|
|
This chapter describes the command syntax conventions, including privileges and prompts, command types, and text file syntax.
The VPN 5001 concentrator has enabled and normal modes. In normal mode, entered using the first system password, you can view tables and statistics, but cannot modify the configuration.
Enabled mode has an additional password. You can enter enabled mode in the following ways:
If you do not use the command line for 5 minutes, enabled mode times out.
Command line prompts inform you which mode you are in as well as which section and port your commands apply to. The following table describes the prompts in the VPN 5000 software:
| Prompts | Description |
|---|---|
| Privileges |
|
string> | Normal mode. The string depends on the section and port you are configuring. The Edit config mode always uses this symbol, even in enabled mode. |
string# | Enabled mode. The string depends on the section and port you are configuring. |
*string# *string> | You have made changes to the configuration. The * stays until you write or save the configuration to Flash memory. The * does not display in edit config mode. |
| Strings |
|
device_name | Displays when you are not in any section. For example: CiscoVPN_1# |
[ Section Name ] | Displays when you are in a configuration section. All commands entered at this prompt apply to the section and port, number, or name. For example: [ IP Ethernet 0 ]# |
Edit [ Section Name ] | Displays when you are in edit config mode for a section. The prompt always ends with >, even though you are in enabled mode. For example: Edit [ IP Filter "ip-in" ]> |
Append | Displays when you are in the edit config text editor and you are appending a line to a section. The prompt always ends with >, even though you are in enabled mode. |
Depending on the command syntax, you might see a variety of symbols and font styles in this document.
| Style or Symbol | Description |
|---|---|
Boldface | Enter bold text exactly as shown. |
Italics | Indicates a variable for which you supply the value. In contexts that do not allow italics, variables are enclosed in angle brackets (< >). |
Plain text | Plain text represents the screen display, such as a prompt. Do not enter plain text as part of the command. |
<variable> | Indicates a variable for which you supply values, in contexts where italics cannot be used. |
[x] | Keywords in square brackets are optional. |
[x | y] | Keywords in square brackets separated by vertical bars indicate an optional keyword with a choice between values. |
{x | y | z}
| A choice of required keywords appear in braces separated by vertical bars. You must select one. |
[x {y | z}]
| Braces and vertical bars within square brackets indicate a required choice within an optional element. You do not need to select one. If you do, you have some required choices. |
The VPN 5000 software has configuration and management commands.
Configuration commands allow you to configure or edit config a configuration file section, after which all further configuration commands apply to that section. Using the configure command, for example, you enter the section for a particular name or interface:
device# configure IP Ethernet 0
And then enter as many keywords as you want to apply to the section:
[ IP Ethernet 0 ]# keyword = value [ IP Ethernet 0 ]# keyword = value ...
The configure command formats and checks the input and offers a help facility (keyword = ? or [ section ]# Help). Edit config, on the other hand, allows you to enter rules directly into the configuration file with a special text editor. Edit config does not check the syntax or provide help for the particular section. For example, enter the section for a particular name:
device# edit config IP Filter "ip-in"
And then append lines to the section:
Edit [ IP Filter "ip-in" ]> append $ Append> rule1 Append> rule 2 Append> . Edit [ IP Filter "ip-in" ]> exit device#
Management commands can be entered at any time at any prompt, and allow you to:
Some management commands apply to a particular interface, and you have to first specify the interface before entering further commands. Some runtime commands do not have equivalent permanent configurations.
The following figure shows the hierarchy of commands, where commands entered after entering a particular section apply only to that section.
See the Cisco VPN 5000 Concentrator Series Command Reference Guide for a list of commands.
Instead of using the command line, you can manually edit a text file called vpn5001.cfg with the appropriate commands, and download it to the system using TFTP. See "Example Configurations," for sample text files. See the "Copying a Text Configuration File" section to download the file.
The configuration file can be up to 65,500 characters long.
This section describes the syntax for sections and keywords as well as how they fit in text columns.
 |
Note See the Cisco VPN 5000 Concentrator Series Command Reference Guide for a list of sections and keywords. |
In the command line, you enter commands like configure or edit config to access sections to configure. The command line then writes your changes to the text configuration file. To edit the file directly, you simply type the section name enclosed by brackets and list the keyword values or rules under it. For example:
[ IP Ethernet 0 ] IPAddress = 10.1.1.1 SubnetAddress = 255.255.255.0 [ IP Filter "ip-in" ] permit 0.0.0.0 0.0.0.0 tcp dst = smtp permit 0.0.0.0 0.0.0.0 tcp dst = nntp log
Some keywords can occur multiple times in the same section. If you enter multiple instances of a keyword that the software allows only once, the software uses only the first instance.
Keywords with Boolean values accept any version, such as On/Off; True/False; 1/0; Yes/No.
The case does not matter. Use an equal sign (=) to separate the keyword from its value. You can use any amount of white space between the equal sign and the keyword and value. The following keywords all have valid syntax:
keyword1 = value keyWORD2=value KEyWorD3 =value
A section title or keyword must begin in the line's first column to be parsed correctly. If the section begins in any other column, the system ignores it and includes its keyword values with the previous section. If the keyword begins in any other column, the system ignores it and its value.
[ This is one section ] and its data [ Here is another section ] and its data [ This is an invalid section] its data will be included with the previous section
Comments begin with a pound sign (#).
# This is a comment [ New Section ] # So is this
Posted: Wed Sep 27 10:00:45 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.