.7.3 display ntp-service status...................................................................................................................1-196
1.7.4 display ntp-service trace.....................................................................................................................1-198
1.7.5 ntp-service access...............................................................................................................................1-199
1.7.6 ntp-service authentication enable.......................................................................................................1-200
1.7.7 ntp-service authentication-keyid........................................................................................................1-201
1.7.8 ntp-service broadcast-client................................................................................................................1-202
1.7.9 ntp-service broadcast-server...............................................................................................................1-203
1.7.10 ntp-service in-interface disable........................................................................................................1-204
1.7.11 ntp-service max-dynamic-sessions...................................................................................................1-205
1.7.12 ntp-service multicast-client..............................................................................................................1-206
1.7.13 ntp-service multicast-server.............................................................................................................1-207
1.7.14 ntp-service refclock-master..............................................................................................................1-208
1.7.15 ntp-service reliable authentication-keyid.........................................................................................1-208
1.7.16 ntp-service source-interface.............................................................................................................1-209
1.7.17 ntp-service unicast-peer....................................................................................................................1-210
1.7.18 ntp-service unicast-server.................................................................................................................1-211
1.8 SNMP Configuration Commands...............................................................................................................1-212
1.8.1 debugging snmp-agent.......................................................................................................................1-213
1.8.2 display snmp-agent.............................................................................................................................1-214
1.8.3 display snmp-agent community.........................................................................................................1-215
1.8.4 display snmp-agent group..................................................................................................................1-216
1.8.5 display snmp-agent mib-view............................................................................................................1-217
1.8.6 display snmp-agent statistics..............................................................................................................1-218
1.8.7 display snmp-agent sys-info...............................................................................................................1-220
1.8.8 display snmp-agent usm-user.............................................................................................................1-221
1.8.9 enable snmp trap updown...................................................................................................................1-222
1.8.10 ifindex constant................................................................................................................................1-223
1.8.11 set constant-ifindex max-number.....................................................................................................1-224
1.8.12 set constant-ifindex subinterface......................................................................................................1-225
1.8.13 snmp-agent.......................................................................................................................................1-226
1.8.14 snmp-agent community....................................................................................................................1-227
1.8.15 snmp-agent group.............................................................................................................................1-228
1.8.16 snmp-agent local-engineid...............................................................................................................1-229
1.8.17 snmp-agent mib-view.......................................................................................................................1-230
1.8.18 snmp-agent packet max-size............................................................................................................1-231
1.8.19 snmp-agent sys-info.........................................................................................................................1-232
1.8.20 snmp-agent target-host.....................................................................................................................1-233
1.8.21 snmp-agent trap enable.....................................................................................................................1-234
1.8.22 snmp-agent trap enable ospf.............................................................................................................1-236

vi Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

1.8.23 snmp-agent trap life..........................................................................................................................1-237


1.8.24 snmp-agent trap queue-size..............................................................................................................1-238
1.8.25 snmp-agent trap source.....................................................................................................................1-239
1.8.26 snmp-agent usm-user........................................................................................................................1-240
1.9 VPN Manager Configuration Commands...................................................................................................1-241
1.9.1 secoway-server...................................................................................................................................1-241

2 Security Defense.........................................................................................................................2-1
2.1 ACL Configuration Commands......................................................................................................................2-3
2.1.1 acl accelerate enable...............................................................................................................................2-3
2.1.2 acl (System View)..................................................................................................................................2-4
2.1.3 address....................................................................................................................................................2-5
2.1.4 description (ACL View).........................................................................................................................2-6
2.1.5 description (Address Set View or Port Set View)..................................................................................2-7
2.1.6 display acl...............................................................................................................................................2-7
2.1.7 display ip address-set.............................................................................................................................2-9
2.1.8 display ip port-set.................................................................................................................................2-11
2.1.9 display time-range................................................................................................................................2-13
2.1.10 ip address-set......................................................................................................................................2-14
2.1.11 ip port-set............................................................................................................................................2-15
2.1.12 port.....................................................................................................................................................2-16
2.1.13 reset acl counter..................................................................................................................................2-17
2.1.14 rule......................................................................................................................................................2-17
2.1.15 step.....................................................................................................................................................2-21
2.1.16 time-range...........................................................................................................................................2-22
2.2 Security Zone Configuration Commands......................................................................................................2-24
2.2.1 add interface (Security Zone View).....................................................................................................2-24
2.2.2 description (Security Zone View)........................................................................................................2-25
2.2.3 display interzone..................................................................................................................................2-26
2.2.4 display zone..........................................................................................................................................2-27
2.2.5 firewall interzone..................................................................................................................................2-27
2.2.6 firewall zone.........................................................................................................................................2-28
2.2.7 set priority............................................................................................................................................2-29
2.3 Session Configuration Commands................................................................................................................2-30
2.3.1 debugging firewall sessionreuse...........................................................................................................2-31
2.3.2 display firewall fragment.....................................................................................................................2-32
2.3.3 display firewall session aging-time......................................................................................................2-32
2.3.4 display firewall session no-pat.............................................................................................................2-35
2.3.5 display firewall session table................................................................................................................2-36
2.3.6 firewall long-link..................................................................................................................................2-38
2.3.7 firewall long-link aging-time...............................................................................................................2-39
2.3.8 firewall session aging-time...................................................................................................................2-40
2.3.9 firewall session aging-time accelerate enable......................................................................................2-42

Issue 01 (2008-11-15) Huawei Proprietary and Confidential vii


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

2.3.10 reset firewall session table..................................................................................................................2-43


2.4 Packet Filter Configuration Commands........................................................................................................2-44
2.4.1 debugging firewall packet-filter...........................................................................................................2-44
2.4.2 display firewall packet-filter default....................................................................................................2-45
2.4.3 firewall packet-filter default.................................................................................................................2-46
2.4.4 packet-filter..........................................................................................................................................2-47
2.5 Attack Defence and Packet Statistics Configuration Commands.................................................................2-48
2.5.1 debugging firewall defend....................................................................................................................2-50
2.5.2 debugging statistic................................................................................................................................2-51
2.5.3 display firewall defend flag..................................................................................................................2-52
2.5.4 display firewall flow-control statistics.................................................................................................2-52
2.5.5 display firewall statistic........................................................................................................................2-53
2.5.6 firewall defend all enable.....................................................................................................................2-54
2.5.7 firewall defend arp-flood enable interface...........................................................................................2-55
2.5.8 firewall defend arp-spoofing enable.....................................................................................................2-56
2.5.9 firewall defend based-session...............................................................................................................2-57
2.5.10 firewall defend fraggle enable............................................................................................................2-58
2.5.11 firewall defend ftp-bounce enable......................................................................................................2-59
2.5.12 firewall defend icmp-flood.................................................................................................................2-60
2.5.13 firewall defend icmp-flood enable.....................................................................................................2-61
2.5.14 firewall defend icmp-redirect enable..................................................................................................2-62
2.5.15 firewall defend icmp-unreachable enable...........................................................................................2-63
2.5.16 firewall defend ip-fragment enable....................................................................................................2-63
2.5.17 firewall defend ip-spoofing enable.....................................................................................................2-64
2.5.18 firewall defend ip-sweep....................................................................................................................2-65
2.5.19 firewall defend ip-sweep enable.........................................................................................................2-66
2.5.20 firewall defend land enable................................................................................................................2-66
2.5.21 firewall defend large-icmp.................................................................................................................2-67
2.5.22 firewall defend large-icmp enable......................................................................................................2-68
2.5.23 firewall defend packet-header check enable......................................................................................2-69
2.5.24 firewall defend ping-of-death enable.................................................................................................2-69
2.5.25 firewall defend port-scan....................................................................................................................2-70
2.5.26 firewall defend port-scan enable........................................................................................................2-71
2.5.27 firewall defend route-record enable...................................................................................................2-72
2.5.28 firewall defend smurf enable..............................................................................................................2-73
2.5.29 firewall defend source-route enable...................................................................................................2-73
2.5.30 firewall defend syn-flood...................................................................................................................2-74
2.5.31 firewall defend syn-flood enable........................................................................................................2-76
2.5.32 firewall defend tcp-flag enable...........................................................................................................2-77
2.5.33 firewall defend teardrop enable..........................................................................................................2-77
2.5.34 firewall defend time-stamp enable.....................................................................................................2-78
2.5.35 firewall defend tracert enable.............................................................................................................2-79

viii Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

2.5.36 firewall defend udp-flood...................................................................................................................2-79


2.5.37 firewall defend udp-flood enable.......................................................................................................2-81
2.5.38 firewall defend winnuke enable.........................................................................................................2-82
2.5.39 firewall flow-control acl.....................................................................................................................2-82
2.5.40 firewall flow-control car.....................................................................................................................2-83
2.5.41 firewall flow-control h323 enable......................................................................................................2-84
2.5.42 firewall flow-control on.....................................................................................................................2-85
2.5.43 firewall fragment-discard enable........................................................................................................2-85
2.5.44 firewall http-authentication................................................................................................................2-86
2.5.45 firewall session link-state check.........................................................................................................2-87
2.5.46 firewall statistic system connect-number...........................................................................................2-88
2.5.47 firewall statistic system enable...........................................................................................................2-89
2.5.48 firewall statistic system flow-percent.................................................................................................2-90
2.5.49 firewall statistic system last_five_min enable....................................................................................2-91
2.5.50 reset firewall statistic ip......................................................................................................................2-91
2.5.51 reset firewall statistic system..............................................................................................................2-92
2.5.52 reset firewall statistic zone.................................................................................................................2-93
2.5.53 statistic connect-number.....................................................................................................................2-93
2.5.54 statistic connect-speed........................................................................................................................2-95
2.5.55 statistic enable....................................................................................................................................2-96
2.6 ASPF Configuration Commands...................................................................................................................2-97
2.6.1 debugging firewall aspf........................................................................................................................2-97
2.6.2 debugging firewall fragment-forward..................................................................................................2-98
2.6.3 detect....................................................................................................................................................2-99
2.6.4 detect user-define...............................................................................................................................2-100
2.6.5 display firewall servermap.................................................................................................................2-101
2.6.6 firewall cache refresh enable..............................................................................................................2-102
2.6.7 firewall fragment-cache enable..........................................................................................................2-102
2.6.8 firewall fragment-cache max-number one-packet..............................................................................2-103
2.6.9 firewall fragment-cache max-number total........................................................................................2-104
2.6.10 firewall fragment-forward enable.....................................................................................................2-105
2.7 Blacklist Configuration Commands............................................................................................................2-106
2.7.1 debugging firewall blacklist...............................................................................................................2-106
2.7.2 display firewall blacklist....................................................................................................................2-107
2.7.3 firewall blacklist aging-time...............................................................................................................2-108
2.7.4 firewall blacklist authentication-count...............................................................................................2-108
2.7.5 firewall blacklist enable.....................................................................................................................2-109
2.7.6 firewall blacklist item.........................................................................................................................2-111
2.8 MAC and IP Address binding Configuration Commands..........................................................................2-112
2.8.1 debugging firewall mac-binding........................................................................................................2-112
2.8.2 display firewall mac-binding..............................................................................................................2-112
2.8.3 firewall mac-binding..........................................................................................................................2-113

Issue 01 (2008-11-15) Huawei Proprietary and Confidential ix


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

2.9 Port Mapping Configuration Commands....................................................................................................2-114


2.9.1 display port-mapping..........................................................................................................................2-114
2.9.2 port-mapping......................................................................................................................................2-115
2.10 NAT Configuration Commands................................................................................................................2-116
2.10.1 debugging nat...................................................................................................................................2-117
2.10.2 destination-nat..................................................................................................................................2-118
2.10.3 display nat........................................................................................................................................2-119
2.10.4 firewall permit local ip.....................................................................................................................2-120
2.10.5 nat.....................................................................................................................................................2-121
2.10.6 nat address-group.............................................................................................................................2-122
2.10.7 nat alg enable....................................................................................................................................2-123
2.10.8 nat arp-gratuitous send.....................................................................................................................2-124
2.10.9 nat inbound.......................................................................................................................................2-125
2.10.10 nat outbound...................................................................................................................................2-126
2.10.11 nat server........................................................................................................................................2-128
2.10.12 nat server zone................................................................................................................................2-129
2.11 IDS Cooperation Configuration Commands.............................................................................................2-131
2.11.1 debugging firewall ids......................................................................................................................2-131
2.11.2 display firewall ids...........................................................................................................................2-132
2.11.3 firewall ids authentication type........................................................................................................2-133
2.11.4 firewall ids enable............................................................................................................................2-134
2.11.5 firewall ids port................................................................................................................................2-135
2.11.6 firewall ids server.............................................................................................................................2-136
2.12 AAA Configuration Commands................................................................................................................2-137
2.12.1 { cmd | outbound | system } recording-scheme................................................................................2-137
2.12.2 aaa.....................................................................................................................................................2-138
2.12.3 accounting interim-fail.....................................................................................................................2-139
2.12.4 accounting realtime..........................................................................................................................2-140
2.12.5 accounting start-fail..........................................................................................................................2-141
2.12.6 accounting-mode..............................................................................................................................2-142
2.12.7 accounting-scheme (AAA View).....................................................................................................2-142
2.12.8 authentication-mode (Authentication Scheme View)......................................................................2-143
2.12.9 authentication-scheme (AAA View)................................................................................................2-144
2.12.10 authorization-mode.........................................................................................................................2-145
2.12.11 authorization-scheme (AAA View)................................................................................................2-146
2.12.12 display aaa configuration...............................................................................................................2-147
2.12.13 display accounting-scheme............................................................................................................2-148
2.12.14 display authentication-scheme.......................................................................................................2-150
2.12.15 display authorization-scheme.........................................................................................................2-151
2.12.16 display ip pool................................................................................................................................2-152
2.12.17 display recording-scheme...............................................................................................................2-153
2.12.18 display user-car..............................................................................................................................2-154

x Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

2.12.19 ip address ppp-negotiate.................................................................................................................2-155


2.12.20 ip pool.............................................................................................................................................2-155
2.12.21 recording-mode..............................................................................................................................2-156
2.12.22 recording-scheme...........................................................................................................................2-157
2.12.23 user-car (AAA View).....................................................................................................................2-158
2.13 RADIUS Server Configuration Commands..............................................................................................2-159
2.13.1 debugging radius..............................................................................................................................2-160
2.13.2 display radius-server accounting-stop-packet..................................................................................2-161
2.13.3 display radius-server configuration..................................................................................................2-161
2.13.4 radius-server accounting..................................................................................................................2-162
2.13.5 radius-server accounting-stop-packet resend...................................................................................2-163
2.13.6 radius-server authentication.............................................................................................................2-164
2.13.7 radius-server nas-port-format...........................................................................................................2-165
2.13.8 radius-server nas-port-id-format.......................................................................................................2-166
2.13.9 radius-server retransmit....................................................................................................................2-167
2.13.10 radius-server shared-key................................................................................................................2-168
2.13.11 radius-server template....................................................................................................................2-169
2.13.12 radius-server timeout......................................................................................................................2-170
2.13.13 radius-server traffic-unit.................................................................................................................2-171
2.13.14 radius-server type...........................................................................................................................2-171
2.13.15 radius-server user-name domain-included.....................................................................................2-172
2.13.16 reset radius-server accounting-stop-packet....................................................................................2-173
2.14 HWTACACS Server Configuration Commands......................................................................................2-174
2.14.1 debugging hwtacacs.........................................................................................................................2-174
2.14.2 display hwtacacs-server accounting-stop-packet.............................................................................2-175
2.14.3 display hwtacacs-server template.....................................................................................................2-176
2.14.4 hwtacacs-server accounting..............................................................................................................2-177
2.14.5 hwtacacs-server accounting-stop-packet..........................................................................................2-178
2.14.6 hwtacacs-server authentication.........................................................................................................2-179
2.14.7 hwtacacs-server authorization..........................................................................................................2-180
2.14.8 hwtacacs-server shared-key..............................................................................................................2-181
2.14.9 hwtacacs-server source-ip................................................................................................................2-182
2.14.10 hwtacacs-server template...............................................................................................................2-183
2.14.11 hwtacacs-server timer quiet............................................................................................................2-183
2.14.12 hwtacacs-server timer response-timeout........................................................................................2-184
2.14.13 hwtacacs-server traffic-unit............................................................................................................2-185
2.14.14 hwtacacs-server user-name domain-included................................................................................2-186
2.14.15 reset hwtacacs-server accounting-stop-packet...............................................................................2-187
2.14.16 reset hwtacacs-server statistics.......................................................................................................2-187
2.15 Domain Configuration Commands...........................................................................................................2-188
2.15.1 access-limit.......................................................................................................................................2-189
2.15.2 accounting-scheme (AAA Domain View).......................................................................................2-189

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xi


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

2.15.3 acl-number........................................................................................................................................2-190
2.15.4 authentication-scheme (AAA Domain View)..................................................................................2-191
2.15.5 authorization-scheme (AAA Domain View)....................................................................................2-192
2.15.6 display domain.................................................................................................................................2-193
2.15.7 dns....................................................................................................................................................2-194
2.15.8 domain..............................................................................................................................................2-195
2.15.9 hwtacacs-server (AAA Domain View)............................................................................................2-196
2.15.10 idle-cut............................................................................................................................................2-196
2.15.11 nbns................................................................................................................................................2-197
2.15.12 radius-server...................................................................................................................................2-198
2.15.13 state (AAA Domain View).............................................................................................................2-199
2.15.14 user-car (AAA Domain View).......................................................................................................2-200
2.15.15 user-priority....................................................................................................................................2-201
2.15.16 web-server......................................................................................................................................2-201
2.16 Local User Configuration Commands.......................................................................................................2-202
2.16.1 cut access-user (AAA View)............................................................................................................2-203
2.16.2 display access-user...........................................................................................................................2-204
2.16.3 display local-user..............................................................................................................................2-207
2.16.4 local-user access-limit......................................................................................................................2-208
2.16.5 local-user callback-nocheck.............................................................................................................2-209
2.16.6 local-user callback-number..............................................................................................................2-210
2.16.7 local-user call-number......................................................................................................................2-211
2.16.8 local-user ftp-directory.....................................................................................................................2-211
2.16.9 local-user idle-cut.............................................................................................................................2-212
2.16.10 local-user level...............................................................................................................................2-213
2.16.11 local-user mac-address...................................................................................................................2-214
2.16.12 local-user password........................................................................................................................2-215
2.16.13 local-user service-type....................................................................................................................2-216
2.16.14 local-user state................................................................................................................................2-217
2.16.15 local-user user-car..........................................................................................................................2-217
2.16.16 vlan-batch user access-limit...........................................................................................................2-218
2.16.17 vlan-batch user acl-number............................................................................................................2-220
2.16.18 vlan-batch user idle-cut..................................................................................................................2-221
2.16.19 vlan-batch user interface................................................................................................................2-222
2.16.20 vlan-batch user service-type...........................................................................................................2-223
2.16.21 vlan-batch user state.......................................................................................................................2-224
2.16.22 vlan-batch user user-car..................................................................................................................2-225
2.17 L2TP Configuration Commands...............................................................................................................2-226
2.17.1 allow l2tp..........................................................................................................................................2-227
2.17.2 debugging l2tp..................................................................................................................................2-228
2.17.3 display l2tp session...........................................................................................................................2-229
2.17.4 display l2tp tunnel............................................................................................................................2-230

xii Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

2.17.5 interface virtual-template.................................................................................................................2-231


2.17.6 l2tp domain suffix-separator............................................................................................................2-232
2.17.7 l2tp enable........................................................................................................................................2-233
2.17.8 l2tp-group.........................................................................................................................................2-234
2.17.9 mandatory-chap................................................................................................................................2-234
2.17.10 mandatory-lcp.................................................................................................................................2-235
2.17.11 reset l2tp tunnel local-id.................................................................................................................2-236
2.17.12 reset l2tp tunnel peer-name............................................................................................................2-237
2.17.13 start l2tp..........................................................................................................................................2-238
2.17.14 tunnel authentication......................................................................................................................2-239
2.17.15 tunnel avp-hidden...........................................................................................................................2-240
2.17.16 tunnel name....................................................................................................................................2-241
2.17.17 tunnel password..............................................................................................................................2-241
2.17.18 tunnel timer hello...........................................................................................................................2-242
2.18 GRE Configuration Commands................................................................................................................2-243
2.18.1 debugging tunnel..............................................................................................................................2-243
2.18.2 destination........................................................................................................................................2-244
2.18.3 display interface tunnel....................................................................................................................2-245
2.18.4 gre checksum....................................................................................................................................2-247
2.18.5 gre key..............................................................................................................................................2-248
2.18.6 interface tunnel.................................................................................................................................2-249
2.18.7 source...............................................................................................................................................2-250
2.18.8 tunnel-protocol gre...........................................................................................................................2-251
2.19 SLB Configuration Commands.................................................................................................................2-252
2.19.1 addrserver.........................................................................................................................................2-253
2.19.2 display slb group..............................................................................................................................2-254
2.19.3 display slb rserver.............................................................................................................................2-255
2.19.4 display slb vserver............................................................................................................................2-257
2.19.5 group (SLB Configuration View)....................................................................................................2-257
2.19.6 metric................................................................................................................................................2-258
2.19.7 rserver...............................................................................................................................................2-259
2.19.8 slb.....................................................................................................................................................2-261
2.19.9 slb enable..........................................................................................................................................2-262
2.19.10 vserver............................................................................................................................................2-262
2.20 P2P Traffic Limiting Configuration Commands.......................................................................................2-264
2.20.1 cir......................................................................................................................................................2-265
2.20.2 cir default..........................................................................................................................................2-266
2.20.3 debugging firewall p2p-car..............................................................................................................2-267
2.20.4 display p2p-car class........................................................................................................................2-267
2.20.5 display p2p-car pattern-file..............................................................................................................2-269
2.20.6 display p2p-car protocol...................................................................................................................2-270
2.20.7 display p2p-car relation-table aging-time.........................................................................................2-271

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xiii


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

2.20.8 display p2p-car statistic class...........................................................................................................2-271


2.20.9 display p2p-car statistic protocol......................................................................................................2-273
2.20.10 display p2p-car statistic relation-table............................................................................................2-274
2.20.11 firewall p2p-car default-permit......................................................................................................2-275
2.20.12 firewall p2p-car include.................................................................................................................2-276
2.20.13 firewall p2p-car pattern-file active.................................................................................................2-277
2.20.14 firewall p2p-car relation-table aging-time......................................................................................2-278
2.20.15 firewall p2p-detect behavior enable...............................................................................................2-279
2.20.16 firewall p2p-detect default-permit..................................................................................................2-280
2.20.17 firewall p2p-detect packet-number.................................................................................................2-280
2.20.18 p2p-car............................................................................................................................................2-281
2.20.19 p2p-class.........................................................................................................................................2-282
2.20.20 p2p-detect enable............................................................................................................................2-283
2.20.21 p2p-detect mode.............................................................................................................................2-284
2.20.22 reset p2p-car relation-table.............................................................................................................2-285
2.20.23 reset p2p-car statistic......................................................................................................................2-286
2.20.24 undo cir index.................................................................................................................................2-286
2.21 Secospace Cooperation Configuration Commands...................................................................................2-287
2.21.1 cut access-user (Secospace Cooperation Configuration View)........................................................2-288
2.21.2 debugging right-manager.................................................................................................................2-288
2.21.3 default acl 3099................................................................................................................................2-290
2.21.4 display right-manager online-users..................................................................................................2-291
2.21.5 display right-manager role-id rule....................................................................................................2-293
2.21.6 display right-manager role-info........................................................................................................2-294
2.21.7 display right-manager server-group.................................................................................................2-295
2.21.8 display right-manager statistics........................................................................................................2-296
2.21.9 local..................................................................................................................................................2-297
2.21.10 right-manager server-group............................................................................................................2-298
2.21.11 right-manager server-group enable................................................................................................2-299
2.21.12 right-manager status-detect enable.................................................................................................2-300
2.21.13 right-manager user user-name ip roles...........................................................................................2-300
2.21.14 server ip..........................................................................................................................................2-302
2.21.15 sync role-info..................................................................................................................................2-303
2.22 IP-CAR Configuration Commands...........................................................................................................2-304
2.22.1 debugging firewall ip-car.................................................................................................................2-304
2.22.2 display firewall car-class..................................................................................................................2-305
2.22.3 display firewall conn-class...............................................................................................................2-306
2.22.4 display firewall statistic ip-car.........................................................................................................2-307
2.22.5 display ip monitor table....................................................................................................................2-308
2.22.6 firewall car-class..............................................................................................................................2-309
2.22.7 firewall conn-class............................................................................................................................2-310
2.22.8 ip-car.................................................................................................................................................2-310

xiv Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

2.22.9 ip-car enable.....................................................................................................................................2-312


2.22.10 ip-car filter......................................................................................................................................2-312
2.22.11 ip-conn............................................................................................................................................2-314
2.22.12 ip-conn filter...................................................................................................................................2-315
2.22.13 reset firewall statistic ip-car zone...................................................................................................2-316

3 Internetworking..........................................................................................................................3-1
3.1 Interface Management Commands..................................................................................................................3-3
3.1.1 description..............................................................................................................................................3-3
3.1.2 display interface.....................................................................................................................................3-4
3.1.3 display ip interface.................................................................................................................................3-6
3.1.4 interface................................................................................................................................................3-10
3.1.5 reset counters interface.........................................................................................................................3-11
3.1.6 restart....................................................................................................................................................3-12
3.1.7 shutdown (Interface View)...................................................................................................................3-12
3.2 Ethernet Interface Configuration Commands................................................................................................3-13
3.2.1 display interface ethernet......................................................................................................................3-14
3.2.2 duplex...................................................................................................................................................3-16
3.2.3 ip fast-forwarding output......................................................................................................................3-17
3.2.4 ip fast-forwarding qff...........................................................................................................................3-18
3.2.5 ip fast-forwarding same-interface........................................................................................................3-19
3.2.6 loopback (Ethernet interface view)......................................................................................................3-20
3.2.7 mtu (Ethernet interface view)...............................................................................................................3-21
3.2.8 speed (Ethernet Interface View)...........................................................................................................3-22
3.3 AUX Interface Configuration Commands....................................................................................................3-22
3.3.1 async mode...........................................................................................................................................3-23
3.3.2 detect dsr-dtr.........................................................................................................................................3-23
3.3.3 link-protocol ppp (AUX Interface View).............................................................................................3-24
3.3.4 loopback (AUX Interface View)..........................................................................................................3-25
3.3.5 mtu (AUX Interface View)..................................................................................................................3-26
3.4 Basic Logical Interface Configuration Commands.......................................................................................3-26
3.4.1 broadcast-limit link..............................................................................................................................3-27
3.4.2 display interface (Logic Interface).......................................................................................................3-27
3.4.3 display virtual-access...........................................................................................................................3-30
3.4.4 mac-address..........................................................................................................................................3-32
3.4.5 interface (Logic Interface)....................................................................................................................3-33
3.5 E1 Interface Configuration Commands.........................................................................................................3-34
3.5.1 channel-set (E1 Interface View)...........................................................................................................3-34
3.5.2 clock (E1 Interface View)....................................................................................................................3-35
3.5.3 code (E1 Interface View).....................................................................................................................3-36
3.5.4 controller e1 (E1 Interface)..................................................................................................................3-37
3.5.5 display controller e1 (E1 Interface)......................................................................................................3-38
3.5.6 frame-format (E1 Interface View)........................................................................................................3-39

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xv


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

3.5.7 loopback (E1 Interface View).............................................................................................................. 3-40


3.5.8 using (E1 Interface View)....................................................................................................................3-41
3.6 CE1 Interface Configuration Commands......................................................................................................3-42
3.6.1 channel-set (CE1 Interface View)........................................................................................................3-43
3.6.2 clock (CE1 Interface View)..................................................................................................................3-44
3.6.3 code (CE1 Interface View)...................................................................................................................3-45
3.6.4 controller e1 (CE1 Interface)................................................................................................................3-46
3.6.5 display controller e1 (CE1 Interface)...................................................................................................3-47
3.6.6 frame-format (CE1 Interface View).....................................................................................................3-48
3.6.7 loopback (CE1 Interface View)............................................................................................................3-49
3.6.8 using (CE1 Interface View)..................................................................................................................3-50
3.7 T1 Interface Configuration Commands.........................................................................................................3-51
3.7.1 channel-set (T1 Interface View)...........................................................................................................3-52
3.7.2 clock (T1 Interface View).................................................................................................................... 3-53
3.7.3 code (T1 Interface View)..................................................................................................................... 3-54
3.7.4 controller t1 (T1 Interface)...................................................................................................................3-54
3.7.5 display controller t1 (T1 Interface)...................................................................................................... 3-55
3.7.6 frame-format (T1 Interface View)........................................................................................................3-57
3.7.7 loopback (T1 Interface View).............................................................................................................. 3-58
3.8 CT1 Interface Configuration Commands......................................................................................................3-59
3.8.1 channel-set (CT1 Interface View)........................................................................................................3-59
3.8.2 clock (CT1 Interface View)..................................................................................................................3-60
3.8.3 code (CT1 Interface View)...................................................................................................................3-61
3.8.4 controller t1 (CT1 Interface)................................................................................................................ 3-62
3.8.5 display controller t1 (CT1 Interface)....................................................................................................3-63
3.8.6 frame-format (CT1 Interface View).....................................................................................................3-64
3.8.7 loopback (CT1 Interface View)............................................................................................................3-65
3.9 IP Address Configuration Commands...........................................................................................................3-66
3.9.1 display ip interface...............................................................................................................................3-66
3.9.2 firewall permit sub-ip...........................................................................................................................3-70
3.9.3 ip address..............................................................................................................................................3-71
3.9.4 ip address ppp-negotiate.......................................................................................................................3-72
3.9.5 remote address......................................................................................................................................3-73
3.10 IP Performance Configuration Commands.................................................................................................3-74
3.10.1 debugging ip.......................................................................................................................................3-74
3.10.2 debugging tcp event........................................................................................................................... 3-75
3.10.3 debugging tcp md5.............................................................................................................................3-76
3.10.4 debugging tcp packet..........................................................................................................................3-77
3.10.5 debugging udp packet.........................................................................................................................3-78
3.10.6 display fib...........................................................................................................................................3-78
3.10.7 display fib |.........................................................................................................................................3-79
3.10.8 display fib acl.....................................................................................................................................3-81

xvi Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

3.10.9 display fib ip-prefix............................................................................................................................3-82


3.10.10 display fib longer..............................................................................................................................3-84
3.10.11 display fib statistics..........................................................................................................................3-85
3.10.12 display icmp statistics.......................................................................................................................3-86
3.10.13 display ip interface...........................................................................................................................3-88
3.10.14 display ip socket...............................................................................................................................3-92
3.10.15 display ip statistics...........................................................................................................................3-94
3.10.16 display tcp statistics..........................................................................................................................3-95
3.10.17 display tcp status..............................................................................................................................3-98
3.10.18 display udp statistics.........................................................................................................................3-99
3.10.19 reset ip statistics.............................................................................................................................3-100
3.10.20 reset tcp statistics............................................................................................................................3-101
3.10.21 reset udp statistics...........................................................................................................................3-102
3.10.22 tcp timer fin-timeout.......................................................................................................................3-102
3.10.23 tcp timer syn-timeout.....................................................................................................................3-103
3.10.24 tcp window.....................................................................................................................................3-104
3.11 IP Unicast Policy Routing Configuration Commands..............................................................................3-105
3.11.1 apply cost..........................................................................................................................................3-106
3.11.2 apply cost-type.................................................................................................................................3-106
3.11.3 apply default output-interface..........................................................................................................3-107
3.11.4 apply ip-address default next-hop....................................................................................................3-108
3.11.5 apply ip-address next-hop (unicast).................................................................................................3-109
3.11.6 apply ip-precedence..........................................................................................................................3-110
3.11.7 apply output-interface......................................................................................................................3-111
3.11.8 display ip policy...............................................................................................................................3-112
3.11.9 display ip policy setup......................................................................................................................3-113
3.11.10 display ip policy statistics..............................................................................................................3-114
3.11.11 if-match acl (unicast)......................................................................................................................3-114
3.11.12 if-match cost...................................................................................................................................3-115
3.11.13 if-match interface...........................................................................................................................3-116
3.11.14 if-match ip next-hop.......................................................................................................................3-117
3.11.15 if-match ip-prefix...........................................................................................................................3-118
3.11.16 if-match packet-length....................................................................................................................3-119
3.11.17 ip ip-prefix......................................................................................................................................3-120
3.11.18 ip local policy route-policy............................................................................................................3-121
3.11.19 ip policy route-policy.....................................................................................................................3-122
3.11.20 route-policy (unicast).....................................................................................................................3-123
3.12 IP Multicast Policy Routing Configuration Commands...........................................................................3-124
3.12.1 apply ip-address next-hop (multicast)..............................................................................................3-124
3.12.2 debugging ip multicast-policy..........................................................................................................3-125
3.12.3 display ip multicast-policy...............................................................................................................3-126
3.12.4 if-match acl (multicast)....................................................................................................................3-127

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xvii


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

3.12.5 ip multicast-policy route-policy.......................................................................................................3-128


3.12.6 route-policy (multicast)....................................................................................................................3-129
3.13 Common IP Multicast Configuration Commands.....................................................................................3-130
3.13.1 display ip routing-table protocol multicast-static.............................................................................3-131
3.13.2 display multicast forwarding-table...................................................................................................3-132
3.13.3 display multicast routing-table.........................................................................................................3-133
3.13.4 display multicast rpf-info.................................................................................................................3-134
3.13.5 ip rpf-longest-match.........................................................................................................................3-135
3.13.6 ip rpf-route-static..............................................................................................................................3-136
3.13.7 mtracert.............................................................................................................................................3-137
3.13.8 multicast minimum-ttl......................................................................................................................3-139
3.13.9 multicast packet-boundary...............................................................................................................3-139
3.13.10 multicast route-limit.......................................................................................................................3-140
3.13.11 multicast routing-enable.................................................................................................................3-141
3.13.12 reset multicast forwarding-table.....................................................................................................3-142
3.13.13 reset multicast routing-table...........................................................................................................3-143
3.14 IGMP Configuration Commands..............................................................................................................3-144
3.14.1 debugging igmp................................................................................................................................3-145
3.14.2 display igmp group...........................................................................................................................3-146
3.14.3 display igmp interface......................................................................................................................3-147
3.14.4 display igmp local............................................................................................................................3-148
3.14.5 igmp enable......................................................................................................................................3-149
3.14.6 igmp group-limit..............................................................................................................................3-150
3.14.7 igmp group-policy............................................................................................................................3-150
3.14.8 igmp host-join..................................................................................................................................3-151
3.14.9 igmp lastmember-queryinterval.......................................................................................................3-152
3.14.10 igmp max-response-time................................................................................................................3-153
3.14.11 igmp proxy.....................................................................................................................................3-154
3.14.12 igmp robust-count..........................................................................................................................3-155
3.14.13 igmp timer other-querier-present....................................................................................................3-156
3.14.14 igmp timer query............................................................................................................................3-157
3.14.15 igmp version...................................................................................................................................3-158
3.14.16 reset igmp group.............................................................................................................................3-159
3.15 PIM Configuration Commands.................................................................................................................3-160
3.15.1 bsr-policy..........................................................................................................................................3-161
3.15.2 c-bsr..................................................................................................................................................3-162
3.15.3 c-rp...................................................................................................................................................3-163
3.15.4 crp-policy.........................................................................................................................................3-164
3.15.5 display pim bsr-info.........................................................................................................................3-165
3.15.6 display pim interface........................................................................................................................3-166
3.15.7 display pim local..............................................................................................................................3-167
3.15.8 display pim neighbor........................................................................................................................3-168

xviii Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

3.15.9 display pim routing-table.................................................................................................................3-168


3.15.10 display pim rp-info.........................................................................................................................3-169
3.15.11 pim..................................................................................................................................................3-170
3.15.12 pim bsr-boundary...........................................................................................................................3-171
3.15.13 pim dm............................................................................................................................................3-172
3.15.14 pim neighbor-limit..........................................................................................................................3-173
3.15.15 pim neighbor-policy.......................................................................................................................3-174
3.15.16 pim sm............................................................................................................................................3-174
3.15.17 pim timer hello...............................................................................................................................3-175
3.15.18 register-policy.................................................................................................................................3-176
3.15.19 reset pim neighbor..........................................................................................................................3-177
3.15.20 reset pim routing-table...................................................................................................................3-178
3.15.21 source-policy..................................................................................................................................3-179
3.15.22 spt-switch-threshold.......................................................................................................................3-180
3.15.23 static-rp...........................................................................................................................................3-181
3.16 MSDP Configuration Commands.............................................................................................................3-182
3.16.1 cache-sa-enable................................................................................................................................3-183
3.16.2 debugging msdp...............................................................................................................................3-184
3.16.3 display msdp brief............................................................................................................................3-185
3.16.4 display msdp peer-status..................................................................................................................3-185
3.16.5 display msdp sa-cache......................................................................................................................3-186
3.16.6 display msdp sa-count......................................................................................................................3-187
3.16.7 import-source...................................................................................................................................3-188
3.16.8 msdp.................................................................................................................................................3-189
3.16.9 msdp-tracert......................................................................................................................................3-190
3.16.10 originating-rp..................................................................................................................................3-192
3.16.11 peer connect-interface....................................................................................................................3-193
3.16.12 peer description..............................................................................................................................3-194
3.16.13 peer mesh-group.............................................................................................................................3-194
3.16.14 peer minimum-ttl............................................................................................................................3-195
3.16.15 peer request-sa-enable....................................................................................................................3-196
3.16.16 peer sa-cache-maximum.................................................................................................................3-197
3.16.17 peer sa-policy.................................................................................................................................3-198
3.16.18 peer sa-request-policy....................................................................................................................3-199
3.16.19 reset msdp peer...............................................................................................................................3-200
3.16.20 reset msdp sa-cache........................................................................................................................3-200
3.16.21 reset msdp statistics........................................................................................................................3-201
3.16.22 shutdown (MSDP View of Public Network Instance)...................................................................3-202
3.16.23 static-rpf-peer.................................................................................................................................3-202
3.16.24 timer retry.......................................................................................................................................3-204
3.17 Static Route Configuration Commands.....................................................................................................3-204
3.17.1 display ip routing-table.....................................................................................................................3-205

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xix


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

3.17.2 display ip routing-table (destination range specified)......................................................................3-206


3.17.3 display ip routing-table (destination specified)................................................................................3-207
3.17.4 display ip routing-table acl...............................................................................................................3-208
3.17.5 display ip routing-table ip-prefix......................................................................................................3-210
3.17.6 display ip routing-table protocol......................................................................................................3-211
3.17.7 display ip routing-table radix...........................................................................................................3-212
3.17.8 display ip routing-table statistics......................................................................................................3-213
3.17.9 display ip routing-table verbose.......................................................................................................3-214
3.17.10 ip route-static..................................................................................................................................3-216
3.18 ARP Configuration Commands................................................................................................................3-218
3.18.1 arp detect-times................................................................................................................................3-219
3.18.2 arp expire-time.................................................................................................................................3-219
3.18.3 arp-proxy enable...............................................................................................................................3-220
3.18.4 arp static...........................................................................................................................................3-221
3.18.5 arp multi-mac-permit........................................................................................................................3-222
3.18.6 debugging arp packet.......................................................................................................................3-223
3.18.7 display arp........................................................................................................................................3-223
3.18.8 reset arp............................................................................................................................................3-225
3.19 DHCP Configuration Commands..............................................................................................................3-226
3.19.1 debugging dhcp relay.......................................................................................................................3-228
3.19.2 debugging dhcp server.....................................................................................................................3-229
3.19.3 dhcp client enable.............................................................................................................................3-230
3.19.4 dhcp client forbid.............................................................................................................................3-231
3.19.5 dhcp client renew.............................................................................................................................3-232
3.19.6 dhcp enable.......................................................................................................................................3-233
3.19.7 dhcp relay release.............................................................................................................................3-234
3.19.8 dhcp select (Interface View).............................................................................................................3-234
3.19.9 dhcp select (System View)...............................................................................................................3-235
3.19.10 dhcp server detect...........................................................................................................................3-236
3.19.11 dhcp server dns-list (Interface View).............................................................................................3-237
3.19.12 dhcp server dns-list (System View)...............................................................................................3-238
3.19.13 dhcp server domain-name (Interface View)...................................................................................3-239
3.19.14 dhcp server domain-name (System View).....................................................................................3-240
3.19.15 dhcp server expired (Interface View).............................................................................................3-241
3.19.16 dhcp server expired (System View)...............................................................................................3-242
3.19.17 dhcp server forbidden-ip................................................................................................................3-244
3.19.18 dhcp server ip-pool.........................................................................................................................3-245
3.19.19 dhcp server nbns-list (Interface View)...........................................................................................3-246
3.19.20 dhcp server nbns-list (System View).............................................................................................3-247
3.19.21 dhcp server netbios-type (Interface View).....................................................................................3-248
3.19.22 dhcp server netbios-type (System View).......................................................................................3-249
3.19.23 dhcp server option (Interface View)...............................................................................................3-250

xx Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

3.19.24 dhcp server option (System View).................................................................................................3-251


3.19.25 dhcp server ping.............................................................................................................................3-253
3.19.26 dhcp server static-bind...................................................................................................................3-253
3.19.27 display dhcp relay address..............................................................................................................3-254
3.19.28 display dhcp relay statistics............................................................................................................3-255
3.19.29 display dhcp server conflict............................................................................................................3-257
3.19.30 display dhcp server expired............................................................................................................3-258
3.19.31 display dhcp server free-ip.............................................................................................................3-259
3.19.32 display dhcp server ip-in-use..........................................................................................................3-260
3.19.33 display dhcp server statistics..........................................................................................................3-261
3.19.34 display dhcp server tree..................................................................................................................3-263
3.19.35 display dhcp-client.........................................................................................................................3-265
3.19.36 dns-list............................................................................................................................................3-266
3.19.37 domain-name..................................................................................................................................3-267
3.19.38 expired............................................................................................................................................3-268
3.19.39 gateway-list....................................................................................................................................3-269
3.19.40 ip relay address (Interface View)...................................................................................................3-270
3.19.41 ip relay address (System View)......................................................................................................3-271
3.19.42 nbns-list..........................................................................................................................................3-272
3.19.43 netbios-type....................................................................................................................................3-273
3.19.44 network (DHCP)............................................................................................................................3-274
3.19.45 option..............................................................................................................................................3-275
3.19.46 reset dhcp relay statistics................................................................................................................3-276
3.19.47 reset dhcp server conflict................................................................................................................3-276
3.19.48 reset dhcp server ip-in-use..............................................................................................................3-277
3.19.49 reset dhcp server statistics..............................................................................................................3-278
3.19.50 static-bind ip-address......................................................................................................................3-279
3.19.51 static-bind mac-address..................................................................................................................3-280
3.20 DNS Configuration Commands................................................................................................................3-281
3.20.1 display ip host...................................................................................................................................3-281
3.20.2 ip host...............................................................................................................................................3-281
3.21 OSPF Configuration Commands...............................................................................................................3-282
3.21.1 abr-summary.....................................................................................................................................3-284
3.21.2 area...................................................................................................................................................3-285
3.21.3 asbr-summary...................................................................................................................................3-286
3.21.4 authentication-mode (OSPF Area View).........................................................................................3-287
3.21.5 debugging ospf.................................................................................................................................3-288
3.21.6 default cost (OSPF View)................................................................................................................3-290
3.21.7 default interval..................................................................................................................................3-291
3.21.8 default limit......................................................................................................................................3-292
3.21.9 default tag.........................................................................................................................................3-293
3.21.10 default type.....................................................................................................................................3-294

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xxi


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

3.21.11 default-cost.....................................................................................................................................3-294
3.21.12 default-route-advertise...................................................................................................................3-296
3.21.13 display debugging ospf...................................................................................................................3-297
3.21.14 display ospf abr-asbr......................................................................................................................3-298
3.21.15 display ospf asbr-summary.............................................................................................................3-299
3.21.16 display ospf brief............................................................................................................................3-301
3.21.17 display ospf cumulative..................................................................................................................3-302
3.21.18 display ospf diagnostic-information...............................................................................................3-304
3.21.19 display ospf error............................................................................................................................3-306
3.21.20 display ospf interface.....................................................................................................................3-307
3.21.21 display ospf lsdb.............................................................................................................................3-307
3.21.22 display ospf nexthop.......................................................................................................................3-311
3.21.23 display ospf peer.............................................................................................................................3-312
3.21.24 display ospf peer address................................................................................................................3-313
3.21.25 display ospf peer interface..............................................................................................................3-314
3.21.26 display ospf peer route-id...............................................................................................................3-315
3.21.27 display ospf request-queue.............................................................................................................3-315
3.21.28 display ospf retrans-queue..............................................................................................................3-316
3.21.29 display ospf routing........................................................................................................................3-317
3.21.30 display ospf vlink...........................................................................................................................3-317
3.21.31 domain-id.......................................................................................................................................3-318
3.21.32 filter-policy export (OSPF View)...................................................................................................3-319
3.21.33 filter-policy import (OSPF View)..................................................................................................3-320
3.21.34 import-route (OSPF View).............................................................................................................3-321
3.21.35 network (OSPF Aarea View).........................................................................................................3-322
3.21.36 nssa.................................................................................................................................................3-323
3.21.37 opaque-capbility.............................................................................................................................3-324
3.21.38 ospf.................................................................................................................................................3-325
3.21.39 ospf authentication-mode...............................................................................................................3-326
3.21.40 ospf cost..........................................................................................................................................3-327
3.21.41 ospf dr-priority...............................................................................................................................3-328
3.21.42 ospf mib-binding............................................................................................................................3-329
3.21.43 ospf mtu-enable..............................................................................................................................3-330
3.21.44 ospf network-type...........................................................................................................................3-330
3.21.45 ospf timer dead...............................................................................................................................3-332
3.21.46 ospf timer hello...............................................................................................................................3-333
3.21.47 ospf timer poll................................................................................................................................3-333
3.21.48 ospf timer retransmit......................................................................................................................3-334
3.21.49 ospf trans-delay..............................................................................................................................3-335
3.21.50 peer (OSPF View)..........................................................................................................................3-336
3.21.51 preference (OSPF View)................................................................................................................3-337
3.21.52 reset ospf........................................................................................................................................3-338

xxii Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

3.21.53 router id..........................................................................................................................................3-339


3.21.54 silent-interface................................................................................................................................3-340
3.21.55 snmp-agent trap enable ospf...........................................................................................................3-341
3.21.56 spf-schedule-interval......................................................................................................................3-342
3.21.57 stub.................................................................................................................................................3-343
3.21.58 vlink-peer.......................................................................................................................................3-344
3.22 PPP Configuration Commands..................................................................................................................3-345
3.22.1 debugging ppp..................................................................................................................................3-346
3.22.2 display interface mp-group...............................................................................................................3-348
3.22.3 display ppp compression iphc..........................................................................................................3-350
3.22.4 display ppp mp.................................................................................................................................3-351
3.22.5 interface mp-group...........................................................................................................................3-352
3.22.6 ip tcp vjcompress..............................................................................................................................3-353
3.22.7 link-protocol ppp..............................................................................................................................3-354
3.22.8 ppp authentication-mode..................................................................................................................3-355
3.22.9 ppp callback......................................................................................................................................3-356
3.22.10 ppp callback ntstring......................................................................................................................3-357
3.22.11 ppp chap password.........................................................................................................................3-357
3.22.12 ppp chap user..................................................................................................................................3-358
3.22.13 ppp compression iphc.....................................................................................................................3-359
3.22.14 ppp compression stac-lzs................................................................................................................3-360
3.22.15 ppp ipcp dns...................................................................................................................................3-361
3.22.16 ppp lqc............................................................................................................................................3-362
3.22.17 ppp mp............................................................................................................................................3-363
3.22.18 ppp mp binding-mode....................................................................................................................3-365
3.22.19 ppp mp max-bind...........................................................................................................................3-366
3.22.20 ppp mp mp-group...........................................................................................................................3-367
3.22.21 ppp mp min-fragment.....................................................................................................................3-368
3.22.22 ppp mp user bind virtual-template.................................................................................................3-369
3.22.23 ppp mp virtual-template.................................................................................................................3-370
3.22.24 ppp pap local-user..........................................................................................................................3-372
3.22.25 ppp timer negotiate.........................................................................................................................3-373
3.22.26 timer hold.......................................................................................................................................3-373
3.23 PPPoE Configuration Commands.............................................................................................................3-374
3.23.1 reset pppoe-server session statistic interface....................................................................................3-374
3.23.2 debugging pppoe-client....................................................................................................................3-375
3.23.3 display pppoe-client session.............................................................................................................3-376
3.23.4 display pppoe-server session............................................................................................................3-378
3.23.5 pppoe-client......................................................................................................................................3-379
3.23.6 pppoe-server bind virtual-template..................................................................................................3-380
3.23.7 pppoe-server max-sessions local-mac..............................................................................................3-381
3.23.8 pppoe-server max-sessions remote-mac...........................................................................................3-382

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xxiii


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

3.23.9 pppoe-server max-sessions total.......................................................................................................3-383


3.23.10 reset pppoe-client........................................................................................................................... 3-384
3.24 QoS Configuration Commands.................................................................................................................3-385
3.24.1 car.....................................................................................................................................................3-386
3.24.2 classifier behavior............................................................................................................................ 3-387
3.24.3 display traffic behavior.....................................................................................................................3-388
3.24.4 display traffic classifier....................................................................................................................3-390
3.24.5 gts.....................................................................................................................................................3-391
3.24.6 if-match acl (Traffic Classifier View)..............................................................................................3-392
3.24.7 if-match any......................................................................................................................................3-393
3.24.8 if-match classifier.............................................................................................................................3-394
3.24.9 if-match dscp....................................................................................................................................3-395
3.24.10 if-match inbound-interface.............................................................................................................3-396
3.24.11 if-match ip-precedence...................................................................................................................3-397
3.24.12 if-match mac...................................................................................................................................3-398
3.24.13 if-match protocol ip........................................................................................................................3-399
3.24.14 if-match rtp.....................................................................................................................................3-400
3.24.15 qos apply policy............................................................................................................................. 3-401
3.24.16 qos policy....................................................................................................................................... 3-402
3.24.17 qos reserved-bandwidth..................................................................................................................3-403
3.24.18 queue af..........................................................................................................................................3-404
3.24.19 queue ef..........................................................................................................................................3-405
3.24.20 queue wfq.......................................................................................................................................3-406
3.24.21 queue-length...................................................................................................................................3-407
3.24.22 remark dscp....................................................................................................................................3-408
3.24.23 remark fr-de....................................................................................................................................3-409
3.24.24 remark ip-precedence.....................................................................................................................3-410
3.24.25 traffic behavior...............................................................................................................................3-411
3.24.26 traffic classifier...............................................................................................................................3-412
3.24.27 wred................................................................................................................................................3-413
3.24.28 wred dscp........................................................................................................................................3-414
3.24.29 wred ip-precedence.........................................................................................................................3-415
3.24.30 wred weighting-constant................................................................................................................3-416
3.25 RIP Configuration Commands..................................................................................................................3-417
3.25.1 checkzero..........................................................................................................................................3-418
3.25.2 debugging rip....................................................................................................................................3-418
3.25.3 default cost (RIP View)....................................................................................................................3-419
3.25.4 display rip.........................................................................................................................................3-420
3.25.5 filter-policy export (RIP View)........................................................................................................3-421
3.25.6 filter-policy import (RIP View)........................................................................................................3-422
3.25.7 host-route..........................................................................................................................................3-423
3.25.8 import-route (RIP View)..................................................................................................................3-424

xxiv Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

3.25.9 network (RIP View).........................................................................................................................3-425


3.25.10 peer (RIP View).............................................................................................................................3-426
3.25.11 preference (RIP View)...................................................................................................................3-427
3.25.12 reset................................................................................................................................................3-428
3.25.13 rip...................................................................................................................................................3-429
3.25.14 rip authentication-mode..................................................................................................................3-429
3.25.15 rip input..........................................................................................................................................3-431
3.25.16 rip metricin.....................................................................................................................................3-432
3.25.17 rip metricout...................................................................................................................................3-433
3.25.18 rip output........................................................................................................................................3-434
3.25.19 rip split-horizon..............................................................................................................................3-435
3.25.20 rip version.......................................................................................................................................3-435
3.25.21 rip work..........................................................................................................................................3-436
3.25.22 summary.........................................................................................................................................3-437
3.25.23 timers..............................................................................................................................................3-438
3.26 VLAN Configuration Commands.............................................................................................................3-439
3.26.1 debugging vlan packet......................................................................................................................3-439
3.26.2 display vlan statistics interface.........................................................................................................3-440
3.26.3 display vlan statistics vid..................................................................................................................3-441
3.26.4 reset vlan statistics interface.............................................................................................................3-442
3.26.5 reset vlan statistics vid......................................................................................................................3-442
3.26.6 vlan-type dot1q.................................................................................................................................3-443
3.27 Frame Relay Configuration Commands....................................................................................................3-444
3.27.1 debugging fr inarp............................................................................................................................3-446
3.27.2 debugging fr packet..........................................................................................................................3-446
3.27.3 debugging fr.....................................................................................................................................3-447
3.27.4 display fr compress...........................................................................................................................3-449
3.27.5 display fr dlci-switch........................................................................................................................3-450
3.27.6 display fr fragment-info...................................................................................................................3-451
3.27.7 display fr inarp-info..........................................................................................................................3-452
3.27.8 display fr interface............................................................................................................................3-453
3.27.9 display fr iphc...................................................................................................................................3-454
3.27.10 display fr lmi-info...........................................................................................................................3-455
3.27.11 display fr map-info.........................................................................................................................3-456
3.27.12 display fr pvc-info..........................................................................................................................3-458
3.27.13 display fr standby group.................................................................................................................3-459
3.27.14 display fr statistics..........................................................................................................................3-461
3.27.15 display fr switch-table....................................................................................................................3-462
3.27.16 display interface mfr.......................................................................................................................3-463
3.27.17 display mfr......................................................................................................................................3-466
3.27.18 fr compression frf9.........................................................................................................................3-469
3.27.19 fr compression iphc........................................................................................................................3-470

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xxv


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Contents Command Reference

3.27.20 fr dlci..............................................................................................................................................3-471
3.27.21 fr dlci-switch.................................................................................................................................. 3-472
3.27.22 fr inarp............................................................................................................................................3-473
3.27.23 fr interface-type..............................................................................................................................3-474
3.27.24 fr iphc............................................................................................................................................. 3-475
3.27.25 fr lmi n391dte.................................................................................................................................3-476
3.27.26 fr lmi n392dce................................................................................................................................ 3-477
3.27.27 fr lmi n392dte.................................................................................................................................3-478
3.27.28 fr lmi n393dce................................................................................................................................ 3-479
3.27.29 fr lmi n393dte.................................................................................................................................3-480
3.27.30 fr lmi t392dce.................................................................................................................................3-481
3.27.31 fr lmi type.......................................................................................................................................3-482
3.27.32 fr map ip.........................................................................................................................................3-483
3.27.33 fr standby group switch..................................................................................................................3-485
3.27.34 fr standby group switch auto..........................................................................................................3-485
3.27.35 fr standby group switch master...................................................................................................... 3-486
3.27.36 fr standby group switch slave.........................................................................................................3-487
3.27.37 fr switch..........................................................................................................................................3-488
3.27.38 fr switching.....................................................................................................................................3-489
3.27.39 interface mfr...................................................................................................................................3-490
3.27.40 link-protocol (FR Interface View)..................................................................................................3-491
3.27.41 link-protocol fr mfr.........................................................................................................................3-492
3.27.42 mfr bundle-name............................................................................................................................3-493
3.27.43 mfr fragment...................................................................................................................................3-494
3.27.44 mfr fragment-size...........................................................................................................................3-495
3.27.45 mfr link-name.................................................................................................................................3-496
3.27.46 mfr retry..........................................................................................................................................3-497
3.27.47 mfr timer ack..................................................................................................................................3-498
3.27.48 mfr timer hello................................................................................................................................3-499
3.27.49 mfr window-size.............................................................................................................................3-499
3.27.50 mtu (FR Interface View)................................................................................................................3-500
3.27.51 reset fr inarp................................................................................................................................... 3-501
3.27.52 shutdown (FR Interface View).......................................................................................................3-502
3.27.53 timer hold (FR Interface View)......................................................................................................3-503
3.28 HDLC Configuration Commands............................................................................................................. 3-504
3.28.1 debugging hdlc all............................................................................................................................3-504
3.28.2 debugging hdlc event....................................................................................................................... 3-505
3.28.3 debugging hdlc.................................................................................................................................3-506
3.28.4 ip address unnumbered.....................................................................................................................3-508
3.28.5 timer hold (HDLC)...........................................................................................................................3-509

4 Reliability....................................................................................................................................4-1
4.1 VRRP Backup Group Configuration Commands...........................................................................................4-2

xxvi Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Contents

4.1.1 debugging vrrp.......................................................................................................................................4-2


4.1.2 display vrrp.............................................................................................................................................4-3
4.1.3 vrrp un-check ttl.....................................................................................................................................4-4
4.1.4 vrrp vrid preempt-mode.........................................................................................................................4-5
4.1.5 vrrp vrid priority.....................................................................................................................................4-6
4.1.6 vrrp vrid timer advertise.........................................................................................................................4-7
4.1.7 vrrp vrid track.........................................................................................................................................4-8
4.1.8 vrrp vrid virtual-ip................................................................................................................................4-10
4.2 VRRP Management Group Configuration Commands.................................................................................4-11
4.2.1 add interface (VRRP Management Group View)................................................................................4-11
4.2.2 debugging vrrp-group...........................................................................................................................4-13
4.2.3 display vrrp-group................................................................................................................................4-14
4.2.4 triggerdown interface...........................................................................................................................4-14
4.2.5 vgmp-flash enable................................................................................................................................4-15
4.2.6 vrrp group.............................................................................................................................................4-16
4.2.7 vrrp-group enable.................................................................................................................................4-17
4.2.8 vrrp-group group-send..........................................................................................................................4-18
4.2.9 vrrp-group manual-preempt.................................................................................................................4-19
4.2.10 vrrp-group preempt............................................................................................................................4-19
4.2.11 vrrp-group priority..............................................................................................................................4-20
4.2.12 vrrp-group timer hello........................................................................................................................4-22
4.3 HRP Configuration Commands....................................................................................................................4-23
4.3.1 debugging hrp.......................................................................................................................................4-24
4.3.2 debugging hrp configuration check......................................................................................................4-25
4.3.3 display hrp............................................................................................................................................4-26
4.3.4 display hrp configuration check...........................................................................................................4-27
4.3.5 firewall mode composite permit-backupforward.................................................................................4-29
4.3.6 firewall session bak-time......................................................................................................................4-30
4.3.7 hrp auto-sync........................................................................................................................................4-30
4.3.8 hrp configuration check........................................................................................................................4-31
4.3.9 hrp enable.............................................................................................................................................4-33
4.3.10 hrp ospf-cost adjust-enable.................................................................................................................4-34
4.3.11 hrp sync..............................................................................................................................................4-35
4.4 IP-Link Configuration Commands................................................................................................................4-36
4.4.1 debugging ip-link.................................................................................................................................4-36
4.4.2 display ip-link.......................................................................................................................................4-37
4.4.3 ip-link...................................................................................................................................................4-38
4.4.4 ip-link check enable.............................................................................................................................4-39

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xxvii


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Tables

Tables

Table 1-1 Description of the display clock command output...............................................................................1-5


Table 1-2 Description of the display hotkey command output............................................................................1-8
Table 1-3 Description of the display rsa local-key-pair public command output..............................................1-29
Table 1-4 Description of the display rsa peer-public-key command output......................................................1-31
Table 1-5 Description of the display ssh server session command output.........................................................1-32
Table 1-6 Description of the ssh user-information command output.................................................................1-33
Table 1-7 Description of the display tcp status command output......................................................................1-34
Table 1-8 Description of the display user-interface command output...............................................................1-36
Table 1-9 Description of the display user-interface maximum-vty command output........................................1-37
Table 1-10 Description of the display users command output...........................................................................1-38
Table 1-11 Description of the display firewall transparent-mode address-table command output....................1-72
Table 1-12 Description of the display firewall transparent-mode traffic command output...............................1-73
Table 1-13 Description of the display ftp-server command output..................................................................1-102
Table 1-14 Description of the display ftp-users command output................................................................... 1-103
Table 1-15 Description of the display startup command output...................................................................... 1-105
Table 1-16 Description of the debugging firewall packet-capture capture command output.......................... 1-138
Table 1-17 Description of the debugging firewall packet-capture send command output...............................1-138
Table 1-18 Description of the debugging firewall packet-capture error command output.............................. 1-139
Table 1-19 Description of the debugging firewall packet-capture event command output............................. 1-140
Table 1-20 Description of the display channel command output.....................................................................1-141
Table 1-21 Description of the display firewall packet-capture configuration command output......................1-147
Table 1-22 Description of the display firewall packet-capture queue command output..................................1-149
Table 1-23 Description of the display firewall packet-capture statistic command output...............................1-150
Table 1-24 Description of the display info-center command output................................................................1-152
Table 1-25 Description of the display logbuffer command output.................................................................. 1-154
Table 1-26 Description of the display schedule reboot command output........................................................1-156
Table 1-27 Description of the display trapbuffer command output................................................................. 1-157
Table 1-28 Definition of eight information levels............................................................................................1-172
Table 1-29 Description of date.........................................................................................................................1-174
Table 1-30 Description of the ping command output.......................................................................................1-178
Table 1-31 Description of the display ntp-service status command output......................................................1-197
Table 1-32 Description of the display ntp service trace command output.......................................................1-199
Table 1-33 Description of the NTP access authority........................................................................................1-200

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xxix


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Tables Command Reference

Table 1-34 Description of the display snmp-agent command output...............................................................1-215


Table 1-35 Description of the display snmp-agent community command output...........................................1-216
Table 1-36 Description of the display snmp-agent group command output....................................................1-217
Table 1-37 Description of the display snmp-agent mib-view command output..............................................1-218
Table 1-38 Description of the display snmp-agent statistics command output................................................1-219
Table 1-39 Description of the display snmp-agent sys-info command output.................................................1-221
Table 1-40 Description of the display snmp-agent usm-user command output...............................................1-222
Table 2-1 Description of the display ip address-set all command output...........................................................2-10
Table 2-2 Description of the display ip port-set all command output................................................................2-12
Table 2-3 Description of the display time-range all command output...............................................................2-13
Table 2-4 Description of the display firewall session aging-time command output..........................................2-33
Table 2-5 Description of the display firewall session no-pat command output.................................................2-36
Table 2-6 Description of the display firewall session table verbose command output......................................2-37
Table 2-7 Description of the display nat command output..............................................................................2-120
Table 2-8 Description of the display accounting-scheme command output.....................................................2-149
Table 2-9 Description of the display user-car 3 command output....................................................................2-154
Table 2-10 Description of the display l2tp session command output...............................................................2-230
Table 2-11 Description of the display l2tp tunnel command output................................................................2-231
Table 2-12 Description of the display interface tunnel 0 command output.....................................................2-246
Table 2-13 Description of the addrserver command output.............................................................................2-253
Table 2-14 Description of the display slb group command output..................................................................2-255
Table 2-15 Description of the display slb rserver command output.................................................................2-256
Table 2-16 Description of the display slb vserver command output................................................................2-257
Table 2-17 Description of the rserver command output...................................................................................2-261
Table 2-18 Description of the vserver command output..................................................................................2-264
Table 2-19 Description of the display p2p-car class command output............................................................2-268
Table 2-20 Description of the display p2p-car statistic class command output...............................................2-272
Table 2-21 Description of the display p2p-car statistic class command output...............................................2-274
Table 2-22 Description of the debugging right-manager command output.....................................................2-289
Table 2-23 Description of the display right-manager online-users command output......................................2-293
Table 2-24 Description of the display right-manager role-info command output............................................2-294
Table 2-25 Description of the display right-manager server-group command output.....................................2-296
Table 2-26 Description of the display right-manager statistics command output............................................2-297
Table 2-27 Description of the display firewall statistic ip-car command output.............................................2-308
Table 2-28 Description of the display source ip monitor table command output............................................2-309
Table 3-1 Description of the display interface command output.........................................................................3-5
Table 3-2 Description of the display ip interface Ethernet 0/0/0 command output..............................................3-8
Table 3-3 Description of the display interface ethernet command output..........................................................3-15
Table 3-4 Description of the display interface virtual-template command output.............................................3-29
Table 3-5 Description of the display virtual-access command output...............................................................3-31
Table 3-6 Description of the display controller e1 command output.................................................................3-39
Table 3-7 Description of the display controller e1 command output.................................................................3-47

xxx Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference Tables

Table 3-8 Description of the display controller t1 command output..................................................................3-56


Table 3-9 Description of the display controller t1 command output..................................................................3-63
Table 3-10 Description of the display ip interface Ethernet 0/0/0 command output..........................................3-68
Table 3-11 Description of the display fib command output...............................................................................3-79
Table 3-12 Description of the display fib | command output.............................................................................3-81
Table 3-13 Description of the display fib acl command output.........................................................................3-82
Table 3-14 Description of the display fib ip-prefix command output................................................................3-83
Table 3-15 Description of the display fib command output...............................................................................3-85
Table 3-16 Description of the display fib statistics command output................................................................3-86
Table 3-17 Description of the display icmp statistic command output..............................................................3-87
Table 3-18 Description of the display ip interface Ethernet 0/0/0 command output..........................................3-89
Table 3-19 Description of the display ip socket command output.....................................................................3-93
Table 3-20 Description of the display ip statistics command output.................................................................3-94
Table 3-21 Description of the display tcp statistics output................................................................................3-96
Table 3-22 Description of the display tcp status command output....................................................................3-99
Table 3-23 Description of the display udp statistics command output.............................................................3-100
Table 3-24 Description of the display igmp group command output...............................................................3-146
Table 3-25 Description of the display pim interface command output............................................................3-167
Table 3-26 Description of the msdp-tracert command domain........................................................................3-191
Table 3-27 Description of the display ip routing-table command output.........................................................3-205
Table 3-28 Description of the display ip routing-table statistics command output..........................................3-214
Table 3-29 Description of the display ip routing-table verbose command output...........................................3-215
Table 3-30 Description of the display arp command output............................................................................3-224
Table 3-31 Description of the display dhcp relay address command output....................................................3-255
Table 3-32 Description of the display dhcp relay statistics command output..................................................3-256
Table 3-33 Description of the display dhcp server conflict command output..................................................3-258
Table 3-34 Description of the display dhcp server expired command output..................................................3-259
Table 3-35 Description of the display dhcp server free-ip command output...................................................3-260
Table 3-36 Description of the display dhcp server ip-in-use command output................................................3-261
Table 3-37 Description of the display dhcp server statistics command output................................................3-262
Table 3-38 Description of the display dhcp server tree command output........................................................3-264
Table 3-39 Description of the display debugging ospf command output.........................................................3-298
Table 3-40 Description of the display ospf abr-asbr command output............................................................ 3-299
Table 3-41 Description of the display ospf asbr-summary command output...................................................3-300
Table 3-42 Description of the display ospf cumulative command output........................................................3-303
Table 3-43 Commands included in the display ospf diagnostic-information command..................................3-305
Table 3-44 Description of the display interface mp-group command output...................................................3-349
Table 3-45 Description of the display ppp mp command output.....................................................................3-352
Table 3-46 Description of the PPPoE Client debugging switches type........................................................... 3-375
Table 3-47 Description of the display pppoe-client session summary command output.................................3-377
Table 3-48 Description of the display pppoe-client session packet command output..................................... 3-377
Table 3-49 Description of the display traffic behavior command output.........................................................3-389

Issue 01 (2008-11-15) Huawei Proprietary and Confidential xxxi


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Tables Command Reference

Table 3-50 Description of the display traffic classifier command output........................................................3-391


Table 3-51 Description of the display rip command output.............................................................................3-421
Table 3-52 Description of the display fr compress command output...............................................................3-449
Table 3-53 Description of the display fr dlci-switch command output............................................................3-451
Table 3-54 Description of the display fr inarp-info command output..............................................................3-453
Table 3-55 Description of the display fr interface command output................................................................3-454
Table 3-56 Description of the display fr lmi-info command output.................................................................3-456
Table 3-57 Description of the display fr map-info command output...............................................................3-457
Table 3-58 Description of the display fr pvc-info command output................................................................3-459
Table 3-59 Description of the display fr standby group command output.......................................................3-460
Table 3-60 Description of the display fr statistics command output................................................................3-462
Table 3-61 Description of the display fr switch-table command output..........................................................3-463
Table 3-62 Description of the display interface mfr command output.............................................................3-464
Table 3-63 Description of the display mfr command output............................................................................3-467
Table 3-64 Description of the debugging hdlc event command output............................................................3-506
Table 3-65 Description of the debugging hdlc command output.....................................................................3-507
Table 4-1 Description of the debugging hrp configuration check command output..........................................4-26
Table 4-2 Description of the display configuration check acl command output................................................4-28
Table 4-3 Description of the hrp configuration check command error output...................................................4-32
Table 4-4 Description of the display ip-link command output...........................................................................4-38

xxxii Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference About This Document

About This Document

Purpose
This document introduces the detailed command information about the Eudemon 200, including
command function, command format, parameters description, command views, default level,
usage guidelines, examples, and related commands.

This document describes security defense configuration commands, internetworking


configuration commands, system management configuration commands, and reliability
configuration commands of the Eudemon 200 firewall.

Related Versions
The following table lists the product versions related to this document.

Product Name Version

Eudemon 200 V200R001C03B6

Intended Audience
This document is intended for:

l Network engineers
l Network administrator
l Network maintenance engineer

Organization
This document is organized as follows.

Chapter Description

1 System Management Describes the commands of system management.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
About This Document Command Reference

Chapter Description

2 Security Defense Describes the commands of security defense.

3 Internetworking Describes the commands of internetworking.

4 Reliability Describes the commands of reliability.

Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates a hazard with a high level of risk, which if not


avoided, will result in death or serious injury.
DANGER

Indicates a hazard with a medium or low level of risk, which


if not avoided, could result in minor or moderate injury.
WARNING

Indicates a potentially hazardous situation, which if not


avoided, could result in equipment damage, data loss,
CAUTION
performance degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save
time.

NOTE Provides additional information to emphasize or supplement


important points of the main text.

General Conventions
The general conventions that may be found in this document are defined as follows.

Convention Description

Times New Roman Normal paragraphs are in Times New Roman.

Boldface Names of files, directories, folders, and users are in


boldface. For example, log in as user root.

Italic Book titles are in italics.


Courier New Examples of information displayed on the screen are in
Courier New.

2 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference About This Document

Command Conventions
The command conventions that may be found in this document are defined as follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated by


vertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated by


vertical bars. One item is selected or no item is selected.

{ x | y | ... }* Optional items are grouped in braces and separated by


vertical bars. A minimum of one item or a maximum of all
items can be selected.

[ x | y | ... ]* Optional items are grouped in brackets and separated by


vertical bars. Several items or no item can be selected.

GUI Conventions
The GUI conventions that may be found in this document are defined as follows.

Convention Description

Boldface Buttons, menus, parameters, tabs, window, and dialog titles


are in boldface. For example, click OK.

> Multi-level menus are in boldface and separated by the ">"


signs. For example, choose File > Create > Folder.

Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.

Format Description

Key Press the key. For example, press Enter and press Tab.

Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+Alt
+A means the three keys should be pressed concurrently.

Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means
the two keys should be pressed in turn.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 3


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
About This Document Command Reference

Mouse Operations
The mouse operations that may be found in this document are defined as follows.

Action Description

Click Select and release the primary mouse button without moving
the pointer.

Double-click Press the primary mouse button twice continuously and


quickly without moving the pointer.

Drag Press and hold the primary mouse button and move the
pointer to a certain position.

Update History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.

Updates in Issue 01 (2008-11-15)


Initial commercial release

4 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

1 System Management

About This Chapter

1.1 Basic Configuration Commands


1.2 User Login Configuration Commands
1.3 Working Mode Configuration Commands
1.4 File Management Configuration Commands
1.5 System Maintenance Configuration Commands
1.6 Web Management Commands
1.7 NTP Configuration Commands
1.8 SNMP Configuration Commands
1.9 VPN Manager Configuration Commands

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-1


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

1.1 Basic Configuration Commands

1.1.1 clock
1.1.2 command-privilege
1.1.3 display clock
1.1.4 display history-command
1.1.5 display hotkey
1.1.6 display version
1.1.7 header
1.1.8 hotkey
1.1.9 language-mode
1.1.10 lock (User View)
1.1.11 quit (All Views)
1.1.12 return
1.1.13 super
1.1.14 super password
1.1.15 sysname
1.1.16 system-view

1.1.1 clock

Function
Using the clock command, you can set the current date and clock, name of daylight saving time,
start and end time, and local time zone of the Eudemon.

Using the undo clock command, you can restore the default setting.

Format
clock datetime time date

clock summer-time zone-name { one-off | repeating } start-time start-date end-time end-date


offset

clock timezone zone-name { add | minus } offset

undo clock { summer-time | timezone }

1-2 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Parameters
time: specifies the current clock in the format of HH:MM:SS. HH ranges from 0 to 23, and MM
and SS range from 0 to 59.
date: specifies the current year, month and day in the format of YYYY/MM/DD. YYYY ranges
from 2000 to 2099, MM ranges from 1 to 12, and DD ranges from 1 to 31.
zone-name: specifies the name of daylight saving time, a string in a range of 1 to 32 characters.
one-off: sets the daylight saving time for a specific year.
repeating: sets the daylight saving time for each year since a specific year.
start-time: sets the beginning time of the daylight saving time in the format of HH:MM:SS. HH
ranges from 0 to 23, and MM and SS range from 0 to 59.
start-date: sets the beginning date of the daylight saving time in the format of YYYY/MM/DD.
YYYY ranges from 2000 to 2099, MM ranges from 1 to 12, and DD ranges from 1 to 31.
end-time: sets the ending time of the daylight saving time in the format of HH:MM:SS. HH
ranges from 0 to 23, and MM and SS range from 0 to 59.
end-date: sets the ending date of the daylight saving time in the format of YYYY/MM/DD.
YYYY ranges from 2000 to 2099, MM ranges from 1 to 12, and DD ranges from 1 to 31.
offset: specifies the time offset of the daylight saving time compared with UTC time. The value
is in the format of HH:MM:SS.
add: refers to the added time compared with UTC time.
minus: refers to the minus time compared with UTC time.

Views
User view

Default Level
3: Management level

Usage Guidelines
In the application environment where absolute time is strictly required, the current date and clock
of the Eudemon must be set. The input time parameter may not include second.
The range of YYYY is 1993 to 2035 for some non-Huawei devices. If you use both the devices
of Huawei and non-Huawei, the range is recommended to set to 2000 to 2035.
You can use the display clock command to view the setting after it is valid. In addition, the
message time such as log time and debug time adopts the local time adjusted by the time zone
and daylight saving time.

Examples
# Set the current date of the Eudemon to 0:0:0 01/01/2001.
<Eudemon> clock datetime 0:0:0 2001/01/01

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-3


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.1.3 display clock

1.1.2 command-privilege

Function
Using the command-privilege command, you can set the command level of the specified view.
Using the undo command-privilege command, you can remove the configured command level.
By default, the ping, tracert, and telnet commands are of the visit level (0). The display
command is the monitoring level (1). Most configuration commands are of the configuration
level (2). After promotion, the command level is 10. The command to configure the user key,
debugging commands, FTP commands, XModem commands, and file system operation
commands are of the management level (3).

CAUTION
Do not change command levels randomly.

Format
command-privilege level level view view command
undo command-privilege view view command

Parameters
level level: specifies the precedence of a command. The value ranges from 0 to 3.
view view: specifies the view name.
command: specifies the command to be configured. You can specify multiple commands in one
command.

Views
System view

Default Level
3: Management level

Usage Guidelines
The commands are divided into four levels, that is, visit, monitoring, configuration, and
management, identified as 0 to 3 respectively.An administrator can authorize the users as
required to enable them to operate in the corresponding view. A login user can operate the
commands according to the authorizations corresponding to the user name or user interface. If
these two privileges conflict with each other, the one corresponding to the user name is adopted.

1-4 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Set the privilege of the interface command to 0.
<Eudemon> system-view
[Eudemon] command-privilege level 0 view system interface

1.1.3 display clock

Function
Using the display clock command, you can display the current date and clock of the system.

Format
display clock

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Using this command, you can adjust whether there is any mistake in the system time and modify
the time in time.

Examples
# View the current date and time of the system.
<Eudemon> display clock
22:45:36 UTC Tue 2008/07/29
Time Zone : UTC add 02:00:00
Summer-Time : test repeating 12:11:00 2008/06/20 18:00:00 2008/06/21 01:00:00

Table 1-1 Description of the display clock command output

Item Description

Time Zone Time zone

UTC Universal Time Coordinated

Summer-Time Summer Time

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-5


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.1.1 clock

1.1.4 display history-command

Function
Using the display history-command command, you can see the history command saved on the
terminal devices.

Format
display history-command

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
By default, 10 latest commands are displayed.
The terminal automatically saves the history commands entered by the user, that is, records any
keyboard entry of the user with Enter as the unit. In this case, the users can view the saved
history commands by the display history-command command.

CAUTION
l The saved history commands are the same as that are input by users. For example, if the user
inputs an incomplete command, the saved command also is incomplete.
l If the user executes the same command for several times, the command earliest executed is
saved. If the same command is output in different forms, they are considered as different
commands.

Examples
# Display the history commands used on the terminal.
<Eudemon> display history-command
display interface
display interface Ethernet 1/0/0
interface Ethernet 1/0/0

1-6 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.2.18 history-command max-size

1.1.5 display hotkey

Function
Using the display hotkey command, you can display the predefined, undefined and reserved
shortcut keys.

Format
display hotkey

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
The shortcut key can be typed where you input the command and the system displays the
command on the screen.

Examples
# Display the usage of shortcut keys.
<Eudemon> display hotkey
----------------- HOTKEY -----------------

=Defined hotkeys=
Hotkeys Command
CTRL_G display current-configuration
CTRL_L display ip routing-table
CTRL_O undo debug all

=Undefined hotkeys=
Hotkeys Command
CTRL_T NULL
CTRL_U NULL

=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line.
CTRL_B Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character.
CTRL_E Move the cursor to the end of the current line.
CTRL_F Move the cursor one character right.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-7


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

CTRL_H Erase the character left of the cursor.


CTRL_K Kill outgoing connection.
CTRL_N Display the next command from the history buffer.
CTRL_P Display the previous command from the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the clipboard.
CTRL_W Delete the word left of the cursor.
CTRL_X Delete all characters up to the cursor.
CTRL_Y Delete all characters after the cursor.
CTRL_Z Return to the user view.
CTRL_] Kill incoming connection or redirect connection.
ESC_B Move the cursor one word back.
ESC_D Delete remainder of word.
ESC_F Move the cursor forward one word.
ESC_N Move the cursor down a line.
ESC_P Move the cursor up a line.
ESC_< Specify the beginning of clipboard.
ESC_> Specify the end of clipboard.

Table 1-2 Description of the display hotkey command output


Item Description

HOTKEY Indicates hot keys.

Defined hotkeys Indicates the defined shortcut keys.

CTRL+G Displays the current configuration.

CTRL+L Display the IP routing table.

CTRL+O Cancels outputting all debugging information.

Undefined hotkeys Indicates the undefined hot keys.

CTRL+T Undefined.

CTRL+U Undefined.

System hotkeys Indicates the system-reserved shortcut keys.

CTRL+A Moves the cursor to the beginning of current line.

CTRL+B Moves the cursor one character left.

CTRL+C Stops the current operation.

CTRL+D Deletes the character the cursor currently points.

CTRL+E Moves the cursor to the end of the current line.

CTRL+F Moves the cursor one character right.

CTRL+H Deletes the character to the left of the cursor.

CTRL+K Stops setting up connection.

CTRL+N Displays the next command in the history command buffer.

CTRL+P Displays the previous command in the history command buffer.

CTRL+R Redisplays the current line.

1-8 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Item Description

CTRL+V Pastes the text from the clipboard.

CTRL+W Deletes the character to the left of the cursor.

CTRL+X Deletes all the characters to the left of the cursor.

CTRL+Y Deletes all the characters to the right of the cursor.

CTRL+Z Return to the user view.

CTRL+ ] Cuts off the incoming connection or redirects the connection.

ESC+B Moves the cursor one word left.

ESC+D Deletes.

ESC+F Moves the cursor one word right.

ESC+N Moves the cursor one line down.

ESC+P Moves the cursor one line up.

ESC+< Moves the cursor to the beginning of the clipboard.

ESC+> Moves the cursor to the end of the clipboard.

Related Topics
1.1.8 hotkey

1.1.6 display version

Function
Using the display version command, you can display the system version.

Format
display version

Parameters
None

Views
All views

Default Level
1: Monitoring level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-9


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
By viewing the version information, you can get the information about the current software
version, frame type, the active control board and the interface board.

Examples
<Eudemon> display version
Huawei Versatile Routing Platform Software
Software Version: Firewall V200R001C03B61b (VRP (R) Software, Version 3.30)
Copyright (c) 2007-2008 Huawei Technologies Co., Ltd.
Quidway E200 Firewall uptime is 0 week(s), 0 day(s), 0 hour(s), 1 minute(s)

Rpu's version information:


256M bytes SDRAM
32M bytes FLASH
512K bytes NVRAM
Pcb Version : VER.B
RPE Logic Version : 003B
SBG Logic Version : 012B
Small BootROM Version : 118
Big BootROM Version : 214

1.1.7 header

Function
Using the header command, you can enable displaying the title.
Using the undo header command, you can disable displaying the title.

Format
header { login | shell } { information text | file file-name }
undo header { login | shell }

Parameters
login: indicates the login messages.
shell: indicates the user session title.
information: indicates the title information.
text: specifies the contents of the title. The value is in the range of 1 to 220 characters.
file: specifies the contents of the file with the indicated file name.
file-name: specifies the file name used by the title, the length of which is 5 to 64 characters. The
title file cannot be more than 128 KB, otherwise the part of more than 128 KB is not displayed.

Views
System view

Default Level
2: Configuration level

1-10 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
When a user logs in to the firewall through the terminal line, the firewall prompts the related
messages to the user by setting title attribute. After the terminal connection is activated, the
login title is transmitted to the terminal. If the user successfully logs in, the shell title is displayed.
The first English character is used as the initial and end character of the text. After the user enters
the end character, the system automatically exits from the interactive process.
To exit from the interactive process, as long as the initial and the end of the text are the same
English character, just press Enter.

Examples
# Configure the user session title.
<Eudemon> system
[Eudemon] header shell information %
info:input banner text, and quit with the character '%'.
SHELL : Hello! Welcome use NetEngine%
[Eudemon] quit
<Eudemon>

# Display the Shell title after user login.


Username:Eudemon
Password:******

SHELL : Hello! Welcome use NetEngine


Note: The max number of VTY users is 5, and the current number
of VTY users on line is 2.

# Specify the file to be used as login title.


<Eudemon> system-view
[Eudemon] header login file flash:/header-file.txt

1.1.8 hotkey

Function
Using the hotkey command, you can correlate a command line with the shortcut keys.
Using the undo hotkey command, you can restore the default.

Format
hotkey [ CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U ] command-text
undo hotkey [ CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U ]

Parameters
CTRL_G: specifies a command for the shortcut keys CTRL+G.
CTRL_L: specifies a command for the shortcut keys CTRL+L.
CTRL_O: specifies a command for the shortcut keys CTRL+O.
CTRL_T: specifies a command for the shortcut keys CTRL+T.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-11


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

CTRL_U: specifies a command for the shortcut keys CTRL+U.


command-text: specifies the command line correlated with the shortcut keys.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the system specifies only CTRL_G, CTRL_L and CTRL_O to correspond to certain
commands.
l CTRL_G corresponds to display current-configuration (used to display current
configuration)
l CTRL_L corresponds to display ip routing-table (used to display routing table
information)
l CTRL_O corresponds to undo debugging all (used to disable the overall debugging
function that is disable the output of all debugging information)
You can change the definitions of shortcut keys on your demand.

Examples
# Correlate the display tcp status command with the shortcut keys CTRL_G.
<Eudemon> system-view
[Eudemon] hotkey ctrl_g display tcp status
[Eudemon] display hotkey
----------------- HOTKEY -----------------

=Defined hotkeys=
Hotkeys Command
CTRL_G display tcp status
CTRL_L display ip routing-table
CTRL_O undo debug all

=Undefined hotkeys=
Hotkeys Command
CTRL_T NULL
CTRL_U NULL

=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line.
CTRL_B Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character.
CTRL_E Move the cursor to the end of the current line.
CTRL_F Move the cursor one character right.
CTRL_H Erase the character left of the cursor.
CTRL_K Kill outgoing connection.
CTRL_N Display the next command from the history buffer.
CTRL_P Display the previous command from the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the clipboard.
CTRL_W Delete the word left of the cursor.

1-12 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

CTRL_X Delete all characters up to the cursor.


CTRL_Y Delete all characters after the cursor.
CTRL_Z Return to the user view.
CTRL_] Kill incoming connection or redirect connection.
ESC_B Move the cursor one word back.
ESC_D Delete remainder of word.
ESC_F Move the cursor forward one word.
ESC_N Move the cursor down a line.
ESC_P Move the cursor up a line.
ESC_< Specify the beginning of clipboard.
ESC_> Specify the end of clipboard.

Related Topics
1.1.5 display hotkey

1.1.9 language-mode

Function
Using the language-mode command, you can change the language mode of the command line
interface.

Format
language-mode { chinese | english }

Parameters
chinese: changes the language mode of the system to Chinese.
english: changes the language mode of the system to English.

Views
User view

Default Level
0: Visit level

Usage Guidelines
By default, the language mode of the system is English.
After the system switches to Chinese mode, the prompts and echo messages of the command
line on the system interface are displayed in Chinese.

Examples
# Change the English mode to the Chinese mode.
<Eudemon> language-mode chinese
Change language mode, confirm? [Y/N] y

1.1.10 lock (User View)

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-13


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Function
Using the lock command, you can lock the current user interface so as to prevent the unauthorized
users from operating on the terminal interface.

Format
lock

Parameters
None

Views
User view

Default Level
3: Management level

Usage Guidelines
User interface includes console interface, AUX interface, and VTY.

After you enter the command lock, the system prompts inputting password. After you confirm
the password again, the system prompts that Lock succeeds. If you want to enter the system
again, you must press Enter and input the correct password.

Examples
# A user logs in from the Console port and locks the current user interface.
<Eudemon> lock
Password:xxxx
Again:xxxx

locked !

# The user can press Enter to log in to the system after a while. The following prompt displays:
Password:

Related Topics
1.2.46 user privilege

1.1.11 quit (All Views)

Function
Using the quit command, you can quit the current view and enter a view with a lower level. If
the current view is the user view, this command makes you exit from the system.

1-14 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Format
quit

Parameters
None

Views
All views

Default Level
0: Visit level

Usage Guidelines
All the command modes are divided into three levels, which are as follows from the lowest to
the highest:
l User view (user level is 0)
l System view (user level is 2)
l Interface view and AAA view

Examples
# Return to the system view from the interface view and then return to the user view.
<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/0
[Eudemon-Ethernet0/0/0] quit
[Eudemon] quit
<Eudemon>

Related Topics
1.1.16 system-view
1.1.12 return

1.1.12 return

Function
Using the return command, you can return to the user view from other views except user view.

Format
return

Parameters
None

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-15


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
All views

Default Level
2: Configuration level

Usage Guidelines
The shortcut key for the return command is Ctrl+Z.

Examples
# Return to the user view from the system view.
[Eudemon] return
<Eudemon>

Related Topics
1.1.16 system-view

1.1.13 super

Function
Using the super command, you can change the user's current level.

User level indicates the type of the login user. There are 4 user levels. Different from the use of
command level, a login user can only use the commands with the levels no higher than the user
level.

Format
super [ level ]

Parameters
level: specifies the user level. The value ranges from 0 to 15. By default, the level is 3.

Views
User view

Default Level
0: Visit level

Usage Guidelines
Commands are classified into four levels:

1-16 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

l Visit level: Refers to network diagnosis tool commands (such as ping and tracert), and
external commands (including Telnet client, SSH client and RLOGIN). Saving
configuration file is not allowed on this level of commands.
l Refers to commands of this level, including the display command and the debugging
command, which are used for system maintenance, service fault diagnosis. Saving the
configuration file is not allowed on this level of commands.
l Configuration level: Refers to service configuration commands, including routing
command and commands on each network layer, which are used to provide direct network
service to the user.
l Management level: Refers to commands that affect the basic operation of the system and
system support module, which plays a supporting role on service. Commands of this level
involve file system commands, FTP commands, TFTP commands, XModem downloading
commands, configuration file switching commands, power supply control commands,
standby control commands, user management commands, and level setting commands, and
internal parameter setting commands (not stipulated by protocols and by RFC).
In order to prevent unauthorized users from illegal intrusion, user ID authentication is performed
when users at a lower level switch to users at a higher level. In other word, the super
password of the higher level is needed. If no password is set, the error prompts.
For the sake of confidentiality, the password that the user entered is not shown on the screen.
Only when correct password is input for three times, can the user switch to the higher level.
Otherwise, the original user level remains unchanged.

Examples
# Change the current user level to level 3.
<Eudemon> super 3
Password:
Now user privilege is 3 level, and only those commands whose level is
equal to or less than this level can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

Related Topics
1.1.14 super password
1.1.11 quit (All Views)
1.1.12 return

1.1.14 super password

Function
Using the super password command, you can set the password for changing the user from a
lower level to a higher level.
Using the undo super password command, you can cancel the current settings.

Format
super password [ level user-level ] { simple | cipher } password
undo super password [ level user-level ]

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-17


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
level user-level: specifies the user level. The value ranges from 1 to 15. By default, the password
for the user is set to Level 3.
simple: indicates the password in the plain text.
cipher: indicates the password in the encrypted text.
password: If it is in the form of simple, it must be in the plain text, ranging from 1 to 16 characters.
If it is in the form of cipher, it can be either in the encrypted text with 24 characters such as
(TT8F ] Y\5SQ=^Q`MAF4<1!! or in the plain text with 1 to 16 characters such as 1234567.

Views
System view

Default Level
3: Management level

Usage Guidelines
Input the password in plain text during the authentication no matter the configuration is plain
text or encrypted text.

CAUTION
If simple is selected, the password is saved into the configuration files in the plain text. Some
users at a lower level then can easily get the switch password through viewing the configuration
files. In such a case, the network security cannot be guaranteed. It is suggested to select
cipher to save the password in the cipher text.
After a password is set by using cipher option, the password cannot resume in the system. Do
not lose and forget the super password.

Examples
# Set the user at a lower level to input the password "abcd" when switching to level 3.
<Eudemon> system-view
[Eudemon] super password level 3 cipher abcd

Related Topics
1.1.13 super

1.1.15 sysname

Function
Using the sysname command, you can set the host name of the firewall.

1-18 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Format
sysname host-name

Parameters
host-name: specifies the host name. It is a string of 1 to 30 characters.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the host name of the firewall is Eudemon.

Modifying the host name of the firewall affects the prompt of command line interface. If the
host name of the Eudemon is "Eudemon", the prompt in the user view is <Eudemon>.

Examples
# Set the host name of the firewall as EudemonA.
<Eudemon> system-view
[Eudemon] sysname EudemonA
[EudemonA]

Related Topics
1.1.16 system-view

1.1.16 system-view

Function
Using the system-view command, you can enter the system view from the user view.

Format
system-view

Parameters
None

Views
User view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-19


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
2: Configuration level

Usage Guidelines
The user enters the user view when the user logs in for the first time.

Examples
# Enter the system view from the user view.
<Eudemon> system-view
Enter system view, return user view with Ctrl+Z.
[Eudemon]

Related Topics
1.1.11 quit (All Views)
1.1.12 return

1.2 User Login Configuration Commands

1.2.1 acl
1.2.2 authentication-mode
1.2.3 auto-execute command
1.2.4 databits
1.2.5 debugging rsa
1.2.6 debugging ssh server
1.2.7 debugging telnet
1.2.8 display rsa local-key-pair public
1.2.9 display rsa peer-public-key
1.2.10 display ssh server
1.2.11 display ssh user-information
1.2.12 display tcp
1.2.13 display user-interface
1.2.14 display user-interface maximum-vty
1.2.15 display users
1.2.16 flow-control
1.2.17 free user-interface
1.2.18 history-command max-size

1-20 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

1.2.19 idle-timeout
1.2.20 lock authentication-count
1.2.21 lock lock-timeout
1.2.22 modem
1.2.23 modem auto-answer
1.2.24 modem timer answer
1.2.25 parity
1.2.26 peer-public-key end
1.2.27 protocol inbound
1.2.28 public-key-code begin
1.2.29 public-key-code end
1.2.30 redirect
1.2.31 rsa local-key-pair create
1.2.32 rsa local-key-pair destroy
1.2.33 rsa peer-public-key
1.2.34 screen-length
1.2.35 send
1.2.36 set authentication password
1.2.37 shell
1.2.38 speed (User Interface View)
1.2.39 ssh server authentication-retries
1.2.40 ssh server rekey-interval
1.2.41 ssh server timeout
1.2.42 ssh user assign rsa-key
1.2.43 ssh user authentication-type
1.2.44 stopbits
1.2.45 telnet
1.2.46 user privilege
1.2.47 user-interface
1.2.48 user-interface maximum-vty

1.2.1 acl

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-21


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Function
Using the acl command, you can restrict inbound and outbound authorities for VTY user
interfaces (Telnet and SSH) through referencing ACL.
Using the undo acl command, you can cancel the current settings.
By default, the incoming and outgoing calls are not restricted.

Format
acl acl-number { inbound | outbound }
undo acl { inbound | outbound }

Parameters
acl-number: specifies the number of an access control list (ACL). The value ranges from 2000
to 3999.
inbound: restricts the incoming calls on the user interface.
outbound: restricts the outgoing calls on the user interface.

Views
User interface view

Default Level
3: Management level

Usage Guidelines
The command can be used to restrict the source address by the basic ACL and restrict the
destination address by the advanced ACL.

Examples
# Restrict Telnet outgoing call on the user interface VTY0.
<Eudemon> system-view
[Eudemon] user-interface vty 0
[Eudemon-ui-vty0] acl 2000 outbound

# Remove the restriction on Telnet outgoing call on the user interface VTY0.
<Eudemon> system-view
[Eudemon] user-interface vty 0
[Eudemon-ui-vty0] undo acl outbound

1.2.2 authentication-mode

Function
Using the authentication-mode command, you can set the authentication mode for logging in
to the user interface.

1-22 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Using the undo authentication-mode command, you can restore the default authentication
mode.

By default, the authentication method for the user interface of VTY type is password, and the
logging in to other user interfaces needs no authentication.

Format
authentication-mode { aaa | none | password | local user username password password }

undo authentication-mode

Parameters
aaa: specifies the AAA authentication.

none: specifies the non-authentication mode.

password: specifies the local password authentication.

local: specifies the local username and password authentication.

user username: specifies the local username. It is a string of 1 to 16 characters.

password password: specifies the local password. It is a string of 1 to 16 characters.

Views
User interface view

Default Level
2: Configuration level

Usage Guidelines
When AAA authentication is applied to the local user, the command level accessible after the
user logs in to the Eudemon depends on the priority of the local user of AAA configuration.

If the password authentication or non-authentication is configured, the level of the command


that a user can access is determined by the priority of the user interface after the user logs in to
the system.

Examples
# Enable the local password authentication.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] authentication-mode password
[Eudemon-ui-console0] set authentication password simple huawei

Related Topics
1.2.47 user-interface
1.2.36 set authentication password

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-23


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

1.2.3 auto-execute command

Function
Using the auto-execute command command, you can set the automatically executed command.
Using the undo auto-execute command command, you can remove the automatically executed
command.

Format
auto-execute command command
undo auto-execute command

Parameters
command: specifies the command automatically executed.

Views
User interface view

Default Level
2: Configuration level

Usage Guidelines

CAUTION
Make sure that you can log in to the system by other means to remove the configuration before
configuring auto-execute command command and saving the configuration.

By default, the command cannot be automatically executed.


There are the following restrictions while using the auto-execute command command:
l If there is only one Console port or one AUX port on the firewall, the port does not support
auto-execute command.
l If there are one Console port and one AUX port (two ports in total) on the firewall, then
the Console port does not support auto-execute command while the AUX port support.
l There is no restriction on other types of user interfaces.

Commands configured through auto-execute command are automatically executed when the
user logs on. The user interface disconnects automatically after the completion of this command.
Usually, the telnet command configured through auto-execute command at the terminal user
interface enables the user to be connected with the designated host automatically.
Be careful to use this command, for it results in the terminal, fails to perform routine
configuration with the system.

1-24 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# The telnet 10.110.100.1 command is run automatically after the user logs on from the VTY
0 port.
<Eudemon> system-view
[Eudemon] user-interface vty 0
[Eudemon-ui-vty0] auto-execute command telnet 10.110.100.1

Related Topics
1.2.47 user-interface

1.2.4 databits

Function
Using the databits command, you can set user interface data bit.

Using the undo databits command, you can restore the default data bit.

Format
databits { 7 | 8 }

undo databits

Parameters
7: indicates that data bit is 7 bits.

8: indicates that data bit is 8 bits.

Views
User interface view

Default Level
2: Configuration level

Usage Guidelines
By default, the data bit is 8 bits.

Do not use this command generally, if changed the user interface data bit, the hyper terminal
must be set the same data bit when users log on.

The configuration is effective only when the serial interface works in the asynchronous
interactive mode.

Examples
# Set the data bit to 7 bits.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-25


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

<Eudemon> system-view
[Eudemon] user-interface vty 0
[Eudemon-ui-vty0] databits 7

1.2.5 debugging rsa

Function
Using the debugging rsa command, you can send the debugging information containing the
process of RSA and packet architecture to the information center, and debug a certain user
interface.

Using the undo debugging rsa command, you can disable the debugging.

Format
debugging rsa

undo debugging rsa

Parameters
None

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
By default, the debugging is disabled.

Examples
# Enable RSA debugging.
<Eudemon> debugging rsa

Related Topics
1.2.31 rsa local-key-pair create
1.2.32 rsa local-key-pair destroy

1.2.6 debugging ssh server

1-26 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the debugging ssh server command, you can send the debugging information containing
the negotiation process stipulated by SSH1.5 protocol to the information center, and debug a
certain user interface.
Using the undo debugging ssh server command, you can disable the debugging.

Format
debugging ssh server { vty index | all }
undo debugging ssh server { vty index | all }

Parameters
index: specifies the debugged SSH channel whose value depends on the number of VTY. By
default, the value ranges from 0 to 4.
all: refers to all SSH channels.

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
By default, the debugging is disabled.

Examples
# Print debugging information in running SSH.
<Eudemon> debugging ssh server vty 0
00:23:20: SSH0: starting SSH control process
00:23:20: SSH0: sent protocol version id SSH-1.5-Eudemon-1.25
00:23:20: SSH0: protocol version id is - SSH-1.5-1.2.26
00:23:20: SSH0: SSH_SMSG_PUBLIC_KEY msg
00:23:21: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished

Related Topics
1.2.39 ssh server authentication-retries
1.2.40 ssh server rekey-interval
1.2.40 ssh server rekey-interval

1.2.7 debugging telnet

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-27


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Function
Using the debugging telnet command, you can enable the debugging on Telnet.

Using the undo debugging telnet command, you can disable the debugging.

Format
debugging telnet

undo debugging telnet

Parameters
None

Views
User view

Default Level
2: Configuration level

Usage Guidelines
By default, the debugging is disabled.

Examples
# Enable telnet debugging.
<Eudemon> debugging telnet

Related Topics
1.2.45 telnet

1.2.8 display rsa local-key-pair public

Function
Using the display rsa local-key-pair public command, you can display the public key in the
local key pair. If no key is generated, the system prompts "RSA keys not found."

Format
display rsa local-key-pair public

Parameters
None

1-28 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
When configuring the firewall, you can run this command on the client and copy the client public
key from the echo message to the RSA public key on the SSH server.

Examples
# Display the public key in the local key pair.
<Eudemon> display rsa local-key-pair public

=====================================================
Time of Key pair created: 20:38:40 2008/8/2
Key name: Eudemon_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
C2E352B5 405553E7 88BF72A2 367F67F9 7999EDCB
FA145E80 8894445F C1164EB6 FC4992A3 59333991
19616B29 7D347D6E E80A499C 573BABED 6841772C
44FE5117
0203
010001

=====================================================
Time of Key pair created: 20:38:50 2008/8/2
Key name: Eudemon_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
EE1C2B5D 2A37EE73 E5D2516D 88F8A174 9A4A9A4F
FCD792F9 46B889DA A69139D7 AA80927F 67D601B7
1C4F9691 49D47201 62AF5908 CCD89328 A1265BFB
AFDC78BF 1D133CF0 E7C9719E 1A16E59C AE6A8C8E
4B71841D DAA9E294 040092E0 CC244BA3
0203
010001

Table 1-3 Description of the display rsa local-key-pair public command output

Item Description

Time of Key pair created Time when the public key is generated

Key name Name of the public key

Key type Type of the public key

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-29


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.2.31 rsa local-key-pair create

1.2.9 display rsa peer-public-key

Function
Using the display rsa peer-public-key command, you can display the specified RSA public
key. If no public key is specified, all public keys are displayed.

Format
display rsa peer-public-key [ brief | name keyname ]

Parameters
brief: displays the brief information about all the remote public keys.
name keyname: specifies the key name to be displayed. It is a string of 1 to 30 characters.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Using this command, you can view detailed information about all public keys or a specified
public key.

Examples
# Display the detailed information about all the RSA public keys.
<Eudemon> display rsa peer-public-key
Address Bits Name
1023 abcd
1024 hq
1024 wn1
1024 hq_all

# Display the detailed RSA public key named rsakey001.


<Eudemon> display rsa peer-public-key name rsakey001
=====================================
Key name: rsakey001
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4
7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408
61B74A0E 135523CC D74CAC61 F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9

1-30 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

44018B3B 69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F


0201
25

Table 1-4 Description of the display rsa peer-public-key command output


Item Description

Key name Name of the public key

Key address Brief information about the public key

Related Topics
1.2.31 rsa local-key-pair create

1.2.10 display ssh server

Function
Using the display ssh server command, you can display the configuration and current session
of the SSH server.

Format
display ssh server { status | session }

Parameters
status: display the global configuration of the SSH server.
session: display the current session of the SSH server.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the global configuration of the SSH server.
<Eudemon> display ssh server status
SSH version : 1.5
SSH connection timeout : 60 seconds
SSH server key generating interval : 1 hours
SSH Authentication retries : 3 times

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-31


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

# Display the current session of the SSH server.


<Eudemon> display ssh server session
Conn Ver Encry State retry Username
VTY0 1.5 DES started 3 Eudemon

Table 1-5 Description of the display ssh server session command output

Item Description

Conn Type of the SSH session

Ver Protocol version of the SSH session

Encry Name of the encryption algorithm

State Status of the SSH session

retry Number of retry times of establishing the SSH session

User-name User name of the SSH server

Related Topics
1.2.39 ssh server authentication-retries
1.2.40 ssh server rekey-interval
1.2.41 ssh server timeout

1.2.11 display ssh user-information

Function
Using the display ssh user-information command, you can display the configuration of the
SSH user.

Format
display ssh user-information [ user-name ]

Parameters
user-name: specifies a valid SSH user name defined by AAA. It is a string of 1 to 64 characters.

Views
All views

Default Level
1: Monitoring level

1-32 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
If no user name is specified in the command, the configuration of all the SSH users are displayed.

Using this command, you can view information about the SSH user, including the user name,
password, bound RSA public key, and service type.

Examples
# Display the configurations of all the SSH users.
<Eudemon> display ssh user-information
Username authentication-type user-public-key-name
Jin rsa key001
hanqi1 password key002
1024 all key003

Table 1-6 Description of the ssh user-information command output

Item Description

Username Name of SSH users

authentication-type Authentication mode of SSH users

user-public-key-name Peer RSA public key assigned to SSH users

Related Topics
1.2.42 ssh user assign rsa-key
1.2.43 ssh user authentication-type

1.2.12 display tcp

Function
Using the display tcp status command, you can view and monitor TCP connections at any time.

Using the display tcp statistics command, you can view the statistics of the TCP traffic.

Format
display tcp { statistics | status }

Parameters
None

Views
All views

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-33


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
1: Monitoring level

Usage Guidelines
Compared with the 1.2.15 display users command, the display tcp status command can be
used to display more information about Telnet client and server.

The display information of the display tcp status command includes:

l Local address of TCP connection


l Local port number
l External address
l External port number
l Connection state

The display information of the display tcp statistic command includes:

l Statistics of received data


l Statistics of sent data
l Timeout times of the retransmission timer and the keepalive timer
l Times for initiating connections
l The number of disconnected connections
l The number of dropped packets during MD5 authentication
l The number of passed packets during MD5 authentication

Examples
# Display all TCP connections with the Eudemon.
<Eudemon> display tcp status
TCPCB Local Add:port Foreign Add:port State
04c067a4 0.0.0.0:22 0.0.0.0:0 Listening
04c06564 0.0.0.0:23 0.0.0.0:0 Listening
054c5944 0.0.0.0:80 0.0.0.0:0 Listening
054f75c4 192.168.0.1:23 192.168.0.7:1485 Established

Table 1-7 Description of the display tcp status command output

Item Description

TCPCB TCP task control block number.

Local Local IP address of TCP connection and local port number.


Add:port

Foreign Remote IP address of TCP connection and remote port number.


Add:port

1-34 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Item Description

State Indicates the status of TCP connection.


l Closed: indicates that the connection is closed.
l Listening: indicates that the connection is being monitored.
l Syn_Rcvd: indicates that a SYN packet is received.
l Established: indicates that the connection has been set up.
l Close_Wait: The user sends a FIN packet to the server to close the
connection in the Established status. The server then sends an ACK packet
to the user after receiving the FIN packet and changes to the Cloase_Wait
status.
l Fin_Wait1: The user changes to this status after sending an FIN packet to
the server to close the connection.
l Fin_Wait2: The user changes to this status after receiving an ACK packet
that responds to the sent FIN packet.
l Time_Wait: TCP enters this status after a connection is closed. When it
keeps this status as two times long as the lifetime of the longest packets,
the records about the closed connection are cleared.
l Closing: indicates that the two ends close the connection simultaneously.

Related Topics
1.2.45 telnet

1.2.13 display user-interface

Function
Using the display user-interface command, you can display the information about the user
interface.

Format
display user-interface [ ui-type ui-number1 ] [ ui-number ] [ summary ]

Parameters
ui-type: specifies the type of the user interface.

ui-number1: specifies the relative user interface ID.

ui-number: specifies the absolute user interface ID. The minimum value is 0. The maximum
value is smaller by 1 than the number of the user interfaces that the system supports. Different
devices support different number of user interfaces.

summary: introduces the user interface briefly.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-35


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Using the command, you can view the authentication mode on the user interface.

Examples
# Display the details on the user interface with the absolute ID as 0.
<Eudemon> display user-interface 0
Idx Type Tx/Rx Modem Privi Auth
* 0 CON 0 9600 3 N

* : Current user-interface is active.


I : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
A: Authenticate use AAA.
L: Authenticate use local database.
N: Current user-interface need not authentication.
P: Authenticate use current UI's password.

Table 1-8 Description of the display user-interface command output

Item Description

* The current user interface is active.

I The current user interface is active and works in the asynchronous mode.

Idx The absolute ID of the user interface.

Type The type and relative ID of the user interface.

Privi Privilege of the user interface.

Auth Authorization mode of the user interface.

A Adopts AAA to authenticate users.

N The current user interface need not be authenticated.

P Authenticates the user using the password configured on the current user interface.

1.2.14 display user-interface maximum-vty

1-36 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the display user-interface maximum-vty command, you can view the maximum number
of VTY user interfaces.

Format
display user-interface maximum-vty

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
You can modify the maximum number of VTY user interfaces as required.

Examples
# Display the maximum number of VTY users.
<Eudemon> display user-interface maximum-vty
Maximum of VTY user : 15

Table 1-9 Description of the display user-interface maximum-vty command output


Item Description

Maximum of VTY user Indicates the maximum number of VTY users.

Related Topics
1.2.48 user-interface maximum-vty

1.2.15 display users

Function
Using the display users command, you can display the login user information on each interface.

Format
display users [ all ]

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-37


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
all: display the information of the user who logs on in the user view.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Using this command, you can view information about the users that access the current
firewall, including the user names, addresses, authentication and authorization.

Examples
# Use the display users command on the Console.
<Eudemon> display users
User-Intf Delay Type Ipaddress Username
+ 0 CON 0 00:00:00
146 VTY 0 00:01:37 TEL 3.3.3.101 zhangsan
147 VTY 1 00:00:06 TEL 3.3.3.101 123456789

Table 1-10 Description of the display users command output

Item Description

+ Terminal line in use.

User-Intf Number in the first column indicates the absolute number of user interface
and that in the second column indicates the relative number of user interface.

Delay Interval from the last input by the user till now, in seconds.

Type Connection type includes Telnet, Console, SSH.

IPaddress IP address of the starting host in connection.

Username Indicates login user name. As the AAA authentication is currently


unavailable, this item is null.

1.2.16 flow-control

Function
Using the flow-control command, you can configure the traffic control mode.

Using the undo flow-control command, you can restore the default traffic control mode.

1-38 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Format
flow-control { hardware | software | none }
undo flow-control

Parameters
hardware: indicates the hardware traffic control, only effective to the AUX port.
software: indicates the software traffic control.
none: indicates non-traffic control.

Views
User interface view

Default Level
2: Configuration level

Usage Guidelines
By default, none mode is used, that is , disable traffic control.
The configuration is effective only when the corresponding serial interface works in the
asynchronous interactive mode.
During the EXEC output, press Ctrl+S to stop the screen output, and press Ctrl+Q to resume
the screen output.

Examples
# Set software traffic control in the user interface view.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] flow-control software

1.2.17 free user-interface

Function
Using the free user-interface command, you can disconnect with the specified user interface.

Format
free user-interface { ui-number | ui-type ui-number1 }

Parameters
ui-number: specifies the absolute user interface ID. The minimum value is 0 and the maximum
value is smaller by 1 than the number of user interfaces the system supports.
ui-type: specifies the type of the user interface.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-39


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

ui-number1: specifies the relative user interface number.

Views
User view

Default Level
3: Management level

Usage Guidelines
You can exist from the use view by using the quit command successively.

Examples
# Disconnect with user interface 0.
<Eudemon> free user-interface 0

Related Topics
1.1.11 quit (All Views)
1.2.19 idle-timeout

1.2.18 history-command max-size

Function
Using the history-command max-size command, you can set the size of the history command
buffer.

Using the undo history-command max-size command, you can restore the default size of the
history command buffer.

Format
history-command max-size max-size

undo history-command max-size

Parameters
max-size: specifies the size of the history buffer. The value is in the range of 0 to 256.

Views
User interface view

Default Level
3: Management level

1-40 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
By default, the size of the history command buffer is 10, that is, 10 history commands can be
stored.

The command line interface provides a function similar as DosKey, which can automatically
save the history commands entered by users. You can invoke the history commands saved in
the command line interface at any time and repeatedly run them.

Examples
# Set the size of the history command buffer to 20.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] history-command max-size 20

Related Topics
1.1.4 display history-command

1.2.19 idle-timeout

Function
Using the idle-timeout command, you can set timeout time for disconnection of the user
interface. That is, if the user does not input the command in a certain period, it should be
disconnected.

Using the undo idle-timeout command, you can restore the default timeout time.

Format
idle-timeout minutes [ seconds ]

undo idle-timeout

Parameters
minutes: specifies the period when the user interface is disconnected in minutes. The value is an
integer ranging from 0 to 35791 minutes.

seconds: specifies the period when the user interface is disconnected in seconds. The value is
an integer ranging from 0 to 59 seconds.

Views
User interface view

Default Level
3: Management level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-41


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
By default, the timeout period is 10 minutes.

idle-timeout 0 0: indicates that the user keeps online all the time.

After you run the idle-timeout command to configure the timeout period of the VTY user
interface, the connection to the VTY user interface will be automatically disconnected if the
timeout period expires.

Examples
# Set the timeout time to 1 minute 30 seconds.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] idle-timeout 1 30

Related Topics
1.2.17 free user-interface

1.2.20 lock authentication-count

Function
Using the lock authentication-count command, you can configure the number of times that a
user fails to log in.

Using the undo lock authentication-count command, you can restore its default value.

Format
lock authentication-count times

undo lock authentication-count

Parameters
times: specifies the number of times that users fail to log in. Its value ranges from 0 to 12.

Views
User interface view

Default Level
3: Management level

Usage Guidelines
By default, the value of times is set to three times.

1-42 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Enter the user interface Console view and set the number of times that a user fails to log in to
12.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] lock authentication-count 12

1.2.21 lock lock-timeout

Function
Using the lock lock-timeout command, you can configure the aging time for a user to be placed
into the black list.

Using the undo lock lock-timeout command, you can restore its default value.

Format
lock lock-timeout minutes

undo lock lock-timeout

Parameters
minutes: specifies the aging time for a user to be placed into the black list in a range of 1 to 1000
minutes.

Views
User interface view

Default Level
3: Management level

Usage Guidelines
By default, the value of minutes is set to 10 minutes.

Examples
# Enter the user interface Console view and set the aging time for a user to be placed into the
black list to 500 minutes.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] lock lock-timeout 500

1.2.22 modem

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-43


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Function
Using the modem command, you can set the incoming or outgoing call attributes of the Modem.
If no parameter is carried, it indicates allowing the incoming and outgoing call.

Using the undo modem command, you can prevent the incoming or outgoing call. If no
parameter is carried, it indicates preventing the incoming and outgoing call.

Format
modem [ call-in | both ]

undo modem [ call-in | both ]

Parameters
call-in: enables incoming call.

both: enables incoming and outgoing call.

Views
User interface view

Default Level
3: Management level

Usage Guidelines
By default, incoming or outgoing call is prevented.

This command is only effective for the AUX port and other asynchronous interfaces (except the
Console port).

Examples
# Allow the incoming call on the modem.
<Eudemon> system-view
[Eudemon] user-interface aux 1
[Eudemon-ui-aux1] modem call-in

1.2.23 modem auto-answer

Function
Using the modem auto-answer command, you can set the answering mode to automatic
answering.

Using the undo modem auto-answer command, you can set the answering mode to manual
answering.

1-44 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Format
modem auto-answer
undo modem auto-answer

Parameters
None

Views
User interface view

Default Level
3: Management level

Usage Guidelines
By default, the answering mode is manual answering.
This command is only effective for the AUX interface and other asynchronous interfaces (except
the Console port). This command is effective when the incoming and outgoing calls are allowed.
When using dialing connection with the modem, firstly you must configure the Modem
parameters in the associated user interface.

Examples
# Set the answering mode to automatic answering.
<Eudemon> system-view
[Eudemon] user-interface aux 0
[Eudemon-ui-aux0] modem auto-answer

Related Topics
1.2.22 modem

1.2.24 modem timer answer

Function
Using the modem timer answer command, you can set the waiting timeout time from the
moment of off-hook till the moment when carrier is detected during the establishment of
incoming call connection.
Using the undo modem timer answer command, you can restore the default waiting timeout
time.

Format
modem timer answer seconds
undo modem timer answer

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-45


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
seconds: specifies the timeout time, in seconds. The value is in the range of 1 to 60.

Views
User interface view

Default Level
2: Configuration level

Usage Guidelines
By default, the waiting timeout time is 30 seconds.
This command is only effective for the AUX interface and other asynchronous interfaces (except
the Console interface).

Examples
# Set the waiting timeout time for the Modem to 25 seconds.
<Eudemon> system-view
[Eudemon] user-interface aux 0
[Eudemon-ui-aux0] modem timer answer 25

1.2.25 parity

Function
Using the parity command, you can set the check bit of the user interface.
Using the undo parity command, you can restore the check mode of the user interface to none.

Format
parity { none | even | odd | mark | space }
undo parity

Parameters
none: sets the transmission check bit to no check.
even: sets the transmission check bit to even parity.
odd: sets the transmission check bit to odd parity.
mark: sets the transmission check bit to mark check.
space: sets the transmission check bit to space check.

Views
User interface view

1-46 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Default Level
3: Management level

Usage Guidelines
By default, no check is performed.
The configuration is effective only when the serial interface works in the asynchronous
interactive view.

Examples
# Set the transmission check bit on the Console port to odd parity.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] parity odd

1.2.26 peer-public-key end

Function
Using the peer-public-key end command, you can return to the system view from the public
key view.

Format
peer-public-key end

Parameters
None

Views
Public key view

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Return to the system view from the public key view and save the configuration.
<Eudemon> system-view
[Eudemon] rsa peer-public-key Eudemon003
[Eudemon-rsa-public-key] peer-public-key end
[Eudemon]

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-47


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.2.33 rsa peer-public-key
1.2.28 public-key-code begin
1.2.29 public-key-code end

1.2.27 protocol inbound

Function
Using the protocol inbound command, you can specify the protocols supported by the current
user interface.

Format
protocol inbound { all | ssh | telnet }

Parameters
all: supports all the protocols, including Telnet, SSH.

ssh: supports only SSH.

telnet: supports only Telnet.

Views
User interface view

Default Level
3: Management level

Usage Guidelines
By default, the system supports all protocols, namely, Telnet and SSH.

For example, you can use this command to set the protocol as all, ssh. Without configuration,
other user interfaces apply the Telnet protocol by default. A login user preferentially accesses
the user interface through the Telnet protocol and adopts the password authentication by default.
Without the password, the user cannot log in to the firewall. Thus, the user needs to configure
the authentication mode and login password for the user interface with the Telnet protocol.

If you use this command to set the SSH protocol for a certain user interface, before logging in
successfully, you need to set the authentication mode to authentication-mode local or
authentication-mode scheme default. If the authentication modes are authentication-mode
password or authentication-mode none, the protocol inbound ssh fails to be configured.

NOTE
When you use this command to specify the SSH protocol for the user interface, if SSH is enabled but the
local RSA key is not configured, the SSH is unavailable. The configuration of creating a directory takes
effect when you log in the next time.

1-48 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Configure the user interfaces from VTY 0 to VTY 4 to support only SSH.
<Eudemon> system-view
[Eudemon] user-interface vty 0 4
[Eudemon-ui-vty0-4] protocol inbound ssh

1.2.28 public-key-code begin

Function
Using the public-key-code begin command, you can enter the edit view of the public key.

Format
public-key-code begin

Parameters
None

Views
Public key view

Default Level
2: Configuration level

Usage Guidelines
Before using this command, you must use the rsa peer-public-key command to specify one key
name.
After inputting the public-key-code begin command, you can enter the public key edit view,
and then input the key characters. Spaces can exist between characters. You can press Enter to
continue inputting the key character. The public key configured must be a hex character string
coded according to the public key format. It is randomly generated by the client software
supporting SSH.

Examples
# Enter the public key edit view and input the key.
<Eudemon> system-view
[Eudemon] rsa peer-public-key Eudemon003
[Eudemon-rsa-public-key] public-key-code begin
[Eudemon-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[Eudemon-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[Eudemon-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[Eudemon-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[Eudemon-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[Eudemon-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[Eudemon-rsa-key-code] public-key-code end
[Eudemon-rsa-public-key] peer-public-key end
[Eudemon]

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-49


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.2.33 rsa peer-public-key
1.2.29 public-key-code end

1.2.29 public-key-code end

Function
Using the public-key-code end command, you can return to the public key view from the public
key edit view and save the public key configured by the user.

Format
public-key-code end

Parameters
None

Views
Public key edition view

Default Level
2: Configuration level

Usage Guidelines
After this command is run, the process of editing public key ends. Before saving the public key,
the system checks the validity of the key. If there are illegal characters in the public key character
string configured by the user, the system displays relevant prompt. The public key configured
by the user is discarded, so this configuration fails. If the public key configured is valid, it is
saved in public key chain table of the client.
l Generally, in the public key edit view, only the peer-public-key end command can be used
to exit from the public key view, and the quit command cannot be used.
l If the legal key coding is not input in the public key edit view, the key cannot be generated
after the peer-public-key end command is used. The system prompts that generating a key
fails.
l If the key is deleted in another window, the system prompts that the key does not exist and
returns to the system view directly when you run the peer-public-key end command.

Examples
# Quit the public key editing view and save the configuration.
<Eudemon> system-view
[Eudemon] rsa peer-public-key Eudemon003
[Eudemon-rsa-public-key] public-key-code begin
[Eudemon-rsa-key-code] public-key-code end
[Eudemon-rsa-public-key] peer-public-key end
[Eudemon]

1-50 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.2.33 rsa peer-public-key
1.2.28 public-key-code begin

1.2.30 redirect

Function
Using the redirect command, you can enable the redirect function of the asynchronous interface.
This command is only effective for AUX and TTY user interfaces.

Using the undo redirect command, you can disable the redirect function of the asynchronous
interface.

Format
redirect

undo redirect

Parameters
None

Views
User interface view

Default Level
3: Management level

Usage Guidelines
By default, the redirect function is disabled.

Examples
# Enable the redirect function of the TTY7 user interface.
<Eudemon> system-view
[Eudemon] user-interface tty 7
[Eudemon-ui-tty7] redirect

Related Topics
1.2.45 telnet

1.2.31 rsa local-key-pair create

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-51


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Function
Using the rsa local-key-pair create command, you can configure to generate the local RSA
host key pair and the server key pair.

Format
rsa local-key-pair create

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
If the RSA key has existed, the system will give an alarm to prompt the original key overwritten.
The generated key pair is named hostkey and serverkey. Note that the command is not saved to
the configuration file.
After the command is entered, the system will prompt you to type in the key modulus of the
host. There are at least 128 bits of difference between the bits of server key pair and the bits of
host key pair. Minimum length of server key and host key is 512 bits, and maximum length is
2048 bits. If the keys have existed, you need to confirm whether to modify them.
To implement SSH login, you need to configure and create the local RSA key pair. Before
configuring other SSHs, you must create the local key pair using the rsa local-key-pair
create command.
This command needs to be run only one time and needs not to be run again after the firewall
restarts.

Examples
# Create local host key pair and server key pair.
<Eudemon> system-view
[Eudemon] rsa local-key-pair create
The key name will be: Eudemon_Host
% RSA keys defined for eudemon A_Host already exist.
Confirm to replace them? [yes/no]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:512
Generating keys...
.......++++++++++++
.++++++++++++
..++++++++
.............++++++++
[Eudemon]

1-52 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.2.32 rsa local-key-pair destroy

1.2.32 rsa local-key-pair destroy

Function
Using the rsa local-key-pair destroy command, you can remove all RSA keys at server end,
including Host key and Server key.

Format
rsa local-key-pair destroy

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
After entering this command, you need to confirm whether to remove all RSA keys. The
command is not saved to the configuration file.

Examples
# Remove all keys at server end.
<Eudemon> system-view
[Eudemon] rsa local-key-pair destroy
% Keys to be removed are named rtvrp_Host .
% Do you really want to remove these keys? [yes/no]:y
[Eudemon]

Related Topics
1.2.31 rsa local-key-pair create

1.2.33 rsa peer-public-key

Function
Using the rsa peer-public-key command, you can enter public key view.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-53


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Format
rsa peer-public-key key-name

Parameters
key-name: specifies the public key name. It is a string of 1 to 30 characters.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
After inputting the command, you can enter the public key view. This command can be used
together with the public-key-code begin command to configure the public key of the client.

The public key of the client is randomly generated by the client software.

Examples
# Enter the public key view.
<Eudemon> system-view
[Eudemon] rsa peer-public-key Eudemon002
[Eudemon-rsa-public-key]

Related Topics
1.2.28 public-key-code begin
1.2.29 public-key-code end
1.2.26 peer-public-key end

1.2.34 screen-length

Function
Using the screen-length command, you can set the number of rows on each screen of the
terminal.

Using the undo screen-length command, you can restore the number of rows on each screen of
the terminal to 24.

Format
screen-length screen-length

undo screen-length

1-54 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Parameters
screen-length: specifies the number of rows displayed on the split screen. It is an integer ranging
from 0 to 512. 0 indicates the split screen is disabled.

Views
User interface view

Default Level
2: Configuration level

Usage Guidelines
By default, the number of rows on one screen is 24.

Generally, the lines per screen on the terminal need not to be adjusted.

Examples
# Set the number of lines in each screen of the terminal to 30.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] screen-length 30

1.2.35 send

Function
Using the send command, you can transfer message between user interfaces.

Format
send { all | ui-number | ui-type ui-number1 }

Parameters
all: sends messages to all user interfaces.

ui-number: specifies the absolute user interface ID. The minimum value is 0. The maximum
value is smaller by 1 than the number of the user interfaces the system supports. Different devices
support different number of user interfaces.

ui-type: specifies the type of user interface.

ui-number1: specifies the relative user interface number.

Views
User view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-55


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
3: Management level

Usage Guidelines
After you run the send command, the system prompts the user to enter the message to be sent.
After you confirm to send the message, the user logs in to the specified user interface can receive
the message.

Examples
# Send a message to the user interface Console 0.
<Eudemon> send console 0
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
Hello,good morning!
Send message? [Y/N]y

# Then users who log on to the Eudemon through Console 0 can receive this message.
<Eudemon>

***
***
***Message from con0 to con0
***
Hello, good morning!

1.2.36 set authentication password

Function
Using the set authentication password command, you can set the local authentication
password.

Using the undo set authentication password command; you can remove the local
authentication password.

Format
set authentication password { simple | cipher } password

undo set authentication password

Parameters
simple: configures the password in the plain text.

cipher: configures the password in the encrypted text.

password: specifies the password for the user interface. If the password is in the form of simple,
the password must be in the plain text. If the password is in the form of cipher, the password
can be either in the encrypted text or in the plain text. The result is determined by the input. The
length of the password in the plain text password is a sequential string with no more than 16
characters. The length of the password in the encrypted text is with 24 bits.

1-56 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
User interface view

Default Level
3: Management level

Usage Guidelines
No matter the configuration of password is in the plain text or the encrypted text, the user must
input the plain text password during authentication
You must specify the simple or cipher while configuring the command. If you use the simple
method, the configuration file saves the password in plain text. If you use the cipher method,
then the password is displayed in encrypted text whether you input the plain text password from
1 to 16 bytes or the 24-bit encrypted password.
By default, Telnet users must input the password during login. If no password is configured, the
following is displayed: "Warning: Login password has not been set!"

Examples
# Set the local authentication password for the user interface vty 0 to vty 4 as 12345678.
<Eudemon> system-view
[Eudemon] user-interface vty 0 4
[Eudemon-ui-vty0-4] authentication-mode password
[Eudemon-ui-vty0-4] set authentication password simple 12345678

Related Topics
1.2.2 authentication-mode

1.2.37 shell

Function
Using the shell command, you can set the terminal services enabled on the user interface.
Using the undo shell command, you can remove the current setting.

Format
shell
undo shell

Parameters
None

Views
User interface view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-57


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
3: Management level

Usage Guidelines
By default, the terminal services are enabled on all the user interfaces.
There are several restrictions for the undo shell command as follows:
l If there is only the Console port without the AUX port, the Console port does not support
the command.
l If there is only the AUX port without the Console port, the AUX port does not support the
command.
l If there are both the Console port and the AUX port, the Console port does not support the
command but the AUX port supports.
l There is no restriction on other types of user interfaces.

Examples
# Disable terminal services on the VTY 0 to VTY 4.
<Eudemon> system-view
[Eudemon] user-interface vty 0 4
[Eudemon-ui-vty0-4] undo shell

# As for the Telnet users, the following is displayed after they log in.
% connection refused by remote host!

1.2.38 speed (User Interface View)

Function
Using the speed command, you can set the transmission rate of a user interface.
Using the undo speed command, you can restore the default transmission rate.

Format
speed speed-value
undo speed

Parameters
speed-value: specifies the transmission rate, in bit/s.

Views
User interface view

Default Level
3: Management level

1-58 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
By default, the transmission rate is 9600 bit/s.

The configuration is effective only when the serial interface works in the asynchronous
interactive view.

The transmission rates supported by the asynchronous serial interface are:

l 300bit/s
l 600bit/s
l 1200bit/s
l 4800bit/s
l 9600bit/s
l 19200bit/s
l 38400bit/s
l 57600bit/s
l 115200bit/s

Examples
# Set the transmission rate of the user interface to 19200 bit/s.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] speed 19200

1.2.39 ssh server authentication-retries

Function
Using the ssh server authentication-retries command, you can set the retry times to
authenticate the SSH connection.

Using the undo ssh server authentication-retries command, you can restore the default retry
times.

Format
ssh server authentication-retries times

undo ssh server authentication-retries

Parameters
times: specifies the retry times to authenticate the SSH connection. The value ranges from 1 to
5.

Views
System view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-59


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
2: Configuration level

Usage Guidelines
By default, the retry times is 3.

The configuration takes effect during the next login.

Examples
# Set the retry times to 4.
<Eudemon> system-view
[Eudemon] ssh server authentication-retries 4

Related Topics
1.2.10 display ssh server

1.2.40 ssh server rekey-interval

Function
Using the ssh server rekey-interval command, you can set the interval for updating the key
pair of the SSH server.

Using the undo ssh server rekey-interval command, you can cancel the interval for updating
the key pair of the SSH server and restore the default value 0.

Format
ssh server rekey-interval interval

undo ssh server rekey-interval

Parameters
interval: specifies the interval for updating the key pair of the SSH server. It is an integer ranging
from 0 to 24 hours.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the interval for updating the key pair of the SSH server is 0 that indicates no updating.

1-60 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

The system automatically updates the key pair of the SSH server at the configured interval. If
the client is connected with the server, the public key of the server on the client is not immediately
updated. The public key of the server on the client is updated only when the client is re-connected
with the server.

Examples
# Set the interval for updating the key pair of the SSH server to one hour.
<Eudemon> system-view
[Eudemon] ssh server rekey-interval 3

Related Topics
1.2.10 display ssh server

1.2.41 ssh server timeout

Function
Using the ssh server timeout command, you can set the timeout period of the SSH connection.

Using the undo ssh server timeout command, you can restore the default timeout period.

Format
ssh server timeout seconds

undo ssh server timeout

Parameters
seconds: specifies the login timeout period of the SSH connection. The value ranges from 1 to
120 seconds.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the timeout period is 60 seconds.

Examples
# Set the timeout period to 80 seconds.
<Eudemon> system-view
[Eudemon] ssh server timeout 80

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-61


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.2.10 display ssh server

1.2.42 ssh user assign rsa-key

Function
Using the ssh user assign rsa-key command, you can assign one existing public key (key-name)
to the user.

Using the undo ssh user assign rsa-key command, you can delete the relationship between the
user and its public key.

Format
ssh user user-name assign rsa-key key-name

undo ssh user user-name assign rsa-key

Parameters
user-name: specifies the valid SSH user name defined by AAA. It is a string of 1 to 64 characters.

key-name: specifies the configured public key name of the client. It is a string of 1 to 64
characters.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
When the system assigns a public key to a user, the system regards the public key assigned last
as valid.

AAA module is responsible for the creation and deletion of local user name. When creating an
SSH user, AAA module first informs SSH, then SSH will add this user name to its user set.
Likewise, when deleting a user, AAA module needs to inform SSH, then SSH will match this
user from its user set. If matched, SSH will delete this user from its user set.

To enable the newly-configured public key to take effect, you must re-log in to the system.

Examples
# Assign "key1" to the user "john".
<Eudemon> system-view
[Eudemon] ssh user john assign rsa-key key1

1-62 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.2.11 display ssh user-information

1.2.43 ssh user authentication-type

Function
Using the ssh user authentication-type command, you can configure the authentication mode
for the SSH user.
Using the undo ssh user authentication-type command, you can cancel the authentication
mode of the SSH user and restore the default configuration, that is, no authentication mode is
adopted.

Format
ssh user user-name authentication-type { password | rsa | all }
undo ssh user user-name authentication-type { password | rsa | all }

Parameters
user-name: specifies the name of the SSH user. It is a string of 1 to 64 characters.
password: indicates the password authentication.
rsa: indicates the RSA authentication.
all: indicates that either the password authentication or the RSA authentication can be adopted.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the authentication mode of the SSH user is not configured.
If you are a new user, you must set the authentication mode. To enable the newly configured
authentication mode to take effect, you must re-log in to the system.
When configuring the authentication mode of the SSH user, create an SSH user in the configured
authentication mode if no user name is specified.

Examples
# Configure the authentication mode for SSH user Tom.
<Eudemon> system-view
[Eudemon] ssh user Tom authentication-type password

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-63


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.2.11 display ssh user-information

1.2.44 stopbits

Function
Using the stopbits command, you can set the stop bit of a user interface.

Using the undo stopbits command, you can restore the default stop bit.

Format
stopbits { 1.5 | 1 | 2 }

undo stopbits

Parameters
1.5: indicates to set the stop bit to 1.5 bits.

1: indicates to set the stop bit to 1 bit.

2: indicates to set the stop bit to 2 bits.

Views
User interface view

Default Level
3: Management level

Usage Guidelines
By default, the stop bit is 1 bit.

If the stop bit is 1.5, the corresponding data bit is 5.

If the stop bit is 2, the corresponding data bit is 6, 7 and 8.

The configuration is effective only when the serial interface works in the asynchronous
interactive view.

Examples
# Set the stop bit to 1.5 bits.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0] stopbits 1.5

1.2.45 telnet

1-64 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the telnet command, you can log in to another firewall or router from the current
firewall through Telnet.

Format
telnet host-ip-address [ service-port ]

Parameters
host-ip-address: specifies the IP address of remote firewall or router, which is either decimal
numeral separated by dots or host name.
service-port: specifies the TCP port number to provide Telnet service on the remote firewall or
router. It ranges from 0 to 65535.

Views
User view

Default Level
0: Visit level

Usage Guidelines
By default, if service-port is not specified, the Telnet port number is 23.
By using the telnet command, the user can conveniently log in to another firewall or router from
the current firewall to manage the remote device.

Examples
# Log in to a router (IP address is 129.102.0.1) from the current firewall.
<Eudemon> telnet 129.102.0.1
Trying 129.102.0.1...
Service port is 23
Connected to 129.102.0.1
<Quidway>

1.2.46 user privilege

Function
Using the user privilege command, you can configure the command level for the user interface.
Using the undo user privilege command, you can restore the default command level.

Format
user privilege level level
undo user privilege level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-65


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
level: specifies the command level. The value is in the range of 0 to 3.

Views
User interface view

Default Level
3: Management level

Usage Guidelines
By default, the command level corresponding to the Console port on the user interface is 3 and
the command level corresponding to other user interfaces is 0.
If the command level configured on the user interface is not in consistence with the actual level
the user corresponds to, the latter is used as the valid level. For instance, the command level
corresponding to user 001 is 3 but the command level configured on VTY 0 for the user 001 is
2. Then when the user logs in the system through VTY 0, it can use the commands of level 3 or
below level 3.

Examples
# Configure the level of the user logging on through VTY 0 to 2.
<Eudemon> system-view
[Eudemon] user-interface vty 0
[Eudemon-ui-vty0] user privilege level 2

# Log in to the firewall through Telnet from VTY 0 to view the detailed user interface.
<Eudemon> display user-interface vty0

Related Topics
1.2.13 display user-interface

1.2.47 user-interface

Function
Using the user-interface command, you can enter one user interface view or multiple user
interface views.

Format
user-interface [ ui-type ] first-ui-number [ last-ui-number ]

Parameters
ui-type: specifies the type of user interface. If the user interface type is specified, use the relative
user interface ID. If the user interface type is not specified, use the absolute user interface ID.

1-66 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

first-ui-number: specifies the first user interface to be configured.

last-ui-number: specifies the last user interface to be configured. The last-ui-number should be
larger than the first-ui-number.

Views
System view

Default Level
3: Management level

Usage Guidelines
After you run this command to enter the user interface view, you can configure the attributes
related to this user interface.

Examples
# Enter the user interface console view to configure console 0.
<Eudemon> system-view
[Eudemon] user-interface console 0
[Eudemon-ui-console0]

# Enter the user interface VTY 0 view to configure VTY 0.


<Eudemon> system-view
[Eudemon] user-interface vty 0
[Eudemon-ui-vty0]

# Enter the user interface VTY view to configure VTY 0 to VTY 3.


<Eudemon> system-view
[Eudemon] user-interface vty 0 3
[Eudemon-ui-vty0-3]

# Enter user interface view to configure user interface 0-4.


<Eudemon> system-view
[Eudemon] user-interface 0 4
[Eudemon-ui0-4]

Related Topics
1.2.13 display user-interface

1.2.48 user-interface maximum-vty

Function
Using the user-interface maximum-vty command, you can set the maximum number of login
users.

Using the undo user-interface maximum-vty command, you can restore the default maximum
number of login users.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-67


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Format
user-interface maximum-vty number
undo user-interface maximum-vty

Parameters
number: specifies the maximum number of Telnet and SSH users. The value is in the range of
0 to 15.

Views
System view

Default Level
3: Management level

Usage Guidelines
By default, the maximum number of Telnet and SSH users is 5.

Examples
# Set the maximum number of Telnet users to 7.
<Eudemon> system-view
[Eudemon] user-interface maximum-vty 7

Related Topics
1.2.14 display user-interface maximum-vty

1.3 Working Mode Configuration Commands

1.3.1 debugging firewall transparent-mode


1.3.2 display firewall mode
1.3.3 display firewall transparent-mode config
1.3.4 display firewall transparent-mode address-table
1.3.5 display firewall transparent-mode traffic
1.3.6 display firewall transparent-mode trunk-port
1.3.7 firewall arp-learning enable
1.3.8 firewall ethernet-frame-filter
1.3.9 firewall mode
1.3.10 firewall system-ip
1.3.11 firewall transparent-mode aging-time

1-68 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

1.3.12 firewall transparent-mode fast-forwarding


1.3.13 firewall transparent-mode transmit
1.3.14 firewall unknown-mac
1.3.15 port trunk pvid
1.3.16 port trunk vlan allow-pass all
1.3.17 reset firewall transparent-mode address-table
1.3.18 reset firewall transparent-mode traffic

1.3.1 debugging firewall transparent-mode

Function
Using the debugging firewall transparent-mode command, you can enable packet forwarding
debugging in transparent mode.

Format
debugging firewall transparent-mode { eth-forwarding [ interface interface-type interface–
number ] | ip-forwarding }

undo debugging firewall transparent-mode { eth-forwarding [ interface interface-type


interface–number ] | ip-forwarding }

Parameters
eth-forwarding: enables Ethernet packet forwarding debugging in transparent mode.

ip-forwarding: enables IP packet forwarding debugging in transparent mode.

interface-type: specifies the type of an interface.

interface-number: specifies the number of an interface.

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Enable Ethernet packet forwarding debugging in transparent mode.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-69


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

<Eudemon> debugging firewall transparent-mode eth-forwarding interface Ethernet


0/0/0

1.3.2 display firewall mode

Function
Using the display firewall mode command, you can view the current working mode of the
firewall.

Format
display firewall mode

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the current mode of the firewall.
<Eudemon> display firewall mode
Firewall mode: route

Related Topics
1.3.9 firewall mode

1.3.3 display firewall transparent-mode config

Function
Using the display firewall transparent-mode config command, you can view the relative
configuration of transparent mode.

Format
display firewall transparent-mode config

1-70 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the relative configuration in transparent mode.
<Eudemon> system-view
[Eudemon] display firewall transparent-mode config
Firewall transparent-info:
arp learning: enable
VLAN forward: enable
system IP address: none
system IP mask : none
unknown-mac:
unicast IP packet: flood
broadcast IP packet: drop
multicast IP packet: drop
15:53:23 06-10-2008

1.3.4 display firewall transparent-mode address-table

Function
Using the display firewall transparent-mode address-table command, you can view the
content in MAC address forwarding table of a firewall.

Format
display firewall transparent-mode address-table [ interface interface-type interface-
number | mac mac-address ]

Parameters
interface interface-type interface-number: specifies the type and number of an interface.

mac mac-address: specifies the unicast MAC address in the format of H-H-H. H is a 4-bit
hexadecimal number, such as 00e0 and fc01. If you input less than 4 bits, the default value 0 is
padded. For example, when you enter e0, 00e0 is displayed. FFFF-FFFF-FFFF is invalid for
MAC address.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-71


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the address forwarding table of the interface Ethernet 0/0/0.
<Eudemon> display firewall transparent-mode address-table interface Ethernet 0/0/0
Mac-address Action Type Aging-time Receive Send Interface-name

Table 1-11 Description of the display firewall transparent-mode address-table command output

Field Description

Mac-Address MAC address

Action Deny or permit

Type Static or dynamic

Aging-time Time to live for the forwarding table

Receive Receive packets from the destination MAC address

Send Send packets from the destination MAC address

Interface-name Outgoing interface name

1.3.5 display firewall transparent-mode traffic

Function
Using the display firewall transparent-mode traffic command, you can view traffic statistics
on a firewall.

Format
display firewall transparent-mode traffic [ interface interface-type interface-number ]

Parameters
interface interface-type interface-number: specifies the type and number of an interface.

1-72 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the traffic statistics on the interface Ethernet 0/0/0 of the firewall.
<Eudemon> display firewall transparent traffic interface Ethernet 0/0/0
the statistic of interface Ethernet0/0/0 :
Input:
0 total, 0 bpdu, 0 single,
0 multi, 0 broadcast;
0 ip,0 ipx, 0 other protocal;
0 eth2, 0 snap,
0 dlsw, 0 other,
0 vlan;
Output:
0 total, 0 bpdu, 0 single,
0 multi, 0 broadcast;
0 ip, 0 ipx, 0 other protocal;
0 eth2, 0 snap,
0 dlsw, 0 other,
0 vlan;
Send way:0 broadcast, 0 fast, 0 other
Discard:
0 by inport state,
0 for local frame ,
0 by mac table,
0 by inport filter,
0 by outport filter,
0 by ip filter ,
0 other

The displayed information consists of three parts: Input, Output, and Discard. Input and Output
indicate type and quantity of packets input and output by the interface. For example, "10 total,
1 bpdu, 2 single" refers to that ten packets in total are input, of these, one BPDU packet and two
unicast packets.

Table 1-12 Description of the display firewall transparent-mode traffic command output

Field Description

Send way Sending way of data

Discard Discarding reason and quantity of discarded packets

0 by import state Quantity of discarded frames due to the abnormal import interface
state

0 for local frame Quantity of discarded frames due to outport interface equal to import
interface

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-73


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Field Description

0 by mac table Quantity of discarded frames due to the prohibited table information
configured in MAC forwarding table

0 by import filter Quantity of discarded frames due to the filtering rule configured on
import interface

0 by outport filter Quantity of discarded frames due to the filtering rule configured on
outport interface

0 by ip filter Quantity of discarded frames due to the filtering rule configured at IP


layer

0 other Quantity of discarded frames due to other reasons

1.3.6 display firewall transparent-mode trunk-port

Function
Using the display firewall transparent-mode trunk-port command, you can display the
firewall Trunk interface.

Format
display firewall transparent-mode trunk-port

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the firewall Trunk interface.
<Eudemon> display firewall transparent-mode trunk-port
Ethernet1/0/0

1.3.7 firewall arp-learning enable

1-74 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the firewall arp-learning enable command, you can enable the ARP learning.

Using the undo firewall arp-learning enable command, you can disable the ARP learning.

Format
firewall arp-learning enable

undo firewall arp-learning enable

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the ARP learning is enabled on the firewall.

When the firewall works in transparent mode, hosts in internal networks and external networks
search MAC addresses mutually through the ARP process; or an external host accesses the
firewall through ping, FTP, and Telnet; or the firewall initiates ping, FTP, and Telnet. In this
case, there are a large number of ARP request and response packets in the network.

On the one hand, the firewall transmits the ARP request or response packets. On the other hand,
it performs the learning based on the packets to create relevant ARP entries for future use.

Examples
# Disable the ARP learning.
<Eudemon> system-view
[Eudemon] undo firewall arp-learning enable

1.3.8 firewall ethernet-frame-filter

Function
Using the firewall ethernet-frame-filter command, you can apply ACL on the inbound or
outbound interface.

Using the undo firewall ethernet-frame-filter command, you can cancel ACL on the inbound
or outbound interface.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-75


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Format
firewall ethernet-frame-filter acl-number { inbound | outbound }
undo firewall ethernet-frame-filter { inbound | outbound }

Parameters
acl-number: specifies a MAC address based ACL in a range of 4000 to 4099.
inbound: applies ACL on the inbound interface.
outbound: applies ACL on the outbound interface.

Views
Interface view

Default Level
2: Configuration level

Usage Guidelines
Through applying ACL on the specific interface, you can enable the interface to only receive or
send Ethernet frames in terms of the rule in MAC address.

Examples
# Apply ACL 4000 rule on the inbound interface Ethernet 0/0/0.
<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/0
[Eudemon-Ethernet0/0/0] firewall ethernet-frame-filter 4000 inbound

1.3.9 firewall mode

Function
Using the firewall mode command, you can set the working mode for a firewall.
Using the undo firewall mode command, you can restore its default value.

Format
firewall mode { composite | route | transparent }
undo firewall mode

Parameters
composite: refers to composite mode, namely, some interfaces are configured with IP addresses,
others are not configured with IP addresses.
route: refers to route mode, namely, the interface in use must be configured with IP address.

1-76 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

transparent: refers to transparent mode, namely, all interfaces are not configured with IP
addresses.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the firewall works in route mode.
When the firewall works in route mode, its different interfaces must be configured with different
IP addresses, and connected to different subnetworks. When the firewall works in transparent
mode, its interfaces can not be configured with IP addresses, and the networks connected with
different interfaces must be in the same subnetwork. The composite mode is generally used for
VRRP backup.

CAUTION
The change of the working mode may clear the content of the configuration file in the Flash and
restart the device.

Examples
# Set the firewall to work in transparent mode.
<Eudemon> system-view
[Eudemon] firewall mode transparent
The action will clear the saved configuration in the flash and reboot the system
.Continue?[y/n]y

Related Topics
1.3.2 display firewall mode

1.3.10 firewall system-ip

Function
Using the firewall system-ip command, you can assign the IP address of the system.
Using the undo firewall system-ip command, you can restore its default value.

Format
firewall system-ip system-ip-address [ mask | mask-length ] [ vlan-id vlan-id &<1-5> ]
undo firewall system-ip

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-77


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
system-ip-address: specifies the IP address of the system, and its value is decimal numeral
separated by dots.
address-mask: specifies the IP address mask, and its value is decimal numeral separated by dots.
If no IP address mask is input, the system uses the default masks of each type of IP addresses.
vlan-id vlan-id &<1-5>: specifies the VLAN ID. It ranges from 1 to 4094. You can configure
one to five VLAN ID.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, IP address is 169.0.0.1, and mask is 255.0.0.0.
Only if the firewall works in transparent mode, you need to assign the IP address of the system.
In transparent mode, since the interface of the firewall is not configured with IP address, you
can not perform remote management over the firewall. After configuring the IP address of the
system, you can log in and perform the management through the address. When the firewall
works in route mode, you do not need to configure IP address of the system.
If no VLAN is added after the system IP address, VLAN 1 is supported by default. If one to five
VLANs are bound, multiple VLANs is supported.

Examples
# Set IP address of the firewall system to 202.106.100.1.
<Eudemon> system-view
[Eudemon] firewall system-ip 202.106.100.1

# Set IP address of the firewall system to 202.106.100.1, and bind the VLAN 2 and VLAN 3.
[Eudemon] firewall system-ip 202.106.100.1 vlan-id 2 vlan-id 3

1.3.11 firewall transparent-mode aging-time

Function
Using the firewall transparent-mode aging-time command, you can set the aging time of the
dynamic address table.
Using the undo firewall transparent-mode aging-time command, you can restore its default
value.

Format
firewall transparent-mode aging-time seconds

1-78 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

undo firewall transparent-mode aging-time

Parameters
seconds: specifies the aging time of the dynamic address table in a range of 10 to 1000000
seconds.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the aging time of the dynamic address table is 300 s.
If hold time for the dynamic address exceeds its aging time stored in the address table, the
dynamic address will be deleted.

Examples
# Set aging time of dynamic addresses to 100 s.
<Eudemon> system-view
[Eudemon] firewall transparent-mode aging-time 100

1.3.12 firewall transparent-mode fast-forwarding

Function
Using the firewall transparent-mode fast-forwarding command, you can enable fast
forwarding on the inbound or outbound interface.
Using the undo firewall transparent-mode fast-forwarding command, you can disable this
function.

Format
firewall transparent-mode fast-forwarding [ inbound | outbound ]
undo firewall transparent-mode fast-forwarding [ inbound | outbound ]

Parameters
inbound: enables fast forwarding on the inbound interface.
outbound: enables fast forwarding on the outbound interface.

Views
Ethernet interface view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-79


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
2: Configuration level

Usage Guidelines
NOTE
The data flow from inbound interface to outbound interface can be forwarded fast, only if the fast forwarding
is configured on both inbound interface and outbound interface.

Examples
# Enable the fast forwarding on the outbound interface Ethernet 0/0/0 of the firewall.
<Eudemon> system-view
[Eudemon] firewall mode transparent
[Eudemon] interface Ethernet 0/0/0
[Eudemon-Ethernet0/0/0] firewall transparent-mode fast-forwarding outbound

Related Topics
1.3.9 firewall mode

1.3.13 firewall transparent-mode transmit

Function
Using the firewall transparent-mode transmit command, you can enable the firewall to
transmit the protocol-specific frame.

Using the undo firewall transparent-mode transmit command, you can disable this function.

Format
firewall transparent-mode transmit { bpdu | dlsw | ipx }

undo transparent-mode transmit { bpdu | dlsw | ipx }

Parameters
bpdu: refers to Data frame BPDU (Bridge Protocol Data Unit) in bridge STP algorithm.

dlsw: refers to Data Link Switch frame, used to implement SNA transmission across WAN.

ipx: refers to Novell IPX frame, used to implement address padding, packet routing, and
forwarding.

Views
System view

Default Level
2: Configuration level

1-80 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
Before configuring this command, you must configure firewall in transparent mode.

Examples
# Enable the firewall to transmit IPX frame in transparent mode.
<Eudemon> system-view
[Eudemon] firewall transparent-mode transmit ipx

Related Topics
1.3.9 firewall mode

1.3.14 firewall unknown-mac

Function
Using the firewall unknown-mac command, you can set the processing mode of IP packets
with unknown MAC address.

Using the undo firewall unknown-mac command, you can restore its default processing mode.

Format
firewall unknown-mac unicast { drop | arp | flood }

firewall unknown-mac { broadcast | multicast } { drop | flood }

undo firewall unknown-mac [ unicast | broadcast | multicast ]

Parameters
unicast: processes unicast IP packets.

multicast: processes multicast IP packets.

broadcast: processes broadcast IP packets.

drop: discards all IP packets with unknown MAC address.

arp: discards original IP packets and broadcast ARP request packets to other interfaces (not
including the interface receiving packets), so as to obtain the MAC address corresponding to the
destination address in the original packet.

flood: sends all received packets to other interfaces (not including the interface receiving
packets) that must belong to a certain security area. After receiving the response packet, the
firewall will save the MAC address information, then forward subsequent packets using this
address.

Views
System view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-81


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
2: Configuration level

Usage Guidelines
By default, the system discards IP packets with unknown MAC address.
In some cases, the firewall might receive IP packets with unknown destination MAC address
(such as configured static ARP mapping items). In this way, the firewall cannot know the peer
MAC address when it forwards packets. Therefore, you need to specify one processing mode
(drop packets, broadcast ARP request, or flood packets).

Examples
# Broadcast the IP packets with unknown MAC addresses in transparent mode.
<Eudemon> system-view
[Eudemon] firewall unknown-mac unicast flood

1.3.15 port trunk pvid

Function
Using the port trunk pvid command, you can set the default VLAN ID of the Trunk port.
Using the undo port trunk pvid command, you can cancel the default VLAN ID of the Trunk
port.

Format
port trunk pvid vlan vlan-id
undo port trunk pvid

Parameters
vlan-id: specifies the default VLAN ID of the interface. It ranges from 1 to 4094.

Views
Ethernet interface view

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Set the default VLAN ID of Ethernet 0/0/0 to 1000.

1-82 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/0
[Eudemon-Ethernet0/0/0] port trunk pvid vlan 1000

1.3.16 port trunk vlan allow-pass all

Function
Using the port trunk vlan allow-pass all command, you can set all VLANs at an interface.
Using the undo port trunk vlan allow-pass all command, you can delete all VLANs at an
interface.

Format
port trunk vlan allow-pass all
undo port trunk vlan allow-pass all

Parameters
None

Views
Ethernet interface view

Default Level
2: Configuration level

Usage Guidelines
When you allow all VLANs at a port, the port becomes a Trunk port. When you reset all
configured VLANs at a Trunk port, the port then becomes a non-trunk port.
By default, the port is non-trunk port.
An interface that is enabled the Trunk function can forward packets of all VLAN IDs. If this
interface is configured with a corresponding subinterface of a VLAN ID, the subinterface has
precedence to send packets during broadcast.

NOTE
Only the FE Ethernet interface and GE interface can work in Trunk mode except for the virtual Ethernet
interface. Subinterfaces and interfaces that work in routing mode cannot work in Trunk mode.

Examples
# Set Trunk port at interface Ethernet 0/0/1 and allow all VLANs at this interface.
<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/1
[Eudemon-Ethernet0/0/1] port trunk vlan allow-pass all

# Delete all VLANs from the interface Ethernet 0/0/1.


[Eudemon-Ethernet0/0/1] undo port trunk vlan allow-pass all

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-83


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

1.3.17 reset firewall transparent-mode address-table

Function
Using the reset firewall transparent-mode address-table command, you can clear all or a
specified interface in the address forwarding table.

Format
reset firewall transparent-mode address-table [ interface interface-type interface-number ]

Parameters
interface interface-type interface-number: specifies the type and number of an interface.

Views
User view

Default Level
2: Configuration level

Usage Guidelines

Examples
# Clear all information in address forwarding table.
<Eudemon> reset firewall transparent-mode address-table

1.3.18 reset firewall transparent-mode traffic

Function
Using the reset firewall transparent-mode traffic command, you can clear traffic statistics on
all interfaces or the specified interface of the firewall.

Format
reset firewall transparent-mode traffic [ interface interface-type interface-number ]

Parameters
interface interface-type interface-number: specifies the type and number of an interface.

Views
User view

1-84 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Clear all traffic statistics on the interface Ethernet 0/0/1 of the firewall.
<Eudemon> reset firewall transparent-mode traffic Ethernet 0/0/1

1.4 File Management Configuration Commands

1.4.1 ascii
1.4.2 binary
1.4.3 bye
1.4.4 cd (User View)
1.4.5 cd (FTP Client View)
1.4.6 cdup
1.4.7 close
1.4.8 compare configuration
1.4.9 copy
1.4.10 debugging (FTP Client View)
1.4.11 delete (User View)
1.4.12 delete (FTP Client View)
1.4.13 dir (User View)
1.4.14 dir (FTP Client View)
1.4.15 disconnect
1.4.16 display current-configuration
1.4.17 display ftp-server
1.4.18 display ftp-users
1.4.19 display saved-configuration
1.4.20 display startup
1.4.21 display this
1.4.22 execute

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-85


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

1.4.23 file prompt


1.4.24 format
1.4.25 ftp
1.4.26 ftp server enable
1.4.27 ftp timeout
1.4.28 get
1.4.29 lcd
1.4.30 ls
1.4.31 mkdir (User View)
1.4.32 mkdir (FTP Client View)
1.4.33 more
1.4.34 move
1.4.35 open
1.4.36 passive
1.4.37 put
1.4.38 pwd (User View)
1.4.39 pwd (FTP Client View)
1.4.40 quit (FTP Client View)
1.4.41 remotehelp
1.4.42 rename
1.4.43 reset recycle-bin
1.4.44 reset saved-configuration
1.4.45 rmdir (User View)
1.4.46 rmdir (FTP Client View)
1.4.47 save
1.4.48 startup system-software
1.4.49 startup saved-configuration
1.4.50 tftp
1.4.51 tftp-server acl
1.4.52 undelete
1.4.53 user
1.4.54 verbose
1.4.55 xmodem get

1-86 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

1.4.1 ascii

Function
Using the ascii command, you can set the transmission data type to ASCII.
By default, the data type is ASCII.

Format
ascii

Parameters
None

Views
FTP client view

Default Level
2: Configuration level

Usage Guidelines
ASCII and binary are supported by the Eudemonfor data transmission.

Examples
# Set the transmission data type to ASCII.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] ascii
200 Type set to A.

Related Topics
1.4.25 ftp
1.4.2 binary

1.4.2 binary

Function
Using the binary command, you can set file transmission type to binary.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-87


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Format
binary

Parameters
None

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
The type of data for transmission supported by the Eudemon includes ASCII and binary.

By default, the data type is ASCII.

Examples
# Set the file transmission type to binary.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] binary
200 Type set to I.

Related Topics
1.4.25 ftp
1.4.1 ascii

1.4.3 bye

Function
Using the bye command, you can disconnect with the remote FTP server and return to the user
view.

Format
bye

1-88 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Parameters
None

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
After running this command, the user returns the user view on the client.

Examples
# Disconnect with the remote FTP server and return to the user view.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] bye
221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye
<Eudemon>

Related Topics
1.4.25 ftp
1.4.7 close

1.4.4 cd (User View)

Function
Using the cd command, you can switch the current working directory to a specified directory.

Format
cd { .. | dirctory | flash: }

Parameters
directory: specifies the name of destination directory. It is a string of 1 to 64 characters.

..: returns to the upper-level directory.

flash:: specifies the root directory of FLASH.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-89


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
User view

Default Level
3: Management level

Usage Guidelines
By default, the default working directory is used.

Note that the user can access the sub-directories of directory that users are allowed to access.

Examples
# Modify the current working directory to test.
<Eudemon> cd test
<Eudemon> pwd
flash:/test

Related Topics
1.4.38 pwd (User View)

1.4.5 cd (FTP Client View)

Function
Using the cd command, you can change the working directory on the remote FTP server.

Format
cd pathname

Parameters
pathname: specifies the directory. It is a string of 1 to 64 characters.

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
This command can be used to access the directory in another path on the FTP server.

1-90 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Change the working directory to d:/temp.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] pwd
257 "D:\abc" is current directory
[ftp] cd d:/temp
250 "D:\temp" is current directory

Related Topics
1.4.25 ftp
1.4.39 pwd (FTP Client View)

1.4.6 cdup

Function
Using the cdup command, you can change the working directory to the upper-level directory.

Format
cdup

Parameters
None

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
This command is used to exit from current directory to an upper-level directory.

Examples
# Change the working directory to an upper-level directory.
<Eudemon> ftp 172.16.104.110
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-91


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] cdup
501 Change to no authenticated directory.

Related Topics
1.4.39 pwd (FTP Client View)

1.4.7 close

Function
Using the close command, you can disconnect with the remote FTP server but remain in the FTP
client view.

Format
close

Parameters
None

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
This command terminates both control connection and data connection with the remote FTP
server.

Examples
# Disconnect with the remote FTP server and remain in the FTP client view.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] close
221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye
[ftp]

1-92 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.4.25 ftp
1.4.35 open

1.4.8 compare configuration

Function
Using the compare configuration command, you can compare the current configuration files
and those saved in the storage devices.

Format
compare configuration [ line-number1 line-number2 ]

Parameters
line-number1: specifies the start line number in the current configuration file for comparing.
The value ranges from 0 to 65535.
line-number2: specifies the start line number in the saved configuration file for comparing. The
value ranges from 0 to 65535.

Views
User view

Default Level
2: Configuration level

Usage Guidelines
If no parameter is specified, the system compares the saved configuration file and the current
configuration file from the first line. If the two parameters are specified, the system skips the
difference before the compared lines and continues to compare differences between the
configuration files.
Finally, the system outputs the differences (namely locating the differences) respectively
between the saved configuration file and the current configuration files. By default, the output
difference information is restricted to 150 characters. If it is less than 150 characters, differences
till the end of two files are displayed.

Examples
# Compare configuration files.
<Eudemon> compare configuration

Related Topics
1.4.47 save

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-93


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

1.4.9 copy

Function
Using the copy command, you can copy a file.

Format
copy { source-filename | flash: } { destination-filename | flash: }

Parameters
source-filename: specifies the source file name. It is a string of 1 to 64 characters.

destination-filename: specifies the destination file name. It is a string of 1 to 64 characters.

flash:: specifies the root directory of FLASH.

Views
User view

Default Level
3: Management level

Usage Guidelines
If the destination file name is the same as the name of an existing file, the execution fails. If the
destination file name is the same with an existing file, the user is prompted whether the existing
file should be overwritten.

Examples
# Copy the file named info.txt from the flash:/ to flash:/test.
<Eudemon> pwd
flash:
<Eudemon> dir
Directory of flash:/

0 -rw- 8950728 May 19 2008 19:51:07 Eudemon.bin


1 -rw- 4 May 30 2008 10:45:26 boottimes
2 -rw- 268 Jan 08 2008 21:52:46 flashinfo.fls
3 -rw- 268 Jan 08 2008 21:53:02 info.txt
4 -rw- 24 May 29 2008 15:02:09 private-data.txt
5 -rw- 721 May 29 2008 15:02:32 vrpcfg.zip
6 -rw- 396 Apr 14 2008 17:34:59 hostkey
7 -rw- 540 Apr 14 2008 17:35:06 serverkey
8 drw- - May 22 2008 13:53:19 test
9 -rw- 2860 May 26 2008 17:06:09 on1010592.dat

60833 KB total (52076 KB free)


<Eudemon> copy info.txt test
Copy flash:/info.txt to flash:/test/info.txt?[Y/N]:y
100% complete
Info:Copied file flash:/info.txt to flash:/test/info.txt...Done

1-94 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.4.13 dir (User View)

1.4.10 debugging (FTP Client View)

Function
Using the debugging command, you can enable debugging switch.

Using the undo debugging command, you can disable debugging switch.

Format
debugging

undo debugging

Parameters
None

Views
FTP client view

Default Level
1: Monitoring level

Usage Guidelines
By default, debugging switch is disabled.

Examples
# Enable debugging switch.
<Eudemon> ftp 10.10.10.1
[ftp] debugging

1.4.11 delete (User View)

Function
Using the delete command, you can delete the specified file from the firewall storage device.

Format
delete [ /unreserved ] { file-name | flash: }

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-95


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
/unreserved: delete the specified file unreservedly, and the deleted file never can be restored.

file-name: specifies the name of the file to be deleted. The file name is in the format of [drive]
[path][file name]. The value is in the range of 1 to 64 characters. "*" wildcard is supported.

flash:: delete the files in the FLASH.

Views
User view

Default Level
3: Management level

Usage Guidelines
The default storage device is FLASH.

The deleted file is in the recycle bin. The dir command does not display the information of
deleted files. However, by using the dir /all command, the information of all files under the
directory, including deleted files, is displayed. The undelete command can be used to restore a
file that has been deleted to the recycle bin through the delete command. To delete such a file
from the recycle bin, you can use the reset recycle-bin command. Note that if two files with the
same filename in different directories are deleted to the recycle bin, only the file that is last
deleted is kept.

Examples
# Delete flash:/test/test.txt.
<Eudemon> delete flash:/test/test.txt
Delete flash:/test/test.txt?[Y/N]y
%Deleting file flash:/test/info.txt...Done!
<Eudemon>

Related Topics
1.4.13 dir (User View)
1.4.52 undelete
1.4.43 reset recycle-bin

1.4.12 delete (FTP Client View)

Function
Using the delete command, you can delete a specified file.

Format
delete remotefile

1-96 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Parameters
remotefile: specifies the file name. It is a string of 1 to 64 characters.

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
The file that is deleted by running the command in the FTP client view cannot be restored.

Examples
# Delete temp.c.
<Eudemon> ftp 10.10.10.1
[ftp] delete temp.c

Related Topics
1.4.14 dir (FTP Client View)

1.4.13 dir (User View)

Function
Using the dir command, you can display the specified file or directory in the firewall storage
device.

Format
dir [ /all ] [ file-name | flash: ]

Parameters
/all: displays all files (including the deleted files).
filename: specifies the name of the file or directory displayed. It is a string of 1 to 64 characters.
flash:: display the files in the flash.

Views
User view

Default Level
3: Management level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-97


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
By default, files in the current directory are displayed.

This command supports "*" wildcard.

The dir /all command can be used to display the information about all the files, including the
deleted files. The names of the deleted files are denoted with "[]", for instance, [text]. The deleted
files can be restored through the 1.4.52 undelete command. The 1.4.43 reset recycle-bin
command can be used to delete the file from the recycle bin permanently.

Examples
# Display the information about the file flash:/test/test.txt.
<Eudemon> dir flash:/test/test.txt
Directory of flash:/test/

0 -rw- 268 Jun 11 2008 17:33:42 test.txt

60833 KB total (52073 KB free)

# Display the information about the directory flash:/test/.


<Eudemon> dir flash:/test/
Directory of flash:/test/

0 drw- - May 30 2008 17:41:47 a


1 -rw- 268 Jun 11 2008 17:33:42 test.txt

60833 KB total (52073 KB free)


<Eudemon> dir flash:/test/t*
Directory of flash:/test/

0 -rw- 268 Jun 11 2008 17:33:42 test.txt

60833 KB total (52073 KB free)

Related Topics
1.4.52 undelete
1.4.43 reset recycle-bin

1.4.14 dir (FTP Client View)

Function
Using the dir command, you can display all the files in the directory or the queried file.

Format
dir [ file-name ] [ local-filename ]

Parameters
file-name: specifies the queried file name. It is a string of 1 to 64 characters.

local-filename: specifies the saved local file name. It is a string of 1 to 64 characters.

1-98 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
Using the command, you can view the file contents and save the results to another file.

Examples
# Query the file temp.c and save the query result in the file flash:/test/temp1.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] dir temp.c falsh:/test/temp1
200 PORT command okay
150 File Listing Follows in ASCII mode
226 Transfer finished successfully.
FTP: 61 byte(s) received in 1.767 second(s) 34.52byte(s)/sec.

1.4.15 disconnect

Function
Using the disconnect command, you can disconnect with the remote FTP server and remain in
the FTP client view.

Format
disconnect

Parameters
None

Views
FTP client view

Default Level
3: Management level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-99


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
This command terminates both control connection and data connection with the remote FTP
server.

Examples
# Disconnect with the remote FTP server and remain in the FTP client view.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] disconnect
221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye
[ftp]

Related Topics
1.4.25 ftp
1.4.35 open

1.4.16 display current-configuration

Function
Using the display current-configuration command, you can display the currently effective
configurations on the firewall.

If some running configuration parameters are the same with the default parameters, they are not
displayed.

Format
display current-configuration [ configuration [ configuration-type ] | interface interface-
type [ interface-number ] ] [ | { begin | exclude | include } regular-expression ]

Parameters
|: filters information using the regular expression.

begin: outputs the configuration from the line with the matching string.

exclude: outputs only the configuration that does not contain any matching string.

include: outputs only the configuration that contains matching strings.

regular-expression: specifies the string of regular expression.

configuration: displays the global configuration.

1-100 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

configuration-type: specifies the configuration type that depends on the existing configuration,
including AAA configuration, system configuration, user interface configuration and
configuration output.
interface: displays the configuration of specified interface.
interface-type: specifies the interface type.
interface-number: specifies the interface number.

Views
All views

Default Level
3: Management level

Usage Guidelines
After the configurations are complete, use the display current-configuration command to view
which parameters take effect. If the configured parameters have not taken effect, there is no
display.

Examples
# Display the currently effective configurations.
<Eudemon> display current-configuration

Related Topics
1.4.47 save
1.4.44 reset saved-configuration
1.4.19 display saved-configuration

1.4.17 display ftp-server

Function
Using the display ftp-server command, you can display the parameters of the current FTP
server.

Format
display ftp-server

Parameters
None

Views
All views

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-101


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
1: Monitoring level

Usage Guidelines
After the FTP parameters are configured, this command can be used to display the configuration
results.

Examples
# Display the parameter setting of FTP server.
<Eudemon> display ftp-server
FTP server is running
Max user number 5
User count 2
Timeout value(in minute) 30

Table 1-13 Description of the display ftp-server command output


Item Description

Ftp server is running FTP server is started.

Max user number Maximum number of users that can access the FTP server at the
same time.

User count Current number of login users.

Timeout value (in minute) Timeout time for the login FTP user, in minutes.

Related Topics
1.4.26 ftp server enable

1.4.18 display ftp-users

Function
Using the display ftp-users command, you can display the parameters of the current FTP user.

Format
display ftp-users

Parameters
None

Views
All views

1-102 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Default Level
3: Management level

Usage Guidelines
Using this command, you can view information about an FTP user, including FTP user name,
IP address of the client, port number, idle time of the user, and authorization directory.

Examples
# Display parameters of the FTP user.
<Eudemon> display ftp-users
username host port idle topdir
111 1.1.1.1 3720 0 flash:

Table 1-14 Description of the display ftp-users command output

Item Description

username User name

host IP address of the client host

port Port number of the client host

idle Idle time

topdir Directory authorized to the user

Related Topics
1.4.27 ftp timeout

1.4.19 display saved-configuration

Function
Using the display saved-configuration command, you can view the configuration files used
when the firewall is powered on and started up next time. Specify the configuration files using
the 1.4.49 startup saved-configuration command.

Format
display saved-configuration

Parameters
None

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-103


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
When powered on, if the firewall could not work normally, you can use the display saved-
configuration command to check the configuration files used during firewall startup.

Examples
# Display the configuration files used when the firewall is powered on and starts up next time.
<Eudemon> display saved-configuration

Related Topics
1.4.44 reset saved-configuration
1.4.49 startup saved-configuration

1.4.20 display startup

Function
Using the display startup command, you can display the related system software and
configuration file names used for the current and the next startup.

Format
display startup

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
The output of the display stratup command is as follows:
l The file name of the system software configured by the user to be used in the current startup.

1-104 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

l The file name of the system software actually used in the current startup.
l The file name of the system software configured for the next startup.
l The configuration file name used for the current startup.
l The configuration file name configured for the next startup.

If the user does not configure any system software to be used in the startup, the startup program
automatically searches the file with the extension name as .bin in the flash. The first searched
file is used to start up the system.

Examples
# Display the file names related to the current and the next startup.
<Eudemon> display startup
Configed startup system software: flash:/Eudemon.bin
Startup system software: flash:/Eudemon.bin
Next startup system software: flash:/Eudemon.bin
Startup saved-configuration file: flash:/vrpcfg.zip
Next startup saved-configuration file: flash:/vrpcfg.zip

Table 1-15 Description of the display startup command output

Item Description

Configed startup system software Specified system software

Startup system software System software used in last startup

Next startup system software System software used in next startup

Startup saved-configuration file Configuration files used in last startup

Next startup saved-configuration file Configuration files used in next startup

Related Topics
1.4.49 startup saved-configuration
1.4.48 startup system-software

1.4.21 display this

Function
Using the display this command, you can display the running configuration of the current view.

Format
display this

Parameters
None

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-105


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
If you need to authenticate whether the configurations is correct after you have finished a set of
configurations under a view, you can use the display this command to view the running
parameters.

Some effective parameters are not displayed if they are the same with the default ones, while
some parameters, though have been configured by the user, if their related functions are not
effective, are not displayed either.

Associated configuration of the interface is displayed when executing the command in interface
views; related configuration of the protocol view is displayed when executing this command in
protocol views; and all the configuration of the protocol view is not displayed when executing
this command in protocol sub-views.

Examples
# Display the running configuration parameters for the current view of the firewall system.
<Eudemon> display this

Related Topics
1.4.47 save
1.4.44 reset saved-configuration
1.4.19 display saved-configuration
1.4.16 display current-configuration

1.4.22 execute

Function
Using the execute command, you can execute the specified batch file.

Format
execute file-name

Parameters
file-name: specifies the name of the batch file, suffixed with "bat". It is a string of 1 to 256
characters.

1-106 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
System view

Default Level
2: Configuration level

Usage Guidelines
The commands in the batch file are executed one by one. The batch file must not contain invisible
characters. If any such characters are discovered, the execute command exists from the current
process and no rollback is executed.
The execute command does not ensure all the commands in the batch file can be executed. It
cannot do a hot backup for itself. No restriction on the format and content is made to the batch
file.
The procedure of the execution of the batch file is an automatic procedure, equaling to the
implementation of every commands manually.

Examples
# Execute the batch file test.bat in the directory flash:/.
<Eudemon> system-view
[Eudemon] execute test.bat

1.4.23 file prompt

Function
Using the file prompt command, you can modify the alerting pattern of file operation of the
firewall.

Format
file prompt { alert | quiet }

Parameters
alert: enables interactive acknowledgement on the condition that the operation, such as deleting
files, can cause the data loss or deleting a file.
quiet: indicates no alert is given on the condition that the operation, such as deleting files, can
cause the data loss or deleting a file.

Views
System view

Default Level
3: Management level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-107


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
By default, the alerting pattern is alert.

When the alerting pattern is set to quiet, no alert is given on the condition that the operation,
such as deleting files, can cause the data loss or deleting a file.

Examples
# Set the alerting pattern of the file operation to quiet.
<Eudemon> system-view
[Eudemon] file prompt quiet

# Set the alerting pattern of the file operation to alert.


[Eudemon] file prompt alert

1.4.24 format

Function
Using the format command, you can format the storage device.

Format
format device-name

Parameters
device-name: specifies the device name such as flash.

Views
User view

Default Level
3: Management level

Usage Guidelines
Formatting results in the loss of all files. The lost files cannot be restored.

Examples
# Format FLASH.
<Eudemon> format flash:
All data(include configuration and system startup file) on flash: will be lost ,
proceed with format ? [Y/N]:y

1.4.25 ftp

1-108 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the ftp command, you can set up a control connection with the remote FTP server and
enter the FTP client view.

Format
ftp [ host [ port ] ]

Parameters
host: specifies the IP address or the name of the remote FTP server. It is a string of 1 to 20
characters.

port: specifies the port number of the remote FTP server. The value ranges from 1 to 65535.

Views
User view

Default Level
3: Management level

Usage Guidelines
If no parameter is set in this command, only the FTP view is displayed, and no connection with
the FTP server is set up.

Examples
# Connect the remote FTP server with the IP address as 1.1.1.1.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully

Related Topics
1.4.3 bye
1.4.15 disconnect

1.4.26 ftp server enable

Function
Using the ftp server enable command, you can enable the FTP server and allow the login of
FTP users.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-109


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Using the undo ftp server command, you can disable the FTP server and deny the login of FTP
users.

Format
ftp server enable

undo ftp server

Parameters
None

Views
System view

Default Level
3: Management level

Usage Guidelines
By default, the FTP server is disabled.

After the FTP server turns off, the user that logs in to this FTP server can no longer do any
operation, unless the user logs out.

Examples
# Disable the FTP server.
<Eudemon> system-view
[Eudemon] undo ftp server

Related Topics
1.4.17 display ftp-server

1.4.27 ftp timeout

Function
Using the ftp timeout command, you can set the timeout period of the FTP connection.

Using the undo ftp timeout command, you can restore the default timeout period.

Format
ftp timeout minutes

undo ftp timeout

1-110 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Parameters
minutes: specifies the timeout period, in minutes. The value ranges from 1 to 35791.

Views
System view

Default Level
3: Management level

Usage Guidelines
By default, the timeout period of the FTP connection is 30 minutes.

After logging in to the FTP server, the user sets up a connection with the FTP server. If an
abnormal disconnection occurs or the user abnormally cuts the connection, the FTP server is not
notified and thus the connection is still kept. To avoid such a case, the timeout period is set. If
no command interaction is conducted during this period, the FTP server considers the connection
invalid and cuts the connection.

Examples
Set the timeout period of the FTP connection to 36 minutes.
<Eudemon> system-view
[Eudemon] ftp timeout 36

Related Topics
1.4.17 display ftp-server

1.4.28 get

Function
Using the get command, you can download remote files and save them to the local device.

Format
get remote-file [ local-file ]

Parameters
remote-file: specifies the file name on the remote FTP server. It is a string of 1 to 64 characters.

local-file: specifies the local file name. It is a string of 1 to 64 characters.

Views
FTP client view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-111


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
3: Management level

Usage Guidelines
If the local file name is not specified, the downloaded file is saved using the same name with
that of the file on the remote FTP server.

Examples
# Download temp1.c and save it with the name as temp.c.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] get temp1.c temp.c

1.4.29 lcd

Function
Using the lcd command, you can get the local working directory of an FTP client.

Format
lcd

Parameters
None

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
Different from the 1.4.39 pwd (FTP Client View) command that displays the remote working
directory of FTP server, after the lcd command is run, the local working directory of FTP client
is displayed.

Examples
# Display the local working path.

1-112 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

<Eudemon> ftp 1.1.1.1


Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] lcd
% Local directory now flash:.

Related Topics
1.4.39 pwd (FTP Client View)

1.4.30 ls

Function
Using the ls command, you can query a specified file and save the results to a specified file.

Format
ls [ remote-file ] [ local-file ]

Parameters
remote-file: specifies the queried remote file. The name is a string of 1 to 64 characters.
local-file: specifies the name of the local file that stores the results. The name is a string of 1 to
64 characters.

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
By default, all the files are displayed if you do not specify any parameters.

Examples
# Query temp.c.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-113


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

230 Logged in successfully


[ftp] ls temp.c

1.4.31 mkdir (User View)

Function
Using the mkdir command, you can create a directory in the specified directory in the specified
storage device.

Format
mkdir directory

Parameters
directory: specifies a directory name. It is a string of 1 to 64 characters long. The name of the
directory should not include the following characters: ~, /, \, : , *
flash:: specifies the root directory of FLASH.

Views
User view

Default Level
3: Management level

Usage Guidelines
Note that the created directory name can not be the same as other directory or file names in the
specified directory.
The mkdir command supports the four-level directory, and the maximum length of the directory
name at each level is 15 characters.

Examples
# Create a directory dd.
<Eudemon> mkdir dd
Created dir dd.

Related Topics
1.4.13 dir (User View)

1.4.32 mkdir (FTP Client View)

Function
Using the mkdir command, you can create a directory at the remote FTP server.

1-114 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Format
mkdir remote-directory

Parameters
remote-directory: specifies the directory name. It is a string of to 64 characters.

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
After the command is run, the directory that is created exists on the FTP server.

Examples
# Create a directory test at the remote FTP server.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] mkdir test

Related Topics
1.4.46 rmdir (FTP Client View)

1.4.33 more

Function
Using the more command, you can display a specified file.

Format
more file-name

Parameters
file-name: specifies the file name. It is a string of 1 to 64 characters.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-115


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
User view

Default Level
3: Management level

Usage Guidelines
The file system displays the file in the .txt format.

Examples
# Display the content of the file test.txt.
<Eudemon> more test.txt
AppWizard has created this test application for you.
This file contains a summary of what you will find in each of the files that make
up your test application.
Test.dsp
This file (the project file) contains information at the project level and is used
to build a single project or subproject. Other users can share the project (.dsp)
file, but they should export the makefiles locally.

1.4.34 move

Function
Using the move command, you can move a file. But files cannot be moved between different
devices.

Format
move source-file-name dest-file-name

Parameters
source-file-name: specifies the source file name. It is a string of 1 to 64 characters.
dest-file-name: specifies the destination file name. It is a string of 1 to 64 characters.

Views
User view

Default Level
3: Management level

Usage Guidelines
If the name of the destination file is the same with the name of an existing directory, the execution
will fail. If the name of the destination file is the same with an existing file, the display whether
the existing file should be overwritten prompts.

1-116 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Move the sample.txt file from flash:/test/sample.txt to flash:/sample.txt.
<Eudemon> dir
Directory of flash:/
-rwxrwxrwx1 noone nogroup 121692 Apr 18 2003 11:17:26 matnLog.dat
-rwxrwxrwx1 noone nogroup 956 Mar 19 2003 09:12:55 exception.dat
-rwxrwxrwx1 noone nogroup 2165 Apr 04 2003 20:48:23 vrpcfg.cfg
-rwxrwxrwx1 noone nogroup 6434223 Mar 29 2003 16:28:20 vrp3.cc
drwxrwxrwx1 noone nogroup - Apr 18 2003 15:29:49 test
6477 KBytes total (48 KBytes free)

<Eudemon> dir flash:/test/


Directory of flash:/test/
-rwxrwxrwx 1 noone nogroup 2227 Apr 18 2003 15:38:30 test.txt
-rwxrwxrwx 1 noone nogroup 2165 Apr 18 2003 15:36:52 sample.txt
6477 KBytes total (46 KBytes free)
<Eudemon> move flash:/test/sample.txt flash:/sample.txt
Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N] :y
% Moved file flash:/test/sample.txt to flash:/sample.txt

<Eudemon> dir
Directory of flash:/
-rwxrwxrwx1 noone nogroup 121692 Apr 18 2003 11:17:26 matnLog.dat
-rwxrwxrwx1 noone nogroup 956 Mar 19 2003 09:12:55 exception.dat
-rwxrwxrwx1 noone nogroup 2165 Apr 04 2003 20:48:23 vrpcfg.cfg
-rwxrwxrwx1 noone nogroup 6434223 Mar 29 2003 16:28:20 vrp3.cc
drwxrwxrwx1 noone nogroup - Apr 18 2003 15:29:49 test
-rwxrwxrwx1 noone nogroup 444 Apr 18 2003 15:40:00 sample.txt
6477 KBytes total (47 KBytes free)

<Eudemon> dir flash:/test/


Directory of flash:/test/
-rwxrwxrwx 1 noone nogroup 2227 Apr 18 2003 15:38:30 test.txt
6477 KBytes total (47 KBytes free)

Related Topics
1.4.13 dir (User View)

1.4.35 open

Function
Using the open command, you can set up a control connection with the remote FTP server.

Format
open host [ port ]

Parameters
host: specifies the IP address or host name of the remote FTP server. It is a string with 1 to 20
characters.
port: specifies the port number of the remote FTP server. The value ranges from 0 to 65535.

Views
FTP client view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-117


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
3: Management level

Usage Guidelines
Using the ftp command in the user view, you can establish a connection with the FTP server
and enter the FTP client view. When the FTP disconnects accidentally, you can run the open
command to create an FTP connection.

Examples
# Set up a connection with FTP server 1.1.1.1.
<Eudemon> ftp
[ftp] open 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully

Related Topics
1.4.25 ftp
1.4.15 disconnect

1.4.36 passive

Function
Using the passive command, you can set data transmission mode to passive.
Using the undo passive command, you can set data transmission mode to active.

Format
passive
undo passive

Parameters
None

Views
FTP client view

Default Level
3: Management level

1-118 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
By default, the transmission mode is passive.

Examples
# Set data transmission mode to passive.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] passive

1.4.37 put

Function
Using the put command, you can upload a local file to the remote FTP server.

Format
put local-file [ remote-file ]

Parameters
local-file: specifies the local file name. It is a string of 1 to 64 characters.
remote-file: specifies the file name on the remote FTP server. It is a string of 1 to 64 characters.

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
If no file name on the remote server is specified, the uploaded file uses the same with that of the
local file.

Examples
# Upload the local file temp.c to the remote FTP server and save it with the name as temp1.c.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-119


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] put temp.c temp1.c

Related Topics
1.4.28 get

1.4.38 pwd (User View)

Function
Using the pwd command, you can display the current working directory.

Format
pwd

Parameters
None

Views
User view

Default Level
3: Management level

Usage Guidelines
In both root directory and sub-directory, you can run the pwd command to view the current
directory. Then, the user can run the cd command to change the current directory according the
echo message.

Examples
# Display the current directory.
<Eudemon> pwd
flash:/test

Related Topics
1.4.13 dir (User View)
1.4.4 cd (User View)

1.4.39 pwd (FTP Client View)

1-120 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the pwd command, you can display the working directory on the remote FTP server.

Format
pwd

Parameters
None

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
After the user logs in to the FTP server by FTP client remotely, the user can run this command
to view the current working directory of the FTP server.

Examples
# Display the working directory on the remote FTP server.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] pwd
"d:/temp" is current directory.

Related Topics
1.4.25 ftp

1.4.40 quit (FTP Client View)

Function
Using the quit command, you can disconnect with the remote FTP server and exit from the user
view.

Format
quit

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-121


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
None

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
After running this command, you return to the user view on the FTP client.

Examples
# Disconnect with the remote FTP server and exit from the user view.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] quit
<Eudemon>

1.4.41 remotehelp

Function
Using the remotehelp command, you can display the help of FTP commands.

Format
remotehelp [ protocol-command ]

Parameters
protocol-command: specifies the FTP command. It is of 1 to 16 characters.

Views
FTP client view

Default Level
3: Management level

1-122 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
FTP commands are user, pass, acct, cwd, cdup, smnt, quit, rein, port, pasv, type, stru,
mode, retr, stor, stou, appe, allo, rest, rnfr, rnto, abor, dele, rmd, help, noop, xcup, xcwd,
xmkd, xpwd, and xrmd.

Examples
# Display the syntax of the user command.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] remotehelp user
214 Syntax: USER <sp> <username>

1.4.42 rename

Function
Using the rename command, you can rename a file.

Format
rename source-file-name dest-file-name

Parameters
source-file-name: specifies the source file name. It is a string of 1 to 64 characters.

dest-file-name: specifies the destination file name. It is a string of 1 to 64 characters.

Views
User view

Default Level
3: Management level

Usage Guidelines
If the name of the destination file is the same as that of an existing directory or an existing file,
the system prompts an error message.

Examples
# Rename the file sample.txt as sample.bak.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-123


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

<Eudemon> rename sample.txt sample.bak


Rename flash:/sample.txt to flash:/sample.bak?[Y/N]:y
Info:Rename file flash:/sample.txt to flash:/sample.bak ......Done.

1.4.43 reset recycle-bin

Function
Using the reset recycle-bin command, you can delete a file from the recycle bin permanently.

Format
reset recycle-bin [ file-name | flash: ]

Parameters
file-name: specifies the name of the file to be deleted. It is a string of 1 to 64 characters. "*"
wildcard is supported.
flash:: specifies the recycle bin in FLASH.

Views
User view

Default Level
3: Management level

Usage Guidelines
Using the delete (User View) command in the user view, you can remove a file to the recycle
bin only. To delete this file permanently, use the reset recycle-bin command.

Examples
# Delete the file info.txt in the recycle bin.
<Eudemon> reset recycle-bin info.txt
Squeeze flash:/info1.txt ?[Y/N]:y
Clear file from flash will take a long time if needed.......Done!.
%Cleared file flash:/info.txt.

Related Topics
1.4.11 delete (User View)

1.4.44 reset saved-configuration

Function
Using the reset saved-configuration command, you can delete the configuration files saved in
the storage devices.

1-124 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Format
reset saved-configuration

Parameters
None

Views
User view

Default Level
2: Configuration level

Usage Guidelines
This command should be executed with caution. Use it under the guidance of technical personnel.

It is generally used in the following cases:

l After the firewall software is updated, the configuration file in the storage device may not
match the new version software.
l If a used firewall is deployed in a new application environment, the original configuration
file is unable to meet the requirements of the new environment. You need to reconfigure
it.

Using the reset command does not damage the original configuration file when writing the
configuration file.

Examples
# Delete the configuration files saved in the storage device.
<Eudemon> reset saved-configuration
The action will delete the saved configuration in the flash.
The configuration will be erased to reconfigure.
Are you sure?[Y/N]y

Related Topics
1.4.47 save
1.4.16 display current-configuration
1.4.19 display saved-configuration

1.4.45 rmdir (User View)

Function
Using the rmdir command, you can delete a directory.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-125


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Format
rkdir directory

Parameters
directory: specifies the name of the directory. It is a string of 1 to 64 characters.

Views
User view

Default Level
3: Management level

Usage Guidelines
The directory to be deleted must be an empty one.

Examples
# Delete the directory test.
<Eudemon> rmdir test
Remove directory flash:/test?[Y/N]:y
%Removing directory flash:/test.......Done!

Related Topics
1.4.31 mkdir (User View)

1.4.46 rmdir (FTP Client View)

Function
Using the rmdir command, you can delete the specified directory on the server.

Format
rmdir remote-directory

Parameters
remote-directory: specifies the directory name on the remote FTP server. It is a string ranging
from 1 to 64 characters.

Views
FTP client view

Default Level
3: Management level

1-126 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
None

Examples
# Delete the d:/temp1 directory on the FTP server.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] rmdir d:/temp1

Related Topics
1.4.32 mkdir (FTP Client View)

1.4.47 save

Function
Using the save command, you can save the current configuration to the storage device.
Using the save configuration-file command, you can save the current configuration to the
specified directory of the storage device. Generally, the command does not affect the starting of
the current configuration file. When configuration-file is the same as the default save path and
configuration file name, this command can be used as the save command.

Format
save [ configuration-file ]

Parameters
configuration-file: specifies the name of the configuration file. It is a string of 5 to 64 characters.

Views
User view

Default Level
2: Configuration level

Usage Guidelines
When a set of configuration is finished and the expected functions have been achieved, the
current configuration file should be saved in the storage device.
The configuration file must take .cfg or .zip as its extension name, and the system configuration
file must be saved under the root directory of the storage device. The default directory is the root

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-127


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

directory of Flash. When saving the configuration file for the first time, if you do not specify
the optional parameter configuration-file, the system asks you whether to save the file as
"vrpcfg.cfg".

Examples
# Save the current configuration to the default storage device.
<Eudemon> save

Related Topics
1.4.44 reset saved-configuration
1.4.19 display saved-configuration
1.4.16 display current-configuration
1.4.49 startup saved-configuration

1.4.48 startup system-software

Function
Using the startup system-software command, you can configure the file name of the system
software used in the next startup.

Format
startup system-software system-file

Parameters
system-file: specifies the file name of the system software. It is a string of 4 to 64 characters.

Views
User view

Default Level
3: Management level

Usage Guidelines
The system software must use .bin as its extension name and must be saved in the root directory
of the storage device. By default, the system software is saved in the root directory of the flash.

Examples
# Configure the system software used in the next startup.
<Eudemon> startup system-software system.bin

1-128 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.4.20 display startup

1.4.49 startup saved-configuration

Function
Using the startup saved-configuration command, you can configure the configuration file used
in the next startup.

Format
startup saved-configuration configuration-file

Parameters
configuration-file: specifies the name of the configuration file. It is a string of 4 to 64 characters.

Views
User view

Default Level
3: Management level

Usage Guidelines
The configuration file must use .cfg or .zip as its extension name and must be saved in the root
directory of the storage device. By default, the configuration file is saved in the root directory
of the flash.

Examples
# Configure the configuration file used in the next startup.
<Eudemon> startup saved-configuration vrpcfg.zip

Related Topics
1.4.20 display startup

1.4.50 tftp

Function
Using the tftp command, you can upload the file to the TFTP server or download the file on the
TFTP server to the local.

Format
tftp tftp-server { get | put } source-file-name [ dest-file-name ]

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-129


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
tftp-server: specifies the IP address or the host name of TFTP server.

get: downloads files.

put: uploads files.

source-file-name: specifies the source file name. It is a string of 1 to 56 characters.

dest-file-name: specifies the destination file name. It is a string of 1 to 56 characters.

Views
User view

Default Level
3: Management level

Usage Guidelines
When the name of the local file is not specified, the file is saved with the original name.

Examples
# Download the vrpcfg.txt file at the root directory of the TFTP server to the local hard disk. IP
address of the TFTP server is 1.1.254.2. Save the downloaded file with the name as vrpcfg.bak.
<Eudemon> tftp 1.1.254.2 get vrpcfg.txt hda1:/vrpcfg.bak

# Upload the vrpcfg.txt file at the root directory of the flash to the default directory of the TFTP
server. IP address of the TFTP server is 1.1.254.2. Save the uploaded file with the name as
vrpcfg.bak.
<Eudemon> tftp 1.1.254.2 put flash:/vrpcfg.txt vrpcfg.bak

Related Topics
1.4.51 tftp-server acl

1.4.51 tftp-server acl

Function
Using the tftp-server acl command, you can configure the ACL to control the access of clients
to the FTP server.

Using the undo tftp-server acl command, you can cancel the ACL.

Format
tftp-server acl acl-number

undo tftp-server acl

1-130 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Parameters
acl-number: specifies the basic ACL number. The value ranges from 2000 to 2999.

Views
System view

Default Level
3: Management level

Usage Guidelines
If a firewall serves as a TFTP client, you can configure the ACL on the firewall to control the
login of the local device to the TFTP server through TFTP.

Examples
# Set an ACL rule 2000 to allow specified users to access the TFTP server.
<Eudemon> system-view
[Eudemon] tftp-server acl 2001

Related Topics
1.4.50 tftp

1.4.52 undelete

Function
Using the undelete command, you can restore a deleted file.

Format
undelete file-name

Parameters
file-name: specifies the name of the file to be restored. It is a string of 1 to 64 characters.

Views
User view

Default Level
3: Management level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-131


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
If the name of the file to be restored is the same with the name of an existing directory, the
execution fails. If the name of this file is the same with that of an existing file, the display whether
to overwrite the current file name prompts.

Examples
# Restore the deleted file sample.bak.
<Eudemon> undelete sample.bak
Undelete flash:/test/sample.bak?[Y/N]:y
% Undeleted file flash:/test/sample.bak

Related Topics
1.4.11 delete (User View)
1.4.43 reset recycle-bin

1.4.53 user

Function
Using the user command, you can re-log on to the FTP user.

Format
user user-name [ password ]

Parameters
user-name: specifies the login user name. It is a string of 1 to 32 characters.
password: specifies the login password. It is a string of 1 to 16 characters.

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
By using this command, the firewall allows you to log in to an FTP server by using another user
name without exiting from the FTP client view. The FTP connection that is created by running
this command is the same as that is created by running the ftp command.

Examples
# Log in to the FTP server with the user name tom and the password bjhw.
<Eudemon> ftp 1.1.1.1
Trying 1.1.1.1 ...

1-132 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Press CTRL+K to abort


Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] user tom bjhw

1.4.54 verbose

Function
Using the verbose command, you can enable the verbose function.
Using the undo verbose command, you can disable the verbose function.

Format
verbose
undo verbose

Parameters
None

Views
FTP client view

Default Level
3: Management level

Usage Guidelines
By default, the verbose function is disabled.
When you use the verbose command, all FTP response is displayed. After the file is transmitted,
the statistics of transmission rate are displayed too.

Examples
# Enable the verbose function.

<Eudemon> ftp 1.1.1.1


Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(1.1.1.1:(none)):123
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] verbose
Info:Verbose is on

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-133


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.4.28 get
1.4.37 put

1.4.55 xmodem get

Function
Using the xmodem get command, you can download files from the AUX port to the firewall
through the Xmodem protocol.

Format
xmodem get { file-name | flash: }

Parameters
file-name: specifies the name of the received file that is saved. It is a string. The absolute path
of the file ranges from 1 to 64 characters.
flash: specifies the storage device FLASH.

Views
User view

Default Level
3: Management level

Usage Guidelines
If file-name is specified, the system saves the file with the specified name to a specified path. If
no file-name is specified, the system saves the file with the original name to the specified device.

Examples
# Download files from the AUX port through the Xmodem protocol and save the received file
to flash with the name as test.txt.
<Eudemon> xmodem get flash:/test.txt

1.5 System Maintenance Configuration Commands

1.5.1 debugging (User View)


1.5.2 debugging firewall packet-capture
1.5.3 debugging firewall packet-capture error
1.5.4 debugging firewall packet-capture event

1-134 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

1.5.5 display channel


1.5.6 display cpu-usage-for-user
1.5.7 display debugging
1.5.8 display diagnostic-information
1.5.9 display device
1.5.10 display environment
1.5.11 display firewall logtime
1.5.12 display firewall packet-capture configuration
1.5.13 display firewall packet-capture queue
1.5.14 display firewall packet-capture statistic
1.5.15 display info-center
1.5.16 display logbuffer
1.5.17 display patch-information
1.5.18 display schedule reboot
1.5.19 display trapbuffer
1.5.20 firewall log-time
1.5.21 firewall packet-capture
1.5.22 firewall packet-capture send host
1.5.23 firewall packet-capture send queue
1.5.24 firewall packet-capture startup
1.5.25 firewall session log-type binary discard enable
1.5.26 firewall session log-type
1.5.27 info-center channel
1.5.28 info-center console channel
1.5.29 info-center enable
1.5.30 info-center logbuffer
1.5.31 info-center loghost
1.5.32 info-center loghost source
1.5.33 info-center monitor channel
1.5.34 info-center snmp channel
1.5.35 info-center source
1.5.36 info-center timestamp
1.5.37 info-center trapbuffer

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-135


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

1.5.38 patch
1.5.39 ping
1.5.40 reset firewall log-buf
1.5.41 reset firewall packet-capture
1.5.42 reset logbuffer
1.5.43 reset trapbuffer
1.5.44 service modem-callback
1.5.45 session log enable
1.5.46 schedule reboot
1.5.47 terminal debugging
1.5.48 terminal logging
1.5.49 terminal monitor
1.5.50 terminal trapping
1.5.51 tracert

1.5.1 debugging (User View)

Function
Using the debugging command, you can enable debugging switch.

Using the undo debugging command, you can disable debugging switch.

Format
debugging { all [ timeout time ] | module-name [ debug-option1 ] [ debug-option2 ] … }

undo debugging { all | module-name [ debug-option1 ] [ debug-option2 ] … }

Parameters
all: enables or disables all debugging switches.

timeout time: indicates the duration of debugging commands after the debugging is enabled.
When the set duration reaches the limit, the system automatically disables the debugging. It is
in minutes, ranging from 1 to 1440.

module-name: specifies a Module name.

debug-option: specifies a debugging option.

Views
User view

1-136 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Default Level
1: Monitoring level

Usage Guidelines
By default, all debugging switches are disabled.

The device system provides kinds of debugging, which are generally used to perform network
fault diagnosis by technical support personnel and qualified maintenance personnel.

After the debugging switch is enabled, the system will generate a lot of debugging information
and lower its efficiency. Especially after all debugging switches are enabled through the
debugging all command, the network crash may occur. It is recommended that you should not
use the debugging all command. However, you can conveniently disable all debugging switches
using the undo debugging all command.

Examples
# Enable IP Packet debugging switch.
<Eudemon> debugging ip packet
IP packet debugging switch is on.

1.5.2 debugging firewall packet-capture

Function
Using the debugging firewall packet-capture command, you can enable the packet capture
debugging or the debugging of sending captured packets.

Using the undo debugging firewall packet-capture command, you can disable the packet
capture debugging or the debugging of sending captured packets.

Format
debugging firewall packet-capture [ capture | send ]

undo debugging firewall packet-capture [ capture | send ]

Parameters
capture: indicates the remote packet capture debugging.

send: indicates the debugging of sending captured packets.

Views
User view

Default Level
1: Monitoring level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-137


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
None

Examples
# Enable the remote packet capture debugging.
<Eudemon> debugging firewall packet-capture capture
*0.66536883 Eudemon CAPT/8/DebugPacket: Saving one captured packet save-time =
2007/7/28 13:30:22, interface = Ethernet0/0/0, direction = ingress,
que-id = 0, serial-num = 3, captured-pktlen = 66, original-iplen = 66

Table 1-16 Description of the debugging firewall packet-capture capture command output
Item Description

Debug *0.66536883 Eudemon CAPT/8/DebugPacket: Saving one captured


information packet save-time=2007/7/28 13:30:22, interface=Ethernet0/0/0,
direction=ingress,
que-id=0, serial-num=3, captured-pktlen=66, original-iplen=66

Meaning Capture an inbound packet on Ethernet 0/0/0 and store it to queue 0. The
length of the packet is 66 bytes and numbered 3.

Cause There are packets reaching the interface during packet capture.

# Enable the debugging of sending captured packets.


<Eudemon> debugging firewall packet-capture send
*0.66536883 Eudemon CAPT/8/DebugPacket: sending one captured packet, destination:
ip = 10.1.1.5, udp-port = 9005, save-time = 2007/7/28 13:30:22, interface =
Ethernet0/0/0, direction = ingress,
que-id = 0, serial-num = 3, captured-pktlen = 66, original-iplen = 66

Table 1-17 Description of the debugging firewall packet-capture send command output
Item Description

Debug *0.66536883 Eudemon CAPT/8/DebugPacket: sending one captured


information packet, destination:
ip = 10.1.1.5, udp-port = 9005, save-time = 2007/7/28 13:30:22, interface
= Ethernet0/0/0, direction = ingress,
que-id = 0, serial-num = 3, captured-pktlen = 66, original-iplen = 66

Meaning Send one packet from queue 0 to port 9005 of the host at 10.1.1.5. The
packet is from the inbound direction and captured on Ethernet 0/0/0. The
66-byte packet is numbered 3.

Cause Send captured packets to the host.

Related Topics
1.5.21 firewall packet-capture

1-138 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

1.5.3 debugging firewall packet-capture error

Function
Using the debugging firewall packet-capture error command, you can enable the packet-
capture error debugging.

Using the undo debugging firewall packet-capture error command, you can disable the
packet-capture error debugging.

Format
debugging firewall packet-capture error

undo debugging firewall packet-capture error

Parameters
None

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Enable the packet-capture error debugging.
<Eudemon> debugging firewall packet-capture capture error
*0.71342320 Eudemon CAPT/8/DebugError: CAPT_RcvPkt: failed to malloc memory!

Table 1-18 Description of the debugging firewall packet-capture error command output

Item Description

Debug *0.71342320 Eudemon CAPT/8/DebugError: CAPT_RcvPkt: failed to


information malloc memory!

Meaning Failed to apply memory space.

Cause Failed to apply memory space.

Measures Check whether free memory is enough.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-139


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.5.21 firewall packet-capture

1.5.4 debugging firewall packet-capture event

Function
Using the debugging firewall packet-capture event command, you can enable the packet-
capture event debugging.

Using the undo debugging firewall packet-capture event command, you can disable the
packet-capture event debugging.

Format
debugging firewall packet-capture event

undo debugging firewall packet-capture event

Parameters
None

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Enable the packet-capture event debugging.
<Eudemon> debugging firewall packet-capture event
*0.71342300 Eudemon CAPT/8/DebugEvent: Capture Queue 0 is full

Table 1-19 Description of the debugging firewall packet-capture event command output

Item Description

Debug information *0.71342300 Eudemon CAPT/8/DebugEvent: Capture Queue 0 is full

Meaning Queue 0 is full.

Cause Queue 0 is full of captured packets.

1-140 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.5.21 firewall packet-capture

1.5.5 display channel

Function
Using the display channel command, you can display the contents of an information channel.

Format
display channel [ channel-number | channel-name ]

Parameters
channel-number: specifies the channel number. The value is in the range of 0 to 9. That is, the
system has 10 channels.

channel-name: specifies the channel name.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
If no parameter is specified in the command, the setting status of all channels is displayed.

Examples
# Display the content of channel 0.
<Eudemon> display channel 0
channel number:0, channel name:console
MODU_ID NAME ENABLE LOG_LEVEL ENABLE TRAP_LEVEL ENABLE DEBUG_LEVEL
ffff0000 default Y warning Y debugging Y debugging

Table 1-20 Description of the display channel command output

Item Description

MODU_ID The module number that the item functions. "ffff0000" is the default
item.

NAME The module name that the item functions. "default" indicates the default
module.

ENABLE (first) Indicates enabling the log information.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-141


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Item Description

LOG_LEVEL Indicates the level of the log information allowed to be output.

ENABLE (second) Indicates enabling the alarm information.

TRAP_LEVEL Indicates the level of the alarm information allowed to be output.

ENABLE (third) Indicates enabling the debugging information.

DEBUG_LEVEL Indicates the level of the debugging information allowed to be output.

1.5.6 display cpu-usage-for-user

Function
Using the display cpu-usage-for-user command, you can view the statistics and configuration
of the CPU usage.

Format
display cpu-usage-for-user entry-number [ offset ] [ verbose ] [ history ] [ configuration ]

Parameters
entry-number: specifies the number of entries displayed each time. The value is an integer that
ranges from 1 to 60.
offset: specifies that the display begins from an entry before the latest record. The value is an
integer that ranges from 0 to 59.
verbose: displays detailed information about each record.
history: displays the history record of the CPU usage.
configuration: displays the CPU usage of configuration information.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display two entries of the statistics and configuration of the CPU usage.

1-142 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

<Eudemon> display cpu-usage-for-user 2


CPU Usage Stat. Cycle: 60 (Second)
CPU Usage : 3%
CPU Usage Stat. Time : 2008-09-04 15:36:41
CPU Usage Stat. Tick : 0x1311(CPU Tick High) 0x8f595e92(CPU Tick Low)
Actual Stat. Cycle : 0x0(CPU Tick High) 0xb2d72bef(CPU Tick Low)

===== CPU usage info (no: 1 idx: 30) =====


CPU Usage Stat. Cycle: 60 (Second)
CPU Usage : 3%
CPU Usage Stat. Time : 2008-09-04 15:35:41
CPU Usage Stat. Tick : 0x1310(CPU Tick High) 0xdc7c49a2(CPU Tick Low)
Actual Stat. Cycle : 0x0(CPU Tick High) 0xb2d7295c(CPU Tick Low)

1.5.7 display debugging

Function
Using the display debugging command, you can display the enabled debugging.

Format
display debugging [ interface interface-type interface-number ] [ module-name ]

Parameters
module-name: specifies a module name.
interface-type: specifies the type of an interface.
interface-number: specifies the number of an interface.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
By default, all the enabled debugging is displayed when no parameter is specified.

Examples
# Display all the enabled debugging.
<Eudemon> display debugging
IP packet debugging switch is on.

Related Topics
1.5.1 debugging (User View)

1.5.8 display diagnostic-information

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-143


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Function
Using the display diagnostic-information command, you can display the working status of all
current system modules.

Format
display diagnostic-information

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
The display diagnostic-information command output covers the output of the display
commands, that is, 1.1.3 display clock, 1.1.6 display version, and 1.4.16 display current-
configuration.

Using this command, you can collect abundant information that is helpful to locate the problem
in case of system failure.

Examples
# Display the diagnostic information.
<Eudemon> display diagnostic-information

1.5.9 display device

Function
Using the display device command, you can view the infomation of the device.

Format
display device interface-slot

Parameters
interface-slot: specifies the number of the interface slot in decimal integer. Its value ranges from
0 to 5.

1-144 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
All views

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# View the infomation of the device.
<Eudemon> display device
Quidway E200 Firewall's Device status:

Slot # Type Online Status


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
0 RPU Present Normal
1 4CE1 Present Normal
3 PWR Present Normal
5 FAN Present Normal

1.5.10 display environment

Function
Using the display environment command, you can view the temperature and voltage of the
current monitor point.

Format
display environment

Parameters
None

Views
All views

Default Level
2: Configuration level

Usage Guidelines
None

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-145


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Examples
# View the temperature and voltage of the current monitor point.
<Eudemon> display environment
Environment Temperature information:
local CurrentTemperature LowLimit HighLimit
(deg c ) (deg c) (deg c )
CPU 59 0 95
BOARD 44 0 95
VENT 28 0 65

1.5.11 display firewall logtime

Function
Using the display firewall logtime command, you can display log scan intervals.

Format
display firewall logtime { defend | session | statistic }

Parameters
defend: displays the scan interval of attack-defense logs.

session: displays the scan interval of session logs.

statistic: displays the scan interval of statistics logs.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the scan interval of attack-defense logs.
<Eudemon> display firewall logtime defend
Atack logtime is 30 s.

Related Topics
1.5.20 firewall log-time

1.5.12 display firewall packet-capture configuration

1-146 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the display firewall packet-capture configuration command, you can view the
configuration of the remote packet capture.

Format
display firewall packet-capture configuration

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the configuration of remote packet capture.
<Eudemon> display firewall packet-capture configuration
Capture State: Off
Capture Number: 1024
Sending Queue:
Host: 10.1.1.1:9005
Interface Packet-Direction Type QueueID
Ethernet1/0/0 Both All 2
17:01:03 06-02-2008

Table 1-21 Description of the display firewall packet-capture configuration command output

Field Description

Capture State Indicates the status of packet capture.

Capture Number Indicates the maximum number of captured packets on the interface.

Host Indicates the IP address of the destination host.

Sending Queue Indicates the ID of the queue that is sending packets.

Interface Indicates the name of the interface configured with packet capture.

Packet-Direction Indicates the direction of packet capture configured on the interface.

Type Indicates the type of packet capture configured on the interface.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-147


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Field Description

QueueID Indicates the ID of the queue configured for packet capture on the
interface.

Related Topics
1.5.21 firewall packet-capture

1.5.13 display firewall packet-capture queue

Function
Using the display firewall packet-capture queue command, you can view information about
the packets in the remote packet-capture queue.

Format
display firewall packet-capture queue queue-id [ low-serial [ high-serial ] ]

Parameters
queue-id: specifies the ID of the queue. It ranges from 0 to 4.
low-serial: specifies the serial number of the first packet to be displayed.
high-serial: specifies the serial number of the last packet to be displayed.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display information about the packets in the remote packet-capture queue 2.
<Eudemon> display firewall packet-capture queue 2
Interface: Ethernet0/0/0
Total Packets: 2

Serial Number 0
Direction Egress
Captured Packet Length 98
Original IP/Data Length 84
Packet Content:
Data Link Layer header:

1-148 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

00 e0 4c 83 26 1a 00 18 82 48
c8 8b 08 00
IP/Data Packet:
45 00 00 54 00 0f 00 00 ff 01
b3 8d 03 05 01 01 03 05 01 02
08 00 ce b6 ab d0 00 01 01 6e
dc 25 ba d0 ba d0 00 01 02 03
04 05 06 07 08 09 0a 0b 0c 0d
0e 0f 10 11 12 13 14 15 16 17
18 19 1a 1b 1c 1d 1e 1f 20 21
22 23 24 25 26 27 28 29 2a 2b
2c 2d 2e 2f

Serial Number 1
Direction Ingress
Captured Packet Length 98
Original IP/Data Length 84
Packet Content:
Data Link Layer header:
00 18 82 48 c8 8b 00 e0 4c 83
26 1a 08 00
IP/Data Packet:
45 00 00 54 3b a3 00 00 80 01
f6 f9 03 05 01 02 03 05 01 01
00 00 d6 b6 ab d0 00 01 01 6e
dc 25 ba d0 ba d0 00 01 02 03
04 05 06 07 08 09 0a 0b 0c 0d
0e 0f 10 11 12 13 14 15 16 17
18 19 1a 1b 1c 1d 1e 1f 20 21
22 23 24 25 26 27 28 29 2a 2b
2c 2d 2e 2f

Table 1-22 Description of the display firewall packet-capture queue command output
Field Description

Interface Indicates the name of the interface corresponding with


the queue.

Total Packets Indicates the number of packets to be displayed.

Serial Number Indicates the serial number of the current packet.

Direction Indicates the direction of the current packet.

Captured Packet Length Indicates the length captured.

Original Packet Length Indicates the original length of the packet.

Packet Content Packet Content

Data Link Layer Header Indicates the headers of data link layer packets.

IP/Data Packet Indicates the contents of network layer packets.

Related Topics
1.5.21 firewall packet-capture
1.5.23 firewall packet-capture send queue

1.5.14 display firewall packet-capture statistic

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-149


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Function
Using the display firewall packet-capture statistic command, you can view the schedule and
sending status of remote packet capture.

Format
display firewall packet-capture statistic

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the statistics of packet capture, including packet capture schedule and sending status.
<Eudemon> display firewall packet-capture statistic
QueueID CapturedNumber SentState TCP UDP ICMP Other
----------------------------------------------------------------------
0 10( 10%) Unsent 0.00% 0.00% 100.00% 0.00%
1 0( 0%) Unused 0.00% 0.00% 0.00% 0.00%
2 0( 0%) Unused 0.00% 0.00% 0.00% 0.00%
3 0( 0%) Unused 0.00% 0.00% 0.00% 0.00%
4 0( 0%) Unused 0.00% 0.00% 0.00% 0.00%
17:45:08 06-02-2008

Table 1-23 Description of the display firewall packet-capture statistic command output
Field Description

QueueID Indicates the ID of the queue.

CaptureNumber Indicates the number of captured packets in the queue.

SendState Indicates the sending status of the queue.

TCP Indicates the number of TCP packets in the queue.

UDP Indicates the number of UDP packets in the queue.

ICMP Indicates the number of ICMP packets in the queue.

Other Indicates the number of other types of packets in the queue.

1-150 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.5.21 firewall packet-capture

1.5.15 display info-center

Function
Using the display info-center command, you can display all the information recorded in the
information center.

Format
display info-center [ statistics ]

Parameters
statistics: displays the statistics in the information center.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display all the information recorded in the information center.
<Eudemon> display info-center
Information Center:enabled
Log host:
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 1024, current buffer size 1024,
current messages 30, channel number : 4, channel name : logbuffer
dropped messages 0, overwritten messages 0
Trap buffer:
enabled,max buffer size 1024, current buffer size 1024,
current messages 0, channel number:3, channel name:trapbuffer
dropped messages 0, overwritten messages 0
logfile:
channel number : 9, channel name : channel9, language : english

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-151


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Information timestamp setting:


log - date, trap - date, debug - boot

Table 1-24 Description of the display info-center command output


Item Description

Information Center Enabling the information center

Log host Status of the log host, including its IP address, the channel number,
the channel name, the language and the level of the logging host

Console Status of the console port, including the channel name and the channel
number

Monitor Status of the monitor port, including the channel name and the channel
number

SNMP Agent Status of the network management agent, including the channel names
and the channel numbers

Log buffer Status of the log buffer, including the enabling state, the maximum
size, the current size, the number of the messages, the channel names,
the channel number, the number of the discarded messages and the
number of the superseded messages

Trap buffer Status of the trapping buffer, including the enabling state, the
maximum size, the current size, the number of the messages, the
channel names, the channel numbers, the number of the discarded
messages and the number of the supersedes messages

Logfile Status of the log file, including the channel names, the channel number
and the language

Information Setting of the timestamp, which explains the type of the timestamp of
timestamp setting the log information, alarm information and debug information

Related Topics
1.5.29 info-center enable
1.5.31 info-center loghost
1.5.30 info-center logbuffer
1.5.37 info-center trapbuffer
1.5.28 info-center console channel
1.5.33 info-center monitor channel
1.5.34 info-center snmp channel

1.5.16 display logbuffer

1-152 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the display logbuffer command, you can display the information recorded in the logging
buffer.

Format
display logbuffer [ size sizeval | level levelval | | { begin | include | exclude } regular-
expression ] *
display logbuffer summary [ level levelval ]

Parameters
size sizeval: displays the number of information items in the specified logging buffer. The value
is in the range of 1 to 1024.
level levelval: displays the specified information level. The value is in the range of 1 to 8.
|: filters the output using the regular expressions.
begin: displays the configuration beginning with the specified string (string).
include: displays the configuration including the specified string (string).
exclude: displays the configuration excluding the specified string (string).
regular-expression: specifies the regular expression.
summary: displays the summary of the logging buffer.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
By default, if no parameter is specified in the command, all the information in the logging buffer
is displayed.
If the information number in the current log buffer is smaller than sizeval, the actual items of
the log information are displayed.

Examples
# Display the information in the logging buffer.
<Eudemon> display logbuffer
Logging buffer configuration and contents:enabled
Allowed max buffer size : 1024
Actual buffer size : 1024
Channel number : 4 , Channel name : logbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 1

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-153


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

%Jun 25 11:06:30 2008 Eudemon B SHELL/5/CMD:task:CO0 ip:** user:** command:reset


logbuffer

Table 1-25 Description of the display logbuffer command output

Item Description

Logging Buffer Configuration and contents Status of the log buffer

allowed max buffer size Maximum log buffer size

actual buffer size Actual log buffer size

channel number Channel number

channel name Channel name

dropped messages Discarded massages

overwritten messages Superseded messages

current messages Current messages

Related Topics
1.5.29 info-center enable
1.5.30 info-center logbuffer
1.5.15 display info-center

1.5.17 display patch-information

Function
Using the display patch-information command, you can view information about all the current
patches.

Format
display patch-information

Parameters
None

Views
All views

Default Level
1: Monitoring level

1-154 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
None

Examples
# Display information about the system patch.
<Eudemon> display patch-information
No patch in the memory for CpuId < -1 >.

Related Topics
1.5.38 patch

1.5.18 display schedule reboot

Function
Using the display schedule reboot command, you can view the settings of the parameters of
the 1.5.46 schedule reboot command.

Format
display schedule reboot

Parameters
None

Views
All views

Default Level
3: Management level

Usage Guidelines
None

Examples
# Display the settings of the parameters of the schedule reboot command.
<Eudemon> display schedule reboot
Reboot system at 16:00:00 2002/11/1 (in 2 hours and 5 minutes).

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-155


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Table 1-26 Description of the display schedule reboot command output


Item Description

Reboot system Restart time of the system

Related Topics
1.5.46 schedule reboot

1.5.19 display trapbuffer

Function
Using the display trapbuffer command, you can display the information recorded in the alarm
buffer.

Format
diaplay trapbuffer [ size sizeval ]

Parameters
size sizeval: specifies the number of the information items to be displayed in the specified alarm
buffer. The value is in the range of 1 to 1024.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
By default, if no parameter is specified in the command, all the information in the trapping buffer
is displayed.
If the information number in the current alarm buffer is smaller than sizeval, the actual items of
the alarm information are displayed.

Examples
# Display the information in the alarm buffer.
<Eudemon> display trapbuffer
Trapping Buffer Configuration and contents:
enabled
allowed max buffer size : 1024
actual buffer size : 1024
channel number : 3 , channel name : trapbuffer
dropped messages : 0

1-156 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

overwritten messages : 0
current messages : 0

Table 1-27 Description of the display trapbuffer command output


Item Description

Trapping Buffer Configuration and Status of the alarm buffer


contents

allowed max buffer size Maximum alarm buffer size

actual buffer size Actual alarm buffer size

channel number Channel number

channel name Channel name

dropped messages Discarded messages

overwrote messages Superseded messages

current messages Current messages

Related Topics
1.5.29 info-center enable
1.5.37 info-center trapbuffer
1.5.15 display info-center

1.5.20 firewall log-time

Function
Using firewall log-time command, you can set the time to scan log buffer (including attack-
defending, traffic and traffic monitoring).
Using the undo firewall log-time command, you can restore its default value.

Format
firewall { defend | session | statistic } log-time value
undo firewall { defend | session | statistic } log-time

Parameters
defend: displays the scan interval of attack-defense logs.
session: displays the scan interval of session logs.
statistic: displays the scan interval of statistics logs.
log-time value: specifies the time to scan log buffer. The value ranges from 1 to 65535 seconds.
The default value is 30 seconds.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-157


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
System view

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Set the time to scan attack-defending log buffer to 100s.
<Eudemon> system-view
[Eudemon] firewall defend log-time 100

Related Topics
1.5.16 display logbuffer

1.5.21 firewall packet-capture

Function
Using the firewall packet-capture command, you can enable the remote packet capture function
on the interface.

Using the undo firewall packet-capture command, you can disable the remote packet capture
function on the interface.

Format
firewall packet-capture { all | ip acl-number | other } queue queue-id [ ingress | egress ]

undo firewall packet-capture

Parameters
all: indicates all packets.

ip acl-number: captures IP packets matching the specified ACL rule.

acl-number: specifies the number of the advanced ACL rule. It is an integer in a range of 3000
to 3999.

other: captures non-IP packets.

queue-id: specifies the ID of the queue for packet capture. It ranges from 0 to 4.

ingress: captures inbound packets only.

egress: captures outbound packets only.

1-158 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
Ethernet main interface view, subinterface view

Default Level
2: Configuration level

Usage Guidelines
This command is usually used for analyzing faults on a network.

Examples
# Capture all packets on Ethernet 0/0/0 and save them to queue 2.
<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/0
[Eudemon-Ethernet0/0/0] firewall packet-capture all queue 2

Related Topics
1.5.12 display firewall packet-capture configuration

1.5.22 firewall packet-capture send host

Function
Using the firewall packet-capture send host command, you can specify the IP address and port
number of the destination host that receives the captured packets.

Using the undo firewall packet-capture send host command, you can remove the configuration
related to the destination host.

Format
firewall packet-capture send host ip-address [ destination-port dest-port ]

undo firewall packet-capture send host

Parameters
ip-address: specifies the IP address of the destination host that receives captured packets.

dest-port: specifies the port number of the destination host. It ranges from 1024 to 65535.

Views
System view

Default Level
2: Configuration level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-159


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
This command is usually used for analyzing faults on a network.

Examples
# Send captured packets to the host at 100.1.1.5.
<Eudemon> system-view
[Eudemon] firewall packet-capture send host 100.1.1.5

Related Topics
1.5.12 display firewall packet-capture configuration

1.5.23 firewall packet-capture send queue

Function
Using the firewall packet-capture send queue command, you can send the queue that keeps
packets.

Using the undo firewall packet-capture send queue command, you can stop sending the queue
that keeps packets.

Format
firewall packet-capture send queue queue-id

undo firewall packet-capture send queue queue-id

Parameters
queue-id: specifies the ID of the queue for packet capture. It ranges from 0 to 4.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
This command is usually used for analyzing faults on the network.

This command cannot be used unless captured packets are available and the IP address of the
destination host is specified already.

Examples
# Send stored packets from queue 2.

1-160 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

<Eudemon> system-view
[Eudemon] firewall packet-capture send queue 2

Related Topics
1.5.13 display firewall packet-capture queue

1.5.24 firewall packet-capture startup

Function
Using the firewall packet-capture startup command, you can start the packet capture process
and specify the maximum number of packets captured on each interface.
Using the undo firewall packet-capture startup command, you can stop the packet capture
process.

Format
firewall packet-capture startup [ max_packets ]
undo firewall packet-capture startup

Parameters
max_packets: specifies the maximum number of packets captured on each interface. It ranges
from 1 to 2048. The default value is 1024.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
This command is usually used for analyzing faults on the network.

Examples
# Start the packet capture process and specify the maximum number of packets captured on each
interface to 2048.
<Eudemon> system-view
[Eudemon] firewall packet-capture startup 2048

Related Topics
1.5.12 display firewall packet-capture configuration

1.5.25 firewall session log-type binary discard enable

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-161


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Function
Using the firewall session log-type binary discard enable command , you can enable the
function of sending binary logs for discarded packets.

Using the firewall session log-type binary discard enable command , you can disable the
function of sending binary logs for discarded packets.

Format
firewall session log-type binary discard enable

undo firewall session log-type binary discard enable

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
There are many reasons for packet discarding, such as complying with the deny rule of the ACL,
the default filtering rule of the firewall being deny, and the packet being illegal. If the function
of sending binary logs for discarded packets is enabled, the firewall generates binary logs for
discarded packets and records the corresponding event offset value.

By default, the function of sending binary logs for discarded packets is disabled.

Examples
# Enable the function of sending binary logs for discarded packets.
<Eudemon> system-view
[Eudemon] firewall session log-type binary discard enable
The system performance will be affected when this fuction is enabled! Continue ?[Y/
N]:y

1.5.26 firewall session log-type

Function
Using the firewall session log-type command, you can set the output format of logs.

Using the undo firewall session log-type command, you can restore the default output format
of logs.

1-162 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Format
firewall session log-type { syslog | binary host ip-address port }
undo firewall session log-type

Parameters
syslog: outputs traffic log in syslog format.
binary: outputs traffic log in binary-flow format.
host ip-address: specifies the IP address of the binary log host.
port: specifies the UDP port of the binary log host. The value ranges from 1 to 65535.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Logs can be output in syslog format or binary format.
By default, logs are output in syslog format.

Examples
# Output traffic log in binary format (host address is set to 10.10.10.1 and port number is set to
500).
<Eudemon> system-view
[Eudemon] firewall session log-type binary host 10.10.10.1 500

# Output traffic log in syslog format.


[Eudemon] firewall session log-type syslog

1.5.27 info-center channel

Function
Using the info-center channel command, you can name the specified information channel.
Using the undo info-center channel command, you can restore the default information channel
name.

Format
info-center channel channel-number name channel-name
undo info-center channel channel-number

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-163


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
channel-number: specifies the channel number, in the range of 0 to 9. That is, the system has 10
channels.

channel-name: specifies a channel name. It can be 1 to 30 characters. Note that the first character
of the channel name cannot be numbers or characters as follows: - / \

Views
System view

Default Level
2: Configuration level

Usage Guidelines
The channels should have the same name.

Examples
# Name channel 0 as "execconsole".
<Eudemon> system-view
[Eudemon] info-center channel 0 name execconsole

1.5.28 info-center console channel

Function
Using the info-center console channel command, you can set outputting the information to the
console through a specified channel.

Using the undo info-center console channel command, you can cancel the current
configuration.

Format
info-center console channel { channel-number | channel-name }

undo info-center console channel

Parameters
channel-number: specifies the channel number, in the range of 0 to 9. That is, the system has 10
channels.

channel-name: specifies the channel name.

Views
System view

1-164 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Default Level
2: Configuration level

Usage Guidelines
By default, the log information is output to the console.
This command takes effect only when the log information center is started up.

Examples
# Output the information to the console through a specified channel.
<Eudemon> system-view
[Eudemon] info-center console channel console

Related Topics
1.5.29 info-center enable
1.5.15 display info-center

1.5.29 info-center enable

Function
Using the info-center enable command, you can enable the information center.
Using the undo info-center enable command, you can disable the information center.

Format
info-center enable
undo info-center enable

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the information center is enabled.
The system outputs the information to the log host and the console after the information center
is started up.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-165


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Examples
# Enable the information center.
<Eudemon> system-view
[Eudemon] info-center enable
% information center is enabled

Related Topics
1.5.31 info-center loghost
1.5.30 info-center logbuffer
1.5.37 info-center trapbuffer
1.5.28 info-center console channel
1.5.33 info-center monitor channel
1.5.15 display info-center

1.5.30 info-center logbuffer

Function
Using the info-center logbuffer command, you can enable the log buffer, set the number of the
channel for outputting log information and set the size of the log buffer.

Using the undo info-center logbuffer command, you can restore the default configuration

Format
info-center logbuffer [ channel { channel-number | channel-name } | size buffersize ] *

undo info-center logbuffer [ channel | size ]

Parameters
channel: sets the channel for outputting the information to the log buffer.

channel-number: specifies the channel number, in the range of 0 to 9. That is, the system has 10
channels.

channel-name: specifies the channel name.

size: sets the size of the log buffer.

buffersize: specifies the size of the log buffer (the number of messages in the buffer). The value
is in the range of 0 to 1024.

Views
System view

Default Level
2: Configuration level

1-166 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
By default, allow to output the information the log buffer and the log buffer size is 512.

This command takes effect only when the information center is started up.

By setting the size of the logging buffer, you can control the output information in this direction.

Examples
# Enable the firewall to send information to the log buffer, and set the size of log buffer to 50.
<Eudemon> system-view
[Eudemon] info-center logbuffer size 50

Related Topics
1.5.29 info-center enable
1.5.15 display info-center

1.5.31 info-center loghost

Function
Using the info-center loghost command, you can set outputting the information to the log host.

Using the undo info-center loghost command, you can cancel the current configuration.

Format
info-center loghost ip-address [ channel { channel-number | channel-name } | facility local-
number | language { chinese | english } ] *

undo info-center loghost ip-address

Parameters
ip-address: specifies the IP address of the log host.

channel: sets the information channel of the log host.

channel-number: specifies the channel number. The value is in the range of 0 to 9. That is the
system has 10 channels.

channel-name: specifies the channel name.

facility: sets the tool used by the log host to record information.

local-number: specifies the tool used by the log host to record information. It is in the range of
local0 to local7.

language: sets the language for the recorded information.

chinese, english: log record language, either Chinese or English can be selected.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-167


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, no information is output to the log host.
By default, the information channel of the log host uses the No.2 information channel, whose
channel name is log host. The local-number of the tool used by the log host to record is local7.
This command takes effect only when the information center is started up.
By setting the IP address of logging host, you can control the output information on the specified
direction. At most, the system has 4 log hosts.

Examples
# Enable the firewall to send information to UNIX workstation with the IP address 202.38.160.1.
<Eudemon> system-view
[Eudemon] info-center loghost 202.38.160.1

Related Topics
1.5.29 info-center enable
1.5.15 display info-center

1.5.32 info-center loghost source

Function
Using the info-center loghost source command, you can specify the source interface that sends
the packets to the log host.
Using the undo info-center loghost source command, you can cancel the current configuration.

Format
info-center loghost source interface-type interface-number
undo info-center loghost source

Parameters
interface-type interface-number: specifies the type and number of the interface.

Views
System view

1-168 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Default Level
2: Configuration level

Usage Guidelines
By default, the source address of the packet sent by a firewall is the IP address of the interface
from which the packet is sent out.

If several firewalls output the information to the same log host, use this command to set different
source interfaces on firewalls. In this way, you can determine from which firewall the packet is
sent and search the received messages conveniently.

Examples
# Set the IP address of Ethernet 0/0/0 as the source address of the log message packets.
<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/0
[Eudemon-Ethernet0/0/0] ip address 1.1.1.1 255.255.255.0
[Eudemon-Ethernet0/0/0] quit
[Eudemon] info-center loghost source Ethernet 0/0/0

1.5.33 info-center monitor channel

Function
Using the info-center monitor channel command, you can set outputting the information to
the user terminal through a specified channel.

Using the undo info-center monitor channel command, you can cancel the current
configuration.

Format
info-center monitor channel { channel-number | channel-name }

undo info-center monitor channel

Parameters
channel-number: specifies the channel number, in the range of 0 to 9. That is, the system has 10
channels.

channel-name: specifies the channel name.

Views
System view

Default Level
2: Configuration level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-169


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
By default, no information is output to the user terminal.

This command takes effect only when the information center is started up.

Examples
# Output the information to the user terminal through a specified channel.
<Eudemon> system-view
[Eudemon] info-center monitor channel monitor

Related Topics
1.5.29 info-center enable
1.5.15 display info-center

1.5.34 info-center snmp channel

Function
Using the info-center snmp channel command, you can set the information channel of SNMP.

Using the undo info-center snmp channel command, you can cancel the current configuration.

Format
info-center snmp channel { channel-number | channel-name }

undo info-center snmp channel

Parameters
channel-number: specifies the channel number, in the range of 0 to 9. That is, the system has 10
channels.

channel-name: specifies the channel name.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, channel 5 is used.

This command takes effect only when the information center is enabled.

1-170 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Set channel 6 as the SNMP information channel.
<Eudemon> system-view
[Eudemon] info-center snmp channel 6

Related Topics
1.5.29 info-center enable
1.5.15 display info-center

1.5.35 info-center source

Function
Using the info-center source command, you can add records to the information channel.

Using the undo info-center source command, you can remove the records in the information
channel.

Format
info-center source { module-name | default } { channel { channel-number | channel-name } }
[ log { state { on | off } | level severity } * | trap { state { on | off } | level severity } * |
debug { state { on | off } | level severity } * ] *

undo info-center source { module-name | default } { channel { channel-number | channel-


name }

Parameters
module-name: specifies the module names.

default: sets default information record.

channel-number: specifies the number of the information channel. It ranges from 1 to 9.

channel-name: specifies the name of the channel to be set.

log: specifies the logs.

trap: specifies the alarms.

debug: specifies the debugging information.

on: enables information.

off: disables information.

level: sets information level to disable sending out information whose level is higher than
severity.

severity: specifies the information level. The information center divides the information into 8.
The severer the information is, the lower the information level is. For example, the level of
emergencies is 1 while that of debugging is 8.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-171


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Table 1-28 Definition of eight information levels


Severity Level Description

Emergencies 1 A fatal fault, such as the program works abnormally or the device
memory is wrongly used, occurs to the device. The system must
restart.

Alerts 2 An important fault, such as the device memory reaches the high
limit, occurs to device. The fault then needs to be removed
immediately.

Critical 3 A crucial fault occurs, such as the memory occupancy reaches


the lowest limit, the temperature reaches the lowest limit. The
fault then needs to be analyzed and removed.

Errors 4 A fault caused by wrong operation or wrong process occurs, such


as wrong user password or wrong protocol packets are received
from other devices.The fault does not influence the following
service but needs to be paid attention to.

Warnings 5 An abnormity situation of the running device occurs, such as the


user disables the routing process.The fault needs to be paid
attention to since it may affect the service provision.

Notifications 6 Indicates the key operations used to keep the device run
normally, such as the shutdown command, neighbor discovery
or the state machine.

Informational 7 Indicates the common operations to keep the device run


normally, such as the display command.

Debugging 8 Indicates the common information of the device that need not be
paid attention to.

*: refers to that any option can be selected. You can choose at least one option and at most all
options.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
For the specific modules, the default configurations are as follows:
For the logging information, the state is on and the allowed information level is
informational.
For the trapping information, the state is on and the allowed information level is
informational.

1-172 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

For the debugging information, the state is off.

A default record is set for each information channel. Its module name is "default" and module
number is 0xffff0000. However, for different information channels, the record has different
default values for the log, alarm and debugging information. The default configuration record
will be used if a module has no specified configuration record in the channel.

Examples
# Enable the log information of the AAA module in the SNMP channel, and the highest level
of the output information is emergencies.
<Eudemon> system-view
[Eudemon] info-center source aaa channel snmpagent log level emergencies

# Remove the setting of the HRP module in the SNMP channel.


[Eudemon] undo info-center source hrp channel snmpagent

1.5.36 info-center timestamp

Function
Using the info-center timestamp command, you can set the time stamp format in the output
debugging, alarm or log information.

Using the undo info-center timestamp command, you can restore the default format.

Format
info-center timestamp { trap | debugging | log } { boot | date | none }

undo info-center timestamp { trap | debugging | log }

Parameters
trap: indicates the alarm information.

debugging: indicates the debugging information.

log: indicates the log information.

boot: indicates the time passed since the system starts. It is a relative time period. The format is
xxxxxx.yyyyyy. xxxxxx is the high 32 bits of the milliseconds passed since the system starts
while yyyyyy is the low 32 bits of the milliseconds passed since the system starts.

date: indicates the current date and time in the system. Its format is yyyy/mm/dd-hh:mm:ss in
Chinese environment and is mm/dd/yyyy-hh:mm:ss in English environment.

none: indicates the output information contain no time stamp.

Views
System view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-173


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
2: Configuration level

Usage Guidelines
By default, the date time stamp is used in the alarm and log information, and the boot time stamp
is used in the debugging information.
When date is used, the following table describes each field.

Table 1-29 Description of date


Filed Description Value

yyyy Year Four numbers.

mm Month Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov,
Dec.

dd Day If the day is before 10, insert a space before the day. For
example, "7".

hh:mm:ss Detailed local time hh is in 24-hour format.mm and ss are in the range of 00
to 59.

Examples
# Set the time stamp format of alarm information as boot.
<Eudemon> system-view
[Eudemon] info-center timestamp trap boot

1.5.37 info-center trapbuffer

Function
Using the info-center trapbuffer command, you can enable the alarm buffer, set the channel
for outputting the alarm information and set the size of the alarm buffer.
Using the undo info-center trapbuffer command, you can cancel the current configuration.

Format
info-center trapbuffer [ channel { channel-number | channel-name } | size buffersize ] *
undo info-center trapbuffer [ channel | size ]

Parameters
channel: sets the channel for outputting information to the alarm buffer.
channel-number: sets the channel number, in the range of 0 to 9. That is, the system has 10
channels.

1-174 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

channel-name: sets the channel name.


size buffersize: sets the size of the alarm buffer (the number of information in the buffer). The
value is in the range of 0 to 1024.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, allow to output information to the alarm buffer. The size of the alarm buffer is 256.
This command takes effect only when information center is started up.
By setting the size of the logging buffer, you can control the output information in this direction.

Examples
# Enable the firewall to send information to the alarm buffer and set the size of the alarm buffer
to 30.
<Eudemon> system-view
[Eudemon] info-center trapbuffer size 30

Related Topics
1.5.29 info-center enable
1.5.15 display info-center

1.5.38 patch

Function
Using the patch command, you can set the status of firewall patches.

Format
patch load
patch { active | deactive | delete | run } patch-number

Parameters
active: activates the patch.
deactive: deactivates the patch.
delete: deletes a specific patch.
load: uploads a patch.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-175


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

run: runs a patch.


patch-number: specifies the number of the patch. It ranges from 1 to 200. At present, only 1 can
be supported.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Activate firewall patches.
<Eudemon> system-view
[Eudemon] patch active 1

1.5.39 ping

Function
Using the ping command, you can check the availability of IP network connection and host.

Format
ping [ -a source-ip-address | -c count | -d | -h ttl_value | -i { interface-type interface-number }
| ip | -n | -p pattern | -q | -r | -s packetsize | -t timeout | -tos tos | -v | -vpn-instance vpn-instance-
name ] * host

Parameters
-a source-ip-address: sets the source IP address for sending the ICMP ECHO-REQUEST packet.
-c count: indicates the number of ICMP ECHO-REQUEST packet transmission events. The
value is in the range of 1 to 4294967295.
-d: sets socket as DEBUG mode.
-h ttl_value: sets the value of TTL. The value is in the range of 1 to 255.
-i interface-type interface-number: sets the interface for sending ICMP ECHO-REQUEST
packets.
-n: uses the host parameters directly as IP address without domain name resolution.
-p pattern: indicates the filling byte of ICMP ECHO-REQUEST packet in hexadecimal format,
with the value ranging from 0 to FFFFFFFF. For example, -p ff fills the entire packet as ff.
-q: displays no other specific information except statistics.

1-176 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

-r: records routes.


-s packetsize: specifies the length of the ECHO-REQUEST packet (excluding IP and ICMP
headers) in bytes, ranging from 20 to 8100.
-t timeout: specifies the time-out in milliseconds for waiting for ECHO-RESPONSE upon
completion of sending ECHO-REQUEST, ranging from 0 to 65535.
-tos tos: specifies the assigned value for sending out the ECHO-REQUEST packets, ranging
from 0 to 255.
-v: displays the received non-ECHO-RESPONSE packets. By default, non-ECHO-RESPONSE
packets are not displayed.
-vpn-instance vpn-instance-name: indicates the VPN instance name. It is a string of 1 to 19
characters.
host: specifies the domain name or the IP address of the destination host.
ip: indicates the IP protocol.

Views
All views

Default Level
0: Visit level

Usage Guidelines
If the above parameters are not specified:
l count is set to 5.
l Socket is not set in DEBUG mode.
l First, host is treated as IP address, if it is not an IP address, the system will perform domain
name resolution.
l pattern starts with 0x01 and ends with 0x09, then repeated.
l No routing is recorded.
l All information (including statistics) is displayed.
l packetsize is set to 56.
l timeout is set to 2000.
l The ICMP packets other than ECHO-RESPONSE packet are not displayed.
l No vpn-instance parameter is configured.

The ping process is described as follows: the source first sends ICMP ECHO-REQUEST packet
to the destination; if the destination network operates normally, the destination host will return
ICMP ECHO-REPLY packet to the source host after receiving ICMP ECHO-REQUEST packet.
You can use the ping command to test the network connection and line quality, and its output
information includes:
l The destination makes response to each echo request packet as follows: If the source does
not receive the response packet within the timeout, the system prompts "Request time out."

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-177


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Otherwise, the system displays bytes of the response packet, sequence number of the packet,
TTL, response time, and so on.
l The final statistics includes the number of sent packets, number of received response
packets, percentage of non-response packets, and minimum, maximum, and average values
of response time.
l If the network transmission speed is slower, you can appropriately increase the timeout.

Examples
# Check whether the host with the IP address 10.1.1.2 is reachable.
<Eudemon> ping 10.1.1.2
ping 10.1.1.2 : 56 data bytes , press CTRL-C to break
Reply from 10.1.1.2 : bytes=56 sequence=1 ttl=255 time = 1ms
Reply from 10.1.1.2 : bytes=56 sequence=2 ttl=255 time = 2ms
Reply from 10.1.1.2 : bytes=56 sequence=3 ttl=255 time = 1ms
Reply from 10.1.1.2 : bytes=56 sequence=4 ttl=255 time = 3ms
Reply from 10.1.1.2 : bytes=56 sequence=5 ttl=255 time = 2ms
--10.1.1.2 ping statistics--
5 packets transmitted
5 packets received
0% packet loss
round-trip min/avg/max = 1/2/3 ms

Table 1-30 Description of the ping command output


Item Description

ping x.x.x.x IP address of the destination host.

x data bytes Length of the sent ECHO-REQUEST packets.

press CTRL-C to Press CTRL + C to terminate the ping test.


break

Reply from x.x.x.x Describes the packets sent by the destination host for responding the
ECHO-REQUEST packets, including:
bytes: indicates the length of the response packets.
sequence: indicates the sequence number of the response packets.
ttl: indicates the TTL value of the response packets.
time: indicates the response time, in milliseconds.
If no response packet is received within the timeout time, "Request
time out" is displayed.

x.x.x.x ping statistics Indicates the statistics about the result of pinging. It includes:
packets transmitted: indicates the number of the sent ECHO-
REQUEST packets.
packets received: indicates the number of the received ECHO-
REQUEST packets.
% packet loss: indicates the percentage of the packets without
response.
round-trip min/avg/max: indicates the maximum, average and
minimum response time.

1-178 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Related Topics
1.5.51 tracert

1.5.40 reset firewall log-buf

Function
Using the reset firewall log-buff command, you can reset the log buffer.

Format
reset firewall log-buf { session | defend | statistic }

Parameters
session: resets traffic log buffer.

defend: resets attack-defense log buffer.

statistic: resets traffic monitoring log buffer.

Views
User view

Default Level
2: Configuration level

Usage Guidelines
If the contents in the log buffer are cleared, they cannot be restored.

Examples
# Reset the traffic log buffer.
<Eudemon> reset firewall log-buf session

1.5.41 reset firewall packet-capture

Function
Using the reset firewall packet-capture command, you can clear up all queues or a specified
queue.

Format
reset firewall packet-capture { all | queue queue-id }

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-179


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
all: clears up all queues.
queue queue-id: specifies the ID of the queue to be cleared up. It ranges from 0 to 4.

Views
User view

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Clear up queue 2.
<Eudemon> reset firewall packet-capture queue 2

Related Topics
1.5.23 firewall packet-capture send queue

1.5.42 reset logbuffer

Function
Using the reset logbuffer command, you can clear the information in the log buffer.

Format
reset logbuffer

Parameters
None

Views
User view

Default Level
3: Management level

Usage Guidelines
None

1-180 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Clear the information in the log buffer.
<Eudemon> reset logbuffer

Related Topics
1.5.16 display logbuffer

1.5.43 reset trapbuffer

Function
Using the reset trapbuffer command, you can clear the information in the alarm buffer.

Format
reset trapbuffer

Parameters
None

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Clear the information in the alarm buffer.
<Eudemon> reset trapbuffer

Related Topics
1.5.19 display trapbuffer

1.5.44 service modem-callback

Function
Using the service modem-callback command, you can enable Callback.
Using the undo service modem-callback command, you can disable Callback.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-181


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Format
service modem-callback
undo service modem-callback

Parameters
None

Views
System view

Default Level
3: Management level

Usage Guidelines
By default, Callback is disabled.

Examples
# Enable Callback.
<Eudemon> system-view
[Eudemon] service modem-callback

1.5.45 session log enable

Function
Using the session log enable command, you can enable recording of inter-zone traffic logs. If
you set the parameter acl-number, the system records traffic logs of the specified ACL.
Otherwise, the system records logs of all inter-zone traffic.
Using undo session log enable command, you can disable recording of any inter-zone traffic
log.

Format
session log enable [ acl-number acl-number ]
undo session log enable [ acl-number acl-number ]

Parameters
acl-number: specifies an ACL number in a range of 2000 to 3999.

Views
Inter-zone view

1-182 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Default Level
2: Configuration level

Usage Guidelines
By default, the system does not record inter-zone traffic logs.

Examples
# Enable recording of the traffic log of ACL 3100 between zones Trust and Untrust.
<Eudemon> system-view
[Eudemon] firewall interzone trust untrust
[Eudemon-interzone-trust-untrust] session log enable acl-number 3100

# Disable recording of traffic logs between zones Trust and Untrust.


[Eudemon-interzone-trust-untrust] undo session log enable

1.5.46 schedule reboot

Function
Using the schedule reboot command, you can enable the schedule restart of a firewall, and set
the time at which a firewall restarts or the time for a firewall to wait to restart.
Using the undo schedule reboot command, you can disable the schedule restart function.

Format
schedule reboot { at exact-time | delay interval }
undo schedule reboot

Parameters
at: sets the time at which a firewall restarts.
exact-time: specifies the time at which a firewall restarts. The format is hh:mm YYYY/ MM/
DD. The value of hh ranges from 0 to 23, and the value of mm ranges from 0 to 59. YYYY/
MM/DD is optional.
delay: sets the time for a firewall to wait to restart.
interval: specifies the delay for a firewall to restart. The format is hhh:mm or mmm. The value
of hhh ranges from 0 to 720, the value of mm ranges from 0 to 59, and the value of mmm ranges
from 0 to 43200.

Views
User view

Default Level
3: Management level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-183


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
By default, the schedule restart function is disabled on the firewall.

If the schedule reboot at command is used to set a specific date parameter (yyyy/mm/dd) and
the date is a future date, the firewall restarts at the set time and the error is within 1 minute.

If no specific date is set, the following situations occur:

l If the set time is after the current time, the firewall restarts at this time that day.
l If the set time is before the current time, the firewall restarts at this time next day.

Note: The distance between the set date and the current date cannot be greater than 30 days. In
addition, after this command is used, the system prompts you to confirm the input information.
The setting takes effect only after you enter "Y" or "y". If the related setting already exists, the
current setting overwrites the old one.

After the schedule reboot command is used, the parameters set by using the schedule reboot
command become invalid when the clock command is used to adjust the time of the system.

Examples
# Configure a firewall to restart at 22:00 if the current time is 15:50.
<Eudemon> schedule reboot at 22:00
Reboot system at 22:00:00 2000/04/02(in 19 hours and 22 minutes)
confirm?[Y/N]:y

Related Topics
1.5.18 display schedule reboot

1.5.47 terminal debugging

Function
Using the terminal debugging command, you can enable the terminal debugging.

Using the undo terminal debugging command, you can disable the function.

Format
terminal debugging

undo terminal debugging

Parameters
None

Views
User view

1-184 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Default Level
1: Monitoring level

Usage Guidelines
By default, the terminal debugging is disabled.

Examples
# Enable the terminal debugging.
<Eudemon> terminal debugging

Related Topics
1.5.49 terminal monitor

1.5.48 terminal logging

Function
Using the terminal logging command, you can enable the terminal log information.

Using the undo terminal logging command, you can disable the terminal log information.

Format
terminal logging

undo terminal logging

Parameters
None

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
By default, the terminal log information is enabled.

Examples
# Disable the terminal log information.
<Eudemon> undo terminal logging

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-185


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.5.49 terminal monitor

1.5.49 terminal monitor

Function
Using the terminal monitor command, you can enable the terminal monitor function.

Using the undo terminal monitor command, you can cancel the configuration.

Format
terminal monitor

undo terminal monitor

Parameters
None

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
By default, the terminal monitor information is disabled but the console monitor is enabled.

The command only affects the current terminal inputting the commands.

When terminal monitor is disabled, it is equivalent to the execution of undo terminal


debugging, undo terminal logging and undo terminal trapping commands, that is, all the
debugging or logging or alarming information is not displayed at the local terminal.

When terminal monitor is enabled, you can use the terminal debugging/undo terminal
debugging, terminal logging/undo terminal logging, or terminal trapping/undo terminal
trapping command to enable/disable debugging, log or alarm information.

Examples
# Disable the terminal monitor function.
<Eudemon> undo terminal monitor

1.5.50 terminal trapping

1-186 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the terminal trapping command, you can enable displaying the terminal alarm
information.
Using the undo terminal trapping command, you can disable displaying the terminal alarm
information.

Format
terminal trapping
undo terminal trapping

Parameters
None

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
By default, displaying the terminal alarm information is enabled.

Examples
# Disable displaying the terminal alarm information.
<Eudemon> undo terminal trapping

1.5.51 tracert

Function
Using the tracert command, you can test the gateways that datagram pass along from sending
host to the destination. This command is mainly used to check whether the network connection
is reachable and locate failures that have occurred in the network.

Format
tracert [ -a source-ip-address | -f first_TTL | -m max_TTL | -p port | -q nqueries | -vpn-
instance vpn-instance-name | -w timeout ] * host

Parameters
-a source-ip-address : indicates the source address of the packets configured for the current
tracert command. It is in dotted decimal notation and should be the address of a local interface.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-187


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

-f first_TTL: indicates the initial TTL. It ranges from 1 to max-TTL. By default, it is 1.


-m max_TTL: indicates the maximum TTL. It ranges from first-TTL to 255. By default, it is
255.
-p port: indicates the port number of the destination host. The value ranges from 0 to 65535. By
default, it is 33434.
-q nqueries: indicates the number of packets tracert packets sent each time. The value ranges
from 1 to 65535. By default, it is 3.
-vpn-instance vpn-instance-name: sets the VPN instance name the destination tracert host
belongs to. It is a string of 1 to 19 in characters.
-w timeout: indicates the timeout time for waiting the response packets, in milliseconds. It ranges
from 0 to 65535. By default, it is 5000 milliseconds.
host: specifies the domain name or the IP address of the destination host.

Views
All views

Default Level
0: Visit level

Usage Guidelines
The tracert process is described as follows: the source first sends a packet with TTL as 1, so
hop 1 sends back an ICMP error message to specify that the packet is not sent (TTL times out),
then the packet is resent with TTL as 2, likewise hop 2 returns TTL timeout, and this process
will go on until the packet reaches the destination. The process is to record the source address
of each ICMP TTL timeout message, so as to provide the routes through which an IP packet
passes on the way to the destination.
The ping command is used to detect network failures while the tracert command is used to
locate network failures.
The output of the tracert command also contains the IP addresses of all gateways the packet
passes when being sent to the destination. If one of gateways times out, " * * * " is displayed.

Examples
# Display the gateway along the path between the local hosts to 18.26.0.115.
<Eudemon> tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *

1-188 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms


14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms

Related Topics
1.5.39 ping

1.6 Web Management Commands

1.6.1 debugging ssl


1.6.2 debugging web-manager
1.6.3 display web-manager
1.6.4 web-manager
1.6.5 reset web-manager statistics

1.6.1 debugging ssl

Function
Using the debugging ssl command, you can enable the SSL debugging function.

Using the undo debugging ssl command, you can disable the SSL debugging function.

Format
debugging ssl { all | event | handshake | warnning }

undo debugging ssl { all | event | handshake | warnning }

Parameters
all: indicates all the SSL debugging functions.

event: indicates the SSL event debugging functions.

handshake: indicates the SSL handshake debugging functions.

warning: indicates the SSL alarm debugging functions.

Views
User view

Default Level
1: Monitoring level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-189


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
By default, the SSL debugging function is disabled.

Examples
# Enable all the debugging functions of the SSL.
<Eudemon> debugging ssl all
11:58:57 05-26-2008

Related Topics
1.6.4 web-manager

1.6.2 debugging web-manager

Function
Using the debugging web-manager command, you can enable the debugging function of the
Web server.

Using the undo debugging web-manager command, you can disable the debugging function
of the Web server.

Format
debugging web-manager { all | config-process | event | info-process }

undo debugging web-manager { all | config-process | event | info-process }

Parameters
all: indicates all the debugging functions of the Web servers.

config-process: indicates the configuration debugging function of the Web server.

event: indicates the event debugging function of the Web server.

info-process: indicates the query debugging function of the Web server.

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
By default, the debugging function of the Web server is disabled.

1-190 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Enable all the debugging functions of the Web server.
<Eudemon> debugging web-manager all

Related Topics
1.6.4 web-manager

1.6.3 display web-manager

Function
Using the display web-manager command, you can display the relevant information of the Web
server.

Format
display web-manager { configuration | statistics | users }

Parameters
configuration: displays the basic configuration of the Web server.
statistics: displays the statistics information of the Web server.
users: displays the online user information of the Web server.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the basic configuration information of the Web server.
<Eudemon> display web-manager configuration
Httpd server is enable.
rootdir is FLASH:/web/.
default file name is /home.html.
HTTP port is 80.

Httpd security server is enable.


rootdir is FLASH:/web/.
default file name is /home.html.
HTTP port is 443.

11:43:33 05-26-2008

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-191


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

# Display the statistics information of the Web server.


<Eudemon> display web-manager statistics
HTTP Statistics:
RecvAll :4472
RecvHttpMsg :703
RecvHttpAcceptMsg :13
RecvHttpReadMsg :301
RecvHttpWriteMsg :363
RecvHttpCloseMsg :0
RecvHttpPeerCloseMsg :13
RecvHttpErrMsg :0
RecvMsgErr :0
SndAll :0
SndHttpHeader :0
AcceptErr :0
RecvHttpErr :301
SndErr :0
MemAllocErr :0
CloseByCheckSockTimeout :0
HttpTooLarge :0
11:44:11 05-26-2008

# Display the online user information of the Web server.


<Eudemon> display web-manager users
Username CurOnline SockNum
-------------------------------------------------------
user1 1 0
user2 1 0
-------------------------------------------------------
Total online web users: 2
Total SockNum: 4, SessionNum: 2
-------------------------------------------------------
----------detail users info----------------------------
UserName Level UserIp LoginTime
-------------------------------------------------------
user1 1 20.20.20.87 2015/09/04 20:35:06
user2 3 20.20.20.87 2015/09/04 20:34:12
---------End------------------------------------------

Related Topics
1.6.4 web-manager

1.6.4 web-manager

Function
Using the web-manager command, you can enable the Web server function.
Using the undo web-manager command, you can disable the Web server function.

Format
web-manager [ security ] enable [ port port-number ]
undo web-manager [ security ] enable [ port port-number ]

Parameters
security: indicates the type of interactive packets exchanged between the Web browser and the
Web server.

1-192 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

l The key word security is not selected.


The interactive packets between the Web browser and the Web server are HTTP packets.
The default port number is 80.
l The key word security is selected.
The interactive packets between the Web browser and the Web server are HTTPS packets.
The default port number is 443.
port-number: specifies the number of the listening port of the Web management server.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Enable the Web server function.
<Eudemon> system-view
[Eudemon] web-manager security enable
The web server enable command has been sent!
Enable http security-server successfully !
11:38:23 05-26-2008

# Disable the Web server function.


<Eudemon> system-view
[Eudemon] undo web-manager security enable
The web server disable command has been sent!
Disable http security-server successfully !
11:41:49 05-26-2008

Related Topics
1.6.3 display web-manager

1.6.5 reset web-manager statistics

Function
Using the reset web-manager statistics command, you can clear the statistics of Web server.

Format
reset web-manager statistics

Parameters
None

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-193


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
User view

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Clear the statistics of Web server.
<Eudemon> reset web-manager statistics

Related Topics
1.6.4 web-manager

1.7 NTP Configuration Commands

1.7.1 debugging ntp-service


1.7.2 display ntp-service sessions
1.7.3 display ntp-service status
1.7.4 display ntp-service trace
1.7.5 ntp-service access
1.7.6 ntp-service authentication enable
1.7.7 ntp-service authentication-keyid
1.7.8 ntp-service broadcast-client
1.7.9 ntp-service broadcast-server
1.7.10 ntp-service in-interface disable
1.7.11 ntp-service max-dynamic-sessions
1.7.12 ntp-service multicast-client
1.7.13 ntp-service multicast-server
1.7.14 ntp-service refclock-master
1.7.15 ntp-service reliable authentication-keyid
1.7.16 ntp-service source-interface
1.7.17 ntp-service unicast-peer
1.7.18 ntp-service unicast-server

1-194 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

1.7.1 debugging ntp-service

Function
Using the debugging ntp-service command, you can enable debugging switches of NTP service.

Using the undo debugging ntp-service command, you can disable the relevant debugging
switch.

Format
debugging ntp-service { access | adjustment | authentication | event | filter | packet |
parameter | refclock | selection | synchronization | validity | all }

undo debugging ntp-service { access | adjustment | authentication | event | filter | packet |


parameter | refclock | selection | synchronization | validity | all }

Parameters
access: refers to the NTP access debugging switch.

adjustment: refers to the NTP clock adjustment debugging switch.

all: refers to all NTP debugging switches.

authentication: refers to the NTP identity authentication debugging switch.

event: refers to the NTP event debugging switch.

filter: refers to the NTP filter debugging switch.

packet: refers to the NTP packet debugging switch.

parameter: refers to the NTP clock parameter debugging switch.

refclock: refers to the NTP reference clock debugging switch.

selection: refers to the NTP clock selection debugging switch.

synchronization: refers to the NTP clock synchronization debugging switch.

validity: refers to the NTP validity debugging switch.

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
By default, all debugging switches are disabled.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-195


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Examples
# Enable NTP access debugging switch.
<Eudemon> debugging ntp-service access

1.7.2 display ntp-service sessions

Function
Using the display ntp-service sessions command, you can display the status of all the sessions
maintained by the local NTP.

Format
display ntp-service sessions [ verbose ]

Parameters
verbose: displays the details of the NTP session. If verbose is not specified, the summary NTP
session is displayed.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the NTP sessions maintained by the local NTP.
<Eudemon> display ntp-service sessions
source reference stra reach poll now offset delay disper
********************************************************************************
[12345]3.2.2.1 LOCAL(0) 2 3 64 19 0.0 16.5 0.5
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

1.7.3 display ntp-service status

Function
Using the display ntp-service status command, you can display the status of NTP.

Format
display ntp-service status

1-196 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Parameters
None

Default Level
1: Monitoring level

Usage Guidelines
Through the displayed status of NTP, you can know the synchronization state and the clock
stratum of the current node.

Examples
# Display the status of NTP.
<Eudemon> display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 3.2.2.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0065 ms
root delay: 16.50 ms
root dispersion: 1.07 ms
peer dispersion: 0.00 ms
reference time: 18:30:22.878 UTC Jun 28 2008(CC1101BE.E0FD4BF0)

Table 1-31 Description of the display ntp-service status command output


Item Description

clock status: Clock status


l Synchronized: indicates that the local system is synchronized with
another NTP server or a reference clock.
l Unsynchronized: indicates that the local system is not synchronized
with any NTP server.

clock stratum: Stratum of the local system clock

reference clock Reference clock


ID: l If the local system clock has been synchronized with another remote
NTP server or a reference clock, this field displays the identifier of the
remote NTP server or reference clock.
l If the local system clock acts as a reference clock, this field displays
"Local".

nominal Nominal frequency of the local system clock


frequence:

actual frequence: Actual frequency of the local system clock

clock precision: Precision of the local system clock

clock offset: Offset between the local system clock to the NTP server

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-197


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Item Description

root delay: Total delay between the local system clock to the primary reference clock

root dispersion: Dispersion between the local system clock to the primary reference clock

peer dispersion: Dispersion between the local system clock and the remote NTP peer

reference time: Reference timestamp

1.7.4 display ntp-service trace

Function
Using the display ntp-service trace command, you can display the summary of each NTP time
server when you trace the reference clock source from the local device.

Format
display ntp-service trace

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
This command is used to display the summary of each NTP server when you trace the reference
clock source from the local device along the time synchronous NTP server chain.

Examples
# Display the summary of each NTP time server when you trace the reference clock source from
the local device.
<Eudemon> display ntp-service trace
server 127.0.0.1,stratum 3, offset 101856.432708, synch distance 0.00861
server 3.2.2.1,stratum 2, offset 0.005142, synch distance 0.00000
refid 127.127.1.0

1-198 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Table 1-32 Description of the display ntp service trace command output

Item Description

server IP address of the NTP server

stratum Stratum of the associated local clock source

offset Offset to the upper stratum clock source

synch distance The synchronous distance to the upper level clock source. This parameter
evaluates and describes the clock source and NTP chooses the closest clock
source

refid Reference clock source

1.7.5 ntp-service access

Function
Using the ntp-service access command, you can set the access control authority of the local
NTP.

Using the undo ntp-service access command, you can cancel the configured access control
authority.

Format
ntp-service access { query | synchronization | server | peer } acl-number

undo ntp-service access { query | synchronization | server | peer }

Parameters
query: sets the maximum access limitation. Control query can be performed only on the local
NTP service.

synchronization: enables the server to access. Only time request can be performed on the local
NTP service.

server: enables the server access and query. Both time requests and control query can be
performed on the local NTP service, but the local clock cannot be synchronized to the remote
server.

peer: sets the fully access authority. Both time request and control query can be performed on
the local NTP service, and the local clock can be synchronized to the remote server.

acl-number: specifies the IP address access list number. The value is in the range of 2000 to
2999.

Views
System view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-199


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
2: Configuration level

Usage Guidelines
By default, no access authority is set.

Compared with NTP authentication, ntp-service access is simpler to assure the network security.
When receiving an access query, the NTP server matches it with peer, server,
synchronization and query orderly, that is, from the minimum access restriction to the
maximum access restriction.

Based on the access limitation to be implemented, configure this command accordingly.

Table 1-33 Description of the NTP access authority

NTP Operation Supported


Mode Restricted NTP Query Devices

Unicast NTP server or Synchronizing the client with the server Client
client mode

Unicast NTP server or Clock synchronization request from the Server


client mode client

NTP peer mode Clock synchronization with each other Symmetric active
end

NTP peer mode Clock synchronization request from the Symmetric passive
active end end

NTP multicast mode Synchronizing the client with the server NTP multicast
client

NTP broadcast mode Synchronizing the client with the server NTP broadcast
client

Examples
# Enable the peer in ACL 2000 to perform time request, query control and time synchronization
on the local device.
<Eudemon> system-view
[Eudemon] ntp-service access peer 2000

# Enable the peer in ACL 2002 to perform time request, query control on the local device.
[Eudemon] ntp-service access synchronization 2002

1.7.6 ntp-service authentication enable

1-200 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the ntp-service authentication enable command, you can enable identity authentication
for NTP.
Using the undo ntp-service authentication enable command, you can disable the identity
authentication.

Format
ntp-service authentication enable
undo ntp-service authentication enable

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, no identity authentication is disabled.
Identity authentication in NTP applies to a network requiring high security.

Examples
# Enable identity authentication for NTP.
<Eudemon> system-view
[Eudemon] ntp-service authentication enable

Related Topics
1.7.7 ntp-service authentication-keyid

1.7.7 ntp-service authentication-keyid

Function
Using the ntp-service authentication-keyid command, you can set NTP authentication key.
Using the undo ntp-service authentication-keyid command, you can remove NTP
authentication key.

Format
ntp-service authentication-keyid key-id authentication-mode md5 password

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-201


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

undo ntp-service authentication-keyid key-id

Parameters
key-id: specifies the key number in the range of 1 to 4294967295.
authentication-mode md5 password: indicates the MD5 authentication password. It is a string
of 1 to 32 characters.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, no authentication key is set.
NTP supports only the MD5 authentication mode.

Examples
# Set MD5 authentication key. The key ID number is 10 and the key is BetterKey.
<Eudemon> system-view
[Eudemon] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey

Related Topics
1.7.6 ntp-service authentication enable
1.7.15 ntp-service reliable authentication-keyid

1.7.8 ntp-service broadcast-client

Function
Using the ntp-service broadcast-client command, you can configure the NTP broadcast client
mode.
Using the undo ntp-service broadcast-client command, you can cancel configuring the NTP
broadcast client mode.

Format
ntp-service broadcast-client
undo ntp-service broadcast-client

Parameters
None

1-202 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
Interface view

Default Level
2: Configuration level

Usage Guidelines
By default, the NTP broadcast client mode is not configured.
The local device automatically runs the broadcast-client mode once being specified to receive
the NTP broadcast messages on the current interface.

Examples
# Enable Ethernet 0/0/1 to receive NTP broadcast messages.
<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/1
[Eudemon-Ethernet0/0/1] ntp-service broadcast-client

Related Topics
1.7.9 ntp-service broadcast-server

1.7.9 ntp-service broadcast-server

Function
Using the ntp-service broadcast-server command, you can configure the NTP broadcast server
mode.
Using the undo ntp-service broadcast-server command, you can cancel configuring the NTP
broadcast server mode.

Format
ntp-service broadcast-server [ authentication-keyid key-id | version number ] *
undo ntp-service broadcast-server

Parameters
authentication-keyid key-id: specifies the authentication key ID number used to transmit
message to broadcast clients. The value is in the range of 0 to 4294967295.
version number: defines the NTP version number. The value is in the range of 1 to 3. By default,
it is 3.

Views
Interface view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-203


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Default Level
2: Configuration level

Usage Guidelines
By default, the broadcast service is not configured.

Once being specified to send NTP broadcast packets from the current interface, the local device
auto runs as the broadcast server to transmit broadcast messages periodically to the broadcast
clients.

Examples
# Enable Ethernet 1/0/0 to send NTP broadcast packets, with the authentication key number as
4 and the NTP version as 3.
<Eudemon> system-view
[Eudemon] interface Ethernet 1/0/0
[Eudemon-Ethernet1/0/0] ntp-service broadcast-server authentication-key 4 version 3

Related Topics
1.7.8 ntp-service broadcast-client

1.7.10 ntp-service in-interface disable

Function
Using the ntp-service in-interface disable command, you can disable the interface from
receiving the NTP message.

Using the undo ntp-service in-interface disable command, you can enable the interface to
receive the NTP message.

Format
ntp-service in-interface disable

undo ntp-service in-interface disable

Parameters
None

Views
Interface view

Default Level
2: Configuration level

1-204 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
By default, the interface is enabled to receive the NTP message.

Examples
# Disable Ethernet 1/0/0 from receiving the NTP message.
<Eudemon> system-view
[Eudemon] interface Ethernet 1/0/0
[Eudemon-Ethernet1/0/0] ntp-service in-interface disable

1.7.11 ntp-service max-dynamic-sessions

Function
Using the ntp-service max-dynamic-sessions command, you can set the maximum dynamic
NTP session allowed to be set up.
Using the undo ntp-service max-dynamic-sessions command, you can restore the default.

Format
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions

Parameters
number: specifies the number of dynamic NTP sessions allowed to be set up. The value is in the
range of 0 to 100.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, 100 sessions are allowed to be set up.
Note the following when using the ntp-service max-dynamic-sessions command:
l This command limits the number of only dynamic sessions.
l Using this command does not affect the NTP session that has been set up. When the number
of sessions exceeds the limitation, session cannot be set up any more.
l Configure this command only on the client. The server does not record the number NTP
sessions.
NOTE
Unicast server/client mode and peer mode are configured through the command line. So, sessions between
them are static. Sessions set up in the broadcast and multicast modes are dynamic.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-205


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Examples
# Set the maximum NTP dynamic sessions allowed to be set up to 50.
<Eudemon> system-view
[Eudemon] ntp-service max-dynamic-sessions 50

1.7.12 ntp-service multicast-client

Function
Using the ntp-service multicast-client command, you can configure the NTP multicast client
mode.
Using the undo ntp-service multicast-client command, you can cancel configuring the NTP
multicast client mode.

Format
ntp-service multicast-client [ ip-address ]
undo ntp-service multicast-client [ ip-address ]

Parameters
ip-address: specifies the multicast IP address, which is a Class D address. By default, it is
224.0.1.1.

Views
Interface view

Default Level
2: Configuration level

Usage Guidelines
By default, the multicast client service is disabled.
Once being specified to receive NTP multicast messages on the current the interface, the local
device auto runs the multicast-client mode.

Examples
# Configure Ethernet 0/0/1 to receive NTP multicast messages. The multicast address of the
multicast packets is 244.0.1.1.
<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/1
[Eudemon-Ethernet0/0/1] ntp-service multicast-client 224.0.1.1

Related Topics
1.7.9 ntp-service broadcast-server

1-206 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

1.7.13 ntp-service multicast-server

Function
Using the ntp-service multicast-server command, you can specify an interface on the local
device to send NTP multicast packets. The local device is run in the multicast server mode.

Using the undo ntp-service multicast-server command, you can cancel configuring the NTP
multicast server mode.

Format
ntp-service multicast-server [ ip-address ] [ authentication-keyid key-id | ttl ttl-number |
version number ] *

undo ntp-service multicast-server [ ip-address ]

Parameters
ip-address: specifies the multicast IP address, which is a Class D address. By default, it is
224.0.1.1.

authentication-keyid key-id: specifies the authentication key ID number used when sending
messages to the multicast clients. The value is in the range of 0 to 4294967295.

ttl ttl-number: specifies the life span of the multicast packet, in the range of 1 to 255.

version number: specifies the NTP version number, in the range of 1 to 3. By default, it is 3.

Views
Interface view

Default Level
2: Configuration level

Usage Guidelines
By default, the multicast service is not configured.

Specify a local interface on the local device to send NTP multicast messages. The local device
runs in multicast-server mode as a multicast-server, periodically sending multicast messages to
the multicast client.

Examples
# Configure Ethernet 0/0/1 to send NTP multicast messages. The multicast address is 244.0.1.1,
the authentication key number is 4 and the NTP version number is 3.
<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/1
[Eudemon-Ethernet0/0/1] ntp-service multicast-server 224.0.1.1 authentication-
keyid 4 version 3

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-207


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Related Topics
1.7.12 ntp-service multicast-client

1.7.14 ntp-service refclock-master

Function
Using the ntp-service refclock-master command, you can set the external reference clock or
the local clock to be the NTP master clock that provides the synchronizing time for other devices.
Using the undo ntp-service refclock-master command, you can cancel configuring the NTP
master clock.

Format
ntp-service refclock-master [ ip-address ] [ stratum ]
undo ntp-service refclock-master [ ip-address ]

Parameters
ip-address: specifies the IP address of the local clock 127.127.t.u. t ranges from 0 to 37. At
present, it is 1, indicating the local reference clock; u ranges from 0 to 3, indicating the NTP
process number. If no ip-address is specified, by default, the local clock 127.127.1.0 is as the
NTP master clock.
stratum: specifies the stratum of the NTP master clock. The value is in the range of 1 to 15. By
default, it is 8. The smaller the value is, the more accurate the timer is.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, no NTP master clock is specified.
The number of layers of the devices that are time synchronized is automatically set to one larger
than that of the devices providing the synchronizing time.

Examples
# Set the local clock to be the NTP master clock, the stratum of which set to 3.
<Eudemon> system-view
[Eudemon] ntp-service refclock-master 3

1.7.15 ntp-service reliable authentication-keyid

1-208 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Function
Using the ntp-service reliable authentication-keyid command, you can specify the
authentication key to be reliable.
Using the undo ntp-service reliable authentication-keyid command, you can cancel the
current setting.

Format
ntp-service reliable authentication-keyid key-id
undo ntp-service reliable authentication-keyid key-id

Parameters
keyid: specifies the key number. It is an integer ranging from 1 to 4294967295.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, no authentication key is specified to be reliable.
If the identity authentication is enabled, this command is used to specify that one or more keys
are reliable. That is, the client can only synchronize the server that provides the reliable key.
The client cannot synchronize the server that provides reliable keys.

Examples
# Enable the identity authentication in NTP and adopt the MD5 encryption mode with key
number as 37 and the key as BetterKey. Specify the key to be reliable.
<Eudemon> system-view
[Eudemon] ntp-service authentication enable
[Eudemon] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey
[Eudemon] ntp-service reliable authentication-keyid 37

Related Topics
1.7.6 ntp-service authentication enable
1.7.7 ntp-service authentication-keyid

1.7.16 ntp-service source-interface

Function
Using the ntp-service source-interface command, you can specify the local interface that sends
NTP messages.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-209


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Using the undo ntp-service source-interface command, you can cancel the current setting.

Format
ntp-service source-interface interface-type interface-number
undo ntp-service source-interface

Parameters
interface-type interface-number: specifies the local interface that sends the NTP messages.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
In the unicast mode, if you want only one interface to receive the NTP response packets, specify
NTP packets sent from all local interfaces to use the same source IP address.
NOTE
In the broadcast and multicast modes, the ntp-service source-interface command is invalid. It is because
the NTP service is enabled on the specified interface that actually is the source interface.

Examples
# Specify Ethernet 0/0/1 as the source interface to send all the NTP messages.
<Eudemon> system-view
[Eudemon] ntp-service source-interface Ethernet 0/0/1

1.7.17 ntp-service unicast-peer

Function
Using ntp-service unicast-peer command, you can configure the NTP peer mode.
Using undo ntp-service unicast-peer command, you can cancel configuring the NTP peer
mode.

Format
ntp-service unicast-peer ip-address [ version number | authentication-keyid keyid | source-
interface interface-type interface-number | priority ] *
undo ntp-service unicast-peer ip-address

Parameters
version number: defines the NTP version number. It is in the range of 1 to 3. By default, it is 3.

1-210 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

authentication-keyid keyid: specifies the authentication key number used when transmitting
messages to the remote server. The value is in the range of 0 to 4294967295.
source-interface interface-type interface-number: specifies the interface from which the
symmetric active end sends NTP messages to the symmetric passive end. The source IP address
of the NTP message is the IP address of this interface.
priority: specifies the remote server as the preferred one.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
This command is used to set the remote server with a specified ip-address as the peer of the local
device. The local device runs in the symmetric active mode. In this way, the local device can be
synchronized to the remote server and the remote server can also be synchronized to the local
server.

Examples
# Configure the peer 10.10.1.1 to provide the synchronizing time for the local device. The local
device can also provide synchronizing time for the peer. The version number is 3. The IP address
of the NTP packets is the address of Ethernet 0/0/1.
<Eudemon> system-view
[Eudemon] ntp-service unicast-peer 10.10.1.1 version 3 source-interface Ethernet
0/0/1

1.7.18 ntp-service unicast-server

Function
Using the ntp-service unicast-server command, you can configure the NTP server mode.
Using the undo ntp-service unicast-server command, you can cancel configuring the NTP
server mode.

Format
ntp-service unicast-server ip-address [ version number | authentication-keyid keyid | source-
interface interface-type interface-number | priority ] *
undo ntp-service unicast-server ip-address

Parameters
ip-address: specifies the IP address of the remote server. The ip-address is a host address and
cannot be the broadcast address, multicast address or the IP address of a reference clock.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-211


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

version number: defines the NTP version number. It is in the range of 1 to 3. By default, it is 3.
authentication-keyid keyid: specifies the authentication key number used when messages are
transmitted to the remote server. The value is in the range of 0 to 4294967295.
source-interface interface-type interface-number: specifies the interface from which the unicast
client sends NTP messages to the unicast server. The source IP address of the messages is the
IP address of this interface.
priority: specifies the remote server as the preferred one.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the version number is 3. The identity authentication is enabled and the server is not
the preferred one.
This command is used to set the remote server with a specified ip-address as the local time
server. In this way, the local client device can be synchronized to the remote server and the
remote server cannot be synchronized to the local client device.
If the client enables authentication and configures corresponding authentication key, when the
server receives the synchronization request from the client, it will send the NTP packets with
authentication to the client. The client authenticates the packets and starts the clock
synchronization. If the client disable authentication, when the server receives the
synchronization request from the client, it will send the packets without authentication to the
client. When receiving the packets, the client starts the clock synchronization.

Examples
# Configure the server 10.10.1.1 to provide the synchronizing time for the local device. The NTP
version number is 3.
<Eudemon> system-view
[Eudemon] ntp-service unicast-server 10.10.1.1 version 3

1.8 SNMP Configuration Commands

1.8.1 debugging snmp-agent


1.8.2 display snmp-agent
1.8.3 display snmp-agent community
1.8.4 display snmp-agent group
1.8.5 display snmp-agent mib-view
1.8.6 display snmp-agent statistics

1-212 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

1.8.7 display snmp-agent sys-info


1.8.8 display snmp-agent usm-user
1.8.9 enable snmp trap updown
1.8.10 ifindex constant
1.8.11 set constant-ifindex max-number
1.8.12 set constant-ifindex subinterface
1.8.13 snmp-agent
1.8.14 snmp-agent community
1.8.15 snmp-agent group
1.8.16 snmp-agent local-engineid
1.8.17 snmp-agent mib-view
1.8.18 snmp-agent packet max-size
1.8.19 snmp-agent sys-info
1.8.20 snmp-agent target-host
1.8.21 snmp-agent trap enable
1.8.22 snmp-agent trap enable ospf
1.8.23 snmp-agent trap life
1.8.24 snmp-agent trap queue-size
1.8.25 snmp-agent trap source
1.8.26 snmp-agent usm-user

1.8.1 debugging snmp-agent

Function
Using the debugging snmp-agent command, you can enable SNMP Agent debugging switch
to specify SNMP module debugging information.
Using the undo debugging snmp-agent command, you can cancel the setting.

Format
debugging snmp-agent { header | packet | process | trap }
undo debugging snmp-agent { header | packet | process | trap }

Parameters
header: enables data packet header debugging.
packet: enables packet debugging.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-213


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

process: enables SNMP packet process debugging.


trap: enables Trap data packet debugging.

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
By default, SNMP Agent debugging switch is disabled.

Examples
# Enable SNMP Agent data packet header debugging switch.
<Eudemon> debugging snmp-agent header

1.8.2 display snmp-agent

Function
Using the display snmp-agent command, you can display the engine ID of the local or the
remote SNMP entity.

Format
display snmp-agent { local-engineid | remote-engineid }

Parameters
local-engineid: displays the engine ID of the local SNMP entity.
remote-engineid: displays the engine ID of the remote SNMP agent.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
The SNMP engine ID is the only identification of the SNMP management, and it uniquely
identifies an SNMP entity in one management domain. The SNMP engine ID is an important
component of the SNMP entity, completing the functions of SNMP messages such as message
dispatching, message processing, security authentication and access control.

1-214 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Use this command to view the configuration result after the SNMP agent function is enabled.

Examples
# Display the engine ID of the current device.
<Eudemon> display snmp-agent local-engineid
SNMP local EngineID: 000007DB7F0000013859

Table 1-34 Description of the display snmp-agent command output

Item Description

SNMP local EngineID Indicates the local SNMP engine ID. It can be specified by the
administrator using the snmp-agent local-engineidcommand or
be generated through a certain algorithm.

Related Topics
1.8.16 snmp-agent local-engineid

1.8.3 display snmp-agent community

Function
Using the display snmp-agent community command, you can display the current configuration
of SNMPv1 or SNMPv2c.

Format
display snmp-agent community [ read | write ]

Parameters
read: displays the community name information with the read-only authority.

write: displays the community name information with the authority of read and write.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
When configuring the managed entity, use this command to check the community name of the
agent. The output of this command contains the group name, the storage type and ACL rules.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-215


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Examples
# Display the current community name.
<Eudemon> display snmp-agent community
Community name:aaa
Group name:aaa
Acl:2000
Storage-type: nonVolatile

Community name:bbb
Group name:bbb
Storage-type: nonVolatile

Table 1-35 Description of the display snmp-agent community command output

Item Description

Community name Community name

Group name Group name

Acl ACL number

storage-type Storage type

Related Topics
1.8.14 snmp-agent community

1.8.4 display snmp-agent group

Function
Using the display snmp-agent group command, you can display the information based on User
Security Model (USM).

Format
display snmp-agent group [ group-name ]

Parameters
group-name: specifies the SNMP group to be displayed. It is a string of 1 to 32 characters.

Views
All views

Default Level
1: Monitoring level

1-216 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Usage Guidelines
Use this command to check the agent group when the managed entity is configured with
SNMPv3 group. When no parameter is specified, the output of this command contains group
names, security mode and storage modes.

Examples
# Display the SNMP group name and the security mode.
<Eudemon> display snmp-agent group
Group name: gg
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview :<no specified>
Storage-type: nonVolatile
Acl:2000

Table 1-36 Description of the display snmp-agent group command output


Item Description

Group name SNMP group name

Security model Security model of the group

Readview Name of read-only MIB view corresponding to the group

Writeview Name of writable MIB view corresponding to the group

Notifyview Name of notifying MIB view corresponding to the group

Storage-type Storage type

Acl ACL number corresponding to the group

Related Topics
1.8.15 snmp-agent group

1.8.5 display snmp-agent mib-view

Function
Using the display snmp-agent mib-view command, you can display the current MIB view.

Format
display snmp-agent mib-view [ exclude | include | viewname view-name ]

Parameters
exclude: excludes the attributes of the set SNMP MIB view.
include: includes the attributes of the set SNMP MIB view.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-217


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

view-name: specifies the view name to be displayed. It is a string of 1 to 32 characters.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Use this command to display the view specified when configuring the SNMP community name.
By default, the system uses the ViewDefault view.

Examples
# Display the current MIB view.
<Eudemon> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active

Table 1-37 Description of the display snmp-agent mib-view command output

Item Description

View name View name

MIB Subtree MIB sub tree

Subtree mask Subtree mask

Storage-type Storage type

Included/excluded Indicating whether to enable or disable the access to a MIB object

Active Status of lines in the list

Related Topics
1.8.17 snmp-agent mib-view

1.8.6 display snmp-agent statistics

Function
Using the display snmp-agent statistics command, you can view the statistics of SNMP packets.

1-218 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Format
display snmp-agent statistics

Parameters
None

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
If you need to check the communication between the agent and the managed entity or to
troubleshoot SNMP, use this command to display the statistics of the SNMP packets.

Examples
# View the statistics of SNMP packets.
<Eudemon> display snmp-agent statistics
41 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
7 Messages which used an unknown community name
0 Messages which represented an illegal operation for the community supplied
0 ASN.1 or BER errors in the process of decoding
18 MIB objects retrieved successfully
0 MIB objects altered successfully
0 Get-request PDUs accepted and processed
0 Get-next PDUs accepted and processed
0 Set-request PDUs accepted and processed
57 Messages passed from the SNMP entity
0 SNMP PDUs which had a tooBig error (Maximum packet size 1500)
0 SNMP PDUs which had a noSuchName error
0 SNMP PDUs which had a badValue error
0 SNMP PDUs which had a general error
25 Response PDUs accepted and processed
11 Trap PDUs accepted and processed

Table 1-38 Description of the display snmp-agent statistics command output


Item Description

Messages delivered to the SNMP entity Total number of input SNMP messages

Messages which were for an unsupported Number of messages with version errors
version

Messages which used a SNMP Number of messages with community name


community name not known errors

Messages which represented an illegal Number of messages with authority errors


operation for the community supplied corresponding to community name

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-219


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Item Description

ASN.1 or BER errors in the process of Number of SNMP messages with encoding errors
decoding

Messages passed from the SNMP entity Total number of output SNMP messages

SNMP PDUs which had a badValue Number of SNMP messages with bad values
error-status

SNMP PDUs which had a genErr error- Number of SNMP PDUs with general errors
status

SNMP PDUs which had a noSuchName Number of SNMP PDUs with requests of non-
error-status existing MIB object

SNMP PDUs which had a tooBig error- Number of SNMP PDUs with Too_big errors
status

MIB objects retrieved successfully Number of variables requested by NMS

MIB objects altered successfully Number of variables set by NMS

GetRequest-PDU accepted and processed Number of received Get-request PDUs

GetNextRequest-PDU accepted and Number of received GetNext-request PDUs


processed

GetResponse-PDU accepted and Number of received Get-response PDUs


processed

SetRequest-PDU accepted and processed Number of received Set-request PDUs

Trap-PDU accepted and processed Number of sent Trap PDUs

1.8.7 display snmp-agent sys-info

Function
Using the display snmp-agent sys-info command, you can display the system information of
the current SNMP device.

Format
display snmp-agent sys-info [ contact | location | version ] *

Parameters
contact: displays the contact information of the current SNMP device.

location: displays the physical location information of the current SNMP device.

version: displays the SNMP version running in the current SNMP agent.

1-220 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Use this command to display the contact information about the system maintenance, the physical
location and SNMP version of the current SNMP device.

Examples
# Display the system information of the SNMP agent.
<Eudemon> display snmp-agent sys-info
The contact person for this managed node:
R&D Beijing, Huawei Technologies co.,Ltd.
The physical location of this node:
Beijing China
SNMP version running in the system:
SNMPv3

Table 1-39 Description of the display snmp-agent sys-info command output

Item Description

The contact person for this Indicates the contact person of the managed device. By
managed node specifying this parameter, you can store the important
information to the firewall for convenient querying.

The physical location of this node Location of the managed device.

SNMP version running in the SNMP versions include v1, v2c and v3.
system

Related Topics
1.8.19 snmp-agent sys-info

1.8.8 display snmp-agent usm-user

Function
Using the display snmp-agent usm-user command, you can display the information about
SNMP users.

Format
display snmp-agent usm-user [ engineid engine-id | username user-name | group group-
name ] *

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-221


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Parameters
engineid engine-id: displays the information of the SNMPv3 with a specified engine ID. The
engine ID is a string of 10 to 64 characters.

username user-name: displays the information of the specified SNMPv3 user. The user name
is a string of 1 to 32 characters.

group group-name: displays the user information of the specified group. The group name is in
the range of 1 to 32 characters.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
An SNMP user is the remote user who executes SNMP management operation. The snmp-agent
usm-user command is used to specify the SNMP user.

NOTE
Using the display snmp-agent usm-user command can display the information of SNMPv3 users only.

Examples
<Eudemon> display snmp-agent usm-user
User name: u1
Engine ID: 000007DB7F00000100001106 active

Table 1-40 Description of the display snmp-agent usm-user command output

Item Description

User name Character string used to identify the SNMP user

Engine ID Engine ID used to identify the SNMP device

Active Status of SNMP USER

Related Topics
1.8.26 snmp-agent usm-user

1.8.9 enable snmp trap updown

Function
Using the enable snmp trap updown command, you can enable Trap function on the interface.

1-222 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Using the undo enable snmp trap undown command, you can disable Trap function on the
interface.

Format
enable snmp trap updown
undo enable snmp trap updown

Parameters
None

Views
Interface view

Default Level
2: Configuration level

Usage Guidelines
By default, sending Trap messages is disabled.
Run the snmp-agent trap enable command to enable sending Trap messages when the status
of the interface change.
When the interface is in the flapping state, run the undo enable snmp trap updown command
to disable the Trap function during the status change of the interface, which effectively reduces
the pressure of the NMS.

Examples
# Enable sending Trap messages when the status of the interface changes.
<Eudemon> system-view
[Eudemon] interface Ethernet 0/0/0
[Eudemon-Ethernet0/0/0] enable snmp trap undown

Related Topics
1.8.21 snmp-agent trap enable

1.8.10 ifindex constant

Function
Using the ifindex constant command, you can enable the constant interface index feature.
Using the undo ifindex constant command, you can remove this feature.

Format
ifindex constant

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-223


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

undo ifindex constant

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the constant interface index feature is disabled.

The interface index is required to be unchangeable in a specified application environment, such


as performing accounting based on the interface index. In this occasion, the interface index is
not influenced by interfaces adding or deletion system restarting or hardware or the software
modification.

After the configuration of the interface index is fixed, the interface index values of all current
interfaces and newly created interfaces are fixed. When restarting the device, you must first run
the save command. Otherwise the interface index value may change after you restart the device.

Examples
# Enable the constant interface index feature.
<Eudemon> system-view
[Eudemon] ifindex constant

1.8.11 set constant-ifindex max-number

Function
Using the set constant-ifindex max-number command, you can set the maximum number of
the interfaces enabled with constant index feature.

Using the undo set constant-ifindex max-number command, you can restore the default value.

Format
set constant-ifindex max-number number

undo set constant-ifindex max-number

Parameters
number: specifies the maximum number of the interfaces enabled with the constant index feature.
The value is in the range of 0 to 4294967295.

1-224 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the maximum number is 65535.
This command takes effect only after the constant interface index feature is enabled.

Examples
# Set the maximum number of the interfaces enabled with the constant index feature to 10000.
<Eudemon> system-view
[Eudemon] set constant-ifindex max-number 10000

Related Topics
1.8.10 ifindex constant

1.8.12 set constant-ifindex subinterface

Function
Using the set constant-ifindex subinterface command, you can set the memory distribution
mode for the sub-interface index.

Format
set constant-ifindex subinterface { dense-mode | sparse-mode }

Parameters
dense-mode: sets the memory distribution mode for the sub-interface index as dense mode.
sparse-mode: sets the memory distribution mode for the sub-interface index as sparse mode.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the memory distribution mode for the sub-interface index is the dense mode.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-225


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

The command take effect after the constant interface index feature is enabled.

When you add the sub-interfaces, the dense mode is recommended if the sub-interface
numbering is continuous.

Examples
# Set the memory distribution mode for the sub-interface index as the sparse mode.
<Eudemon> system-view
[Eudemon] set constant-ifindex subinterface sparse-mode

Related Topics
1.8.10 ifindex constant

1.8.13 snmp-agent

Function
Using the snmp-agent command, you can enable the SNMP Agent and specify the SNMP
configuration information.

Using the undo snmp-agent command, you can disable SNMP Agent.

Format
snmp-agent

undo snmp-agent

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the SNMP Agent is disabled.

The snmp-agent command can be used to enable SNMP Agent, and any configuration
commands of snmp-agent can also enable SNMP Agent.

When SNMP Agent is not enabled, configuring the undo snmp-agent command is invalid. After
SNMP Agent is enabled, you can use the undo snmp-agent command to disable SNMP Agent.

1-226 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Disable the running SNMP agent.
<Eudemon> system-view
[Eudemon] undo snmp-agent
SNMP Agent disabled

1.8.14 snmp-agent community

Function
Using the snmp-agent community command, you can set the community access name of
SNMPv1 and SNMPv2c, the corresponding MIB view and ACL rules.
Using the undo snmp-agent community command, you can cancel the setting.

Format
snmp-agent community { read | write } community-name [ mib-view view-name | acl acl-
number ] *
undo snmp-agent community community-name

Parameters
read: indicates that the community name has the read-only authority in the specified view.
write: indicates that the community name has the read and write authority in the specified view.
community-name: specifies the character string of community name. The value is in the range
of 1 to 32 characters.
mib-view view-name: sets the MIB view names that the community name can have access to.
The value is in the range of 1 to 32 characters.
acl acl-number: specifies the number of the ACL corresponding to the community name. The
value is in the range of 2000 to 2999.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Using the snmp-agent community command, you can set the read and write authority of the
community name in the MIB view as to control the user access to the MIB view.

Examples
# Set the community name as comaccess and allow read-only access using this community name.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-227


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

<Eudemon> system-view
[Eudemon] snmp-agent community read comaccess

# Set the community name as mgr and allow read and write access.
[Eudemon] snmp-agent community write mgr

# Delete the community name comaccess.


[Eudemon] undo snmp-agent community comaccess

Related Topics
1.8.15 snmp-agent group
1.8.26 snmp-agent usm-user
1.8.3 display snmp-agent community

1.8.15 snmp-agent group

Function
Using the snmp-agent group command, you can configure a new SNMP group, that is, map
the SNMP user to the SNMP view.

Using undo snmp-agent group command, you can delete a specified SNMP group.

Format
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ]
[ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group { v1 | v2c } group-name

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-


view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group v3 group-name [ authentication | privacy ]

Parameters
v1: specifies the V1 security mode the user uses.

v2c: specifies the V2 security mode the user uses.

v3: specifies the V3 security mode the user uses.

group-name: specifies the group name. The value is in the range of 1 to 32 bytes.

authentication: authenticates but not encrypts the packet.

privacy: authenticates and encrypts the packet.

read read-view: specifies the name of the read-only view. The value is in the range of 1 to 32
bytes.

write write-view: specifies the name of the read and write view. The value is in the range of 1
to 32 bytes.

1-228 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

notify notify-view: specifies the name of the notify view. The value is in the range of 1 to 32
bytes.

acl acl-number: specifies the number of the standard access list. The value is in the range of
2000 to 2999.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the snmp-agent group group-name v3 command is not configured with
authentication and encryption methods.

Map the SNMP users to different SNMP view so as to control the SNMP user access.

Examples
# Create an SNMP group known as Johngroup.
<Eudemon> system-view
[Eudemon] snmp-agent group v3 Johngroup

Related Topics
1.8.17 snmp-agent mib-view
1.8.26 snmp-agent usm-user
1.8.4 display snmp-agent group

1.8.16 snmp-agent local-engineid

Function
Using the snmp-agent local-engineid command, you can configure the engine ID of a local
SNMP entity.

Using the undo snmp-agent local-engineid command, you can cancel the current setting.

Format
snmp-agent local-engineid engine-id

undo snmp-agent local-engineid

Parameters
engine-id: specifies the character string of engine ID. It must be a hexadecimal number in the
range of 10 to 64.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-229


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the Eudemon adopts an interior algorithm to generate an engine ID which is in the
format of enterprise number + device information.
The algorithm to generate the engine ID keeps to the following rules:
l The first bit is set to 0.
l The first 4 bytes are hexadecimal private device number that is allocated by Internet
Assigned Number Authority (IANA). The device number of Huawei is 2011, being
000007DB in hexadecimal.
l Each device determines the equipment information. It can be either the IP address or the
MAC address.

Examples
# Configure the name of the local device as 12345A4B1C.
<Eudemon> system-view
[Eudemon] snmp-agent local-engineid 12345A4B1C

Related Topics
1.8.26 snmp-agent usm-user

1.8.17 snmp-agent mib-view

Function
Using the snmp-agent mib-view command, you can create or update the information about a
view.
Using the undo snmp-agent mib-view command, you can cancel the current setting.

Format
snmp-agent mib-view { included | excluded } view-name oid-tree
undo snmp-agent mib-view view-name

Parameters
view-name: specifies the name of the view. It is a string of 1 to 32 characters.
oid-tree: specifies the Object Identifier (OID) for MIB sub-tree, which can be a character string
of the variable OID or a character string of variable name. For example, it can be a string such

1-230 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

as 1.4.5.3.1 or system and it can contain the wildcard *, for example, 1.4.5.*.*.1. The value is
in the range of 1 to 255 characters.

included: includes the MIB sub-tree.

excluded: excludes the MIB sub-tree.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the view name is ViewDefault and the OID is 1.3.6.1.

Currently, this command supports not only the input of the character string of the variable OID
as a parameter but also the input of the node name as a parameter.

Examples
# Create a view that includes all MIB-II objects.
<Eudemon> system-view
[Eudemon] snmp-agent mib-view included mib2 1.3.6.1

Related Topics
1.8.15 snmp-agent group

1.8.18 snmp-agent packet max-size

Function
Using the snmp-agent packet max-size command, you can set the maximum SNMP packets
that the SNMP agent receives and forwards.

Using the undo snmp-agent packet max-size command, you can cancel the current setting.

Format
snmp-agent packet max-size max-size

undo snmp-agent packet max-size

Parameters
max-size: specifies the maximum value of SNMP message packets received by or sent from
Agent in bytes, which ranges from 484 to 17940. By default, the value is set to 1500.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-231


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Based on the network environment, use this command to set the maximum SNMP packets that
the SNMP agent receives or forwards.

If the maximum size is too small, the synchronization of the firewall and the NMS may fail. It
is recommended to set the maximum size to 1500.

Examples
# Set the maximum SNMP packet that the SNMP agent receives or forwards to 1042 bytes.
<Eudemon> system-view
[Eudemon] snmp-agent packet max-size 1042

1.8.19 snmp-agent sys-info

Function
Using the snmp-agent sys-info command, you can set the SNMP system information.

Using the undo snmp-agent sys-info command, you can cancel the current setting.

Format
snmp-agent sys-info { contact contact | location location | version { { v1 | v2c | v3 } * |
all } }

undo snmp-agent sys-info { contact | location | version { { v1 | v2c | v3 } * | all } }

Parameters
contact contact: indicates contact information of system maintenance. It is a string of 1 to 225
characters without spaces.

location location: indicates the location of a device. It is a string of 1 to 225 characters without
spaces.

version: sets the SNMP version number used by the system.

v1: specifies SNMPv1.

v2c: specifies SNMPv2c.

v3: specifies SNMPv3.

all: specifies SNMPv1, SNMPv2c and SNMPv3.

1-232 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the system maintenance information is "R&D Beijing, Huawei Technologies
co.,Ltd.": the system location is "Beijing China" and the version is SNMPv3.
Use this command to view the information of the system maintenance, the physical location of
the node and the SNMP version.

Examples
# Set the contact information of the system maintenance as "call Operator at 12345678".
<Eudemon> system-view
[Eudemon] snmp-agent sys-info contact call Operator at 010-12345678

Related Topics
1.8.7 display snmp-agent sys-info

1.8.20 snmp-agent target-host

Function
Using the snmp-agent target-host command, you can set the destination that receives the SNMP
notification.
Using the undo snmp-agent target-host command, you can remove the host that receives the
SNMP messages.

Format
snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ]
params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ]
undo snmp-agent target-host ip-address securityname security-string

Parameters
trap: specifies the host as the trap host.
address: specifies the address of the destination host that receives the SNMP message.
udp-domain: specifies that the transmission domain of the destination host is based on UDP.
ip-address: specifies the IP address of the host.
udp-port port-number: specifies the number of the port that receives the trap packet. The value
is in the range of 0 to 65535. By default, it is 162.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-233


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

params: indicates the information of the login host that generates SNMP messages.

securityname security-string: specifies the community name of SNMPv1, SNMPv2c or the user
name of SNMPv3. The value is in the range of 1 to 32 bytes.

v1 | v2c | v3: specifies the version of trap packets. By default, it is v1.

authentication: authenticates but not encrypts the packet.

privacy: authenticates and encrypts the packet.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Use this command to specify the destination host that receives the trap packets.

l The commands snmp-agent target-host and 1.8.21 snmp-agent trap enable must be
combined to use.
l Using the snmp-agent trap enable command, you can enable the device to send Trap
packets. To enable a host to send notify messages, you need to configure at least one snmp-
agent target-host command and one snmp-agent trap enable command.

Examples
# Allow sending SNMP trap packets to 10.1.1.1.
<Eudemon> system-view
[Eudemon] snmp-agent trap enable standard
[Eudemon] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname comaccess

Related Topics
1.8.21 snmp-agent trap enable
1.8.23 snmp-agent trap life
1.8.4 display snmp-agent group

1.8.21 snmp-agent trap enable

Function
Using the snmp-agent trap enable command, you can enable the device to send trap packets
and set the related trap parameters.

Using the undo snmp-agent trap enable command, you can cancel the current setting.

1-234 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Format
snmp-agent trap enable [ trap-type [ trap-list ] ]
undo snmp-agent trap enable [ trap-type [ trap-list ] ]

Parameters
trap-type: enables a specified type of trap packets.
trap-list: specifies the parameter list corresponding to the specified type of trap packets.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, sending trap packets is disabled.
If no parameter is specified in the snmp-agent trap enable command, it indicates allowing all
the modules to send any type of SNMP trap packets.
The snmp-agent trap enable command should be used together with the snmp-agent target-
host command.
The snmp-agent target-host command applies to specify the destination host of the trap packet.
To send Trap packets, you must configure at least one snmp-agent target-host command.
The module that can send trap packets are configuration (the configuration and management
of MIB), flash, ospf, standard (SNMP MIB), system (system management MIB), vrrp (VRRP
trap packets).

Examples
# Allow sending the trap packets notifying failing SNMP authentication to 10.1.1.1. The trap
packets are in the form of v2c with the security name as public.
<Eudemon> system-view
[Eudemon] snmp-agent trap enable standard authentication
[Eudemon] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public v2c

# Send any type of OSPF trap packets to 10.1.1.1. The trap packets are in the form of v3 with
the security name as super. The packets are authenticated but not encrypted.
[Eudemon] snmp-agent trap enable ospf
[Eudemon] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname super v3 authentication

Related Topics
1.8.20 snmp-agent target-host
1.8.25 snmp-agent trap source

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-235


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

1.8.23 snmp-agent trap life

1.8.22 snmp-agent trap enable ospf

Function
Using the snmp-agent trap enable ospf command, you can enable the Trap of OSPF.
Using the undo snmp-agent trap enable ospf command, you can disable the Trap.

Format
snmp-agent trap enable ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt |
ifstatechange | iftxretransmit | lsdbapproachoverflow | lsdboverflow | maxagelsa |
nbrstatechange | originatelsa | virifauthfail | virifcfgerror | virifrxbadpkt |
virifstatechange | viriftxretransmit | virnbrstatechange ] *
undo snmp-agent trap enable ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt |
ifstatechange | iftxretransmit | lsdbapproachoverflow | lsdboverflow | maxagelsa |
nbrstatechange | originatelsa | virifauthfail | virifcfgerror | virifrxbadpkt |
virifstatechange | viriftxretransmit | virnbrstatechange ] *

Parameters
process-id: specifies an OSPF process number. If no OSPF process number is specified, this
command is valid for all the current OSPF processes.
ifauthfail, ifcfgerror, ifrxbadpkt, ifstatechange, iftxretransmit, lsdbapproachoverflow,
lsdboverflow, maxagelsa, nbrstatechange, originatelsa, virifauthfail, virifcfgerror,
virifrxbadpkt, virifstatechange, viriftxretransmit, virnbrstatechange: specifies the type of
SNMP Trap packet transmitted by OSPF.
l ifauthfail: indicates the information that the interface authentication fails.
l ifcfgerror: indicates the information that the interface configuration is incorrect.
l ifrxbadpkt: indicates the information about the received incorrect packet.
l ifstatechange: indicates the information about the interface status change.
l iftxretransmit: traces the receiving and sending of packets on an interface.
l lsdbapproachoverflow: indicates the information that LSDB is about to overflow.
l lsdboverflow: indicates the information that LSDB overflows.
l maxagelsa: indicates the max age information about LSA.
l nbrstatechange: indicates the information about the neighbor status change.
l originatelsa: indicates the LSA information generated on the local.
l vifauthfail: indicates the information that the virtual interface authentication fails.
l vifcfgerror: indicates the information that the virtual interface configuration is incorrect.
l virifrxbadpkt: indicates the information about the incorrect packet received by a virtual
interface.
l virifstatechange: indicates the information about the virtual interface status change.
l viriftxretransmit: traces the receiving and sending of packets on a virtual interface.

1-236 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

l virnbrstatechange: indicates the status change of the virtual interface neighbor.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
This command takes no effect on the OSPF process enabled after its execution.

By default, no OSPF process is enabled to transmit Trap packets.

For detailed configuration of SNMP Trap, refer to "system management" in this manual.

Examples
# Enable Trap of OSPF process 100.
<Eudemon> system-view
[Eudemon] snmp-agent trap enable ospf 100

1.8.23 snmp-agent trap life

Function
Using the snmp-agent trap life command, you can set the duration Trap message.

Using the undo snmp-agent trap life command, you can cancel the current setting.

Format
snmp-agent trap life seconds

undo snmp-agent trap life

Parameters
seconds: specifies the duration of Trap messages, in seconds. The value is in the range of 1 to
2592000. By default, it is 120.

Views
System view

Default Level
2: Configuration level

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-237


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Usage Guidelines
Any trap packet duration that exceeds the time is dropped. For example, if the duration for
reserving the trap packet is set to 500 seconds, Trap messages are discarded after the duration
expires. The Trap messages are no longer reserved or sent.

Examples
# Set the duration of Trap messages to 60 seconds.
<Eudemon> system-view
[Eudemon] snmp-agent trap life 60

Related Topics
1.8.21 snmp-agent trap enable
1.8.20 snmp-agent target-host

1.8.24 snmp-agent trap queue-size

Function
Using the snmp-agent trap queue-size command, you can set the queue length of the trap packet
sent to the destination host.
Using the undo snmp-agent trap queue-size command, you can restore the default queue
length.

Format
snmp-agent trap queue-size size
undo snmp-agent trap queue-size

Parameters
size: specifies the queue length. The value is in the range of 1 to 1000.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the length is 100.
If a large number of Trap messages are sent during a period and the queue is full, Trap message
loss occurs. In such a case, you need to adjust the queue length to avoid Trap message loss.
If the duration for reserving Trap message is long, you must set a longer queue length of Trap
message; otherwise, Trap message loss occurs.

1-238 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Examples
# Set the queue length of trap packets to 200.
<Eudemon> system-view
[Eudemon] snmp-agent trap queue-size 200

Related Topics
1.8.21 snmp-agent trap enable
1.8.20 snmp-agent target-host
1.8.23 snmp-agent trap life

1.8.25 snmp-agent trap source

Function
Using the snmp-agent trap source command, you can specify the source address from which
trap packets are sent.
Using the undo snmp-agent trap source command, you can cancel the current setting.

Format
snmp-agent trap source interface-type interface-number
undo snmp-agent trap source

Parameters
interface-type interface-number: specifies the source interface sending trap packets.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Each SNMP trap packet has a trap address no matter from which interface it is sent. So you can
use this command to trace a specified event.

Examples
# Specify the IP address of the Ethernet 0/0/0 as the source address of trap packets.
<Eudemon> system-view
[Eudemon] snmp-agent trap source Ethernet 0/0/0

Related Topics
1.8.20 snmp-agent target-host

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-239


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

1.8.26 snmp-agent usm-user

Function
Using the snmp-agent usm-user command, you can add a new user to an SNMP group.
Using the undo snmp-agent usm-user command, you can delete an SNMP group user.

Format
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
snmp-agent usm-user v3 user-name group-name [ [ authentication-mode { md5 | sha } auth-
password ] [ privacy-mode des56 priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-id }

Parameters
v1 specifies the SNMPv1 security mode the user uses.
v2c: specifies the SNMPv2c security mode the user uses.
v3: specifies the V3 security mode the user uses.
user-name: specifies the user name. It is a string of 1 to 32 characters.
group-name: specifies the name of the group the user belong to. It is a string of 1 to 32 characters.
acl: sets the ACL for the access view.
acl-number: specifies the basic ACL. The value is in the range of 2000 to 2999.
authentication-mode: specifies the authentication mode.
md5: specifies the authentication protocol as HMAC-MD5-96.
sha: specifies the authentication protocol as HMAC-SHA-96.
auth-password: specifies the authentication password. It is a string of 1 to 64 characters.
privacy-mode: specifies the encryption mode.
des56: specifies the encryption protocol as DES.
priv-password: specifies the encryption password. It is a string of 1 to 64 characters.
engineid: specifies the engine ID associated with the user.
engineid-string: specifies the character string of the engine ID. It is in the range of 10 to 64
characters.
local: indicates the local entity user.

Views
System view

1-240 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 1 System Management

Default Level
2: Configuration level

Usage Guidelines
By default, after you configure a remote user for a certain agent, the system needs to use engine
ID in authentication. After the user is configured and engine ID changes, the user corresponding
to the original engine ID is invalid.

For SNMPv1 and SNMPv2c, you can use this command to add a new community name. For
SNMPv3, you can use this command to add a new user to an SNMP group.

Examples
# Add a user named John to the SNMP group named Johngroup, with the security level being
authentication, the authentication protocol being MD5 and the password being hello.
<Eudemon> system-view
[Eudemon] snmp-agent usm-user v3 John Johngroup authentication-mode md5 hello

Related Topics
1.8.15 snmp-agent group
1.8.14 snmp-agent community
1.8.16 snmp-agent local-engineid

1.9 VPN Manager Configuration Commands


1.9.1 secoway-server

1.9.1 secoway-server

Function
Using the secoway-server command, you can enable the automatic registration function of the
Eudemon and configure the IP address of the NMS for the automatic registration.

Using the undo secoway-server command, you can disable the automatic registration function
of the Eudemon.

Format
secoway-server ip-address ip-address

undo secoway-server ip-address ip-address

Parameters
ip-address ip-address: specifies the IP address of the NMS server. It is in dotted decimal
notation.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 1-241


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
1 System Management Command Reference

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, no IP address of the NMS server is configured.

Examples
# Configure an IP address of the NMS server for the Eudemon.
<Eudemon> system-view
[Eudemon] secoway-server ip-address 202.38.1.2

1-242 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

2 Security Defense

About This Chapter

2.1 ACL Configuration Commands


2.2 Security Zone Configuration Commands
2.3 Session Configuration Commands
2.4 Packet Filter Configuration Commands
2.5 Attack Defence and Packet Statistics Configuration Commands
2.6 ASPF Configuration Commands
2.7 Blacklist Configuration Commands
2.8 MAC and IP Address binding Configuration Commands
2.9 Port Mapping Configuration Commands
2.10 NAT Configuration Commands
2.11 IDS Cooperation Configuration Commands
2.12 AAA Configuration Commands
2.13 RADIUS Server Configuration Commands
2.14 HWTACACS Server Configuration Commands
2.15 Domain Configuration Commands
2.16 Local User Configuration Commands
2.17 L2TP Configuration Commands
2.18 GRE Configuration Commands
2.19 SLB Configuration Commands
2.20 P2P Traffic Limiting Configuration Commands

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-1


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

2.21 Secospace Cooperation Configuration Commands


2.22 IP-CAR Configuration Commands

2-2 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

2.1 ACL Configuration Commands


2.1.1 acl accelerate enable
2.1.2 acl (System View)
2.1.3 address
2.1.4 description (ACL View)
2.1.5 description (Address Set View or Port Set View)
2.1.6 display acl
2.1.7 display ip address-set
2.1.8 display ip port-set
2.1.9 display time-range
2.1.10 ip address-set
2.1.11 ip port-set
2.1.12 port
2.1.13 reset acl counter
2.1.14 rule
2.1.15 step
2.1.16 time-range

2.1.1 acl accelerate enable

Function
Using the acl accelerate enable command, you can enable the ACL accelerated searching.

Using the undo acl accelerate enable command, you can disable the function.

Format
acl accelerate enable

undo acl accelerate enable

Parameters
None

Views
System view

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-3


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

Default Level
2: Configuration level

Usage Guidelines
By default, the function is disabled.
The MAC address entry does not support the ACL accelerated searching.

Examples
# Enable the ACL accelerated searching.
<Eudemon> system-view
[Eudemon] acl accelerate enable

2.1.2 acl (System View)

Function
Using the acl command, you can create an ACL and access ACL view.
Using the undo acl command, you can delete an ACL.

Format
acl [ number ] acl-number [ match-order { config | auto } ]
undo acl { [ number ] acl-number | all }

Parameters
number acl-number: specifies the number of an Access Control List (ACL). It is an integer in
the following range:
l The ACL numbered from 2000 to 2999 is the basic ACL.
l The ACL numbered from 3000 to 3999 is the advanced ACL.
l The ACL numbered from 4000 to 4099 is the MAC address-based ACL.

match-order: specifies the match order.


config: filters packets against rules in the order in which they are configured.
auto: filters packets against rules in the system default order (based on "Depth-first" principle).
all: refers to all the ACLs.

Views
System view

Default Level
2: Configuration level

2-4 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

Usage Guidelines
An ACL contains a series of rules, which are composed of permit or deny statements. You should
create an ACL before defining ACL rules.

To create an access control entry, you need specify the match order, which is an optional
parameter. By default, the match order is config.

Examples
# Create an ACL numbered 2010.
<Eudemon> system-view
[Eudemon] acl number 2010
[Eudemon-acl-basic-2010]

2.1.3 address

Function
Using the address command, you can set the address elements in the address set.

Using the undo address command, you can delete the specified address elements in the address
set.

Format
address [ address-id ] ip-address wildcard [ description ]

undo address address-id

Parameters
address-id: specifies the code of the address element; it is an integer that ranges from 0 to 255.

ip-address: specifies the IP address in dotted decimal.

wildcard: specifies the address wildcard in dotted decimal. 0 and 0.0.0.0 indicates the host.

description: describes the elements in the address set. It is a string of 1 to 32 characters.

Views
Address set view

Default Level
2: Configuration level

Usage Guidelines
When you configure the address command, if the codes are specified:
l When the address elements correspond to the codes already exist, the Eudemon prompts
errors.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-5


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

l When no address element corresponds to the codes, a new address element is created by
using the specified code.
If no code is specified, an address element is added. The system automatically allocates a code
for the address element.
Up to 256 address elements can be set for one address set. The address elements in one address
set cannot be the same.

Examples
# Set the address elements in the address set abc.
<Eudemon> system-view
[Eudemon] ip address-set abc
[Eudemon-address-set-abc] address 1 1.1.1.0 0.0.0.255
[Eudemon-address-set-abc] address 2 2.2.2.0 0.0.0.255

Related Topics
2.1.10 ip address-set
2.1.7 display ip address-set
2.1.14 rule

2.1.4 description (ACL View)

Function
Using the description command, you can records the user's description about the ACL rule.
Using the undo description command, you can delete the description of an ACL.

Format
description text
undo description

Parameters
text: After you configure an ACL rule, you can write descriptive characters about this rule. The
Eudemon saves the descriptive characters.

Views
ACL view

Default Level
2: Configuration level

Usage Guidelines
You can view the information by using the display command.

2-6 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

Examples
# Add a description for ACL 2000.
<Eudemon> system-view
[Eudemon]acl number 2000
[Eudemon-acl-basic-2000]description it is basic acl
[Eudemon-acl-basic-2000]display acl 2000
Basic ACL 2000, 0 rule
it is basic acl
Acl's step is 5

2.1.5 description (Address Set View or Port Set View)

Function
Using the description command, you can configure the description of address sets or port sets.

Using the undo description command, you can delete the description of address sets or port
sets.

Format
description text

undo description

Parameters
text: indicates the description of address sets or port sets. It is a string of 1 to 127 characters.

Views
Address set view, port set view

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Configure the description of address set abc as test.
<Eudemon> system-view
[Eudemon] ip address-set abc
[Eudemon-address-set-abc] description test

2.1.6 display acl

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-7


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

Function
Using the display acl command, you can view the ACL rules or the running of accelerated ACL
searching.

Format
display acl { all | acl-number1 [ rule-id rule-id ] | accelerate [ acl-number2 ] }

Parameters
all: displays all the ACLs.
acl-number1: defines a number-based ACL in a range of 2000 to 4099. Where:
l The ACL numbered from 2000 to 2999 is the basic ACL.
l The ACL numbered from 3000 to 3999 is the advanced ACL.
l The ACL numbered from 4000 to 4099 is the MAC address-based ACL.

rule-id: specifies the ID of an ACL rule in a range of 0 to 4294967294.


accelerate: displays the running of accelerated ACL searching.
acl-number2: specifies an ACL number in a range of 2000 to 3999.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the rules in ACL 2001.
<Eudemon> display acl 2001
Basic acl 2001, 2 rules,
rule 1 permit (0 times matched)
rule 2 permit source 1.1.1.1 0 (0 times matched)

# Display the rules in ACL 3100.


<Eudemon> display acl 3100
Advanced ACL 3100, 3 rules,
rule 0 permit icmp (2 times matched)
rule 1 permit ip source 1.1.1.1 0 destination 2.2.2.2 0 (0 times matched)
rule 2 permit tcp source 10.110.0.0 0.0.255.255 (0 times matched)

# Display the running of accelerated ACL searching.


<Eudemon> display acl accelerate
acl accelerate is enabled
NOTE:UTD means Up to date, OTD means Out of date

2-8 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

ACL groups marked with ACCELERATE UTD are enabled for fast search, usual method for
others
IDACCELERATESTATUS
----------------------------------------
2020ACCELERATEUTD
3100ACCELERATEOOD
3101UNACCELERATEUTD
FinancialACCELERATEUTD

2.1.7 display ip address-set

Function
Using the display ip address-set command, you can view information on a specified address
set.

Format
display ip address-set { verbose address-set-name { item | reference } | all }

Parameters
verbose: displays the details of the specified address set.
address-set-name: specifies the name of the address set. It is a string of 1 character to 19
characters, starting with a letter from a to z or A to Z.
item: displays the content of the elements in the address set.
reference: displays the ACL rules that reference the specified address set.
all: displays the information on all the address sets.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the information on all the address sets.
<Eudemon>display ip address-set all
Address-set total number(s): 3
Address-set item total number(s): 50
Address-set reference total number(s): 7

Address-set : a
Description : testa
Item number(s): 50
Reference number(s): 3

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-9


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

Address-set : abc
Description : testb
Item number(s): 0
Reference number(s): 0

Address-set : abcd
Description : testc
Item number(s): 0
Reference number(s): 4

Table 2-1 lists the description of the display ip address-set all command output.

Table 2-1 Description of the display ip address-set all command output

Item Description

Address-set total number(s) Indicates the total number of address sets on


the Eudemon.

Address-set item total number(s) Indicates the total number of address


elements on the Eudemon.

Address-set reference total number(s) Indicates the total attempts that the ACL
references the address set on the Eudemon.

Address-set Indicates the name of the address set.

Description Indicates the address set description.

Item number(s) Indicates the total number of address


elements in the address set.

Reference number(s) Indicates the number of ACL references of


the address set.

# Display the details of all the address sets named abcd.


<Eudemon> display ip address-set verbose abcd item
Address-set : abcd
Description : testc
Item number(s): 0
Reference number(s): 4
Item(s):

# Display the ACL rule of the address set whose reference name is abcd on the Eudemon.
<Eudemon> display ip address-set verbose abcd reference
Address-set : abcd
Description : testc
Item number(s): 0
Reference number(s): 4
Reference(s):
acl 2000 rule 0
acl 3000 rule 5
acl 3000 rule 10
acl 3010 rule 0

Related Topics
2.1.10 ip address-set

2-10 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

2.1.3 address

2.1.8 display ip port-set

Function
Using the display ip port-set command, you can view the information on a specified port set.

Format
display ip port-set { verbose port-set-name { item | reference } | all }

Parameters
verbose: displays the details of the specified port set.
port-set-name: specifies the name of the port set. It is a string of 1 character to 19 characters,
starting with a letter from a to z or A to Z.
item: displays the content of the specified port set.
reference: displays the ACL rules that reference the specified port set.
all: displays the details of all the port sets.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Examples
# Display the information on all the port sets.
<Eudemon>display ip port-set all
Port-set total number(s): 3
Port-set item total number(s): 8
Port-set reference total number(s): 1

Port-set Name: a
Description: aaaa
Protocol: tcp
Item number(s): 2
Reference number(s): 1

Port-set Name: b
Description: bbbb
Protocol: udp
Item number(s): 3
Reference number(s): 0

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-11


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

Port-set Name: c
Description: cccc
Protocol: tcp
Item number(s): 3
Reference number(s): 0

Table 2-2 lists the description of the display ip port-set all command output.

Table 2-2 Description of the display ip port-set all command output


Item Description

Port-set total number(s) Indicates the total number of port sets on the
Eudemon.

Port-set item total number(s) Indicates the total number of port elements on
the Eudemon.

Port-set reference total number(s) Indicates the total attempts that the ACL
references the port sets on the Eudemon.

Port-set Name Indicates the name of the port set.

Description Indicates the port set description.

Protocol Indicates that the protocol of the port set is


TCP/UDP.

Item number(s) Indicates the total number of port elements in


the port set.

Reference number(s) Indicates the attempts that the ACL


references the port set.

# Display all the details on the port sets named abcd.


<Eudemon> display ip port-set verbose abcd item
Port-set Name: abcd
Description: abcdef
Protocol: tcp
Item number(s): 0
Reference number(s): 0
Item(s):

# Display the ACL rules referring the port set abcd on the Eudemon.
<Eudemon> display ip port-set verbose abcd reference
Port-set Name: abcd
Description: abcdef
Protocol: tcp
Item number(s): 0
Reference number(s): 4
Reference(s):
acl 2000 rule 0
acl 3000 rule 5
acl 3000 rule 10
acl 3010 rule 0

Related Topics
2.1.11 ip port-set

2-12 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

2.1.12 port

2.1.9 display time-range

Function
Using the display time-range command, you can view the current setting and the state (active
or inactive) of the time range.

Format
display time-range { all | time-range-name }

Parameters
time-range-name: specifies the name of the time range.
all: displays all the time ranges.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
It is normal that you find a time range is active while the ACL that it applies is inactive through
the display time-range command. It is because that the system takes about 1 minute to update
the ACL state while the display time-range command displays the current state of the ACL.

Examples
# Display all the time ranges.
<Eudemon> display time-range all
Current time is 17:15:50 3-9-2007 Thursday
Time-range : abc ( Inactive )
from 10:02 2007/3/8 to 24:00 2007/3/8

Table 2-3 Description of the display time-range all command output


Item Description

Current time is 17:15:50 3-9-2007 Thursday Current time

Time-range : abc ( Inactive ) Name and state of current time range

from 10:02 2007/3/8 to 24:00 2007/3/8 Details of current time range

# Display the time range named trname.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-13


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

<Eudemon> display time-range trname


Current time is 02:49:36 2-15-2003 Saturday
Time-range : trname ( Inactive )
14:00 to 16:00 off-day from 00:00 2002/12/1 to 00:00 2003/12/1

2.1.10 ip address-set

Function
Using the ip address-set command, you can create an address set.
Using the undo ip address-set command, you can delete a specified address set.

Format
ip address-set address-set-name
undo ip address-set address-set-name

Parameters
address-set-name: specifies the name of the address set. It is a string of 1 character to 19
characters, starting with a letter from a to z or from A to Z.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the address set is not created.
The Eudemon can support up to 128 address sets.
When one address set is referenced by the ACL, the address set cannot be deleted.
After all the address elements are deleted from the address set, the Eudemon still keeps the
address set. At this time, you can run the undo ip address-set command to delete the empty
address set.

Examples
# Create an address set named abc.
<Eudemon> system-view
[Eudemon] ip address-set abc

Related Topics
2.1.3 address
2.1.14 rule

2-14 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

2.1.11 ip port-set

Function
Using the ip port-set command, you can create a port set.
Using the undo ip port-set command, you can delete a specified port set.

Format
ip port-set port-set-name protocol { tcp | udp }
undo ip port-set port-set-name

Parameters
port-set-name: specifies the name of the port set. It is a string of 1 character to 19 characters,
starting with a letter from a to z or A to Z.
tcp | udp: indicates the protocol type of the port set. It is TCP or UDP.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
By default, the port set is not created.
You must specify the protocol type when creating a port set for the first time.
The Eudemon can support up to 64 port sets.
When one port set is referenced by the ACL, the port set cannot be deleted.
After all the port elements are deleted from the port set, the Eudemon still keeps the port set. At
this time, you can run the undo ip port-set command to delete the empty port set.

Examples
# Create the port set named p1 that uses the TCP.
<Eudemon> system-view
[Eudemon] ip port-set p1 protocol tcp

Related Topics
2.1.12 port
2.1.14 rule
2.1.8 display ip port-set

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-15


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

2.1.12 port

Function
Using the port command, you can set the port element in the port set.
Using the undo port command, you can delete the specified port elements in the port set.

Format
port [ port-id ] { eq | gt | lt } port-number1
port [ port-id ] range port-number1 port-number2
undo port port-id

Parameters
port-id: specifies the ID of the port element. In one port set, a port ID identifies only one port
element; it is an integer in a range of 0 to 63.
eq | gt | lt | range: indicates the name of port operator, which respectively indicates equal to,
greater than, less than, and within a certain range.
port-number1 port-number2: specifies the port name or number. When indicating the port name,
the parameter value can be: CHARgen, bgp, cmd, daytime, discard, dns, echo, exec, finger,
ftp, ftp-data, gopher, hostname, https, imap, irc, klogin, kshell, login, lpd, mms, nntp,
pop2, pop3, pptp, rtsp, smtp, sqlnet, ssh, sunrpc, tacacs, talk, telnet, time, uucp, whois, and
www. It is an integer in a range of 0 to 65535.

Views
Port set view

Default Level
2: Configuration level

Usage Guidelines
When you configure the port command, if the codes are specified:
l When the port elements correspond to the codes already exist, the Eudemon prompts errors.
l When no port element corresponds to the codes, you can create a new port element by using
the specified code.
If no code is specified, a port element is added. The system automatically allocates a code for
the port element.
Up to 64 port elements can be set for one port set. The port elements in one port set cannot be
the same.

Examples
# Create a port set named p1.

2-16 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

<Eudemon> system-view
[Eudemon] ip port-set p1 protocol tcp
[Eudemon-tcp-port-set-p1] port eq 45
[Eudemon-tcp-port-set-p1] port gt 450

Related Topics
2.1.11 ip port-set
2.1.8 display ip port-set
2.1.14 rule

2.1.13 reset acl counter

Function
Using the reset acl counter command, you can reset the statistics on the ACL counter.

Format
reset acl counter { all | acl-number }

Parameters
all: resets all the ACLs.

acl-number: refers to a number-based ACL in a range of 2000 to 3999 and 4000 to 4099.
l The ACL numbered from 2000 to 2999 is the basic ACL.
l The ACL numbered from 3000 to 3999 is the advanced ACL.
l The ACL numbered from 4000 to 4099 is the MAC address-based ACL.

Views
User view

Default Level
2: Configuration level

Usage Guidelines
None

Examples
# Reset the statistics on the ACL 2001 counter.
<Eudemon> reset acl counter 2001

2.1.14 rule

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-17


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

Function
Using the rule command in the ACL view, you can add a rule.
Using the undo rule command, you can delete a rule.

Format
l Add/Delete a rule to/from a basic ACL
rule [ rule-id ] { permit | deny } [ source { source-address source-wildcard | address-
set address-set-name | any } | time-range time-name | logging ] *
undo rule rule-id [ source | time-range | logging ] *
l Add/Delete a rule to/from an advanced ACL
rule [ rule-id ] { permit | deny } protocol [ source { source-address source-wildcard |
address-set address-set-name | any } | destination { destination-address destination-
wildcard | address-set address-set-name | any } | source-port { operator port | range
port1 port2 | port-set port-set-name } | destination-port { operator port | range port1
port2 | port-set port-set-name } | icmp-type { icmp-type icmp-code | icmp-message } |
precedence precedence | tos tos | time-range time-name | logging ] *
undo rule rule-id [ source | destination | source-port | destination-port | icmp-type |
precedence | tos | time-range | logging ] *
l Add/Delete a rule to/from an MAC-address-based ACL
rule [ rule-id ] { permit | deny } [ type type-code type-wildcard | lsap lsap-code lsap-
wildcard ] [ source-mac source-address source-mac-wildcard ] [ dest-mac destination-
address destination-mac-wildcard ]
undo rule rule-id

Parameters
rule-id: specifies the ID of an ACL rule in a range of 0 to 4294967294, which is an optional
parameter. If the specified ID has been assigned to a rule, the new rule will be overlapped to the
rule, which is equal to editing an existing rule. If the specified ID is not assigned to any rules,
you can create a new rule with the ID. In the case of no ID is specified when you create a rule,
the system will assign an ID to the rule automatically.
deny: denies the matched packets.
permit: permits the matched packets.
protocol: specifies the type of name/number-based protocols over IP. The number in the number-
based protocols is from 1 to 255. The name-based protocol can be gre, icmp, igmp, ip, ipinip,
tcp, or udp.
source source-address source-wildcard: specifies the source addresses for the ACL rule, which
is an optional parameter. Without the parameter, all packets match ACL rules. source-address
refers to the source address of a data packet, in the format of dotted decimal. source-wildcard
refers to the wildcard of the source address, in the format of dotted decimal. Inputting "any"
means the source address is 0.0.0.0 and the wildcard is 255.255.255.255.
address-set address-set-name: specifies an address set.
destination destination-address destination-wildcard: specifies the destination addresses for
the ACL rule, which is an optional parameter. Without the parameter, all packets match ACL
rules. destination-address refers to the destination address of a data packet, in the format of

2-18 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

dotted decimal. destination-wildcard refers to the wildcard of the destination address, in the
format of dotted decimal. Inputting "any" means the destination address is 0.0.0.0 and the
wildcard is 255.255.255.255.

icmp-type { icmp-type icmp-code | icmp-message }: specifies the type of ICMP packets and
message codes, which is valid only when packets apply ICMP. It is an optional parameter.
Without the parameter, all ICMP packets match ACL rules. Where:
l icmp-type: refers to ICMP packets are filtered on the basis of the type of ICMP messages,
represented by number in a range of 0 to 255.
l icmp-code: denotes the former packets can also be filtered on the basis of message codes,
represented by number in a range of 0 to 255.
l icmp-message: means ICMP packets can be filtered on the basis of the type name of the
ICMP message.

source-port: specifies source port of UDP/TCP packets, which is valid only when TCP/UDP
protocol is applied in rules. It is an optional parameter. Without the parameter, all TCP/UDP
packets match ACL rules.

destination-port: specifies destination port of UDP/TCP packets, which is valid only when
TCP/UDP protocol is applied in rules. It is an optional parameter. Without the parameter, all
TCP/UDP packets match ACL rules.

operator: refers to operators used to compare port numbers of source or destination addresses
which is an optional parameter. Names and meanings of the operators are shown as follows:
l lt: less than port.
l gt: greater than port.
l eq: equal to port.
l neq: not equal to port.

range: indicates the port numbers between port1 and port2.

port, port1, port2: specify port names or numbers of the TCP/UDP packets; this parameter is
represented by names or numbers from 0 to 65535.

port-set port-set-name: specifies an port set.

precedence precedence: refers to packets are filtered according to precedences, represented by


names or numbers in a range of 0 to 7, which is an optional parameter.

tos tos: refers to packets are filtered based on the type of services, represented by names or
numbers in a range of 0 to 15, which is an optional parameter.

logging: determines to log matched packets, which is an optional parameter, including.the


sequence number of ACL rules, the state of packets (passed or discarded), the type of upper-
layer protocols over IP, the source IP address or destination IP address, the source port number
or destination port number, and the time when data packets match the ACL.

time-range time-name: refers to the valid period of an ACL rule. time-name is a string of 1 to
32 characters.

type type-code type-wildcard: compares the protocol type of a packet with the one configured
in an ACL rule. type-code is represented by a hexadecimal number in the format of xxxx. type-
wildcard denotes wildcards (masks) of protocol types.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-19


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

lsap lsap-code lsap-wildcard: compares the encapsulation format of a packet on an interface


with the one configured in an ACL rule. lsap-code is represented by a hexadecimal number in
the format of xxxx. lsap-wildcard denotes wildcards (masks) of protocol types.

source-mac source-mac-address source-mac-wildcard: compares the source address of a data


frame with the one configured in an ACL rule. source-address refers to the source MAC address
of the data frame in the format of xxxx-xxxx-xxxx. source-mac-wildcard refers to the wildcard
(mask) of the source MAC address.

dest-mac destination-address destination-wildcard: compares the destination address of a data


frame with the one configured in an ACL rule. destination-address refers to the destination MAC
address of the data frame in the format of xxxx-xxxx-xxxx. destination-wildcard refers to the
wildcard (mask) of the destination MAC address.

Views
Group1 in basic ACL view

Group2 in advanced ACL view

Group3 in MAC-address-based ACL view

Default Level
2: Configuration level

Usage Guidelines
It is required that you specify the number of the rule that you want to delete. If you are not aware
of the number of the rule, you can view it by using the display acl command.

Parameters in the undo rule command are described as follows:

l rule-id: refers to the ID of an existing rule. If no parameter follows it, it means deleting the
rule completely. Otherwise, only the relevant information of the rule is deleted.
l source/destination: deletes the source or destination address in the corresponding rule
only, which is an optional parameter.
l source-port/destination-port: deletes the source or destination port in the corresponding
rule only, which is an optional parameter. They are only applied in TCP/UDP protocol.
l icmp-type: deletes ICMP type and message code in the corresponding rule. It is valid only
when ICMP is applied in the rule. It is an optional parameter.
l precedence: deletes the information on precedence in the corresponding rule, which is an
optional parameter.
l tos: deletes the information on tos in the corresponding rule only, which is an optional
parameter.
l time-range: deletes the setting in the corresponding rule that takes effect in the valid period
only, which is an optional parameter.
l logging: refers to the corresponding rule ceases logging matched packets, which is an
optional parameter.

When ACL choose the auto match mode , the rule cannot reference address sets and port sets.

2-20 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

Examples
# Create an ACL 3101 and add a rule in ACL 3101 to deny receiving or sending RIP packets.
<Eudemon> system-view
[Eudemon] acl number 3101
[Eudemon-acl-adv-3101] rule deny udp destination-port eq rip

# Add a rule that permits the hosts at 129.9.0.0 to send WWW packets to the hosts at
202.38.160.0.
[Eudemon-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255 destination
202.38.160.0 0.0.0.255 destination-port eq www

# Add a rule that denies the hosts at 129.9.0.0 to establish connections with the WWW port (80)
of the hosts at 202.38.160.0 and logs the violation events.
[Eudemon-acl-adv-3101] rule deny tcp source 129.9.0.0 0.0.255.255 destination
202.38.160.0 0.0.0.255 destination-port eq www logging

# Add a rule that permits the hosts at 129.9.8.0 to establish connections with the WWW port
(80) of the hosts at 202.38.160.0.
[Eudemon-acl-adv-3101] rule permit tcp source 129.9.8.0 0.0.0.255 destination
202.38.160.0 0.0.0.255 destination-port eq www

# Add a rule that denies any hosts to establish Telnet connections with the port (23) of the hosts
at 202.38.160.1.
[Eudemon-acl-adv-3101] rule deny tcp destination 202.38.160.1 0 destination-port eq
telnet

# Add a rule that denies the hosts at 129.9.8.0 to establish UDP connections with the port whose
number is greater than 128 of the hosts at 202.38.160.0.
[Eudemon-acl-adv-3101] rule deny udp source 129.9.8.0 0.0.0.255 destination
202.38.160.0 0.0.0.255 destination-port gt 128

# Add a rule that permits the hosts at address set "a" and port set "a" to establish TCP connections
with the hosts at address set "b" and port set "b".
[Eudemon-acl-adv-3101] rule permit tcp source address-set a source-port port-set a
destination address-set b destination-port port-set b

Related Topics
2.1.12 port
2.1.11 ip port-set
2.1.8 display ip port-set
2.1.3 address
2.1.10 ip address-set
2.1.7 display ip address-set

2.1.15 step

Function
Using the step command, you can specify a step for an ACL rule group.
Using the undo step command, you can restore the default step.

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-21


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

Format
step step-value

undo step

Parameters
step-value: specifies the value of the ACL step.

Views
ACL view

Default Level
2: Configuration level

Usage Guidelines
Step here refers to the difference between each ID. For instance, given the step is set to 5, the
IDs are the multiples of 5 beginning with 5. The default is 5. It is easy to insert a rule by using
this command. Given there are 4 rules: rule 0, rule 5, rule 10 and rule 15, using the rule 1 xxxx
command, you can insert a rule with the number 1 between rule 0 and rule 5.

NOTE

If the step is set, you need to delete the existing rule, including rule 0, before using the step command to
change the step or running the undo step command to restore the default step.

Examples
# Set the step of ACL 3101 to 2.
<Eudemon> system-view
[Eudemon] acl number 3101
[Eudemon-acl-adv-3101] step 2

2.1.16 time-range

Function
Using the time-range command, you can define a time range to specify a special time range.

Using the undo time-range command, you can delete a time range.

Format
time-range time-range-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }

undo time-range time-range-name [ start-time to end-time days | from time1 date1 [ to time2
date2 ] ]

2-22 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

Parameters
time-range-name: specifies the name of the time range, a string of 1 to 32 characters long. It
must begin with an English letter (a through z or A through Z). It cannot specify the word "all"
to avoid confusion.
start-time: specifies the start time of the time range in the format of hh:mm. The range of hh is
0 to 23 hours and that of mm is 0 to 59 minutes.
end-time: specifies the end time of the time range in the format of hh:mm. The range of hh is 0
to 23 hours and that of mm is 0 to 59 minutes.
days: specifies days in week when the time range is valid. Parameters are described as follows:
l Number 0 to 6 refers to Monday to Sunday.
l working-day refers to Monday to Friday.
l off-day refers to Saturday and Sunday.
l daily refers to all the days in week.

from time1 date1: starts from some time of some day, which is an optional parameter.
l The output format of time1 is hh:mm with hh in a range of 0 to 23 and mm in a range of 0
to 59.
l The output format of date1 is YYYY/MM/DD with DD in a range of 1 to 31, MM in a
range of 1 to 12 and YYYY represented by 4 numbers.
Without the parameter means there is no limit to the start time and only the end time is taken
into consideration.
to time2 date2: ends at some time of some day, which is an optional parameter. The output
formats of time2 and date2 are identical to the ones of the start time. The end time must be later
than the start time. Without the parameter, the end time is the greatest time available in the
system.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
l Using parameters start-time and end-time to specify the time range whose period is based
on week. Moreover, you can specify the valid period by configuring days in the command.
l Using the key words from and to to specify the valid period of a specific time range.

You can set multiple time ranges with identical names to specify a specific time range and then
you can apply the time range by specifying the name.

Examples
# Set 0:0 of Jan. 1, 2003 as the effective date.
<Eudemon> system-view
[Eudemon] time-range test from 0:0 2003/1/1

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-23


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

# Set the ACL rule to take effect between 14:00 and 16:00 on weekends (Saturday and Sunday)
and from 20:00 of 2003/4/1 to 20:00 of 2003/12/10.
[Eudemon] time-range test 14:00 to 16:00 off-day
[Eudemon] time-range test from 20:00 2003/4/1 to 20:00 2003/12/10

# Set the ACL rule to take effect between 8:00 and 18:00 from Monday to Friday.
[Eudemon] time-range test 8:00 to 18:00 working-day

# Set the ACL rule to take effect between 14:00 and 18:00 on weekends (Saturday and Sunday).
[Eudemon] time-range test 14:00 to 18:00 off-day

2.2 Security Zone Configuration Commands

2.2.1 add interface (Security Zone View)


2.2.2 description (Security Zone View)
2.2.3 display interzone
2.2.4 display zone
2.2.5 firewall interzone
2.2.6 firewall zone
2.2.7 set priority

2.2.1 add interface (Security Zone View)

Function
Using the add interface command, you can add interfaces to security zones.

Using the undo add interface command, you can remove interfaces from security zones.

Format
add interface interface-type interface-number

undo add interface interface-type interface-number

Parameters
interface-type: specifies the type of an interface.

interface-number: specifies the number of an interface.

Views
Security zone view

2-24 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

Default Level
2: Configuration level

Usage Guidelines
Except the local zone, all the other security zones should be bound with specific interfaces for
use, that is, you should add either physical interfaces or logic interfaces to those zones.
This command can be used repeatedly to add interfaces to security zones. A security zone can
contain up to 1024 interfaces.

Examples
# Enter trust zone view and add the interface Ethernet 0/0/0 to the trust zone.
<Eudemon> system-view
[Eudemon] firewall zone trust
[Eudemon-zone-trust] add interface Ethernet 0/0/0

Related Topics
2.2.6 firewall zone
2.2.4 display zone

2.2.2 description (Security Zone View)

Function
Using the description command, you can set the description of a security zone.
Using the undo description command, you can cancel the description of a security zone.

Format
description text
undo description

Parameters
text: describes information, it is a string ranging from 1 to 64 characters.

Views
Security zone view

Default Level
2: Configuration level

Usage Guidelines
None

Issue 01 (2008-11-15) Huawei Proprietary and Confidential 2-25


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
2 Security Defense Command Reference

Examples
# Set the description of the Trust zone as abc.
<Eudemon> system-view
[Eudemon] firewall zone trust
[Eudemon-zone-trust] description abc

2.2.3 display interzone

Function
Using the display interzone command, you can view interzone security policies.

Format
display interzone [ zone-name1 zone-name2 ]

Parameters
zone-name1: specifies the name of a security zone.
zone-name2: specifies the name of a security zone.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
If no security zone is specified, you can view all interzones.

Examples
# Display security policies between the trust zone and the DMZ zone.
<Eudemon> system-view
[Eudemon] display interzone trust dmz
interzone trust DMZ
packet-filter 2011 inbound
detect ftp

The above shows interzone security policy:


l ACL11 is applied to filter the inbound packets between the trust zone and the DMZ zone.
l The ASPF filtering policy is applied on FTP traffic based on state.

Related Topics
2.2.6 firewall zone
2.2.4 display zone

2-26 Huawei Proprietary and Confidential Issue 01 (2008-11-15)


Copyright © Huawei Technologies Co., Ltd.
Quidway Eudemon 200 Firewall
Command Reference 2 Security Defense

2.2.4 display zone

Function
Using the display zone command,