Anybus Defender Compact 1004
Configurations can be performed using the GUI (Anybus Defender Compact Manager software V1.2.8), including NAT, firewall rules, general settings, and logs. However, the available configuration options are limited depending on more advanced use cases. The Compact 1004 - NAT/FW has been further developed to support SSH. Through the CLI, the Compact 1004 - NAT/FW can be configured accordingly.
A visual clarification is shown below.
Start with connecting to the Compact 1004 -NAT/FW through SSH CLI
If WAN or LAN interfaces are set to anything other than disabled, then connecting through SSH is possible. In this use-case, connecting from client to destination USB port using SSH is executed with the command:
ssh [email protected]
" [email protected]'s password: <back_of_the_device> " When connected, hold "shift + ?"
This will print a list of options provided by the CLI menu.
DeviceName#
config general system settings
exit exit and logout
reboot halt and perform a cold restart
show shows system values
update firmware update
write saves all current changes into the flashThe device's interfaces can be configured through "config" option. After running "config"
The name display-name in the console of the device will change to "DeviceName(config)#" and display options with "Shift + ?"
To configure the interfaces, set an IP address and subnet to each LAN port by running
DeviceName(config)# interface ethernet <cr>
" DeviceName(config-if-interface0)# "Where:
"0" is WAN interface.
"1" is LAN 1 interface.
"2" is LAN 2 interface.
"3" is LAN 3 interface.
Assigning each interface in a numeric order does not determine their function except
hw-interface <cr>That changing "<cr>" to be entered as above and adding ip addresses with
ip address <0.0.0.0 255.255.255.255> will change default configurations of LAN ports and WAN port. To display what interfaces are configured, exit back to "DeviceName#" and enter the following
show interfacesor
show running-configA list of interfaces/configurations are printed.
Find "interface" and next to it, a number that was assigned during set up (interface ethernet <cr>), usually recent configurations at the bottom or just above NAT (example "nat-net") and Firewall (example "filter-wanlan").
Firewall rules are not automatically added once configurations are set through this article. Image for reference beneath the article headline explains general topology and Firewall rules ("FW rules"). By default, the Compact - NAT/FW denies traffic passing from each direction (WAN > LAN and LAN > WAN).
Navigate to "config" -> "filter-lanwan"
"DeviceName(config-filter-lanwan)#"and set rules from traffic passing LAN to destination ip address through WAN
" rule 0 <source_port> <any> <any> <from_ip_address> <protocol> <action> Comment <active/disabled> none none "
rule 0 any 172.10.0.14 any any 192.168.0.55 502 tcp accept Comment active none none
rule 1 any 10.10.0.99 any any 192.168.0.55 502 tcp accept Comment active none none
rule 2 any 192.168.10.20 any any 192.168.0.55 502 tcp accept Comment active none noneSave changes with
DeviceName(config-filter-wanlan)# commitand
DeviceName# write