Using the Command-Line Interface

The VPN 3002 Hardware Client command-line interface (CLI) is a menu- and command-line-based configuration, administration, and monitoring system built into the VPN 3002. You use it via the system console or a Telnet or SSH session.

You can use the command-line interface to completely manage the system. You can access and configure the same parameters as the HTML-based VPN 3002 Hardware Client Manager.

This chapter describes general features of the command-line interface and how to access and use it. It does not describe the individual menu items and parameter entries. For information on specific parameters and options, see the corresponding section of the Manager in this manual. For example, to understand Ethernet interface configuration parameters and choices, see Configuration | Interfaces | Private/Public in Chapter 2, "Interfaces".

Accessing the Command-line Interface

You can access the command-line interface via the system console or via a Telnet or SSH client.

Console Access

Connect a PC to the VPN 3002 via an RJ-45 serial cable (which Cisco supplies with the system) between the console port on the VPN 3002 and the COM1 or serial port on the PC. For more information, see the VPN 3002 Hardware Client Getting Started guide.

Start a terminal emulator (e.g., HyperTerminal) on the PC. Configure a connection to COM1 with port settings of:

Press Enter on the PC keyboard until you see the login prompt. (You might see a password prompt and error messages as you press Enter; ignore them and stop at the login prompt.)

Login: _

Telnet or SSH Access

Enable the Telnet or SSH server on the VPN 3002. (They are both enabled by default on the private network.) See the Configuration | System | Management Protocols | Telnet screen on the Manager.

Start the Telnet or SSH client, and connect to the VPN 3002 using these parameters:

Host Name or Session Name = The IP address on the VPN 3002 private interface; e.g., 10.10.147.2

Login: _

Starting the Command-line Interface

Login usernames and passwords for both console and Telnet access are the same as those configured and enabled for administrators. See the Administration | Access Rights | Administrators screen. By default, only admin is enabled.

This example uses the factory-supplied default admin login and password. If you have changed them, use your entries.

At the prompts, enter the administrator login name and password. Entries are case-sensitive.

Login: admin

Password: admin (The CLI does not show your entry.)

The CLI displays the opening welcome message, the main menu, and the Main -> prompt.

                 Welcome to

                Cisco Systems

        VPN 3002 Hardware Client

           Command Line Interface

Copyright (C) 1998-2001 Cisco Systems, Inc.

1) Configuration

2) Administration

3) Monitoring

4) Save changes to Config file

5) Help Information

6) Exit

Main -> _

Using the Command-line Interface

The command-line interface displays menus or prompts at every level to guide you in choosing configurable options and setting parameters. The prompt always shows the menu context.

Choosing Menu Items

To use the command-line interface, enter a number at the prompt that corresponds to the desired menu item, and press Enter.

For example, this is the Configuration > System > General > System Identification menu:

1) Set System Name

2) Set Contact

3) Set Location

4) Back

General -> _

Entering Values

The command-line interface shows any current or default value for a parameter in brackets [ ]. To change the value, enter a new value at the prompt. To leave the value unchanged, just press Enter.

Continuing the example above, this is the prompt to enter a value for the system name:

> Host Name

General -> [ Lab VPN ] _

You can enter a new name at the prompt, or just press Enter to keep the current name.

Navigating Quickly

There are two ways to move quickly through the command-line interface: shortcut numbers, and the Back/Home options. Both ways work only when you are at a menu, not when you are at a value entry.

Using Shortcut Numbers

When you become familiar with the structure of the interface, which parallels the HTML-based
VPN 3002 Hardware Client Manager, you can quickly access any level by entering a series of numbers separated by periods. For example, suppose you want to change the Access Rights for Administrators. The series of menus that gets to that level from the main menu is:

1) Configuration

2) Administration

3) Monitoring

4) Save changes to Config file

5) Help Information

6) Exit

Main -> 2 (Administration)

1) Software Update

2) System Reboot

3) Ping

4) Traceroute

5) Access Rights

6) File Management

7) Certificate Management

8) Back

Config -> 5 (Access Rights)

As a shortcut, you can just enter 2.5.1.1 at the Main-> prompt, and move directly to the Modify Administrators menu:

1) Configuration

2) Administration

3) Monitoring

4) Save changes to Config file

5) Help Information

6) Exit

Main -> 2.5.1.1

Note At this last prompt, you cannot use a number shortcut. At this prompt, you must type in the name of the administrator you want to modify, for example, config.

Using Back and Home

Most menus include a numbered Back choice. Instead of entering a number, you can just enter b or B to move back to the previous menu.

Also, at any menu level, you can just enter h or H to move home to the main menu.

Getting Help Information

To display a brief help message, enter 5 at the main menu prompt. The command-line interface explains how to navigate through menus and enter values. This help message is available only at the main menu.

Cisco Systems. Help information for the Command Line Interface

From any menu except the Main menu.

-- 'B' or 'b' for Back to previous menu.

-- 'H' or 'h' for Home back to the main menu.

For Data entry

-- Current values are in '[ ]'s. Just hit 'Enter' to accept value.

1) View Help Again

2) Back

Help -> _

To return to the main menu from this help menu, enter h or H (for home), or 2 or b or B (for back) at the prompt.

Saving the Configuration File

Configuration and administration entries take effect immediately and are included in the active, or running, configuration. However, if you reboot the VPN 3002 without saving the active configuration, you lose any changes.

To save changes to the system configuration (CONFIG) file, navigate to the main menu. At the prompt, enter 4 for Save changes to Config file.

1) Configuration

2) Administration

3) Monitoring

4) Save changes to Config file

5) Help Information

6) Exit

Main -> 4

The system writes the active configuration to the CONFIG file and redisplays the main menu.

Stopping the Command-line Interface

To stop the command-line interface, navigate to the main menu and enter 6 for Exit at the prompt:

1) Configuration

2) Administration

3) Monitoring

4) Save changes to Config file

5) Help Information

6) Exit

Main -> 6

Done

Understanding Access Rights

What you see and can configure depends on administrator access rights. If you do not have permission to configure an option, you see -), rather than a number, in menus. For example, here is the main menu for the default Monitor administrator:

-) Configuration

-) Administration

3) Monitoring

-) Save changes to Config file

5) Help Information

6) Exit

Main -> _

The default Monitor administrator can only monitor the VPN 3002, not configure system parameters or administer the system.

See Administration | Access Rights | Administrators in Chapter 11, "Administration", for more information.

Menu Reference

This section shows all the menus in the first three levels below the main menu. (There are many additional menus below the third level; and within the first three levels, there are some non-menu parameter settings. To keep this chapter at a reasonable size, we show only the menus here.)

The numbers in each heading are the keyboard shortcut to reach that menu from the main menu. For example, entering 1.3.1 at the main menu prompt takes you to the Configuration > System Management> IP Routing menu.

Note The menus and options, and thus the keyboard shortcuts, might change with new software versions. Please check familiar shortcuts carefully when using a new release.

Main Menu

1) Configuration

2) Administration

3) Monitoring

4) Save changes to Config file

5) Help Information

6) Exit

Main -> _

1 Configuration

1) Quick Configuration

2) Interface Configuration

3) System Management

4) Policy Management

5) Back

Config -> _

1.1 Configuration > Quick Configuration

See the VPN 3002 Hardware Client Getting Started guide for complete information about Quick Configuration.

1.2 Configuration > Interface Configuration

This table shows current IP addresses.

..

1) Configure the Private Interface

2) Configure the Public Interface

3) Back

Interfaces -> _

1.2.1 or 1.2.2 Configuration > Interface Configuration > Configure the Private/Public Interface

1) Interface Setting (Disable or Static IP)

2) Select Internet Speed

3) Select Duplex

4) Set MTU

5) Back

Private/Public Interface -> _

1.3 Configuration > System Management

1) Servers (DNS)

2) Tunneling Protocols (IPSec Parameters)

3) IP Routing (static routes, etc.)

4) Management Protocols (Telnet, HTTP, etc.)

5) Event Configuration

6) General Config (system name, time, etc.)

7) Back

System -> _

1.3.1 Configuration > System Management > Servers

1) DNS Servers

2) Back

Servers -> _

1.3.2 Configuration > System Management > Tunneling Protocols

1) IPSec

2) Back

Tunnel -> _

1.3.3 Configuration > System Management > IP Routing

1) Static Routes

2) Default Gateway

3) DHCP

4) DHCP Options

5) Back

Routing -> _

1.3.4 Configuration > System Management > Management Protocols

1) Configure HTTP/HTTPS

2) Configure Telnet

3) Configure SNMP

4) Configure SNMP Community Strings

5) Configure SSL

6) Configure SSH

7) Configure XML

8) Back

Network -> _

1.3.5 Configuration > System Management > Event Configuration

1) General

2) Classes

3) Trap Destinations

4) Syslog Servers

5) Back

Event -> _

1.3.6 Configuration > System Management > General Config

1) System Identification

2) System Time and Date

3) Back

General -> _

1.4 Configuration > Policy Management

1) Traffic Management

2) Certificate Validation

3) Back

Policy -> _

1.4.1 Configuration > Policy Management > Traffic Management

1) Port Address Translation (PAT)

2) Back

Traffic ->

1.4.2 Configuration > Policy Management > Certificate Validation

1) Enable/disable the matching criteria

2) Modify the matching criteria

3) Back

Certificate Validation ->

2 Administration

1) Software Update

2) System Reboot

3) Ping

4) Traceroute

5) Access Rights

6) File Management

7) Certificate Management

8) Back

Admin -> _

2.1 Administration > Software Update

Name of the file for main code upgrade? [vpn3002c.bin]

IP address of the host where the file resides? [10.10.66.10]

(M)odify any of the above (C)ontinue or (E)xit? [M]

2.2 Administration > System Reboot

1) Cancel Scheduled Reboot/Shutdown

2) Schedule Reboot

3) Schedule Shutdown

4) Back

Admin -> _

2.2.2 Administration > System Reboot > Schedule Reboot

1) Save active Configuration and use it at Reboot

2) Reboot without saving active Configuration file

3) Reboot ignoring the Configuration file

4) Back

Admin -> _

2.2.3 Administration > System Reboot > Schedule Shutdown

1) Save active configuration and use it at next reboot

2) Shutdown without saving active Configuration file

3) Shutdown, ignoring the Configuration file at next reboot

4) Back

Admin -> _

2.3 Administration > Ping

> Ping host

Admin -> _

2.4 Administration > Traceroute

> Destination Address/Hostname

Admin -> _

2.5 Administration > Access Rights

1) Administrators

2) Access Settings

3) Back

Admin -> _

2.5.1 Administration > Access Rights > Administrators

Admin -> 1

       Administrative Users

     ------------------------

      Username       Enabled

     ------------------------

      admin          Yes

      config         No

      isp            No

     ------------------------

1) Modify Administrator

2) Back

Admin ->

2.5.2 Administration > Access Rights > Access Settings

1) Set Session Timeout

2) Set Session Limit

3) Set Config File Encryption

4) Zeroize/Regenerate DES Config File Encryption Key

5) Back

Admin -> _

2.6 Administration > File Management

List of Files

-------------

CONFIG       CONFIG.BAK

1) View Config File

2) Delete Config File

3) View Backup Config File

4) Delete Backup Config File

5) View Crashdump File

6) Delete Crashdump File

7) View Savelog File

8) Delete Savelog File

9) View Memory Report

10) Delete Memory Report

11) Swap Config Files

12) Back

File -> _

2.6.11 Administration > File Management > Swap Configuration Files

Every time the active configuration is saved,...

1) Swap

2) Back

Admin -> _

2.7 Administration > Certificate Management

1) Enrollment

2) Installation

3) Certificate Authorities

4) Identity Certificates

5) SSL Certificates

6) Enrollment Status

7) SSH Host Key

8) Back

Certificates -> _

2.7.2 Administration > Certificate Management > Installation

1) Install Certificate Authority

2) Install Certificate obtained via enrollment

3) Back

Certificates -> _

2.7.3 Administration > Certificate Management > Certificate Authorities

Certificate Authorities

1) View Certificate

2) Delete Certificate

3) Configure Certificate

4) Back

Certificates -> _

2.7.4 Administration > Certificate Management > Identity Certificates

Identity Certificates

1) View Certificate

2) Delete Certificate

3) Renew Certificate

3) Back

Certificates -> _

2.7.5 Administration > Certificate Management > SSL Certificates

1) Private SSL Certificate

2) Public SSL Certificate

3) Back

SSL Certificates -> _

2.7.6 Administration > Certificate Management > Enrollment Status

1) View Enrollment Request

2) Install/Activate Enrollment Request

3) Resubmit Enrollment Request

4) Delete/Cancel Enrollment Request

5) Back

Certificates -> _

2.7.7.Administration > Certificate Management > SSH Host Key

1) Generate SSH Host Key

2) Back

SSH Certificate -> _

3 Monitoring

1) Routing Table

2) Event Log

3) System Status

4) User Status

5) General Statistics

6) Back

Monitor -> _

3.1 Monitoring > Routing Table

Routing Table

'q' to Quit, '<SPACE>' to Continue ->

1) Refresh Routing Table

2) Back

Routing -> _

3.2 Monitoring > Event Log

1) Configure Log viewing parameters

2) View Event Log

3) Clear Log

4) Back

Log -> _

3.2.2 Monitoring > Event Log > View Event Log

[Event Log entries]

1) First Page

2) Previous Page

3) Next Page

4) Last Page

5) Back

Log -> _

3.3 Monitoring > System Status

System Status

1) Refresh System Status

2) Reset System Status

3) Restore System Status

4) Connect Now

5) Disconnect Now

6) View Memory Status

7) Back

Status -> _

3.4 Monitoring > User Status

Authenticated Users

-------------------

    Username      IP Address       MAC Address         Login Time      Duration

-------------------------------------------------------------------------------

1) Refresh User Status

2) Log out User

3) Back

Sessions ->

3.5 Monitoring > General Statistics

1) Protocol Statistics

2) Server Statistics

3) MIB II Statistics

4) Back

General -> _

3.4.1 Monitoring > General Statistics > Protocol Statistics

1) IPSec Statistics

2) HTTP Statistics

3) Telnet Statistics

4) DNS Statistics

5) SSL Statistics

6) SSH Statistics

7) PPPoE Statistics

8) NAT Statistics

9) Back

General -> _

3.4.2 Monitoring > General Statistics > Server Statistics

1) DHCP Statistics

2) Back

General -> _

3.4.3 Monitoring > General Statistics > MIB II Statistics

1) Interface-based

2) System-level

3) Back

MIB2 -> _

Table Of Contents