CLI Installation Wizard

You can use the CLI Installation Wizard for the initial installation. The installation program enables you to install and configure LinkProof without any specific networking knowledge.

Examples

CLI Installation Wizard Configuration Examples

The following examples are possible configurations using the CLI Installation Wizard.

Figure 1: Three ISPs connected

A	Three (3) ISPs connected

CLI Wizard supported network configuration:

—	Three (3) ISPs configured per router

—	Different interface per ISP

—	Four (4) different subnets (one per interface)

Figure 2: Regular VLAN (bridge)

B	Regular VLAN (bridge)

CLI Wizard Supported Network Configuration:

—	Two (0) ISP configured per router

—	Both ISP 1 (LP Interface 2, 192.168.10.0/24) and internal LAN (Interface 1) — subnet 192.168.10.0/24 are on the same subnet

—	ISP on LP Interface 3 — subnet 192.168.30.0/24

To install and configure LinkProof using the CLI Installation Wizard

1.	Connect the serial console to the platform.

2.	Open a terminal-emulation application with the following parameters:

 

Parameter	Value
Bits per second	19200
Data bits	8
Parity	None
Stop bits	1
Flow Control	None

3.	Turn on the power to the device. After the boot process is complete, the start-up menu is displayed.

Note

An initial default configuration is provided. When a device boots up for the first time, if the startup is not used for 30 seconds, and a boot-up server is not found within another 30 seconds, default settings are assigned to the device. The initial default configuration consists of the following: • Private IP address (192.168.1.1) • Subnet mask (255.255.255.0) • Port number for management. The port number depends on the platform.   For OnDemand Switch platforms, the default is G-1.   • NMS IP address (0.0.0.0, allowing any station to manage the device using SNMP). • Community string, public • Telnet, SSH, SSL and WBM are enabled with a default user of radware with    password radware.

4.	Type @ and press Enter. The device displays the following message:

Would you like to use new CLI configuration wizard (y/n) [y]:

5.	Enter y. The CLI Wizard Configuration menu is displayed.

Note	If you enter n, the CLI wizard returns to the original configuration wizard where you can configure the device with an IP address for initial access only.

6.	Enter the values for the menu items according to Table 3 - CLI Wizard Configuration, page 45.

The device enters a default value for the incomplete parameters, with the exception of the IP address, which is mandatory. A validity check of all the parameters is then performed.

Some menu items may relate to additional information, which you can find in Table 4 - Inbound Traffic Startup Configuration, page 47, Table 6 - ISP Startup Configuration, page 49, and Table 7 - Interface Numbering Conventions, page 51.

7.	Press Enter. Static Port Address Translation (Static PAT) is an option, and offers the following inbound services:

 

Service	Default
Web (HTTP)	TCP port 80
Web SSL (HTTPS)	TCP 443
FTP	TCP port 21 and 20
Mail (SMTP)	TCP port 25
VPN (IPsec)	UDP and TCP port 500 plus AH/ESP L3

Static PAT allows you to configure up to three servers, each with up to five services with the following limitation: starting from one server with all the five services or five servers (with different IP addresses) with one service each, or a combination of the above.

8.	Press Enter.

When using inbound services with Static PAT, management ports have to be disabled in order to prevent a conflict with inbound services.

The following ports have been chosen by Radware using RFC 4340. You can alternatively use an optional port recommended by IANA (Internet Assigned Numbers Authority) — 
http://www.iana.org/assignments/port-numbers.

 

Service	Port Selected by Radware
Web SSL (HTTPS)	TCP 9062
FTP	TCP port 9061

Notes

>>	A message is sent to the use to inform the user that the configuration was successful.

>>	An error message is displayed if the ports used were in conflict and the configuration was unsuccessful.

>>	If the IP address of the inbound port and the outbound port belong to the same subnet, the following configuration is derived from the topology: • Inbound and outbound ports become members of the 1 VLAN Bridge group. • Radware ensures that all IP addresses belong to the same subnet mask.

 

Table 3: CLI Wizard Configuration

Item	CLI Description	Remark
Enable management port	(y/n) [n]	For OnDemand Switch VL platforms only, this parameter specifies whether the port labeled G6 / MNG1 is configured for management purposes.   Default: n
IP Address		The IP address of the interface is the only mandatory parameter. This address is used to access the device. Default: 255.255.0.0
IP subnet mask		The IP subnet mask address of the device. Default: The mask of the IP address class
Port number		Device port number to which the IP interface is defined. For a list of available ports per platform, see Table 7 - Interface Numbering Conventions, page 51. Default: 1 Note: The value is case-sensitive.
User name		A user name which is added to the Users Table. Default: radware
User password		The password used to access the device remotely using Web Based Management, Telnet or SSH. Default: radware
Enable management port SSH Access	(y/n) [y]	Specifies whether Web access to the device is enabled. Values: y, n Default: y
Enable management port Secure Web Access	(y/n) [y]	Specifies whether to enable SSH access for device management.
Enable management port SNMP Access	(y/n) [y]	Specifies whether to enable Web SSL access for device management.
Enable ping response on all NHR ports	(y/n) [n]	Specifies whether to enable a ping response on all router ports of the device.
Set Client Table size between 1000 and <MaxClientTableSize>	[<Recommended size>]	Specifies the Client Table Size with values between 1000 and the maximum recommended value for your specific physical platform. Default: The recommended size, which is the approximate average between 1000 and the maximum size of the client table. The maximum size of the client table depends on the memory of the device. Caution It is not recommended to set the Client Table Size to maximum, because it might render the device without operational memory. If you configure higher values, you should check the memory consumption using Web Based Management (Service > Tuning > Memory Check) or CLI (using the command system tune check-memory-capacity).
Remote management IP address	(0 for none) [0]	Specifies the IP address for the remote management port.
ISP configuration	(press <Enter> to configure)	Accesses the ISP Startup Configuration submenu to configure routers NAT by defining the IP address of the routers as well as the IP addresses of the LinkProof interfaces. For a description of the ISP Startup Configuration submenu items, see Table 6 - ISP Startup Configuration, page 49.
Inbound Traffic configuration	(press <Enter> to configure)	Accesses the Inbound Traffic Startup Configuration submenu. This enables you to configure Static Port Address Translation (Static PAT) options. Static PAT allows you to configure up to three servers, each with up to five services with the following limitation: starting from one server with all the five services or five servers (with different IP addresses) with one service each, or a combination of the above. When using inbound services with Static PAT, management ports have to be disabled in order to prevent a conflict with inbound services. For a description of the Inbound Traffic Startup Configuration menu items, see Table 4 - Inbound Traffic Startup Configuration, page 47.
SNMP configuration	(press <Enter> to configure)	Accesses the SNMP Startup Configuration submenu. For a description of the SNMP Startup Configuration submenu items, see Table 2 - SNMP Startup Configuration Submenu, page 41.

 

Table 4: Inbound Traffic Startup Configuration

#	Item	CLI Description	Remark
0	Internal Web server IP address	(0 for none) [0]	Optionally specifies an internal Web (HTTP) server with an IP address. TCP port is 80. Default: 0
1	Internal Web server domain name	(0 for none) [0]	When item 0 has a value other than 0, this parameter specifies the relevant domain name. Default: 0
2	Internal FTP server IP address	(0 for none) [0]	Optionally specifies an internal FTP server with an IP address. When specified, the device sets the TCP port 9061 to instead of the well known TCP port 21 and 20.i  Default: 0
3	Internal FTP server domain name	(0 for none) [0]	When item 2 has a value other than 0, this parameter specifies the relevant domain name. Default: 0
4	Internal SMTP server IP address	(0 for none) [0]	Optionally specifies an internal Mail (SMTP) server with an IP address. TCP port 25. Default: 0
5	Internal SMTP server domain name	(0 for none) [0]	When item 4 has a value other than 0, this parameter specifies the relevant domain name. Default: 0
6	Internal HTTPS server address	(0 for none) [0]	Optionally specifies an internal Web SSL (HTTPS) with an IP address. When specified, the device sets the TCP port 9062 to instead of the well known 443.1 Default: 0
7	Internal HTTPS server domain name	(0 for none) [0]	When item 6 has a value other than 0, this parameter specifies the relevant domain name. Default: 0
8	Internal IPSec server IP address	(0 for none) [0]	Optionally specifies an internal VPN (IPsec) server with an IP address. UDP and TCP port 500 plus AH/ESP L3. Default: 0
9	Internal IPSec server domain name	(0 for none) [0]	When item 8 has a value other than 0, this parameter specifies the relevant domain name. Default: 0

---

1

Radware has chosen this port using RFC 4340. You can alternatively use an optional port recommended by IANA (Internet Assigned Numbers Authority) — 
http://www.iana.org/assignments/port-numbers.

 

Table 5: SNMP Startup Configuration Submenu

#	Item	Additional CLI Text	Description
0	Supported SNMP versions	[1 2 3]	Indicates which versions of the SNMP protocol are supported by the device. Values: 1, 2, 3 Default: 1 2 3 — that is, 1 and 2 and 3
1	Community	[public]	Device Community name. Default: public
2	SNMP root user		Specifies the use for SNMPv3. Default: radware
3	Privacy Protocol	(NONE/DES) [DES]	Specifies whether to enable privacy or disable. Values: NONE, DES1 Default: DES
4	Privacy Password		The password for the SNMPv3 User. Default: No password
5	Authentication Protocol	(NONE/SHA/MD5 [MD5]	Specifies whether to use authentication and the authentication protocol. Must be used in conjunction with privacy. Values: NONE, SHA2, MD53 Default: MD5
6	Authentication Password		The password for the SNMPv3 authentication. Default: No password
7	NMS IP Address		The required NMS IP address. Enter a value if you require to limit the device to a single specified NMS. Default: 0.0.0.0 — That is, any NMS
8	Configuration file name		The name of the file, in a format required by the server, which contains the configuration. Select this parameter when you need to download a configuration file as NMS. The file must be located on the NMS, and the NMS must be located on a TFTP server. When you exit the Startup Configuration window, the device loads the configuration file from the NMS, resets and starts operating with the new configuration. Default: cfg1

---

1

Data Encryption Standard

2

Secure Hash Algorithm

3

Message-Digest algorithm 5

 

Table 6: ISP Startup Configuration

#	Item	CLI Description	Remark
0	Router IP address of ISP 1
1	Mask address for ISP 1		Default: 255.0.0.0
2	LinkProof IP interface address for ISP 1
3	LinkProof physical port numbers facing ISP 1
4	Set operating mode for the ISP server	(regular or backup) (r/b) [r]	Regular is for load balancing. Backup is for high availability.
5	Do you want to use Dynamic-NAT for the ISP	(y/n) [y]	Specifies whether Dynamic NAT is used. If yes, you must specify the IP Interface of that specific Interface, the NAT Address. Default: y
6	Router IP address of ISP 2	(no to skip this ISP definition) [no]	Default: no
7	Mask address for ISP 2
8	LinkProof IP interface address for ISP 2
9	LinkProof physical port numbers facing ISP 2
10	Set operating mode for the ISP server	(regular or backup) (r/b) [r]	Regular is for load balancing Backup is for high availability. Default: r
11	Do you want to use Dynamic-NAT for the ISP	(y/n) [y]
12	Router IP address of ISP 3	(no to skip this ISP definition) [no]
13	Mask address for ISP 3
14	LinkProof IP interface address for ISP 3
15	LinkProof physical port numbers facing ISP 3
16	Set operating mode for the ISP server	(regular or backup) (r/b) [r]
17	Do you want to use Dynamic-NAT for the ISP	(y/n) [y]
18	Load Balancing Method	(use up/down keys) [Least amount of traffic]	Values: • Least amount of traffic • Cyclic • Least number of bytes • Fewest number of Users • Hashing • Response time Default: Least amount of traffic For more information, see Dispatch Methods.