Embed Size (px)
Citation preview
NetEnforcer X01/X02
Command Line Interface (CLI) v5.1
Table of Contents
Introduction ..............................................................................................................4
Accessing the CLI ..................................................................................................4
Scripts ...................................................................................................................4
CLI Command Syntax ................................................................................................5
Online Help ...............................................................................................................5
Command Descriptions..............................................................................................6
Object Editing – Add/Change/Rename/Delete ............................................................6
Pipes, VCs and Rules ............................................................................................6
QoS .................................................................................................................... 11
Services ............................................................................................................. 14
ToS .................................................................................................................... 18
VLANs ................................................................................................................ 19
Data Sources ...................................................................................................... 20
Hosts ................................................................................................................. 21
Time .................................................................................................................. 23
Connection Control ............................................................................................. 24
Other Actions ....................................................................................................... 26
List .................................................................................................................... 26
Config ................................................................................................................ 27
This guide is intended for use with NetEnforcer X01/02 units running software
version 5.1.
Command Line Interface
Introduction The NetEnforcer Command Line Interface (CLI) can be used to define Pipes, Virtual
Channels, Rules and Catalog entries. In addition, you can also use the CLI to set
system parameters and device settings.
The CLI enables you to modify the NetEnforcer database from a command line. The
CLI supplies a set of commands to add, change, rename and remove NetEnforcer
entities, such as, Pipes, Virtual Channels or other Catalog entries and change the
configuration of NetEnforcer.
Accessing the CLI 1. Connect to the NetEnforcer from a local host using one of the following methods:
Via the console port.
Via Telnet from a workstation located on the same network as
NetEnforcer.
2. Login to NetEnforcer as the root user. The default password is bagabu.
Scripts Scripts can contain both CLI and Linux commands in order to automate the data entry
process. For example, you can write a script that will add 40 rules to 30 different
Virtual Channels.
A script can be written on a remote workstation, using your preferred text editor, and
then sent to NetEnforcer via FTP. Alternatively, you can create the script directly on
NetEnforcer using the built in VI editor. In both cases, ensure that the script has
execute attributes. (For more details on file attributes, please refer to a Linux
manual.)
www.allot.com 4
Command Line Interface
CLI Command Syntax The CLI consists of several actions, each of which has an object and one or more
parameters and values. The syntax of the CLI is:
go <action> <object> <value> <parameter> <parameter value>
Element Definition
go Command heading. Precedes all CLI commands
action The command to perform. This can be add, delete, change, list or
config.
object The object (for example, QoS) upon which the action is performed.
value A value that does not require the presence of a parameter, for
example the name of a new QoS Catalog entry. Value elements are
separated by colons (for example cbr:100:10). Multiple values are
separated by commas (for example, cbr:100:10, cbr:100:10).
parameter An attribute of the object (for example, -qname).
parameter value
The value of the preceding parameter. (for example, Gold). Multiple
parameter value elements are separated by colons (:). It is possible
to have more then one parameter in a command.
Additional optional parameters may be used, as follows:
-f: Disconnects any other client with write permissions and gives the write permissions
to the CLI client. For use with all actions except list.
For example, a CLI command to define a new Pipe QoS Catalog Entry called Basic (for
both inbound and outbound traffic) with a priority of 1:
go add qos Basic:pipe_both –prior 1 -f
Names
When working with Pipes, Virtual Channels, Rules or Catalog entries, you must enclose
the name of the Pipe, Virtual Channel, Rule or Catalog entry in quotation marks if it
contains more than one word. For example:
Correct Command Forms:
ac add vc Gold:PipeGold
ac add vc “Gold Service”:PipeGold
Incorrect Command Form:
ac add vc Gold Service:PipeGold
Online Help If you are unsure as to which parameters are used with a specific command, you can
enter an incomplete command and the CLI will list all the available parameters for that
action and/or object.
www.allot.com 5
Command Line Interface
Command Descriptions
Object Editing – Add/Change/Rename/Delete
Pipes, VCs and Rules param – Required parameter
param – Optional parameter
VALUE – Parameter Value
Task Command
Add new Pipe go add pipe
NAME:STATE
-expand VALUE
-src VALUE
-dst VALUE
-service VALUE
-time VALUE
-tos VALUE
-vlan VALUE
-access VALUE
-qos VALUE
-offset VALUE
-dir VALUE
go add pipe example:enable –expand none –src host1 –dst host2 –service service1 –time time1 –tos tos1 –vlan vlan1 –access drop –qos qos1 –offset 2 –dir 1
Change Pipe go change pipe
NAME:NEW_STATE
-expand NEW_VALUE
-qos NEW_VALUE
-access NEW_VALUE
go change pipe example:enable –expand src –access drop –qos qos1
Rename Pipe go rename pipe
NAME:NEW_NAME
Pi
pe
s
Delete Pipe go delete pipe
NAME
www.allot.com 6
Command Line Interface
Task Command
Add new VC go add vc
NAME:PIPE_NAME:STATE
-expand VALUE
-src VALUE
-dst VALUE
-service VALUE
-time VALUE
-tos VALUE
-vlan VALUE
-access VALUE
-coc VALUE
-qos VALUE
-offset VALUE
-dir VALUE
go add vc example:example_pipe:enable –expand none –src host1 –dst host2 –service service1 –time time1 –tos tos1 –vlan vlan1 –access drop –coc coc1 –qos qos1 –offset 2 –dir 1
Change VC go change vc
Name:PIPE_NAME:NEW_STATE
-expand NEW_VALUE
-access NEW_VALUE
-coc NEW_VALUE
-qos NEW_VALUE
go change vc example:pipe_example:enable –expand src –access drop –coc coc1 –qos qos1
Rename VC go rename vc
NAME:PIPE_NAME:NEW_NAME
VC
s
Delete VC go delete VC
NAME:PIPE_NAME
www.allot.com 7
Command Line Interface
Task Command
Add new Pipe Rule go add prule
PIPE_NAME:STATE
-src VALUE
-dst VALUE
-service VALUE
-time VALUE
-tos VALUE
-vlan VALUE
-offset VALUE
-dir VALUE
go add prule example:enable –src host1 –dst host2 –service service1 –time time1 –tos tos1 –vlan vlan1 –offset 2 –dir 1
Change Pipe Rule go change prule
PIPE_NAME:OFFSET:STATE
-src NEW_VALUE
-dst NEW_VALUE
-service NEW_VALUE
-time NEW_VALUE
-tos NEW_VALUE
-vlan NEW_VALUE
-dir NEW_VALUE
go change prule example:2:enable –src host1 –dst host2 –service service1 –time time1 –tos tos1 –vlan vlan1 –dir 1
Pi
pe
R
ul
es
Delete Pipe Rule go delete prule
PIPE_NAME :OFFSET
www.allot.com 8
Command Line Interface
Task Command
Add new VC Rule go add vcrule
VC_NAME:PIPE_NAME:STATE
-src VALUE
-dst VALUE
-service VALUE
-time VALUE
-tos VALUE
-vlan VALUE
-offset VALUE
-dir VALUE
go add vcrule example:pipe_example:enable –src host1 –dst host2 –service service1 –time time1 –tos tos1 –vlan vlan1 –offset 2 –dir 1
Change VC rule go change vcrule
VC_NAME:PIPE_NAME:OFFSET:STATE
-src NEW_VALUE
-dst NEW_VALUE
-service NEW_VALUE
-time NEW_VALUE
-tos NEW_VALUE
-vlan NEW_VALUE
-dir NEW_VALUE
go change vcrule example:pipe_example:2:enable –src host1 –dst host2 –service service1 –time time1 –tos tos1 –vlan vlan1 –dir 1
VC
R
ul
es
Delete VC rule go delete vcrule
VC_NAME:PIPE_NAME:OFFSET
When adding a new Pipe or Virtual Channel without parameter ‘-offset’ , it is added in
the next to last position (before Fallback Pipe/VC).
Parameters
Parameter Description Value(s)
-expand Location of possible Pipe/VC
template expansion
none - No template
src – Source Host
dst – Destination Host
-src Source Host Catalog entry Host Entry Name
any (default)
www.allot.com 9
Command Line Interface
Parameter Description Value(s)
-dst Destination Host Catalog entry Host Entry Name
any (default)
-service Service Catalog Entry Service Entry Name
all IP (default)
-time Time Catalog Entry Time Entry Name
any Time (default)
-tos ToS Catalog Entry ToS Entry name
ignore (default)
-vlan VLAN Catalog Entry VLAN Entry Name
any (default)
-dir Direction of Traffic 1
2 (default)
-offset Offset from first Pipe/VC/Rule in
table
Offset Number
-qos QoS Catalog Entry QoS Entry Name
-access Access Type accept (default)
reject
drop
-coc Connection Control Catalog Entry CoC Entry Name
Values
Value Description Options
STATE Pipe/VC/Rule Status enable (default)
disable
www.allot.com 10
