|
aaa authentication
aaa authentication
attempts
class-override
admin no-lockout
unknown <hash-username | no-track>
lockout
enable
lock-time <seconds>
max-fail <failure count>
unlock-time <seconds>
reset <all> | <user <username>> [no-clear-history | no-unlock]
track enable
certificate crl
install name default pem url <URL>
uninstall name default
login default [ldap] [local] [radius] [tacacs+]
password expiration
duration <days>
enable
|
aaa accounting
changes default stop-only <tacacs+> |
| aaa authorization
aaa authorization
map
default-user <<user> | admin | monitor | operator>
order <<policy> | remote-only | remote-first | local-only>
roles
role <role name | Default> [description]
|
|
| apps asf
apps asf <alias <alias>>
bi-directional <disable | enable>
buffer <disable | enable>
buffer-count-before-match <3-20>
packet-count <2-100 | disable>
protocol <tcp | udp | tcp-udp>
sess-field <add | delete>
<gtpu-teid>
<ipv4 | ipv4-5tuple | ipv4-dst | ipv4-l4port-dst | ipv4-protocol | ipv4-src | ipv4-src-l4port-dst | ipv6 | ipv6-5tuple | ipv6-dst | ipv6-l4port-dst | ipv6-protocol | ipv6-src | ipv6-src-l4port-dst | l4port | l4portdst | l4portsrc> <inner | outer>
<mpls-label | vlan-id> <pos <1 | 2>>
timeout <10-120s>
|
apps exporter
apps exporter alias <alias>
type <gtp-cups | tunnel | netflow>
source
interface
ip-interface
l4
port
destination
l4
port <1-65535>
protocol <tcp | udp>
l3
ip
ver6
ver4
ttl <1-255>
dscp <0-63>
protocol <ipv4 | ipv6 | auto>
gsgroup <add | delete>
|
|
apps enhanced slicing
apps enhanced-slicing alias <name>
protocol add <protocol fields> offset <offset-length> [flow-session <inner | outer> skip packet-count <1-50> [action <slice | drop>] [timeout <value>]]
protocol delete <rule-id>
max-sessions <max session entries>
exit
|
apps enhanced asf
apps enhanced-asf
alias <name>
flow-session <outer | inner>
timeout <value in seconds>
max-sessions <max session entries>
rule add
transport <tcp | udp>
app <application protocol>
field <application field>
match-pattern <regex profile alias>
action <pass | drop>
rule delete <rule-id>
exit
|
|
apps gtp whitelist
apps gtp-whitelist alias <GTP whitelist file alias> add
imsi <IMSI number >
|ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>>
<create | delete>
imsi <IMSI number> |
ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>> | all
destroyfetch <add | delete> <URL for a GTP whitelist file>
|
apps gtp backup
apps gtp-backup
delete <filename>
delete-all
|
| apps hsm
apps hsm <alias <alias>>
hsm-ip <HSM server IP address> hsm-port <port number> esn <HSM ESN string> kneti <HSM KNETI>
|
apps hsm-group
apps hsm-group <alias <alias>>
comm <comment>
fetch key-handler <URL for HSM group key handler file>
hsm-alias
add <HSM alias>
delete <HSM alias>
hsm-set
rfs-sync
ipv4-addr <rfs-server-IP>
auto <time-period>
fetch-now
keymap
add server-ip<address> [server-port <port> ] [[key-name <name>] | [key-token <name>]]
delete [all | rule-id <id>]
fetch keymap <URL>
|
| apps inline-ssl
apps inline-ssl
caching persistence <disable | enable>
keychain password <password> <confirm password> | <password> | [reset] <password><confirm password>
version < above | below >
min-version <sslv3 | tls1 | tls11 | tls12 | tls13> max-version <sslv3 | tls1 | tls11 | tls12 | tls13>
below min-version <no-decrypt | drop>
above max-version <no-decrypt | drop >
profile alias <alias>
split-proxy [enable | disable]
server non-pfs-ciphers [enable | disable]
tool early-engage [enable | disable]
one-arm [enable | disable]
monitor <disable | enable | inline>
certificate
expired <decrypt | drop>
invalid <decrypt | drop>
revocation crl <disable | enable [fail <hard | soft>] [defer timeout <20-100>]>
revocation ocsp <disable | enable [fail <hard | soft>] [defer timeout <20-100>]>
self-signed <decrypt | drop>
unknown-ca <decrypt | drop>
clear <decryptlist | nodecryptlist>
decrypt
tcp
inactive-timeout <2-1440 mins>
portmap
add in-port <value> out-port <value>
default-out-port <<value> | disable>
delete <all | rule-id <rule ID>>
override-port <<value> | disable>
tool-bypass <disable | enable>
default-action <decrypt | no-decrypt>
fetch <decryptlist <URL for profile decrypt list file> | nodecryptlist <URL for profile no-decrypt list file>>
ha active-standby <disable | enable>
keymap
add server <server domain name or IP address> key <key alias>
delete <all | rule-id <rule ID>>
network-group multiple-entry <disable | enable>
no-decrypt tool-bypass <disable | enable>
non-ssl-tcp tool-bypass <disable | enable>
rule add
category <category name> <decrypt | no-decrypt>
domain <domain name string> <decrypt | no-decrypt>
ipv4 <dst | src> <IP address> <mask> <decrypt | no-decrypt>
issuer <issuer name string> <decrypt | no-decrypt>
l4port <dst | src> <any | port <value or range>> <decrypt | no-decrypt>
vlan <any | id <value or range>> <decrypt | no-decrypt>
rule delete <all | rule-id <rule ID>>
starttls
add l4port <port number>
delete <all | l4port <port number>>
url-cache miss action <decrypt | defer [timeout <1-10>] | no-decrypt>
resumption client <disable | enable>
session debug <disable | enable>
signing rsa for <primary | secondary> key <key alias>
trust-store
fetch <append | replace> <URL for trust store file>
reset
|
apps keystore apps keystore
rsa | ecdsa <key alias>
certificate <download url <download URL> | key-str <key string>>
comment <comment>
pkcs12 <download url <download URL> [password <password>]>
private-key <download url <download URL> | key-str <key string>> [password <PEM password> | type hsm]
self-signed
common-name <CN>
country <C>
hash-type <SHA-1 | SHA-256 | SHA-384 | SHA-512>
keysize <1024 | 2048 | 4096>
org-name <O>
org-unit <OU>
state <S>
valid <number of days> |
| apps listener
apps listener alias <alias>
type <gtp-cups | tunnel>
l4
port-list
protocol <tcp | udp>
l3
protocol <ipv4 | ipv6 | dual>
ttl <1-255> dscp <0-63>
mode l3 <promiscuous | interface>
gsgroup <add | delete>
|
apps netflow
apps netflow
|
| apps regrex-profile
apps regrex-profile alias <name>
pattern add <"regular expression">
pattern delete <pattern-id>
exit
|
apps sip-whitelist
apps sip-whitelist alias <SIP whitelist file alias>
add callerid <caller/callee ID>
add id-range <id-range>
add ip-addr <ip-address>
create
delete <all | callerid <caller ID>>
destroy
fetch <add | delete> <URL for a SIP whitelist file>
|
| apps diameter-whitelist
apps diameter-whitelist alias <diameter whitelist file alias>
add username <username>
create
delete <all | username <username>>
destroy
fetch <add | delete> <URL for a diameter whitelist file>
|
apps split-dns
apps split-dns profile alias <alias>
collector add dns <ip-address>
rule add dns <ip-address> domain <domain-name>
collector edit dns <ip-address>
rule edit id <rule id> dns <ip-address>| domain <domain name>
rule delete id <rule id>| all
exit
|
| apps ssl
apps ssl key alias <alias>
comment <comment>
download type
pkcs12 <url <download URL>> [password <password>]
private-key <key-str <key string> | url <download URL>>
keychain password <password> <confirm password> | <password> | [reset] <password> <confirm password>
service alias <alias>
default-service
server-ip <IP address> [server-port <port number> | any]
|
|
|
banner
banner
login <string> | default>
login-local <string>
login-remote <string>
motd <string> | default>
|
battery
battery
battery test [ execute | cancel ] [ID]
|
|
battery optimization
battery optimization
<policy> <port-group-id | port-group-list > <level>
|
battery optimization global
#battery optimization global
cpu-hibernate <value> sleep-time <value>
|
|
bond
bond <bonding interface>
down-delay-time <milliseconds>
link-mon-time <milliseconds>
mode <balance-rr | backup | balance-xor | balance-xor-layer3+4 | broadcast | link-agg |
link-agg-layer3+4 | balance-tlb | balance-alb>
up-delay-time <milliseconds>
|
boot
boot
bootmgr password <password>
next fallback-reboot enable
system
location <1 | 2>
next
|
|
card
card <all [box ID] | slot <slot ID>>
alarm buffer-threshold <0-100>
down
fabric-hash advanced
filter-template <<filter template alias> | defaults>
mode <32x | 2q>
product-code <card product code>
set buffer alpha <alpha value>
|
card TA series
card slot <slot ID> mode <48x | 56x | 64x>
|
|
chassis
chassis
buffer
box-id <box ID>
gdp <enable | disable>
mgmt-intf discovery <cdp | lldp | all>
mgmt-intf garp
mode <normal | 100G [left | right]>
serial-num <serial number> [gdp <enable | disable> | type <hc1 | hc2 | hc2-v2 | hc3 | hc3-v2 | ly2r | ta10 | ta10a | ta40 | itac | tacx | ta200|ta25|ta25a>]
mgmt-intf garp
migrate box-id <box ID> [serial-num <serial number>]
|
clear
clear
aaa authentication attempts <all | user <username>> [no-clear-history | no-unlock]
apps
asf stats <alias <alias> | all>
inline-ssl
caching <cert-validation | url>
monitor stats
session debug vport <vport alias>
session summary
netflow
exporter stats [alias <alias> | all]
monitor
cache [alias <alias> | all]
stats [alias <alias> | all]
ssl service stats [alias <alias> | all]
arp
gsgroup
flow-ops
flow-sampling <alias <alias> | all>
flow-filtering <alias <alias> | all>
flow-sip <alias <alias> | all>
ssl-decryption <alias <alias> | all>
stats [alias <alias> | all]
gsop stats
alias <alias>
all
by-application <add-header | dedup | apf | asf | flow-sampling | flow-filtering | lb | masking |
slicing | strip-header | trailer | tunnel-decap | ssl-decrypt>
by-gsgroup <GS group alias>
hb-counters <alias <alias> | all>
ipv6 neighbors
ip destination stats all load-balance port-group stats <alias <alias> | all>
map stats <alias <alias> | all>
nhb-counters <alias <alias> | all> pcap all port
phy port-list <port-list>
quadphy <port ID>
stats <all | box-id <box ID> | port-list <port list> | slot <slot ID>>
tunnel <l2gre | vxlan>
tunnel-endpoint stats port-list <GigaSMART group alias>
vport stats [alias <alias> | all]
|
|
cli
cli
clear-history
default
auto-logout <number of minutes>
init-resize
paging enable
progress enable
prompt <confirm-reload | confirm-reset | confirm-unsaved | empty-password> session
auto-logout <number of minutes>
paging enable
progress enable
terminal
length <number of lines>
resize
type <ansi | console | dumb | linux | screen | vt52 | vt100 | vt102 | vt220 | xterm>
width <number of characters>
|
clock
clock
set <hh:mm:ss> [<yyyy/mm/dd>]
timezone <zone> [<zone word> [<zone word> [<zone word>] [<zone word>]]
|
|
Cluster
cluster
enable
id <cluster ID>
interface <interface>
leader
address
primary ip <cluster leader IP> [port <leader port number>]
secondary ip <cluster leader IP> [port <leader port number>]
vip <cluster leader vip> <netmask | mask length>
auto-discovery
connect timeout <seconds>
interface <interface>
preference <1-100>
yield
name <cluster name>
port <cluster port number>
reload [box-id <box ID>] | [force] | [node-id <node ID>]
reload sequential
remove <node ID>
shared-secret <shared secret>
shutdown
startup-time <cluster startup time (secs)
|
Configuration
configuration
audit max-changes <number>
copy <source filename | initial> <destination filename>
delete <filename | initial>
delete-all
fetch <download URL> <filename> jump-start
move <source filename | initial> <destination filename>
new <filename> [factory [keep-basic] [keep-connect]]
revert saved switch-to <filename | initial>
text
fetch <download URL>
apply [discard] [fail-continue] [filename <filename>] [overwrite] [verbose]
filename <filename> [apply] [fail-continue] [overwrite] [verbose]
overwrite [apply] [fail-continue] [filename <filename>] [verbose]
file <filename>
apply [fail-continue] [verbose]
delete
rename <filename>
upload <upload URL>
generate
active running <only-traffic> <save <filename>> | <upload <upload URL>>
active saved <only-traffic> <save <filename>> | <upload <upload URL>>
file <filename | initial> <save <filename>> | <upload <upload URL>>
upload <initial | active> <upload URL> write [local | to <filename>] [no-switch]
|
|
Configure
configure terminal
|
Coreboot
coreboot install
|
|
Crypto
crypto
ca-list default-ca-list name <CA list name> [system-self-signed]
default-cert name <cert name> [system-self-signed]
generation default
country-code <country code>
days-valid <number of days>
email-addr <email address>
key-size-bits <number of bits>
locality <locality name>
org-unit <organizational unit name>
organization <organization name>
state-or-prov <state or province name>
name <cert name>
comment <new comment>
generate self-signed
comment <comment>
common-name <issuer and subject common name>
country-code <country code>
days-valid <number of days>
email-addr <email address>
key-size-bits <number of bits>
locality <locality name>
org-unit <organizational unit name>
organization <organization name>
serial-num <serial number>
state-or-prov <state or province name>
private-key pem <PEM string>
private-key pem fetch <url>
prompt-private-key
public-cert <comment <comment string>> <pem <PEM string>>
regenerate [days-valid <number of days>]
rename <new name>
system-self-signed regenerate [days-valid <number of days 1-7300>]
|
|
|
debug
debug generate dump
box-id <box-id>
|
email
email
auth
enable
password [password]
username <username>
autosupport
enable
event <event name>
ssl
ca-list <none | default-ca-list>
cert-verify
mode <none | tls | tls-none>
dead-letter
cleanup max-age cleanup <duration>
enable
domain <hostname or IP address>
mailhub <hostname, IPv4, or IPv6 address>
mailhub-port <port number>
notify
event <<event name> | all>
recipient <email address>
class <failure | info>
detail
return-addr <username>
return-host
send-test
ssl
ca-list <none | default-ca-list>
cert-verify
mode <none | tls | tls-none>
|
|
fabric advanced hash
fabric advanced-hash
all box-id
default
fields
ethertype
gtpteid
ip6dst
ip6nextHeader
ip6src
ipdst
ipsrc
macdst
macsrc
mpls
port6dst
port6src
portdst
portsrc
protocol
ingressport
none
|
file
file
debug-dump
delete <filename>
email <filename>
upload <filename> <upload URL>
pcap
delete <filename>
delete-all
upload <filename> <upload URL>
tcpdump
delete <filename>
upload <filename> <upload URL>
|
|
filter template
filter-template alias <alias>
comment <comment>
qualifiers <add | remove> <ethertype | innervlan | ip6dst | ip6src | ipdst | ipsrc | macdst | macsrc |
portdst | portsrc | protocol | qset1 | uda1 | uda2 | vlan>
|
|
|
gigasmart
gigasmart engine <port-list>
interface
[eth2] | <eth3> [vlan <VLAN ID>]
<IP address> <netmask> gateway <gateway IP> dns <DNS IP>split-dns <alias>[mtu <1280-9400>]
dhcp
ping
ping <IP address | hostname> <start | stop>
|
gigastream
gigastream
advanced-hash
alias <alias>
comment <comment>
hash-bucket-id <ID/range> <port <port ID/port range>>
hash-size <1-256>
port-list <port-list> [params hash advanced]
hash-weight <weight-list>
drop-weight <weight>
rehash
|
|
gigastream advanced-hsh
gigastream
advanced-hash
slot <slot number>
all
default
fields
ethertype
gtpteid
ip6dst
ip6nextHeader
ip6src
ipdst
ipsrc
macdst
macsrc
mpls
port6dst
port6src
portdst
portsrc
protocol
ingressport
none
|
gsgroup
gsgroup alias <alias> port-list <port-list>
|
|
gsop
gsop alias <alias>
add-header vlan <1-4094>
apf set
asf enhanced <enhanced asf alias> port-list <gsgroup name> asf <ASF alias>
dedup set
flow-ops <flow-filtering <gtp> | flow-sampling | gtp-flowsample | gtp-whitelist | netflow | sip-flowsample | sip-whitelist | diameter-flowsample | diameter-whitelist | 5g-whitelist | 5g-flowsample>
inline-ssl <inline SSL profile alias>
lb
app <asf | gtp | tunnel | 5G> metric <lt-bw | lt-pkt-rate | round-robin | lt-conn | lt-tt-traffic | wt-lt-bw |
wt-lt-pkt-rate | wt-round-robin | wt-lt-conn | wt-lt-tt-traffic | | wt-imsi | hashing <key <imsi | imei | msisdn>>
app <sip> metric hashing key caller-id
app <diameter> metric hashing key <user-name | command-code | session-id>
app <diameter> metric multi-hash key user-name application-id command-code
user-name
command-code
session-id
end-to-end id
hop-by-hop-id
app <<5g> metric hashing key <supi | pei | gpsi>>
application-id
avp-code
hash <ip-only <inner | outer> | ip-and-port <inner | outer> | 5-tuple <inner | outer> | gtpu-teid> masking protocol
enhanced <elb-name>
none offset <0-9000>
ipv4 offset <1-9000>
ipv6 offset <1-9000>
udp offset <1-9000>
tcp offset <1-9000>
ftp-data offset <1-9000>
https offset <1-9000>
ssh offset <1-9000>
gtp offset <1-9000>
gtp-ipv4 offset <1-9000>
gtp-udp offset <1-9000>
gtp-tcp offset <1-9000>
<pattern: 1-byte-hex>
<length: 1-9600>
sip content-type message/cpim
port-list <GigaSMART group alias>
slicing protocol
none offset <64-9000>
ipv4 offset <4-9000>
ipv6 offset <4-9000>
udp offset <4-9000>
tcp offset <4-9000>
ftp-data offset <4-9000>
https offset <4-9000>
ssh offset <4-9000>
gtp offset <4-9000>
gtp-ipv4 offset <4-9000>
gtp-udp offset <4-9000>
gtp-tcp offset <4-9000>
ssl-decrypt in-port <<ingress port> | any> out-port <<egress port> | auto>
strip-header
erspan <0-1023>
fabric-path <dst-switch-id <0-(2^12-1)>> <src-switch-id <0-(2^12-1)>>
fm6000-ts <gs | none | x12-ts>
generic anchor-hdr1 <none | eth | vlan | mpls | ipv4 | ipv6><offset <start | end | <integer>>
<header-count<1-32> [custom-len <1-1500>]<anchor-hdr2 <none | eth | vlan | mpls | ipv4 | ipv6 | tcp | udp | any>>
gre
gtp
isl
mpls
mpls+vlan
vlan <outer | all>
vntag
vxlan <0-(2^24-1)>
trailer
add crc <enable | disable> <srcid <enable | disable>
remove
tunnel-decap type
tunnel-decap type tcp add <listener>
custom <portsrc <0-65535> portdst <0-65535>>
erspan flow-id <0-1023>
gmip portdst <0-65535>
l2gre key <0~(2^32-1)>
vxlan <portsrc <0-65535> portdst <1-65535> vni <0~(2^24-1)>>
tunnel-encap type
gmip <portsrc <0-65535> portdst <0-65535> ipdst <IP address>> [dscp <0-63>] [prec <0-7>]
[ttl <1-255>]
l2gre
ip6dst <IPv6 destination address> key <0~(2^32-1)> [dscp <0-63>] [flow-label <0~(2^20-1)>]
[prec <0-7>] [ttl <1-255>]
ipdst <IP address> key <0~(2^32-1)>
pgdst <port group name> key <0~(2^32-1)> session-field <3-tuple-any | 3-tuple-ipv4 | 3-tuple-ipv6 |
5-tuple-any | 5-tuple-ipv4 | 5-tuple-ipv6 | ip-any | ipv4-only | ipv6-only> <inner | outer>
|
gsparams
gsparams gsgroup <GigaSMART group alias>
apptcp-lb <enable | disable>
apptcb-lb <application | control> <broadcast | drop>
cpu utilization type total rising <20-99%>
dedup-action <count | drop>
dedup-ip-tclass <ignore | include>
dedup-ip-tos <ignore | include>
dedup-tcp-seq <ignore | include>
dedup-timer <10-500000μs>
dedup-vlan <ignore | include>
diameter-s6a-session <limit | timeout>
diameter-packet <timeout>
diameter-whitelist <add <diameter whitelist file alias> | delete>
eng-watchdog-timer <<60-600> | disable>
erspan3-timestamp format <gs | none | x12-ts>
flow-mask <disable | enable <default | offset <0-111> length <1-112>>>
flow-sampling-device-ip-ranges
add ip4addr <IP address> <netmask>
delete <all | <ip-id <1-64>>
flow-sampling-rate <5-95%>
flow-sampling-timeout <1-60 min>
flow-sampling-type <device-ip | device-ip-in-gtp>
5g-flow timeout <1-6000 in unit of 10 minutes>
generic-session-timeout <5-600 seconds>
gtp-control-sample <disable | enable>
gtp-randomsample <disable | enable>
gtp-randomsample interval <12-48 hours>
gtp-flow timeout <1-6000 in the unit of 10 minutes>
gtp-persistence
disable
enable
file-age-timeout <10-1440>
interval <10-1440>
restart-age-time <10-1440>
gtp-whitelist <add <GTP whitelist file alias> | delete>
hsm-group
add <HSM group alias>
delete
ip-frag
forward <disable | enable>
frag-timeout <5-180 sec>
head-session-timeout <15-240 sec>
lb
failover <disable | enable>
failover-thres lt-bw <threshold bandwidth 50-90%> | lt-pkt-rate <packet rate 500-5000kpps>
replicate-gtp-c <disable | enable>
use-link-spd-wt <disable | enable>
netflow-monitor <add <monitor name> | delete>
3gpp-node-role [control | user [<1-12000> standalone] | disable][ 5G | LTE ] [<1-10000>]| [<1-12000> standalone]
resource
buffer-asf <<2-5> | disable>
cpu overload-threshold <<50-90> | disable>
hsm-ssl
buffer <<1-3> | disable>
packet-buffer <20-3000>
packet-buffer overload-threshold <<50-80> | disable>
inline-ssl
standalone <enable | disable>
rtp-port range <1~65535 | x..y>
sffp-profile <add | delete> <sffp-profile alias>
sip-portlist <1-65535>
sip-session timeout <30-300>
sip-tcp-idle-timeout <20-600>
sip-whitelist
add <SIP whitelist file>
delete
sip-nat <disable | enable>
ssl-decrypt
decrypt-fail-action <drop | pass-tool>
disable
enable
hsm-pkcs11
dynamic-object <disable | enable>
load-sharing <disable | enable>
hsm-timeout <2-5000>
key-cache-timeout <1-86400>
key-map
add service <service alias> key <key alias>
delete service <<service alias> | all>
non-ssl-traffic <drop | pass>
pending-session-timeout <30-120>
session-timeout <30-3600>
tcp-syn-timeout <20-600>
ticket-cache-timeout <1-86400>
tunnel-health-check
action <drop | pass>
disable
dstport <destination port for UDP>
enable
interval <5-600>
protocol <icmp | udp>
rcvport <receive port on decapsulation side>
retries <1-5>
roundtriptime <1-4>
srcport <source port for UDP>
|
|
halt
halt
|
hb-profile
hb-profile <alias <alias> | default>
custom-packet <URL of PCAP file | none>
direction <a-to-b | b-to-a | bi-directional>
packet-format <arp | custom>
period <period>
recovery-time <recovery time>
retry-count <retry count>
timeout <timeout>
|
|
header-strip
header-strip box id <box id|all> vxlan aging-interval <300 to 1000000 seconds and 0 to disable>
mpls add <mpls labels>
mpls delete <mpls labels | all>
|
hostname
hostname <hostname>
|
|
ib_pathway
ib-pathway
|
image
image
boot <location <1 | 2> | next>
delete <image filename>
fetch <download URL> [filename]
install <image filename> [location <1 | 2>]
move <src filename> <dst filename>
options serve all
|
|
inline-network
inline-network alias <alias>
comment <comment>
lfp enable
hb-accept
pair net-a <port ID or alias> and net-b <port ID or port alias>
physical-bypass <enable | disable>
redundancy-profile <redundancy profile alias>
traffic-path <drop | bypass | monitoring | to-inline-tool>
|
inline-network-group
inline-network-group [alias <alias>]
comment <comment>
network-list <inline-network list>
|
|
inline-serial
inline-serial alias <alias>
comment <comment>
enable
failover-action <tool-bypass | tool-drop | network-bypass | network-drop | network-port-forced-down | per-tool>
inline-tool-list <list of inline tools and inline tool groups>
per-direction-order <reverse | forward>
|
inline-tool
inline-tool alias <alias>
comment <comment>
enable
inline-tool-type <external | gmon>
failover-action <tool-bypass | tool-drop | network-bypass | network-drop | network-port-forced-down>
flex-traffic-path <to-inline-tool | bypass | monitoring | drop>
hb-ip-addr-a <tool-a heartbeat IP address>
hb-ip-addr-b <tool-b heartbeat IP address>
hb-profile <hb-profile alias | default>
heart-beat
negative-heart-beat
nhb-profile <negative heartbeat profile alias>
pair tool-a <port ID or port alias> and tool-b <port ID or port alias>
recover
recovery mode <automatic | manual>
shared <true | false>
|
|
inline-tool-group
inline-tool-group alias <alias>
comment <comment>
enable
failover-action <tool-bypass | tool-drop | network-bypass | network-drop | network-port-forced-down>
failover-mode spread
flex-traffic-path <to-inline-tool | bypass | monitoring | drop>
hash <advanced | a-srcip-b-dstip | b-srcip-a-dstip>
minimum-group-healthy-size <number>
release-spare-if-possible
spare-inline-tool <spare inline tool alias>
tool-list <inline-tool list>
hash-weights <inline-tool weights>
|
interface
interface <interface>
bond <bonded interface>
comment <comment>
dhcp [renew]
duplex <full | auto>
ip address <IP address> <netmask>
ipv6
address <<IPv6 address>/<length> | autoconfigure> [default | privacy]
dhcp client <enable | renew>
enable
mtu <MTU in bytes>
shutdown speed <10 | 100 | 1000 | auto>
zeroconf
|
|
ip
ip
default-gateway <next hop IP address> [interface name (eth0, eth1...)]
dhcp
default-gateway yield-to-static
hostname <hostname>
primary intf <interface name>
send-hostname
domain-list <domain name>
filter
chain <chain>
clear
policy <policy>
rule <append tail | insert <rule number> | set <rule number> | modify <rule number>> target <target>
move <old rule number> to <new rule number>
[comment <comment> | dest-addr <network prefix> <netmask> | dest-port <port or port range> |
dup-delete | in-intf <interface>| not-dest-addr <network prefix> <netmask> | not-dest-port <port
or port range> | not-in-intf <interface> | not-out-intf <interface> | not-protocol <protocol> |
not-source-addr <network prefix> <netmask> | not-source-port <port or port range> | out-intf
<interface> | protocol <protocol> | source-addr <network prefix> <netmask> | source-port
<port or port range> | state <state>]
enable
options include-bridges
host <hostname> <IP address>
map-hostname
name-server <IPv4 or IPv6 address>
route <network prefix> <netmask | mask length> <next hop IP address or interface name>
|
ip interface
ip interface alias <alias>
attach <port-id>
comment <comment for the ip interface>
ip address <ip address> <netmask | mask length>
ipv6 address <IPv6 address>/<len>
gw <gw address>
gw-ipv6 <ipv6 gw address>
mtu <mtu value in bytes>
gsgroup
add <gsgroup-alias>
delete <gsgroup-alias>
netflow-exporter
add <netflow-exporter-alias>
delete <netflow-exporter-alias>
|
|
ipv6
ipv6
default-gateway <next hop IP address or interface name> <eth0, eth1...>
dhcp
primary intf <interface name>
stateless
enable
filter
chain <chain>
clear
policy <policy>
rule <append tail | insert <rule number> | set <rule number> | modify <rule number>> target <target>
move <old rule number> to <new rule number>
[comment <comment> | dest-addr <network prefix> <netmask> | dest-port <port or port range> |
dup-delete | in-intf <interface>| not-dest-addr <network prefix> <netmask> | not-dest-port
<port or port range> | not-in-intf <interface> | not-out-intf <interface> | not-protocol <protocol> |
not-source-addr <network prefix> <netmask> | not-source-port <port or port range> |
out-intf <interface> | protocol <protocol> | source-addr <network prefix> <netmask> |
source-port <port or port range> | state <state>]
enable
options include-bridges
host <hostname> <IPv6 address>
map-hostname
neighbor <IPv6 address> <interface name> <MAC address>
route <IPv6 prefix> <next hop IPv6 address or interface name> [eth0, eth1...]
|
|
|
job
job <job ID>
command <sequence #> <CLI command>
comment <string>
enable
execute
fail-continue
name <friendly name>
schedule type <daily | monthly | once | periodic | type | weekly>
|
|
|
ldap
ldap
base-dn <string>
bind-dn <string>
bind-password <string>
extra-user-params roles enable
group-attribute <<string> | member | uniqueMember>
group-dn <string>
host <IPv4/IPv6 address or hostname> [order <order number> | last]
login-attribute <<string> | uid | sAMAccountName>
port <port number>
referrals
remote-user-group
base-dn <base-dn string> map-to <local account>
map <disable | enable>
scope <one-level | subtree>
ssl ca-list <none | default-ca-list>
cert-verify mode <none | ssl | tls>
ssl-port <port number>
timeout-bind <seconds>
timeout-search <seconds>
version <2 | 3>
|
license
license install box-id <box ID> key <license key>
|
|
logging
logging <hostname, IPv4 or IPv6 address> [tcp <0-65535> [ssh username <username>]] |
[trap <severity level>]
files
delete <current | oldest [number of log files]>
rotation force | max-num <number of files>
upload <current | <file number>> <upload URL>
level
audit mgmt <severity level>
cli commands <severity level>
local <severity level>
trap <severity level>
|
|
|
map
map alias <alias>
a-to-b <<ordered list of inline tools and inline tool groups> | bypass | same | reverse>
b-to-a <<ordered list of inline tools and inline tool groups> | bypass | same | reverse>
comment <comment>
enable
encap-tunnel <tunnel name>
flowrule
add <drop | pass> gtp <imsi | imei | msisdn> <number[*]> [comment <comment> | interface <Gn | S11 |
S5 | S10> | version <1 | 2>]
delete <all | rule-id <rule ID>>
flowsample
flowsample
add 5g<dnn<pattern>> [comment <comment>] <pei<number[*]>> <supi<number[*]>>
<gpsi<number[*]>> <nsiid <SST | SST.SD>> <nci><pattern><tac><pattern>< plmn-id> <mcc.mnc> <5qi><percentage <percentage range>>
<qci <value>> <version <1 | 2>>
add diameter <username <username>
interface <interface> <percentage <percentage range>
delete diameter <all | priority-id <rule ID>>
add gtp <apn <pattern>> [comment <comment>] <imei <number[*]>> <imsi <number[*]>>
<interface <Gn | S11 | S5 | S10>> <msisdn <number[*]>> <eci><pattern>
<plmn-id> <mcc.mnc> <tac><pattern> <percentage <percentage range>>
<qci <value>> <version <1 | 2>>
add sip <caller-id <caller ID>> <percentage <percentage range>>
delete <gtp | sip> <all | priority-id <rule ID>>
insert <after | before> <priority index> <gtp> <apn <pattern>> [comment <comment>]
<imei <number[*]>> <imsi <number[*]>> <msisdn <number[*]>> <interface <Gn | S11 | S5 | S10>>
<percentage <percentage range>> | <qci <value>> <version <1 | 2>>
insert <after | before> <priority index> <sip> <caller-id <caller ID>> <percentage <percentage range>>
from <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-network-alias |
inline-network-group-alias | vport-alias>
gsrule
add <drop | pass> <criteria>
delete <all | rule-id <rule ID>>
no-rule-match pass
oob-copy from <inline-network alias | through-list item> [dir <a-to-b | b-to-a>] to <tool port list> tag <none |
as-inline>
param traffic control
priority <after <map name> | before <map name> | highest | lowest>
roles <assign | replace> <role> [to <role list>]
rule
add <drop | pass> <criteria>
copy-from template <template alias>
delete <all | rule-id <rule ID>>
edit rule-id <rule ID> <comment <comment> | drop <criteria> | pass <criteria>>
# rule add pass vlan <x> rewrite-dstmac xx:xx:xx:xx:xx:xx rewrite-srcmac xx:xx:xx:xx:xx:xx
tag <<1-4000> | auto>
to <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-tool-alias ||
inline-tool-group-alias | inline-serial-alias | bypass | vport-alias>
encap-tunnel <tunnel-alias>
type <firstLevel | flexInline | inline | regular | | secondLevel>
firstLevel [byRule]
flexInline [byRule | collector]
inline [byRule]
regular [byRule]
secondLevel [byRule | flowFilter | flowSample | flowSample-ol | flowSample-sip | flowWhitelist |
lowSample-diameter | flowWhitelist-diameter |
| flowWhitelist-ol | flowWhitelist-sip | flowWL-5g | flowSample-5G]
use gsop <gsop alias>
whitelist
add 5g
<dnn <pattern>| type <supi | ran | all >
add gtp <apn <pattern> | interface <Gn | S10 | S11 | S5> | version <1 | 2>> | type <imsi | ran | all >
delete all
add sip <all | callee-id | caller-id | dest-ip | ip-addr | src-ip>
map priority <map names>
|
map rule
rule add <drop | pass>
bidir comment <comment>
dscp <af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | ef>
ethertype <2-byte-hex>
inner-vlan <vlan | vlan1..vlan2> innervlan-subset <even | odd>
ip6dst <IPv6 address> <IPv6 netmask>
ip6fl <3-byte-hex>
ip6src <IPv6 address> <IPv6 netmask>
ipdst <IP address> <netmask>
ipfrag <no-frag | all-frag | all-frag-no-first | first-frag | first-or-no-frag>
ipsrc <IP address> <netmask>
ipver <4 | 6>
macdst <MAC address> <MAC netmask>
macsrc <MAC address> <MAC netmask>
rewrite-dstmac <value> rewrite-srcmac <value>
portdst <0-65535 | x..y> portdst-subset <even | odd>
portsrc <0-65535 | x..y> portsrc-subset <even | odd>
protocol <ipv6-hop | icmp-ipv4 | igmp | ipv4ov4 | tcp | udp | ipv6 | rsvp | gre | icmp-ipv6> <1- byte-hex>
tcpctl <1-byte-hex> tcpctlmask <1-byte-hex>
tosval <1-byte-hex>
ttl <ttl | ttl1..ttl2>
uda1-data <16-byte-hex> uda1-mask <16-byte-hex> uda1-offset <2-110 bytes>
uda2-data <16-byte-hex> uda2-mask <16-byte-hex> uda2-offset <2-110 bytes>
vlan <vlan | vlan1..vlan2> vlan-subset <even | odd>
|
|
map gsrule
gsrule add <drop | pass>
comment <comment>
erspan id <range <erspanid1..erspanid2>> | <value <1-1024>>
ethertype <any | pos <1-6>> <range <2-byte-hex..2-byte-hex> <subset <even | odd | none>> |
<value <2-byte-hex>>
gre key <range <4-byte-hex..4-byte-hex> <subset <even | odd | none>> | <value <4-byte-hex>>
gtp gtpu-teid <range <4-byte-hex..4-byte-hex> <subset <even | odd | none>> | <value <4-byte-hex>>
ipv4
dscp <any | pos <1-3>> <value <af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43>>
dst <any | pos <1-3>> <range <ipv4_address..ipv4_address>> | <value <ipv4_address> <netmask>>
frag <any | pos <1-3>> <value <no-frag | all-frag | all-frag-no-first | first-frag | first-or-no-frag>>
protocol <any | pos <1-3>> <range <1-byte-hex..1-byte-hex> <subset <even | odd | none>> |
<value <1-byte-hex..1-byte-hex>>
src <any | pos <1-3>> <range <ipv4_address..ipv4_address>> | <value <ipv4_address> <netmask>>
tosval <any | pos <1-3>> <range <1-byte-hex..1-byte-hex>> | <value <1-byte-hex..1-byte-hex>>
ttl <any | pos <1-3>> <range <x..y> <subset <even | odd | none>> | <value <0-255>>
ipv6
dscp <any | pos <1-3>> <value <af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 |
af43>>
dst <any | pos <1-3>> <range <ipv6_address..ipv64_address>> | <value <ipv6_address> <netmask>>
flow-label <any | pos <1-3>> <range <3-byte-hex..3-byte-hex> <subset <even | odd | none>> | <value <3-byte-hex>>
src <any | pos <1-3>> <range <ipv6_address..ipv6_address>> | <value <ipv6_address> <netmask>>
ipver <any | pos <1-3>> <value <4 | 6>>
l4port
dst <any | pos <1-3>> <range <x..y> <subset <even | odd | none>> | <value <0..65535>>
src <any | pos <1-3>> <range <x..y> <subset <even | odd | none>> | <value <0..65535>>
mac
dst <any | pos <1-3>> <range <MAC_address..MAC_address>> | <value <MAC_address> <netmask>>
src <any | pos <1-3>> <range <MAC_address..MAC_address>> | <value <MAC_address> <netmask>>
mpls label <any | pos <1-4>> <range <label1..label2> <subset <even | odd | none>> | <value
<0-1048576>>
pmatch <protocol <ipv4 | ipv6 | tcp | udp>> <pos <1 | 2>> <string <pattern> | RegEx> <pattern> <offset |
begin..end>
pmatch <mask <1 byte-hex> from <start-of-match <offset> | end-of-match <offset>> to <end-of-match
<length> | end-of-packet | <length>> <protocol <ipv4 | ipv6 | tcp | udp>> <pos <1 | 2>> <string <pattern>
| RegEx> <pattern> <offset | begin..end>
pmatch-hint <hint string>
tcp ctl <any | pos <1-3>> <value <1-byte-hex>> <mask <1-byte-hex | none>>
vlan id <any | pos <1-4>> <range <vlan1..vlan2>> <subset <even | odd | none>> | <value <0-4094>>
vntag
dvifid <any | pos <1-3>> <range <dvifid1..dvifid2>> <subset <even | odd | none>> | <value <0-16384>>
svifid <any | pos <1-3>> <range <svifid1..svifid2>> <subset <even | odd | none>> | <value <0-4096>>
viflistid <any | pos <1-3>> <range <viflistid1..viflistid2>> <subset <even | odd | none>> |
<value <0-16384>>
vxlan id <range <3-byte-hex..3-byte-hex>> <subset <even | odd | none>> | <value <3-byte-hex>>
|
map-group
map-group alias <alias>
comment <comment>
map-list <list of maps>
|
|
map-passall
map-passall alias <alias>
comment <comment>
from <port-id | port-alias | inline-network-alias | inline-network-group-alias>
roles <assign | replace> <role> [to <role list>]
to <tool port list | gigastream-alias | gigastream-alias-list | inline-tool-alias | inline-tool-group-alias |
inline-serial-alias | bypass>
|
map-scollector
map-scollector alias <alias>
collector <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-tool-alias |
inline-tool-group-alias | inline-serial-alias | bypass>
comment <comment>
from <port-id | port-alias | port-list | inline-network-alias | inline-network-group-alias>
rewrite-dstmac <value> | rewrite-<value>
roles <assign | replace> <role> [to <role list>]
|
|
map-template
rule add <drop | pass>
bidir
comment <comment>
dscp <af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | ef>
ethertype <2-byte-hex>
ip6dst <IPv6 address> <IPv6 netmask>
ip6fl <3-byte-hex>
ip6src <IPv6 address> <IPv6 netmask>
ipdst <IP address> <netmask>
ipfrag <no-frag | all-frag | all-frag-no-first | first-frag | first-or-no-frag>
ipsrc <IP address> <netmask>
ipver <4 | 6>
macdst <MAC address> <MAC netmask>
macsrc <MAC address> <MAC netmask>
portdst <0-65535 | x..y> portdst-subset <even | odd>
portsrc <0-65535 | x..y> portsrc-subset <even | odd>
protocol <ipv6-hop | icmp-ipv4 | igmp | ipv4ov4 | tcp | udp | ipv6 | rsvp | gre | icmp-ipv6> <1-byte-hex>
tcpctl <1-byte-hex> tcpctlmask <1-byte-hex>
tosval <1-byte-hex>
ttl <ttl | ttl1..ttl2>
uda1-data <16-byte-hex> uda1-mask <16-byte-hex> uda1-offset <2-110 bytes>
uda2-data <16-byte-hex> uda2-mask <16-byte-hex> uda2-offset <2-110 bytes>
vlan <vlan | vlan1..vlan2> vlan-subset <even | odd>
|
|
|
nhb-profile
nhb-profile alias <alias>
custom-packet <URL of PCAP file | none>
direction <a-to-b | b-to-a | bi-directional>
period <period>
recovery-time <recovery time>
|
no service
no service <tcp-small-servers | udp-small-servers>
|
|
no traffic
no traffic
all [keep-stack]
|
notifications
notifications
enable
target host <IPv4 address or hostname> port <port ID> <secure | non-secure> username <username>
password <password>>
|
|
ntp
ntp
authentication enable
authentication-key <key number>
disable
enable
server <hostname, IPv4 or IPv6 address> [disable | key <key number> | keys enable | version <version
number>]
|
ntpdate
ntpdate <hostname, IPv4 or IPv6 address>
|
|
onie
onie reboot mode <debug | reinstall | uninstall | update>
|
|
|
pcap
pcap alias <alias>
channel-port <port ID>
packet-limit <1-20000>
port <port ID> <tx | rx | both>
filter
ipdst <IP address> <netmask>
ipsrc <IP address> <netmask>
portdst <0-65535>
portsrc <0-65535>
protocol <ipv6-hop | icmp-ipv4 | igmp | ipv4ov4 | tcp | udp | ipv6 | rsvp | gre | icmp-ipv6>
tcpctl <1-byte-hex>
|
ping
ping [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]
[-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
[-M mtu discovery hint] [-S sndbuf]
[ -T timestamp option ] [ -Q tos ] [hop1 ...] destination
|
|
ping6
ping [-LUdfnqrvVaA] [-c count] [-i interval] [-w deadline]
[-p pattern] [-s packetsize] [-t ttl] [-I interface]
[-M mtu discovery hint] [-S sndbuf]
[-F flow label] [-Q traffic class] [hop1 ...] destination
|
pld
The pld command for GigaVUE‑HC3 has the following syntax:
pld
upgrade slot <slot ID>
The pld command for G-TAP A Series 2 has the following syntax:
pld
upgrade
|
|
policy
policy
alias <alias>
action
add <action name> [param <param name> <param value>] .. [param <param name> <param value>]
delete <action ID>
comment <comment>
condition
add <condition name> [param <param name> <param value>] .. [param <param name>
<param value>]
delete <condition ID>
enable
reset
all <enable | reset>
|
port
port <port-id | port-alias | port-list>
alarm
buffer-threshold <0-100%> | [rx <0-100%> | tx <0-100%]>
high-utilization-threshold <0-100%>
low-utilization-threshold <0-100%>
alias <alias string>
assign role <user role> [level 1 | 2 | 3 | 4]
buffer-index <<0-7> | low | default | high>
comment <comment>
egress-vlan strip
filter rule
add <drop <criteria>| pass <criteria>>
delete <all | rule-id <rule ID>>
edit rule-id <rule-ID> [drop <criteria> | pass <criteria>]
ingress-vlan-tag <2-4000>
lock [description <description>]
lock-share <user <username>>
mode <none | 4x10G | 4x25G | 2x40G>
params
admin <disable | enable>
autoneg <disable | enable>
brief [port-list <port list>
discovery <cdp | lldp | all | disable>
duplex <full>
fec <cl91|cl74|cl108 | off>
forcelinkup <disable | enable>
gdp <enable | disable>
speed <10 | 100 | 1000 | 10000 | 25000 | 40000 | 100000>
ude <enable | disable>
taptx <active | passive>
ptp <enable | disable>
announce-interval <value>
delay-req-interval <value>
sync-interval <value>
timestamp <append-ingress | source-id <0-65535> | strip-egress>
timestamp
ingress insert
ingress source-id <value>
egress insert
egress source-id <value>
ingress disable
egress disable
tool-share role <user role>
type <hybrid | inline-network | inline-tool | network | stack | tool | circuit>
l2gre-id <L2GRE identifier>
vxlan-id <VXLAN identifier>
header-strip <vxlan | mpls-l3>
|
|
port-group
port-group alias <alias>
comment <comment>
gigastream-list <list of GigaStream aliases>
port-list <port-id | port-alias | port-list | inline-network-alias | inline-network-group-alias>
smart-lb <disable | enable>
te-list <list of tunnel endpoints> or <range of tunnel endpoints>
weight <port ID | te-id> <1-100>
|
port-pair
port-pair alias <alias>
between <<port ID> | <port alias> and <port ID> | <port alias>>
[comment <comment>]
[lfp <enable | disable>]
|
|
ptp on GigaVUE-HD series
ptp
enable
mode <peer | end-to-end>
|
ptp on GigaVUE-TA200 Devices
Use the following syntax to configure PTP globally for a device:
ptp
alias <string>
domain <value>// Range is 24–43
mode <ordinary | boundary>
local-priority <value> // Range is 1—255
priority2 <value> // Range is 0—255
Use the following syntax to configure PTP globally for a cluster:
ptp
box-id <box-id/all> alias <string>
domain <value>// Range is 24–43
mode <ordinary | boundary>
local-priority <value> // Range is 1—255
priority2 <value> // Range is 0—255
|
|
radius-server
radius-server
extra-user-params roles enable
host <IPv4/IPv6 address or hostname> [auth-port <port-number>] [enable] [shared-secret <string>] [prompt-secret <string>] ] [retransmit <retries>] | [timeout <seconds>]
shared-secret <string>
retransmit <retries>
timeout <seconds>
|
redundancy-profile
redundancy-profile alias <alias>
protection-role <primary | secondary | suspended>
signaling-port <port ID or port alias>
|
|
reload
reload
force [immediate]
halt
|
reset
reset factory <all | keep-all-config | only-traffic>
|
|
serial
serial
baudrate <9600 | 115200>
enable
|
sffp profile
sffp-profile alias <alias>
profile <add | delete>
add
ip interface <interface>
port-list <port number>
type <control | user>
sx-ips <interface>
|
|
show
|
sleep
sleep <number of seconds>
|
|
snmp-server
snmp-server
community <community string>
contact <string>
enable [communities] [mult-communities] [notify]
host <IPv4 / IPv6 address or Hostname>
disable
informs [community] [port <port number>] [version <2c | 3>]
<engineID <engine ID> <user <username>> <auth | encrypted auth | prompt auth>
<md5 <password> | sha <password> <priv <des <password> | aes-128 <password>>
traps [community] [port <port number>] [version <1 | 2c | 3>]
<user <username>> <auth | encrypted auth | prompt auth>
<md5 <password> | sha <password> <priv <des <password> | aes-128 <password>>
location <string>
notify
community <string>
event [systemreset] [configsave] [modulechange] [linkspeedstatuschange] [unexpectedshutdown] [userauthfail] [firmwarechange] [packetdrop] [gspacketdrop] [tunnelstatus] [tunneldeststatus] [bufferoverusage] [rxtxerror] [powerchange] [fanchange] [portutilization] [lowportutilization] [ibstatechange] [gscpuutilization] [gsportutilz] [gsportlowutilz] [evallicensereminder] [watchdogreset] [inlinetoolrecovery] [gdpupdate] [opticstemp] [exhausttemp] [switchcputemp] [cputemp] [2ndflashboot] [operationmode] [gigasmartcputemp] [eporttemp] [policytrigger] [process-cpu-threshold] [process-mem-threshold] [system-cpu-threshold] [system-mem-threshold] [ipgatewaystatus] [all]
port <port number>
port <port number>
user <username | admin> v3 <auth | encrypted auth | prompt auth> <md5 <password> | sha <password>
<priv <des <password> | aes-128 <password>>
<enable>
|
spine-link
spine-link alias <alias>
comment <comment>
port-list <port-list>
|
|
ssh
ssh
client
global <host-key-check <yes | no | ask> | known-host <known host entry>>
user <username> <authorized-key sshv2 <public key> | identity <rsa2 | ecdsa> <generate | private-key
[private key] | public-key <public-key>>| known-host <known host> remove >
server
enable
host-key
rsa1 <private-key [private key] | public-key <public-key>>
rsa2 <private-key [private key] | public-key <public-key>>
generate
ports <port> [port] [port] [port]..
|
stack-link
stack-link alias <stack alias>
between <gigastreams <stack-link gigastream> and <stack-link gigastream>> |
<<ports <stack-link port> and <peer stack-link port>>
comment <comment>
|
|
sync
sync
database
enable
image
reload-cc2
uboot
|
system
system
process <process name>
clusterd restart
httpd restart
ntpd restart
restapid restart
snmpd restart
sshd restart
ugwd restart
wsmd restart
security crypto enhanced
security passwords
enhanced
login-blank
min-length <length in characters>
arp refresh-interval
ndp refresh-interval
|
|
system-health
system-health
box-id <box ID> threshold enable
threshold enable
|
|
|
tacacs-server
tacacs-server
extra-user-params roles enable
host <IPv4/IPv6 address or hostname>
[auth-port <port number>
auth-type <ascii | pap>
enable
shared-secret <string>
prompt-secret
retransmit <retries>
timeout <seconds>]
shared-secret <nstring>
retransmit <retries>
service <gigamon | shell>
timeout <seconds>
|
terminal
terminal
length <number of lines>
resize
type <ansi | console | dumb | linux | screen | vt52 | vt100 | vt102 | vt220 | xterm>
width <number of characters>
|
|
timestamp
timestamp
pps-offset <1-280ns>
pps-source <ext-coaxial | ext-rs232 | ext-rs485>
|
tool-mirror
tool-mirror <alias <alias>>
from <port-id | port-alias | port-list | inline-network-alias | inline-network-group-alias>
to <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-tool-alias |
inline-tool-group-alias | inline-serial-alias | bypass> [comment <comment>]
|
|
traceroute
traceroute [ -46dFITUnrAV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ]
[ -t tos ] [ -l flow_label ] [ -w waittime ] [ -q nqueries ] [ -s src_addr ] [ -z sendwait ] host [ packetlen ]
|
L2-Circuit Tunnel
tunnel alias <alias> encap l2-circuit
circuit-id <value> => value between 2 to 4000>
|
|
L2GRE Tunnel for Encapsulation
tunnel alias <alias> encap l2gre
comment <description>
attach <ip-interface-name>
ipdst <destination IP address>
exit
|
VXLAN Tunnel for Encapsulation
tunnel alias <alias> encap vxlan
comment <description>
attach <ip-interface-name>
ipdst <destination IP address>
l4srcport <layer4 source port number>
exit
|
|
tunnel-endpoint
tunnel-endpoint te-id <tunnel endpoint ID>
alias <alias>
type remote ip-address <IP address>
|
|
|
uboot
uboot install
|
username
username <username>
disable [login]
full-name <full name>
password <prompt | cleartext password>
roles <add <user role> [user role] | replace <user role> [user role]>
|
|
vport
vport alias <alias>
gsgroup <GigaSMART group alias>
failover-action <vport-bypass | vport-drop | network-bypass | network-drop | network-port-forced-down>
mode gtp-overlap
|
|
|
web
web
auto-logout <number of minutes>
client
ca-list <none | default-ca-list>
cert-verify
enable
http
enable
port <port number>
redirect
httpd listen
enable
interface <interface>
https
certificate
default-cert
name <cert-name | system-self-signed>
regenerate
enable
port <port number>
require-dod-cert
logs <access | error> upload <current | log file number> <upload URL>
proxy
auth
authtype <none | basic>
basic <password <password>> | <username <username>>
host <IPv4 or IPv6 address> [port <port number>]
server ssl min-version <tls1 | tls1.1 | tls1.2>
session
auto-logout <number of minutes>
renewal <number of minutes>
|
write
write
memory [local]
terminal
|
|
|
|
MORE INFORMATION 
