Hirschmann Eagle 20 series User manual

CLI EAGLE 20

Release

5.0

08/2010 Technical Support

HAC.Support@Belden.com

Reference Manual

Command Line Interface (CLI)

Industrial Ethernet Firewall

EAGLE

P21 FAULT

LS/DA

STATUS

V.24

IP-ADDRESS

V.24

EAGLE 20

USB

+24V (P1)

FAULT

+24V (P2)

Aufkleber MAC-Adresse

P21 FAULT

LS/DA

STATUS

V.24

IP-ADDRESS

V.24

EAGLE 20

USB

+24V (P1)

FAULT

+24V (P2)

Aufkleber MAC-Adresse

P21 FAULT

LS/DA

STATUS

V.24

IP-ADDRESS

V.24

EAGLE 20

USB

+24V (P1)

FAULT

+24V (P2)

Aufkleber MAC-Adresse

P21 FAULT

LS/DA

STATUS

V.24

IP-ADDRESS

V.24

EAGLE 20

USB

+24V (P1)

FAULT

+24V (P2)

Aufkleber MAC-Adresse

EAGLE Release SDV-05.0.00

(Build date 2010-08-08 08:08)

System Name: EAGLE20 Name

Netw. Mode : transparent

Mgmt-IP : a.b.c.d

Base-MAC : 00:11:22:33:44:55

System Time: SUN AUG 08 08:08:08 2010

EXAMPLE

NOTE: Enter '?' for Command Help. Command help displays all options

that are valid for the particular mode.

For the syntax of a particular command form, please

consult the documentation.

*(Hirschmann Eagle) >

The naming ofcopyrighted trademarks inthis manual, evenwhen not specially indicated, should

not be taken to mean that these names may be considered as free in the sense of the trademark

and tradename protection law and hence that they may be freely used by anyone.

Manualsandsoftwareareprotectedby copyright.Allrightsreserved.Thecopying,reproduction,

translation, conversion into any electronic medium or machine scannable form is not permitted,

either in whole or in part. An exception is the preparation of a backup copy of the software for

your own use. For devices with embedded software, the end-user license agreement on the en-

closed CD applies.

The performance features described here are binding only if they have been expressly agreed

when the contract was made. This document was produced by Hirschmann Automation and

ControlGmbHaccordingto thebestofthecompany'sknowledge.Hirschmannreservestheright

to change the contents of this document without prior notice. Hirschmann can give no guarantee

in respect of the correctness or accuracy of the information in this document.

Hirschmann can accept no responsibility for damages, resulting from the use of the network

components or the associated operating software. In addition, we refer to the conditions of use

specified in the license contract.

You can get the latest version of this manual on the Internet at the Hirschmann product site

(www.beldensolutions.com).

Printed in Germany

Hirschmann Automation and Control GmbH

Stuttgarter Str. 45-51

72654 Neckartenzlingen

Germany

Tel.: +49 1805 141538

039 xxx-001-03-08/2010 – 29.7.10

CLI EAGLE 20

Release

5.0

08/2010 3

Content

About this Manual 5

Key 6

1 Introduction 7

1.1 Industrial Ethernet Firewall 7

1.1.1 Application areas 7

1.1.2 Operating modes 7

1.2 User interfaces 8

1.3 Command Line Interface 8

2 Access to CLI 10

2.1 Preparing the connection 10

2.2 CLI via SSH (Secure Shell) 10

2.3 CLI via the V.24 port 14

3 Using the CLI 17

3.1 Mode-based command hierarchy 17

3.2 Executing commands 21

3.2.1 Syntax analysis 21

3.2.2 Command tree 22

3.2.3 Structure of a command 22

3.3 Properties of the CLI 25

3.3.1 Input prompt 25

3.3.2 Key combinations 26

3.3.3 Data entry elements 27

3.3.4 Line length 28

4 Examples 31

4.1 Change timeout default setting 31

4.2 Login Banner 34

A Further Support 39

4CLI EAGLE 20

Release

5.0

08/2010

CLI EAGLE 20

Release

5.0

08/2010 5

About this Manual

The "Command Line Interface Reference Manual” contains detailed informa-

tion on using the Command Line Interfaceto operate the individual functions

of the device.

The “Configuration” user manual contains all the information you need to

start operating the Industrial Ethernet Firewall EAGLE. It takes you step by

stepfromthefirst startupoperationthroughto thebasicsettingsforoperation

in your environment.

The "Web-based Interface" reference manual contains detailed information

on using the Web interface to operate the individual functions of the device.

The “Installation” user manual contains a device description, safety instruc-

tions, a description of the display, and the other information that you need to

install the device.

The Network Management Software HiVision/Industrial HiVision provides

you with additional options for smooth configuration and monitoring:

XConfiguration of multiple devices simultaneously.

XGraphical interface with network layouts.

XAuto-topology discovery.

XEvent log.

XEvent handling.

XClient / Server structure.

XBrowser interface

XActiveX control for SCADA integration

XSNMP/OPC gateway

6CLI EAGLE 20

Release

5.0

08/2010

Key

The designations used in this manual have the following meanings:

XList

Work step

Subheading

Link Indicates a cross-reference with a stored link

Note: A note emphasizes an important fact or draws your

attention to a dependency.

Courier ASCII representation in user interface

CLI EAGLE 20

Release

5.0

08/2010 7

1 Introduction

1.1 Industrial Ethernet Firewall

1.1.1 Application areas

The EAGLE industrial firewall/VPN system ensures the authentication, secu-

rity and confidentiality of communication within production networks,but also

beyond company boundaries.

The EAGLE supports the following network modes:

XTransparent Mode

XRouter Mode

XPPPoE Mode

1.1.2 Operating modes

This device protects the network to be secured (secure port) from external

influences(non-secureport).Theseinfluencescanincludedeliberateattacks

or unauthorized access attempts, as well as interfering network events such

as overloads.

State on delivery

On delivery, the device works in the Transparent Mode. In this mode, no

network settings (e.g., for subnetworks) are required for operation.

The firewall has been preconfigured so that all IP traffic from the secure

network is possible; however, traffic from the insecure network to the se-

cure one is not possible. Thus, already in the delivery state, external at-

tacks on the secure network are not possible.

Modes

XTransparent Mode

In transparent mode, the Firewall transmits on level 2 of the ISO/OSI

layer model. The IP address ranges before and after the Firewall are

located in the same subnetwork.

In the state on delivery, you can access the device via address

192.168.1.1/24 without configuring the IP address.

8CLI EAGLE 20

Release

5.0

08/2010

XRouter Mode

In router mode, the Firewall transmits on level 3 of the ISO/OSI layer

model.TheIPaddressrangesbeforeandaftertheFirewallarelocated

in different subnetworks. You will find a detailed description of the IP

configuration in the “Basic Configuration” user manual of the EAGLE.

XPPPoE Mode

In PPPoE Mode, the EAGLE works like in the router mode, with the dif-

ference that the PPPoE protocol is used at the external port. This en-

ables Internet connections via a DSL modem, for example.

1.2 User interfaces

The device has three user interfaces, which you can access via different

interfaces:

XSystem monitor via the V.24 interface (out-of-band)

XCommand Line Interface (CLI) via the V.24 connection (out-of-band) or

via SSH (in-band)

XWeb-based interface via Ethernet (in-band)

1.3 Command Line Interface

The Command Line Interface enables you to use all the functions of the de-

viceviaalocalorremoteconnection.Thisenablesyoutosecurelyadminister

the firewall via V.24 or via the Secure Shell (SSH) protocol. You can also de-

fine rules to secure the access and the administration.

The Command Line Interface provides IT specialists with a familiar environ-

mentforconfiguringIT devices. As anexperienceduseroradministrator,you

have knowledge about the basics and about using secure shell (SSH)

connections.

The “Command Line Interface” reference manual gives you step-by-step in-

formation on using the Command Line Interface (CLI) and its commands.

CLI EAGLE 20

Release

5.0

08/2010 9

ThecommandsintheCommandLineInterfaceoftheEAGLE20Firewall can

be divided into the following areas:

XAuthentication

XDelete

XCopy

XDenial of Service

XDevice Status

XInterface

XLogging

XNAT (Network Address Translation)

XNetwork

XPacket Filter

XProfiles

XSignal contact

XSNMP Trap (Simple Network Management Protocol)

XSNTP (Simple Network Time Protocol)

XUsers

XDisplay

10 CLI EAGLE 20

Release

5.0

08/2010

2 Access to CLI

2.1 Preparing the connection

Information for assembling and starting up your EAGLE Industrial Ethernet

Firewall can be found in the “Installation” user manual.

Information for configuring your EAGLE Industrial Ethernet Firewall can be

found in the “Configuration” user manual.

Connect your Firewall with the network.

The network parameters must be set correctly for the connection to be

successful.

You can access the user interface of the Command Line Interface with the

freeware program “PuTTY”. This program is located on the product CD.

Make sure that PuTTY is installed on your computer.

If the required programs are not already installed on your PC, please in-

stall them.

2.2 CLI via SSH (Secure Shell)

Start the PuTTY program on your computer.

PuTTY appears with the login screen (see fig. 1).

CLI EAGLE 20

Release

5.0

08/2010 11

Figure 1: PuTTY input screen

In the Host Name (or IP address) input field you enter

the IP address of your device.

The IP address (a.b.c.d) consists of four decimal numbers with values

from

0 to 255. The four decimal numbers are separated by a point.

To select a connection type, click on

SSH under Connection type.

After selecting and setting all the required parameters, you can set up the

connection via SSH.

Click “Open” to set up the connection to your device. Depending on the

device and the time at which SSH was configured, it can take up to a min-

ute to set up the connection.

When you first login to yourdevice, towards the end of the connection setup,

PuTTY displays a security alert message and gives you

the option of checking the fingerprint of the key.

12 CLI EAGLE 20

Release

5.0

08/2010

Figure 2: Security alert prompt for the fingerprint

Check the fingerprint to protect yourself from unwelcome guests.

If the fingerprint matches that of the device key, click “Yes”.

You can read the fingerprints of the device key with the CLI command “show

Note:

The OpenSSH Suite offers experienced network administrators a further op-

tion to access your device via SSH. To set up the connection, enter the fol-

lowing command:

ssh [email protected]

admin represents the user name.

10.149.112.53 is the IP address of your device.

CLI appears on the screen with a window for entering the user name.

Up to five users can access the Command Line Interface at the same time.

Figure 3: Login window in CLI

[email protected]'s password:

CLI EAGLE 20

Release

5.0

08/2010 13

a.b.c.d is the IP address of your device.

Enterausername.Thedefaultsettingfortheusernameis admin .Press

the Enter key.

Enter the password. The default setting for the password is private .

Press the Enter key.

You can change the user name and the password later in the Command

Line Interface.

Please note that these entries are case-sensitive.

The start screen appears.

Note: This device is a security-relevant product. For your own security,

change the password during the first startup procedure.

Figure 4: Start screen of CLI.

Your Firewall appears with the input prompt

(Hirschmann Eagle) >

EAGLE Release SDV-05.0.00

(Build date 2010-08-08 08:08)

System Name: EAGLE20 Name

Netw. Mode : transparent

Mgmt-IP : a.b.c.d

Base-MAC : 00:11:22:33:44:55

System Time: SUN AUG 08 08:08:08 2010

NOTE: Enter '?' for Command Help. Command help displays all options

that are valid for the particular mode.

For the syntax of a particular command form, please

consult the documentation.

*(Hirschmann Eagle) >

14 CLI EAGLE 20

Release

5.0

08/2010

2.3 CLI via the V.24 port

A serial interface is provided on the RJ11socket (V.24 interface) for the local

connection of an external management station (VT100 terminal or PC with

corresponding terminal emulation). This enables you to set up a connection

to the Command Line Interface (CLI) and to the system monitor.

The socket housing is electrically connected to the housing of the device.

Figure 5: Pin assignment of the V.24 interface and wiring to the DB9 connector

You will find a description of the V.24 interface in the “User Manual

Installation”.

Connect the device to a terminal via V.24 or to a “COM” port of your PC

using terminal emulation based on VT100, and press any key.

After the connection has been made successfully, a window for entering the

user name appears on the screen.

VT 100 terminal settings

Speed 9,600 Baud

Data 8 bit

Stopbit 1 bit

Handshake off

Parity none

Pin 1 Pin 1

Pin 8

Pin 5

Pin 6

RJ11 DB9

CTS

n.c.

GND

RTS

CLI EAGLE 20

Release

5.0

08/2010 15

Figure 6: Logging in to the Command Line Interface program

Enterausername.Thedefaultsettingfortheusernameis admin .Press

the Enter key.

Enter the password. The default setting for the password is private .

Press the Enter key.

You can change the user name and the password later in the Command

Line Interface.

Please note that these entries are case-sensitive.

The start screen appears.

Eagle Release SDV-05.0.00

(Build date 2010-08-08 08:08)

System Name: EAGLE-000000

Netw. Mode : transparent

Mgmt-IP : a.b.c.d

Base-MAC : 00:11:22:33:44:55

System Time: SUN AUG 08 08:08:08 2010

(Hirschmann Eagle)

User:

16 CLI EAGLE 20

Release

5.0

08/2010

Figure 7: CLI screen after login

Note: You can configure the V.24 interface either as a modem interface or a

terminal/CLI interface.

However, to be able have at least limited access to the CLI interface in

modem mode, you connectyour terminal(setting onterminal:9,600 baud) to

the V.24 interface.

Press any key on your terminal keyboard a number of times until the login

screen indicates the CLI mode.

NOTE: Enter '?' for Command Help. Command help displays all options

that are valid for the particular mode.

For the syntax of a particular command form, please

consult the documentation.

(Hirschmann Eagle) >

CLI EAGLE 20

Release

5.0

08/2010 17

3 Using the CLI

3.1 Mode-based command hierarchy

In the CLI, the commands are groupedin therelated modes,accordingto the

type of the command. Every command mode supports specific Hirschmann

software commands.

The commands available to you as a user at a specific time depend on the

mode in which you are currently working. The commands of a specific mode

are only available to you when you switch to this mode as a user.

The User Exec mode commands are an exception to this. You can also exe-

cute these in the Privileged Exec mode.

The following figure shows the modes of the Command Line Interface.

18 CLI EAGLE 20

Release

5.0

08/2010

Figure 8: Structure of the CLI

The CLI supports the following modes:

XUser Exec mode

WhenyoulogintoCLI,youfirstentertheUserExecmode.TheUserExec

mode contains a limited range of commands.

Command prompt: (Hirschmann Eagle) >

XPrivileged Exec mode

To access the entire range of commands, you enter the Privileged Exec

mode. In the Privileged Exec mode,you can proceed as a privileged user

authenticated by the login. From the Privileged Exec mode you can exe-

cute every Exec command.

Command prompt: (Hirschmann Eagle) #

XGlobal Config mode

This mode allows you to perform modifications to the current configura-

tion. In this mode, general setup commands are grouped together.

Command prompt: (Hirschmann Eagle) (config)#

User Exec Modus

Privileged Exec Modus

Global Configuration Modus

The User Exec

Commands are als

available in the

Privileged Exec

Mode.

Enable Exit

Configure Exit

ROOT

Limited

functionality

Basis functions,

basic settings

Extended

configurations

CLI EAGLE 20

Release

5.0

08/2010 19

The following table shows the command modes, the command prompts (in-

put request characters) visible in the corresponding mode, and the option

with which you quit this mode.

If you enter a question mark (?) after the prompt, you receive a list of the

available command and a short description of the commands.

Figure 9: Commands in the User Exec mode

Command

mode Access method Quit or

start next mode

User Exec mode First access level. Perform basic

tasks and list system information.

To quit you enter logout:

(Hirschmann Eagle) >logout

Are you sure (Y/N) ?y

Privileged Exec

mode From the User Exec mode, you enter

the command enable:

(Hirschmann Eagle) >enable

(Hirschmann Eagle) #

ToquitthePrivilegedExecmodeand

return to the User Exec mode, you

enter exit:

(Hirschmann Eagle) #exit

(Hirschmann Eagle) >

Global Configura-

tion mode From the Privileged Exec mode, you

enter the command configure:

(Hirschmann Eagle) #config-

ure

(Hirschmann Eagle) (con-

fig)#

From the User Exec mode, you enter

the command enable, and then in

Privileged Exec mode, enter the

command Configure:

(Hirschmann Eagle) >enable

(Hirschmann Eagle) #config-

ure

(Hirschmann Eagle) (con-

fig)#

To quit the Global Configuration

mode and return to the Privileged

Exec mode, you enter exit:

(Hirschmann Eagle) (con-

fig)#exit

(Hirschmann Eagle) #

To then quit the Privileged Exec

mode and return to the User Exec

mode, you enter exit again:

(Hirschmann Eagle) #exit

(Hirschmann Eagle) >

Table 1: Command modes

(Hirschmann Eagle) >?

enable Turn on privileged commands.

help Display help for various special keys.

history Show a list of previously run commands.

logout Exit this session.

ping Send ICMP echo packets to a specified IP address.

show Display device options and settings.

traceroute Trace route to a specified host.

20 CLI EAGLE 20

Release

5.0

08/2010

Figure 10: Commands in the Privileged Exec mode

(Hirschmann Eagle) >enable

(Hirschmann Eagle) #?

clear Clear several items.

configure Enter into global config mode.

copy Copy different kinds of items.

debug Service functions to find configuration errors.

exit Exit from current mode.

help Display help for various special keys.

history Show a list of previously run commands.

logout Exit this session.

network Modify network parameters.

ping Send ICMP echo packets to a specified IP address.

profile Activate or delete configuration profiles.

reboot Reset the device (cold start).

save Save configuration.

set Set device parameters.

show Display device options and settings.

traceroute Trace route to a specified host.

Other manuals for EAGLE 20 Series

Table of contents

Other Hirschmann Firewall manuals

Hirschmann

Hirschmann EAGLE 20 Series User manual

Hirschmann

Hirschmann EAGLE 20 TX/TX User manual

Hirschmann

Hirschmann EAGLE One User manual

Hirschmann

Hirschmann EAGLE One User manual

Hirschmann

Hirschmann EAGLE mGuard Series Manual

Popular Firewall manuals by other brands

Nlynx

Nlynx interlynx/ts user guide

Global Technology Associates

Global Technology Associates GB-250 Specifications

Cisco

Cisco Firepower 1100 Series Hardware installation guide

D-Link

D-Link DFL-500 user manual

NETGEAR

NETGEAR ProSAFE FVS336G v3 installation guide

PaloAlto Networks

PaloAlto Networks PA-220 Hardware reference

websense

websense V10000 G2 Getting started

Fortinet

Fortinet FortiGate FortiGate-800 Technical note

Alcatel-Lucent

Alcatel-Lucent VPN Firewall Specification sheet

D-Link

D-Link DFL-210 - NetDefend - Security Appliance user manual

Fortinet

Fortinet FortiGate FortiGate-800F quick start guide

Draytek

Draytek Vigor2860 Series user guide

Yamaha

Yamaha FWX120 Operation manual

Trend Micro

Trend Micro Network VirusWall Enforcer 1200 Quick start guides

Kerio

Kerio Control NG100W quick start guide

Huawei

Huawei USG9500 Series Hardware guide

H3C

H3C SecPath F5000 Series Compliance and Safety Manual

CRU Dataport

CRU Dataport USB DataDiode quick start guide