Use the network configuration CLI commands to set IP addresses, handle bonding/failover, handle secondary functionality, and reset networking.
Use the network configuration CLI commands to:
Restarts just the network configuration. For example, change the IP address, then run this CLI command.
Syntax
restart network
This command shows settings for the network interface used to connect the Guardium® appliance to the desktop LAN. The IP address, mask, state (enabled or disabled) and high availability status will be displayed. If IP high-availability is enabled, the system will display two interfaces (ETH0 and ETH3). Otherwise, only ETH0 will be displayed.
Syntax
show network interface all
Display the IP routing configuration in use.
Syntax
show network routes operational
Example
CLI> show net rout ope
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 nic1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 nic2
0.0.0.0 192.168.3.1 0.0.0.0 UG 0 0 0 nic1
ok
CLI>
Display the current network configuaration.
Syntax
show network verify
CLI> show network verify
Current Network Configuration
--------------------------------------------------------------------------------
Hostname =
--------------------------------------------------------------------------------
Device | Address | Netmask | Gateway | Member of
--------------------------------------------------------------------------------
eth0 |
--------------------------------------------------------------------------------
Ethtool Options
--------------------------------------------------------------------------------
Device | Options (speed,autoneg,duplex)
--------------------------------------------------------------------------------
eth0 |
--------------------------------------------------------------------------------
DNS Servers
--------------------------------------------------------------------------------
Index | DNS Server
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
Static Routes
--------------------------------------------------------------------------------
Device | Index | Address | Netmask | Gateway
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Basic Network Settings VerifiedIf auto-negotiation is available on the switch to which a Guardium port is connected, auto-negotiation will be used, and only the restart option of this command will have any effect. Use this command to enable, disable, or restart auto-negotiation for the network interface named ethN. Use the show network interface inventory command to display all port names.
Syntax
store network interface auto-negotiation <ethN> <on | off | restart>
Show Command
show network interface auto-negotiation
Use this command only when auto-negotiation is not available on the switch to which the Guardium port is connected. This command configures duplex mode for the port named ethn. Use the show network interface inventory command to display all port names.
Syntax
store network interface duplex <ethn> <half | full>
Show Command
show network interface duplex <ethn>
Enables or disables IP Teaming (also known as bonding), which provides a fail-over capability for the Guardium system primary IP address.
The two ports used (ETH0 and a second interface) must be connected to the same network. There is a slight delay, caused by the switch re-learning the port configuration. The default setting is off.
The port used for the primary IP address is always ETH0. When the high-availability option is enabled, the Guardium system automatically fails over, as needed, to the specified second interface, in effect transferring the primary IP address to the second interface.
store network interface high-availability [on <NIC> | off ]There is no show network interface high-availability command.
Resets the network interface MAC addresses stored in the Guardium internal tables. This command should only be used after replacing or moving a network card.
Note: The store network interface inventory command will detect on-board NIC cards within the Guardium appliance and assign these cards as eth0 and eth1. This command should only be run if specifically instructed to by Guardium Support as it can rearrange the NIC cards.
Syntax
CLI> > store network interface inventory
WARNING: Running this function will reorder your NICS and may make the machine unreachable.
WARNING: It is suggested to run this from the console or equivalent.
Are you SURE you want to continue? (y/n)Use the show command to display the port names and MAC addresses of all installed network interfaces.
Syntax
show network interface inventory
Example
CLI> show network interface inventory
Current® network card configuration:
Device| Mac Address| Member of
eth0| 00:50:56:3b:c3:73|
eth1| 00:50:56:8a:0d:fa|
eth2| 00:50:56:8a:0d:fb|
eth3| 00:50:56:8a:00:c1|
Note: The “Member of” will show which NICs are in the bond pair, if a bonding exists).
Sets the primary IP address for the Guardium appliance. When changing the network interface IP address, you may also need to change its subnet mask. See store network interface mask. See store network interface secondary to create and manage a secondary IP address. Bonding/failover is managed from the CLI command, store network interface high-availability.
Syntax
store network interface ip <ip address>
Show Command
show network interface ip
Maps the Ethernet port identified by ethn to the MAC address mac.
Syntax
store network interface map <ethn> <mac>
Sets the subnet mask for the primary IP address. When changing the network interface mask, you may also need to change its IP address. See store network interface ip. Note that the subnet mask for a secondary IP address can be assigned only from the System Configuration panel on the Administration Console.
Syntax
store network interface mask <ip mask>
Use this CLI command to set the MTU (Maximum Transfer Unit).
CLI> store network interface mtu
Usage: store network interface mtu <interface> <mtu>]
where <interface> is the interface name,
that is one of ( eth0 )
and <mtu> is number between 1000 and 9000.Show command
show network interface mtu
eth0 1500
Use this command to locate a physical connector on the back of the appliance. After using the show network interface inventory command to display all port names, use this command to blink the light on the physical port specified by n (the digit following eth in the command - eth0, eth1, eth2, eth3, etc.), 20 times.
Syntax
show network interface port eth<n>
Example
CLI> show network interface port eth1
The orange light on port eth1 will now blink 20 times.
Use this CLI command to remap the NIC.
Syntax
store network interface remap
Use this CLI command to wipe the existing OS network configuration and reapply the stored Guardium network settings.
Syntax
CLI> store network interface reset
WARNING: This command will reset the network configuration to the stored Guardium network settings.
Are you SURE you want to continue? (y/n)Use this command to configure a port on the Guardium system as a secondary management interface with a different IP address, network mask, and gateway from the primary.
store network interface secondary [on <NIC> <ip> <mask> <gateway> | off ]Show command
show network interface secondary
Use this command only when auto-negotiation is not available on the switch to which the Guardium port is connected. This command configures the speed setting for the port named ethn. Use the show network interface inventory command to display all port names.
Syntax
store network interface speed <ethn> <10 | 100 | 1000>
Show Command
show network interface speed <ethn>
Displays the address resolution protocol (ARP) table, which is an operational system value. This command is provided for support purposes only.
Syntax
show network arp-table
Example
CLI> sho net arp
IP address HW type Flags HW address Mask Device
192.168.3.1 0x1 0x2 00:0E:D7:98:07:7F * nic1
192.168.3.20 0x1 0x2 00:C0:9F:40:33:30 * nic1
ok
CLI>
Displays a list of MAC addresses (like the show network interface inventory command).
Syntax
show network macs
Example
Current network card configuration:
Device| Mac Address| Member of
eth0| 00:50:56:3b:c3:73|
eth1| 00:50:56:8a:0d:fa|
eth2| 00:50:56:8a:0d:fb|
eth3| 00:50:56:8a:00:c1|
Note: The “Member of” will show which NICs are in the bond pair, if a bonding exists).
ok
Usage: store network interface ip <ip>, where IP is a valid IP6 address.
Sets the interface definition for the network interface card that connects to the server that is to be proxied. Set on when in transparent proxy mode, off when in manual proxy mode.
Syntax
store network interface appmaskingnic [on <interface> <ip> <mask> | off]
Where ip is an IP address in the same subnet as the application server to be proxied, and mask is the mask of that same subnet.
Show Command
show network interface appmaskingnic
Sets the IP address for the first, second, or third DNS server to be used by the Guardium appliance. Each resolver address must be unique. To remove a DNS server, enter null instead of an IP address.
Syntax
store network resolver <1 | 2 | 3> <ip address | null>
Show Command
show network resolver <1 | 2 | 3>
Sets the IP address for the default router to the specified value.
Syntax
store network routes defaultroute <ip address>
Show Commands
show network routes defaultroute
Permit the user to have only one IP address per appliance (through eth0) and direct traffic through different routers using static routing tables. Add line to static routing table.
Syntax
store network routes static
Show Command
List the current static routes, with IDs - Device, Index, Address, Netmask, Gateway
show network routes static
Delete command
delete network routes static
Sets the system domain name to the specified value.
Syntax
store system domain <value>
Show Command
show system domain
Sets the system's host name to the specified value.
Syntax
store system hostname <value>
Show Command
show system hostname