Datatek UTM User Manual
Page 39
U T M U s e r ' s M a n u a l
01/18/08
39
5.2.26 CLOSED USER GROUP (CUG) ADMINISTRATION
Syntax: cug < cug num > [ ipaddr=< ip address > ]
[ submask=< ip submask >]
The
cug
command is only visible when the unit is logged in. The <CUG_num> parameter is the
closed user group identifier used to assign the CUG to a user port (with the
port
command), or
the console (with the
console
command). The <CUG_num> may be a value between 1 and 16,
inclusive.
A single IP address and subnet mask pair specifies each CUG. The ipaddr parameter is an
address of an endpoint (or base address of a group of endpoints) to be allowed into the group.
The ipaddr value ANDed with the submask value must agree with the caller’s or destination’s IP
address ANDed with the same submask for a call to be allowed to or from a user port to which
the CUG is assigned. Depending on the submask value, this allows an individual
(submask=255.255.255.255), intermediate, or network-wide level of authorization.
Setting the ipaddr value to 0.0.0.0 deletes any prior configuration for the <CUG_num>. A
<CUG_num> may not be deleted if it is currently assigned to any user port.
A list of all configured CUGs is reported via the
vfy cug
command. The list of closed user groups
associated with a given user port is presented in response to the
vfy port
command.
5.2.27 VERIFY CUG
Syntax: vfy cug
This command is only visible when the unit is logged in. It displays the configuration of all Closed
User Groups.
5.2.28 ASSIGNING A CUG TO THE CONSOLE
Syntax: console cug=<+|->< cug num >
The
console
command is only visible when the unit is logged in. The <CUG_num> parameter is
the closed user group identifier as defined with the
cug
command. A prefix of + will add the
<CUG_num> to the list associated with the telnet console. A prefix of – will delete the
<CUG_num> from the list associated with the telnet console.
If the telnet console is connected at the time a closed user group is defined, the connection must
be allowed in the closed user group. If the connection is not allowed, an error message is
displayed and the association will not take place.