Command
Class List Table |
||
Firewall
Related Command |
Wireless LAN Related Command |
Bridge Related Command |
Radius Related Command |
802.1x
Related Command |
To issue the CI commands, you can either use telnet or console connection, and then go to SMT menu 24.8.
Command Syntax and General User Interface
CI has the following command syntax:
command <iface | device > subcommand [param]
command subcommand [param]
command ? | help
command subcommand ? | help
General user interface:
1. |
? | Shows the following commands and all major (sub)commands |
2. |
exit | Returns to SMT |
Command |
Description |
|||
sys |
|
|
|
|
|
adjtime |
|
|
retrive
date and time from Internet |
|
callhist |
|
|
|
|
|
display |
|
display
call history |
|
|
remove |
<index> |
remove
entry from call history |
|
countrycode
|
|
[countrycode] |
set
country code |
|
date
|
|
[year
month date] |
set/display
date |
|
domainname |
|
|
display
domain name |
|
edit
|
|
<filename> |
edit
a text file |
|
extraphnum |
|
|
maintain
extra phone numbers for outcalls |
|
|
add
|
<set
1-3> <1st phone num> [2nd phone num] |
add
extra phone numbers |
|
|
display |
|
display
extra phone numbers |
|
|
node |
<num> |
set
all extend phone number to remote node <num> |
|
|
remove
|
<set
1-3> |
remove
extra phone numbers |
|
|
reset |
|
reset
flag and mask |
|
feature |
|
|
display
feature bit |
|
hostname
|
|
[hostname] |
display
system hostname |
|
logs |
|
|
|
|
|
category |
|
|
|
|
|
access
[0:none/1:log/2:alert/3:both] |
record
the access control logs |
|
|
|
attack
[0:none/1:log/2:alert/3:both] |
record
and alert the firewall attack logs |
|
|
|
display |
display
the category setting |
|
|
|
error
[0:none/1:log/2:alert/3:both] |
record
and alert the system error logs |
|
|
|
ipsec
[0:none/1:log/2:alert/3:both] |
record
the access control logs |
|
|
|
ike
[0:none/1:log/2:alert/3:both] |
record
the access control logs |
|
|
|
javablocked
[0:none/1:log] |
record
the java etc. blocked logs |
|
|
|
mten
[0:none/1:log] |
record
the system maintenance logs |
|
|
|
upnp
[0:none/1:log] |
record
upnp logs |
|
|
|
urlblocked
[0:none/1:log/2:alert/3:both] |
record
and alert the web blocked logs |
|
|
|
urlforward
[0:none/1:log] |
record
web forward logs |
|
|
clear |
|
clear
log |
|
|
display |
[access|attack|error|ipsec|ike|javablocked|mten|urlblocked|urlfor ward] |
display
all logs or specify category logs |
|
|
errlog |
|
|
|
|
|
clear |
display
log error |
|
|
|
disp |
clear
log error |
|
|
|
online |
turn
on/off error log online display |
|
|
load |
|
load
the log setting buffer |
|
|
mail |
|
|
|
|
|
alertAddr
[mail address] |
send
alerts to this mail address |
|
|
|
display |
display
mail setting |
|
|
|
logAddr
[mail address] |
send
logs to this mail address |
|
|
|
schedule
display |
display
mail schedule |
|
|
|
schedule
hour [0-23] |
hour
time to send the logs |
|
|
|
schedule
minute [0-59] |
minute
time to send the logs |
|
|
|
schedule
policy [0:full/1:hourly/2:daily/3:weekly/4:none] |
mail
schedule policy |
|
|
|
schedule
week [0:sun/1:mon/2:tue/3:wed/4:thu/5:fri/6:sat] |
weekly
time to send the logs |
|
|
|
server
[domainName/IP] |
mail
server to send the logs |
|
|
|
subject
[mail subject] |
mail
subject |
|
|
save |
|
save
the log setting buffer |
|
|
syslog |
|
|
|
|
|
active
[0:no/1:yes] |
active
to enable unix syslog |
|
|
|
display |
display
syslog setting |
|
|
|
facility
[Local ID(1-7)] |
log
the messages to different files |
|
|
|
server
[domainName/IP] |
syslog
server to send the logs |
|
log |
|
|
|
|
|
clear |
|
clear
log error |
|
|
disp |
|
display
log error |
|
|
online
|
[on|off] |
turn
on/off error log online display |
|
|
resolve |
|
Resolve
mail server and syslog server address |
|
mbuf |
|
|
|
|
|
link |
link |
list
system mbuf link |
|
|
pool
|
<id>
[type] |
list
system mbuf pool |
|
|
status |
|
display
system mbuf status |
|
|
disp |
<address> |
display
mbuf status |
|
|
cnt |
|
|
|
|
|
disp |
display
system mbuf count |
|
|
|
clear |
clear
system mbuf count |
|
|
debug
|
[on|off] |
|
|
pwderrtm |
|
[minute] |
Set
or display the password error blocking timeout value. |
|
rn |
|
|
|
|
|
load |
<entry
no.> |
load
remote node information |
|
|
disp
|
<entry
no.>(0:working buffer) |
display
remote node information |
|
|
nat
|
<none|sua|full_feature> |
config
remote node nat |
|
|
nailup |
<no|yes> |
config
remote node nailup |
|
|
mtu |
<value> |
set
remote node mtu |
|
|
save |
[entry
no.] |
save
remote node information |
|
smt |
|
|
not
support in this product |
|
stdio |
|
[minute] |
change
terminal timeout value |
|
time
|
|
[hour
[min [sec]]] |
display/set
system time |
|
trcdisp |
|
|
monitor
packets |
|
trclog |
|
|
|
|
trcpacket |
|
|
|
|
syslog |
|
|
|
|
|
server |
[destIP] |
set syslog server IP address |
|
|
facility |
<FacilityNo> |
set
syslog facility |
|
|
type
|
[type] |
set/display syslog type flag |
|
|
mode |
[on|off] |
set
syslog mode |
|
version |
|
|
display
RAS code and driver version |
|
view |
|
<filename> |
view
a text file |
|
wdog |
|
|
|
|
|
switch |
[on|off] |
set
on/off wdog |
|
|
cnt |
[value] |
display
watchdog counts value: 0-34463 |
|
romreset |
|
|
restore
default romfile |
|
server |
|
|
|
|
|
access |
<telnet|ftp|web|icmp|snmp|dns>
<value> |
set
server access type |
|
|
load |
|
load
server information |
|
|
disp |
|
display
server information |
|
|
port |
<telnet|ftp|web|snmp> <port> |
set
server port |
|
|
save |
|
save
server information |
|
|
secureip |
<telnet|ftp|web|icmp|snmp|dns>
<ip> |
set
server secure ip addr |
|
fwnotify |
|
|
|
|
|
load |
|
load
fwnotify entry from spt |
|
|
save |
|
save
fwnotify entry to spt |
|
|
url |
<url> |
set
fwnotify url |
|
|
days |
<days> |
set
fwnotify days |
|
|
active |
<flag> |
turn
on/off fwnotify flag |
|
|
disp |
|
display
firmware notify information |
|
|
check |
|
check
firmware notify event |
|
|
debug |
<flag> |
turn
on/off firmware notify debug flag |
|
cmgr |
|
|
|
|
|
trace |
|
|
|
|
|
disp
<ch-name> |
show
the connection trace of this channel |
|
|
|
clear
<ch-name> |
clear
the connection trace of this channel |
|
|
cnt |
<ch-name> |
show
channel connection related counter |
|
socket |
|
|
display
system socket information |
|
filter |
|
|
|
|
|
netbios |
|
|
|
roadrunner |
|
|
|
|
|
debug |
<level> |
enable/disable
roadrunner service |
|
|
display |
<iface
name> |
display
roadrunner information |
|
|
restart |
<iface
name> |
restart
roadrunner |
|
ddns |
|
|
|
|
|
debug |
<level> |
enable/disable
ddns service |
|
|
display |
<iface
name> |
display
ddns information |
|
|
restart |
<iface
name> |
restart
ddns |
|
|
logout |
<iface
name> |
logout
ddns |
|
cpu |
|
|
|
|
|
display |
|
display
CPU utilization |
|
filter |
|
|
|
|
|
netbios |
|
|
|
upnp |
|
|
|
|
|
active |
[0:no/1:yes] |
Activate
or deactivate the saved upnp settings |
|
|
config |
[0:deny/1:permit] |
Allow
users to make configuration changes. through UPnP |
|
|
display |
|
display
upnp information |
|
|
firewall |
[0:deny/1:pass] |
Allow
UPnP to pass through Firewall. |
|
|
load |
|
save
upnp information |
|
|
save |
|
save
upnp information |
Command |
Description |
|||
exit |
|
|
|
exit
smt menu |
Command |
Description |
|||
dev |
|
|
|
|
|
channel |
|
|
|
|
|
drop |
<channel_name> |
drop
channel |
|
dial |
|
<node#> |
dial
to remote node |
Command |
Description |
|||
ether |
|
|
|
|
|
config |
|
|
display
LAN configuration information |
|
driver |
|
|
|
|
|
cnt |
|
|
|
|
|
disp
<name> |
display
ether driver counters |
|
|
ioctl |
<ch_name> |
Useless
in this stage. |
|
|
status |
<ch_name> |
see
LAN status |
|
version |
|
|
see
ethernet device type |
|
pkttest |
|
|
|
|
|
disp |
|
|
|
|
|
packet
<level> |
set
ether test packet display level |
|
|
|
event
<ch> [on|off] |
turn
on/off ether test event display |
|
|
sap |
[ch_name] |
send
sap packet |
|
|
arp |
<ch_name>
<ip-addr> |
send
arp packet to ip-addr |
|
debug |
|
|
|
|
|
disp |
<ch_name> |
display
ethernet debug infomation |
|
|
level |
<ch_name>
<level> |
set
the ethernet debug level |
|
edit |
|
|
|
|
|
load |
<ether
no.> |
load
ether data from spt |
|
|
mtu |
<value> |
set
ether data mtu |
|
|
accessblock |
<0:disable
1:enable> |
block internet access |
|
|
save |
|
save
ether data to spt |
Command |
Description |
|||
poe |
|
|
|
|
|
status |
|
[ch_name] |
see
poe status |
|
dial |
|
<node> |
dial
a remote node |
|
drop |
|
<node> |
drop
a pppoe call |
|
ether |
|
[rfc|3com] |
set
/display pppoe ether type |
Command |
Description |
|||
pptp |
|
|
|
|
|
dial |
|
<rn-name> |
dial
a remote node |
|
drop |
|
<rn-name> |
drop
a remote node call |
|
tunnel |
|
<tunnel
id> |
display
pptp tunnel information |
Configuration Related Command Home
Command |
Description |
||||
config |
The
parameters of config are listed below. |
||||
edit |
firewall |
active
<yes|no> |
|
|
Activate
or deactivate the saved firewall settings |
retrieve |
firewall |
|
|
|
Retrieve
current saved firewall settings |
save |
firewall |
|
|
|
Save
the current firewall settings |
display |
firewall |
|
|
|
Displays
all the firewall settings |
|
|
set
<set#> |
|
|
Display
current entries of a set configuration; including timeout values, name,
default-permit, and number of rules in the set. |
|
|
set
<set#> |
rule
<rule#> |
|
Display
current entries of a rule in a set. |
|
|
attack |
|
|
Display
all the attack alert settings in PNC |
|
|
e-mail |
|
|
Display
all the e-mail settings in PNC |
|
|
? |
|
|
Display
all the available sub commands |
|
|
e-mail |
mail-server
<mail server IP> |
|
Edit
the mail server IP to send the alert |
|
|
|
return-addr
<e-mail address> |
|
Edit
the mail address for returning an email alert |
|
|
|
e-mail-to
<e-mail address> |
|
Edit
the mail address to send the alert |
|
|
|
policy
<full | hourly |daily | weekly> |
|
Edit
email schedule when log is full or per hour, day, week. |
|
|
|
day
<sunday | monday | tuesday | wednesday | thursday | friday | saturday> |
|
Edit
the day to send the log when the email policy is set to Weekly |
|
|
|
hour
<0~23> |
|
Edit
the hour to send the log when the email policy is set to daily or weekly |
|
|
|
minute
<0~59> |
|
Edit
the minute to send to log when the email policy is set to daily or weekly |
|
|
|
Subject
<mail subject> |
|
Edit
the email subject |
|
|
attack |
send-alert
<yes|no> |
|
Activate
or deactivate the firewall DoS attacks notification emails |
|
|
|
block
<yes|no> |
|
Yes:
Block the traffic when exceeds the tcp-max-incomplete threshold |
|
|
|
|
|
No:
Delete the oldest half-open session when exceeds the tcp-max-incomplete
threshold |
|
|
|
block-minute
<0~255> |
|
Only
valid when sets 'Block' to yes. The unit is minute |
|
|
|
minute-high
<0~255> |
|
The
threshold to start to delete the old half-opened sessions to minute-low |
|
|
|
minute-low
<0~255> |
|
The
threshold to stop deleting the old half-opened session |
|
|
|
max-incomplete-high
<0~255> |
|
The
threshold to start to delete the old half-opened sessions to
max-incomplete-low |
|
|
|
max-incomplete-low
<0~255> |
|
The
threshold to stop deleting the half-opened session |
|
|
|
tcp-max-incomplete
<0~255> |
|
The
threshold to start executing the block field |
|
|
set
<set#> |
name
<desired name> |
|
Edit
the name for a set |
|
|
|
default-permit
<forward|block> |
|
Edit
whether a packet is dropped or allowed when it does not match the default
set |
|
|
|
icmp-timeout
<seconds> |
|
Edit
the timeout for an idle ICMP session before it is terminated |
|
|
|
udp-idle-timeout
<seconds> |
|
Edit
the timeout for an idle UDP session before it is terminated |
|
|
|
connection-timeout
<seconds> |
|
Edit
the wait time for the SYN TCP sessions before it is terminated |
|
|
|
fin-wait-timeout
<seconds> |
|
Edit
the wait time for FIN in concluding a TCP session before it is terminated |
|
|
|
tcp-idle-timeout
<seconds> |
|
Edit
the timeout for an idle TCP session before it is terminated |
|
|
|
pnc
<yes|no> |
|
PNC
is allowed when 'yes' is set even there is a rule to block PNC |
|
|
|
log
<yes|no> |
|
Switch
on/off sending the log for matching the default permit |
|
|
|
rule
<rule#> |
permit
<forward|block> |
Edit
whether a packet is dropped or allowed when it matches this rule |
|
|
|
|
active
<yes|no> |
Edit
whether a rule is enabled or not |
|
|
|
|
protocol
<0~255> |
Edit
the protocol number for a rule. 1=ICMP, 6=TCP, 17=UDP... |
|
|
|
|
log
<none|match|not-match|both> |
Sending
a log for a rule when the packet none|matches|not match|both the rule |
|
|
|
|
alert
<yes|no> |
Activate
or deactivate the notification when a DoS attack occurs or there is a
violation of any alert settings. In case of such instances, the function
will send an email to the SMTP destination address and log an alert. |
|
|
|
|
srcaddr-single
<ip address> |
Select
and edit a source address of a packet which complies to this rule |
|
|
|
|
srcaddr-subnet
<ip address> <subnet mask> |
Select
and edit a source address and subnet mask if a packet which complies to
this rule. |
|
|
|
|
srcaddr-range
<start ip address> <end ip address> |
Select
and edit a source address range of a packet which complies to this rule. |
|
|
|
|
destaddr-single
<ip address> |
Select
and edit a destination address of a packet which complies to this rule |
|
|
|
|
destaddr-subnet
<ip address> <subnet mask> |
Select
and edit a destination address and subnet mask if a packet which complies
to this rule. |
|
|
|
|
destaddr-range
<start ip address> <end ip address> |
Select
and edit a destination address range of a packet which complies to this
rule. |
|
|
|
|
tcp
destport-single <port#> |
Select
and edit the destination port of a packet which comply to this rule. For
non-consecutive port numbers, the user may repeat this command line to
enter the multiple port numbers. |
|
|
|
|
tcp
destport-range <start port#> <end port#> |
Select
and edit a destination port range of a packet which comply to this rule. |
|
|
|
|
udp
destport-single <port#> |
Select
and edit the destination port of a packet which comply to this rule. For
non-consecutive port numbers, users may repeat this command line to enter
the multiple port numbers. |
|
|
|
|
udp
destport-range <start port#> <end port#> |
Select
and edit a destination port range of a packet which comply to this rule. |
|
|
|
|
desport-custom
<desired custom port name> |
Type
in the desired custom port name |
delete |
firewall |
e-mail |
|
|
Remove
all email alert settings |
|
|
attack |
|
|
Reset
all alert settings to defaults |
|
|
set
<set#> |
|
|
Remove
a specified set from the firewall configuration |
|
|
set
<set#> |
rule
<rule#> |
|
Remove
a specified rule in a set from the firewall configuration |
insert |
firewall |
e-mail |
|
|
Insert
email alert settings |
|
|
attack |
|
|
Insert
attack alert settings |
|
|
set
<set#> |
|
|
Insert
a specified rule set to the firewall configuration |
|
|
set
<set#> |
rule
<rule#> |
|
Insert
a specified rule in a set to the firewall configuration |
cli |
|
|
|
|
Display
the choices of command list. |
debug |
<1|0> |
|
|
|
Turn
on|off trace for firewall debug information. |
Command |
Description |
|||
ip |
|
|
|
|
|
address |
|
[addr] |
display
host ip address |
|
alias |
|
<iface> |
alias
iface |
|
aliasdis |
|
<0|1> |
disable
alias |
|
arp |
|
|
|
|
|
status |
<iface> |
display
ip arp status |
|
dhcp |
|
<iface> |
|
|
|
client |
|
|
|
|
|
release |
release
DHCP client IP |
|
|
|
renew |
renew
DHCP client IP |
|
|
status |
[option] |
show
dhcp status |
|
dns |
|
|
|
|
|
query |
|
|
|
|
server |
<primary>
[secondary] [third] |
set
dns server |
|
|
stats |
|
|
|
|
|
clear |
clear
dns statistics |
|
|
|
disp |
display
dns statistics |
|
httpd |
|
|
|
|
icmp |
|
|
|
|
|
status |
|
display
icmp statistic counter |
|
|
discovery |
<iface>
[on|off] |
set
icmp router discovery flag |
|
ifconfig |
|
[iface] [ipaddr] [broadcast <addr>
|mtu <value>|dynamic] |
configure
network interface |
|
ping |
|
<hostid> |
ping
remote host |
|
route |
|
|
|
|
|
status |
[if] |
display
routing table |
|
|
add |
<dest_addr|default>[/<bits>]
<gateway> [<metric>] |
add
route |
|
|
addiface |
<dest_addr|default>[/<bits>]
<gateway> [<metric>] |
add
an entry to the routing table to iface |
|
|
addprivate |
<dest_addr|default>[/<bits>]
<gateway> [<metric>] |
add
private route |
|
|
drop |
<host
addr> [/<bits>] |
drop
a route |
|
smtp |
|
|
|
|
status |
|
|
display
ip statistic counters |
|
stroute |
|
|
|
|
|
display |
[rule
# | buf] |
display
rule index or detail message in rule. |
|
|
load |
<rule
#> |
load
static route rule in buffer |
|
|
save |
|
save
rule from buffer to spt. |
|
|
config |
|
|
|
|
|
name
<site name> |
set
name for static route. |
|
|
|
destination
<dest addr>[/<bits>] <gateway> [<metric>] |
set
static route destination address and gateway. |
|
|
|
mask
<IP subnet mask> |
set
static route subnet mask. |
|
|
|
gateway
<IP address> |
set
static route gateway address. |
|
|
|
metric
<metric #> |
set
static route metric number. |
|
|
|
private
<yes|no> |
set
private mode. |
|
|
|
active
<yes|no> |
set
static route rule enable or disable. |
|
traceroute |
|
<host>
[ttl] [wait] [queries] |
send
probes to trace route of a remote host |
|
xparent |
|
|
|
|
|
join |
<iface1>
[<iface2>] |
join
iface2 to iface1 group |
|
|
break |
<iface> |
break
iface to leave ipxparent group |
|
ave |
|
|
anti-virus
enforce |
|
urlfilter |
|
|
|
|
|
reginfo |
|
|
|
|
|
display |
display
urlfilter registration information |
|
|
|
name |
set
urlfilter registration name |
|
|
|
eMail
<size> |
set
urlfilter registration email addr |
|
|
|
country
<size> |
set
urlfilter registration country |
|
|
|
clearAll |
clear
urlfilter register information |
|
|
category |
|
|
|
|
|
display |
display
urlfilter category |
|
|
|
webFeature
[block/nonblock] [activex/java/cookei/webproxy] |
block
or unblock webfeature |
|
|
|
logAndBlock
[log/logAndBlock] |
set
log only or log and block |
|
|
|
blockCategory
[block/nonblock] [all/type(1-14)] |
block
or unblock type |
|
|
|
timeOfDay
[always/hh:mm] [hh:mm] |
set
block time |
|
|
|
clearAll |
clear
all category information |
|
|
listUpdate |
|
|
|
|
|
display |
display
listupdate status |
|
|
|
actionFlags
[yes/no] |
set
listupdate or not |
|
|
|
scheduleFlag
[pending] |
set
schedule flag |
|
|
|
dayFlag
[pending] |
set
day flag |
|
|
|
time
[pending] |
set
time |
|
|
|
clearAll |
clear
all listupdate information |
|
|
exemptZone |
|
|
|
|
|
display |
display
exemptzone information |
|
|
|
actionFlags
[type(1-3)][enable/disable] |
set
action flags |
|
|
|
add
[ip1] [ip2] |
add
exempt range |
|
|
|
delete
[ip1] [ip2] |
delete
exempt range |
|
|
|
clearAll |
clear
exemptzone information |
|
|
customize |
|
|
|
|
|
display |
display
customize action flags |
|
|
|
logFlags [type(1-3)][enable/disable] |
set
log flags |
|
|
|
add
[string] [trust/untrust/keyword] |
add
url string |
|
|
|
delete
[string] [trust/untrust/keyword] |
delete
url string |
|
|
|
clearAll |
clear
all information |
|
|
logDisplay |
|
display
cyber log |
|
|
ftplist |
|
update
cyber list data |
|
|
listServerIP |
<ipaddr> |
set
list server ip |
|
|
listServerName |
<name> |
set
list server name |
|
tredir |
|
|
|
|
|
failcount |
<count> |
set
tredir failcount |
|
|
partner |
<ipaddr> |
set
tredir partner |
|
|
target |
<ipaddr> |
set
tredir target |
|
|
timeout |
<timeout> |
set
tredir timeout |
|
|
checktime |
<period> |
set
tredir checktime |
|
|
active |
<on|off> |
set
tredir active |
|
|
save |
|
save
tredir information |
|
|
disp |
|
display
tredir information |
|
|
debug |
<value> |
set
tredir debug value |
|
nat
|
|
|
|
|
|
server |
|
|
|
|
|
disp |
display
nat server table |
|
|
|
load
<set id> |
load
nat server information from ROM |
|
|
|
save |
save
nat server information to ROM |
|
|
|
clear
<set id> |
clear
nat server information |
|
|
|
edit
active <yes|no> |
set
nat server edit active flag |
|
|
|
edit
svrport <start port> [end port] |
set nat server server port |
|
|
|
edit
intport <start port> [end port] |
set nat server forward port |
|
|
|
edit
remotehost <start ip> [end ip] |
set
nat server remote host ip |
|
|
|
edit
leasetime [time] |
set
nat server lease time |
|
|
|
edit
rulename [name] |
set
nat server rule name |
|
|
|
edit
forwardip [ip] |
set nat server server ip |
|
|
|
edit
protocol [protocol id] |
set
nat server protocol |
|
|
|
edit
clear |
clear
one rule in the set |
|
|
service |
|
|
|
|
|
irc
[on|off] |
turn
on/off irc flag |
|
|
resetport |
|
reset
all nat server table entries |
|
|
incikeport |
[on|off] |
turn
on/off increase ike port flag |
|
igmp |
|
|
|
|
|
debug |
[level] |
set
igmp debug level |
|
|
forwardall |
[on|off] |
turn
on/off igmp forward to all interfaces flag |
|
|
querier |
[on|off] |
turn
on/off igmp stop query flag |
|
|
iface |
|
|
|
|
|
<iface>
grouptm <timeout> |
set
igmp group timeout |
|
|
|
<iface>
interval <interval> |
set
igmp query interval |
|
|
|
<iface>
join <group> |
join
a group on iface |
|
|
|
<iface>
leave <group> |
leave
a group on iface |
|
|
|
<iface>
query |
send
query on iface |
|
|
|
<iface>
rsptime [time] |
set
igmp response time |
|
|
|
<iface>
start |
turn
on of igmp on iface |
|
|
|
<iface>
stop |
turn
off of igmp on iface |
|
|
|
<iface>
ttl <threshold> |
set
ttl threshold |
|
|
|
<iface>
v1compat [on|off] |
turn
on/off v1compat on iface |
|
|
robustness |
<num> |
set
igmp robustness variable |
|
|
status |
|
dump
igmp status |
|
pr |
|
|
|
Command |
Description |
|||
ipsec |
|
|
|
|
|
debug |
<1|0> |
|
turn
on|off trace for IPsec debug information |
|
ipsec_log_disp |
|
|
show
IPSec log, same as menu 27.3 |
|
route |
lan |
<on|off> |
After
a packet is IPSec processed and will be sent to LAN side, this switch is
to control if this packet can be applied IPSec again. |
|
|
|
|
Remark:
Command available since 3.50(WA.3) |
|
|
wan |
<on|off> |
After
a packet is IPSec processed and will be sent to WAN side, this switch is
to control if this packet can be applied IPSec again. |
|
|
|
|
Remark:
Command available since 3.50(WA.3) |
|
show_runtime |
sa |
|
display
runtime phase 1 and phase 2 SA information |
|
|
spd |
|
When
a dynamic rule accepts a request and a tunnel is established, a runtime
SPD is created according to peer local IP address. This command is to show
these runtime SPD. |
|
switch |
<on|off> |
|
As
long as there exists one active IPSec rule, all packets will run into
IPSec process to check SPD. This switch is to control if a packet should
do this. If it is turned on, even there exists active IPSec rules, packets
will not run IPSec process. |
|
timer |
chk_my_ip |
<1~3600> |
-
Adjust timer to check if WAN IP in menu is changed |
|
|
|
|
-
Interval is in seconds |
|
|
|
|
-
Default is 10 seconds |
|
|
|
|
-
0 is not a valid value |
|
|
chk_conn. |
<0~255> |
-
Adjust auto-timer to check if any IPsec connection has no traffic for
certain period. If yes, system will disconnect it. |
|
|
|
|
-
Interval is in minutes |
|
|
|
|
-
Default is 2 minuets |
|
|
|
|
-
0 means never timeout |
|
|
update_peer |
<0~255> |
-
Adjust auto-timer to update IPSec rules which use domain name as the
secure gateway IP. |
|
|
|
|
-
Interval is in minutes |
|
|
|
|
-
Default is 30 minutes |
|
|
|
|
-
0 means never update |
|
|
|
|
Remark:
Command available since 3.50(WA.3) |
|
updatePeerIp |
|
|
Force
system to update IPSec rules which use domain name as the secure gateway
IP right away. |
|
|
|
|
Remark:
Command available since 3.50(WA.3) |
|
dial |
<rule
#> |
|
Initiate
IPSec rule <#> from ZyWALL box |
|
|
|
|
Remark:
Command available since 3.50(WA.3) |
|
display |
<rule
#> |
|
Display
IPSec rule # |
|
remote |
key |
<string> |
I
add a secured remote access tunnel with pre-shared key. It is a dynamic
rule with local: the route’s WAN IP. The algorithms with it are fixed to
phase1: DES+MD5, DH1 and SA lifetime 28800 seconds; phase2: DES+MD5, PFS
off, no anti-replay and SA lifetime 28800 seconds. The length of
pre-shared key is between 8 to 31 ASCII characters. |
|
|
switch |
<on|off> |
Activate
or de-activate the secured remote access tunnel. |
|
keep_alive |
<rule
#> |
<on|off> |
Set
ipsec keep_alive flag |
|
load |
<rule
#> |
|
Load
ipsec rule |
|
save |
|
|
Save
ipsec rules |
|
config |
netbios |
active
<on|off> |
Set
netbios active flag |
|
|
|
group
<group index1, group index2…> |
Set
netbios group |
|
|
name
|
<string> |
Set
rule name |
|
|
name
|
<string> |
Set
rule name |
|
|
keeyAlive
|
<Yes|
No> |
Set
keep alive or not |
|
|
lcIdType
|
<0:IP
| 1:DNS | 2:Email> |
Set
local ID type |
|
|
lcIdContent
|
<string> |
Set
local ID content |
|
|
myIpAddr
|
<IP
address> |
Set
my IP address |
|
|
peerIdType
|
<0:IP
| 1:DNS | 2:Email> |
Set
peer ID type |
|
|
peerIdContent
|
<string> |
Set
peer ID content |
|
|
secureGwAddr
|
<IP
address | Domain name> |
Set
secure gateway address or domain name |
|
|
protocol
|
<1:ICMP
| 6:TCP | 17:UDP> |
Set
protocol |
|
|
lcAddrType
|
<0:single
| 1:range | 2:subnet> |
Set
local address type |
|
|
lcAddrStart
|
<IP> |
Set
local start address |
|
|
lcAddrEndMask
|
<IP> |
Set
local end address or mask |
|
|
lcPortStart
|
<port> |
Set
local start port |
|
|
lcPortEnd
|
<port> |
Set
local end port |
|
|
rmAddrType
|
<0:single
| 1:range | 2:subnet> |
Set
remote address type |
|
|
rmAddrStart
|
<IP> |
Set
remote start address |
|
|
rmAddrEndMask
|
<IP> |
Set
remote end address or mask |
|
|
rmPortStart
|
<port> |
Set
remote start port |
|
|
rmPortEnd
|
<port> |
Set
remote end port |
|
|
antiReplay
|
<Yes
| No> |
Set
anitreplay or not |
|
|
keyManage
|
<0:IKE
| 1:Manual> |
Set
key manage |
|
|
ike |
negotiationMode
<0:Main | 1:Aggressive> |
Set
negotiation mode in phase 1 in IKE |
|
|
|
preShareKey
<string> |
Set
pre shared key in phase 1 in IKE |
|
|
|
p1EncryAlgo
<0:DES | 1:3DES> |
Set
encryption algorithm in phase 1 in IKE |
|
|
|
p1AuthAlgo
<0:MD5 | 1:SHA1> |
Set
authentication algorithm in phase 1 in IKE |
|
|
|
p1SaLifeTime
<seconds> |
Set
sa life time in phase 1 in IKE |
|
|
|
p1KeyGroup
<0:DH1 | 1:DH2> |
Set
key group in phase 1 in IKE |
|
|
|
activeProtocol
<0:AH | 1:ESP> |
Set
active protocol in phase 2 in IKE |
|
|
|
p2EncryAlgo
<0:Null | 1:DES | 2:3DES> |
Set
encryption algorithm in phase 2 in IKE |
|
|
|
p2AuthAlgo
<0:MD5 | 1:SHA1> |
Set
authentication algorithm in phase 2 in IKE |
|
|
|
p2SaLifeTime
<seconds> |
Set
sa life time in phase 2 in IKE |
|
|
|
encap
<0:Tunnel | 1:Transport> |
set
encapsulation in phase 2 in IKE |
|
|
|
pfs
<0:None | 1:DH1 | 2:DH2> |
set
pfs in phase 2 in IKE |
|
|
manual |
activeProtocol
<0:AH | 1:ESP> |
Set
active protocol in manual |
|
|
manual
ah |
encap
<0:Tunnel | 1:Transport> |
Set
encapsulation in ah in manual |
|
|
|
spi
<decimal> |
Set
spi in ah in manual |
|
|
|
authAlgo
<0:MD5 | 1:SHA1> |
Set
authentication algorithm in ah in manual |
|
|
|
authKey
<string> |
Set
authentication key in ah in manual |
|
|
manual
esp |
encap
<0:Tunnel | 1:Transport> |
Set
encapsulation in esp in manual |
|
|
|
spi
<decimal> |
Set
spi in esp in manual |
|
|
|
encryAlgo
<0:Null | 1:DES | 2:3DES> |
Set
encryption algorithm in esp in manual |
|
|
|
encryKey
<string> |
Set
encryption key in esp in manual |
|
|
|
authAlgo
<0:MD5 | 1:SHA1> |
Set
authentication algorithm in esp in manual |
|
|
|
authKey
< string> |
Set
authentication key in esp in manual |
Command |
Description |
|||
sys |
Firewall |
|
|
|
|
|
acl |
|
|
|
|
|
disp |
Display
specific ACL set # rule #, or all ACLs. |
|
|
active |
<yes|no> |
Active
firewall or deactivate firewall |
|
|
clear |
|
Clear
firewall log |
|
|
cnt |
|
|
|
|
|
disp |
Display
firewall log type and count. |
|
|
|
clear |
Clear
firewall log count. |
|
|
disp |
|
Display
firewall log |
|
|
online |
|
Set
firewall log online. |
|
|
pktdump |
|
Dump
the 64 bytes of dropped packet by firewall |
|
|
update |
|
Update
firewall |
|
|
dynamicrule |
|
|
|
|
tcprst |
|
|
|
|
|
rst |
Set
TCP reset sending on/off. |
|
|
|
rst113 |
Set
TCP reset sending for port 113 on/off. |
|
|
|
display |
Display
TCP reset sending setting. |
|
|
icmp |
|
|
|
|
dos |
|
|
|
|
|
smtp |
Set
SMTP DoS defender on/off |
|
|
|
display |
Display
SMTP DoS defender setting. |
|
|
|
ignore |
Set
if firewall ignore DoS in lan/wan/dmz/wlan |
|
|
ignore |
|
|
|
|
|
dos |
Set
if firewall ignore DoS in lan/wan/dmz/wlan |
|
|
|
triangle |
Set
if firewall ignore triangle route in lan/wan/dmz/wlan |
Wireless LAN Related Command
Home
Command |
Description |
|||
wlan |
|
|
|
|
|
active |
|
[on|off] |
set
on/off wlan |
|
association |
|
|
display
association list |
|
chid |
|
[channel id] |
set
channel |
|
diagnose |
|
|
self-diagnostics |
|
essid |
|
[ess id] |
set
ESS ID |
|
version |
|
|
display
WLAN version information |
Command |
Description |
|||
Bridge |
|
|
|
|
|
cnt |
|
|
related
to bridge routing statistic table |
|
|
Disp |
|
display
bridge route counter |
|
|
Clear |
|
clear
bridge route counter |
|
stat |
|
|
related
to bridge packet statistic table |
|
|
Disp |
|
display
bridge route packet counter |
|
|
Clear |
|
clear
bridge route packet counter |
Command |
Description |
|||
Radius |
|
|
|
|
|
auth |
|
|
show
current radius authentication server configuration |
|
acct |
|
|
show
current radius accounting server configuration |
Command |
Description |
|||
8021x |
|
|
|
|
|
debug |
Level |
[debug level] |
set
ieee802.1x debug message level |
|
|
Trace |
|
show
all supplications in the supplication table |
|
|
User |
[username] |
show
the specified user status in the supplicant table |
All contents copyright (c) 2004 ZyXEL Communications Corporation.