beautypg.com

Unprotected services configuration commands, Unprotected ser vices configuration commands -68, Tunnels. see – Netopia CLI 874 User Manual

Page 80

background image

2-68 Command Line Interface Commands Reference

Unprotected Services Configuration Commands

Note:

These commands are suppor ted beginning with Firmware Version 8.7.4.

When using an IPSec force-all tunnel, Unprotected Ser vices suppor ts router-generated packets with a source IP
address outside the local member range. It works by applying a source address to an internally-generated
router ser vice, and specifies whether the ser vice should not be routed by default over the force-all IPSec tunnel.

This permits suppor ting multiple authentication profles with multiple tunnels, as well as suppor ting
authentication profiles that point to a RADIUS ser ver on the LAN inter face. Other applications such as
TACACS+, SNMP, syslog, NTP and hear tbeat are not forced over the tunnel.

ser vice interface [ ip_address | cp | ethernet ] [ number ]
show ser vice interface [ cp | ethernet ] [ number ]
no ser vice interface

These commands allow you to specify, show, or disable the application of a source address to an internally
generated router ser vice, such that the ser vice should not be routed by default over a force-all IPSec tunnel.

Applicable internally-generated router ser vices are: RADIUS, TACACS+, SNMP, syslog, NTP and hear tbeat.

interface specifies from where the traffic is to be sourced.

For cp or ethernet, the router will look up its inter face address, reducing the chance of error.

If you enter an ip_address that is not a local inter face address, the ser vice may either fail to function or the
router will override the invalid address. It will then use the inter face with a route to the ser ver for the
ser vice.

If no is used with the commands, the value goes back to the default 0.0.0.0 and no.

Note:

Only primar y Ethernet inter faces are suppor ted; ALANs are not suppor ted.

Examples:

remote-server interface 100.110.112.113

remote-server interface cp 3

remote-server interface ethernet 0

remote-server unprotected yes

Unprotected Services Configuration Commands

ser vice interface [ ip_address | cp | ethernet ] [ number ]
show ser vice interface [ cp | ethernet ] [ number ]
no ser vice interface

ser vice unprotected [ yes | no ]
show ser vice unprotected
no ser vice unprotected

See also other documents in the category Netopia Hardware: