Command Line Summary

This section summarizes the commands available in the command-line interface for the Gigamon Visibility and Analytics Fabric. Commands are listed in alphabetical order with a summary of their syntax.

Command

Command

aaa authentication

aaa authentication

attempts
class-override
admin no-lockout
         unknown <hash-username | no-track>
      lockout
         enable
         lock-time <seconds>
         max-fail <failure count>
         unlock-time <seconds>
      reset <all> | <user <username>> [no-clear-history | no-unlock]
      track enable
   certificate crl
     install name default pem url <URL>
      uninstall name default
   login default [ldap] [local] [radius] [tacacs+]
   password expiration
      duration <days>
      enable

aaa accounting

changes default stop-only <tacacs+>

aaa authorization

aaa authorization
   map
      default-user <<user> | admin | monitor | operator>
      order <<policy> | remote-only | remote-first | local-only>
   roles
      role <role name | Default> [description]

 

apps asf

apps asf <alias <alias>>
   bi-directional <disable | enable>
   buffer <disable | enable>
   buffer-count-before-match <3-20>
   packet-count <2-100 | disable>
   protocol <tcp | udp | sctp | tcp-udp | tcp-udp-sctp>
   sess-field <add | delete>
      <gtpu-teid>
      <ipv4 | ipv4-5tuple | ipv4-dst | ipv4-l4port-dst | ipv4-protocol | ipv4-src | ipv4-src-l4port-dst | ipv6 |  ipv6-5tuple | ipv6-dst | ipv6-l4port-dst | ipv6-protocol | ipv6-src | ipv6-src-l4port-dst | l4port | l4portdst | l4portsrc> <inner | outer>
      <mpls-label | vlan-id> <pos <1 | 2>>
   timeout <10-120s>

apps exporter

apps exporter alias <alias>
    type <gtp-cups | tunnel>

source

    interface

    ip-interface

    l4

    port

destination

l4
    port <1-65535>

    protocol <tcp | udp>

l3

    ip

    ver6

    ver4

    ttl <1-255>

    dscp <0-63>

    protocol <ipv4 | ipv6 | auto>

gsgroup <add | delete>

apps enhanced slicing

apps enhanced-slicing alias <name>

protocol add <protocol fields> offset <offset-length> [flow-session <inner | outer> skip packet-count <1-50> [action <slice | drop>] [timeout <value>]]

protocol delete <rule-id>

max-sessions <max session entries>

exit

apps enhanced asf

apps enhanced-asf

alias <name>

flow-session <outer | inner>

timeout <value in seconds>

max-sessions <max session entries>

rule add

transport <tcp | udp>

app <application protocol>

field <application field>

match-pattern <regex profile alias>

action <pass | drop>

rule delete <rule-id>

exit

apps gtp whitelist

apps gtp-whitelist alias <GTP whitelist file alias> add

imsi <IMSI number >

|ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>>

<create | delete>

imsi <IMSI number> |

ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>> | all

destroyfetch <add | delete> <URL for a GTP whitelist file>

apps gtp backup

apps gtp-backup
   delete <filename>
   delete-all

apps hsm

apps hsm <alias <alias>>
   hsm-ip <HSM server IP address> hsm-port <port number> esn <HSM ESN string> kneti <HSM KNETI>

apps hsm-group

apps hsm-group <alias <alias>>

comm <comment>
fetch key-handler <URL for HSM group key handler file>
hsm-alias

add <HSM alias>

delete <HSM alias>

hsm-set

rfs-sync

ipv4-addr <rfs-server-IP>

auto <time-period>

fetch-now

keymap

add server-ip<address> [server-port <port> ] [[key-name <name>] | [key-token <name>]]

delete [all | rule-id <id>]

fetch keymap <URL>

apps inline-ssl

apps inline-ssl
   caching persistence <disable | enable>
   keychain password <password> <confirm password> | <password> | [reset] <password><confirm password>

version < above | below >
   min-version <sslv3 | tls1 | tls11 | tls12 | tls13> max-version <sslv3 | tls1 | tls11 | tls12 | tls13>

below min-version <no-decrypt | drop>

above max-version <no-decrypt | drop >

   profile alias <alias>

split-proxy [enable | disable]

server non-pfs-ciphers [enable | disable]

tool early-engage [enable | disable]

one-arm [enable | disable]

monitor <disable | enable | inline>
      certificate
        expired <      decrypt | drop>
         invalid <decrypt | drop>
         revocation crl <disable | enable [fail <hard | soft>] [defer timeout <20-100>]>
         revocation ocsp <disable | enable [fail <hard | soft>] [defer timeout <20-100>]>
         self-signed <decrypt | drop>
         unknown-ca <decrypt | drop>
      clear <decryptlist | nodecryptlist>
      decrypt
         tcp
            inactive-timeout <2-1440 mins>
            portmap
               add in-port <value> out-port <value>
               default-out-port <<value> | disable>
               delete <all | rule-id <rule ID>>
               override-port <<value> | disable>
         tool-bypass <disable | enable>
      default-action <decrypt | no-decrypt>
      fetch <decryptlist <URL for profile decrypt list file> | nodecryptlist <URL for profile no-decrypt list file>>
      ha active-standby <disable | enable>
      keymap
         add server <server domain name or IP address or IPv6 address> key <key alias>
         delete <all | rule-id <rule ID>>
      network-group multiple-entry <disable | enable>
      no-decrypt tool-bypass <disable | enable>
      non-ssl-tcp tool-bypass <disable | enable>
      rule add
        category <category name> <decrypt | no-decrypt>
         domain <domain name string> <decrypt | no-decrypt>
         ipv4 <dst | src> <IP address> | ipv6 <dst | src> <IPv6 address> <mask>
         <decrypt | no-decrypt>
         issuer <issuer name string> <decrypt | no-decrypt>
         l4port <dst | src> <any | port <value or range>> <decrypt | no-decrypt>
         vlan <any | id <value or range>> <decrypt | no-decrypt>
      rule delete <all | rule-id <rule ID>>
      starttls
         add l4port <port number>
         delete <all | l4port <port number>>
      url-cache miss action <decrypt | defer [timeout <1-10>] | no-decrypt>
   resumption client <disable | enable>
   session debug <disable | enable>
   signing rsa for <primary | secondary> key <key alias>
   trust-store
      fetch <append | replace> <URL for trust store file>
      reset

apps keystore

apps keystore
   rsa | ecdsa <key alias>
   certificate <download url <download URL> | key-str <key string>>
   comment <comment>
   pkcs12 <download url <download URL> [password <password>]>
   private-key <download url <download URL> | key-str <key string>> [password <PEM password> | type hsm]
   self-signed
      common-name <CN>
      country <C>
      hash-type <SHA-1 | SHA-256 | SHA-384 | SHA-512>
      keysize <1024 | 2048 | 4096>
      org-name <O>
      org-unit <OU>
      state <S>
      valid <number of days>

apps listener

apps listener alias <alias>
type <gtp-cups | tunnel>

l4
port-list

 protocol <tcp | udp>

l3

 protocol <ipv4 | ipv6 | dual>
 ttl <1-255>   dscp <0-63>

mode l3 <promiscuous | interface>

gsgroup <add | delete>

apps netflow

apps netflow

apps regrex-profile

apps regrex-profile alias <name>

    pattern add <"regular expression">

    pattern delete <pattern-id>

exit

apps sip-whitelist

apps sip-whitelist alias <SIP whitelist file alias>
   add callerid <caller/callee ID>
   add id-range <id-range>

   add ip-addr <ip-address>

create
   delete <all | callerid <caller ID>>
   destroy
   fetch <add | delete> <URL for a SIP whitelist file>

apps diameter-whitelist

apps diameter-whitelist alias <diameter whitelist file alias>
   add username <username>
   create
   delete <all | username <username>>
   destroy
   fetch <add | delete> <URL for a diameter whitelist file>

apps split-dns

apps split-dns profile alias <alias>

collector add dns <ip-address>

rule add dns <ip-address> domain <domain-name>

collector edit dns <ip-address>

rule edit id <rule id> dns <ip-address>| domain <domain name>

rule delete id <rule id>| all

exit

apps ssl

apps ssl   key alias <alias>
      comment <comment>
      download type
         pkcs12 <url <download URL>> [password <password>]
         private-key <key-str <key string> | url <download URL>>
   keychain password <password> <confirm password> | <password> | [reset] <password>       <confirm password>
   service alias <alias>
      default-service
      server-ip <IP address> [server-port <port number> | any]

 

banner

banner
   login <string> | default>
   login-local <string>
   login-remote <string>
   motd <string> | default>

battery

battery

battery test [ execute | cancel ] [ID]

battery optimization

 

battery optimization

<policy> <port-group-id | port-group-list > <level>

battery optimization global

 

#battery optimization global

cpu-hibernate <value> sleep-time <value>

bond

bond <bonding interface> 
  down-delay-time <milliseconds>
   link-mon-time <milliseconds>
   mode <balance-rr | backup | balance-xor | balance-xor-layer3+4 | broadcast | link-agg |
      link-agg-layer3+4 | balance-tlb | balance-alb>
   up-delay-time <milliseconds>

 

boot

(missing or bad snippet)

 

card

 

card <all [box ID] | slot <slot ID>>
   alarm buffer-threshold <0-100>
   down
   fabric-hash advanced
   filter-template <<filter template alias> | defaults>
   mode <32x | 2q>
   product-code <card product code>
   set buffer alpha <alpha value>

card TA series

card slot <slot ID> mode <48x | 56x | 64x>

chassis

chassis

   buffer
   box-id <box ID>
      gdp <enable | disable>
      mgmt-intf discovery <cdp | lldp | all>
             mgmt-intf garp
      mode <normal | 100G [left | right]>
      serial-num <serial number> [gdp <enable | disable> | type <hc1 | hc2 | hc2-v2 | hc3 | hc3-v2 | ly2r | ta10 | ta10a | ta40 | itac | tacx | ta200|ta25|ta25a>]
   mgmt-intf garp

                  tag-mode <single | double>

migrate box-id <box ID> [serial-num <serial number>]

clear

clear
   aaa authentication attempts <all | user <username>> [no-clear-history | no-unlock]
   apps
      asf stats <alias <alias> | all>
      inline-ssl
         caching <cert-validation | url>
         monitor stats
         session debug vport <vport alias>
         session summary
      netflow
         exporter stats [alias <alias> | all]
         monitor
            cache [alias <alias> | all]
            stats [alias <alias> | all]
      ssl service stats [alias <alias> | all]
   arp
   gsgroup
      flow-ops
         flow-sampling <alias <alias> | all>
         flow-filtering <alias <alias> | all>
         flow-sip <alias <alias> | all>
         ssl-decryption <alias <alias> | all>
      stats [alias <alias> | all]
   gsop stats
      alias <alias>
      all
      by-application <add-header | dedup | apf | asf | flow-sampling | flow-filtering | lb | masking |
         slicing | strip-header | trailer | tunnel-decap | ssl-decrypt>
      by-gsgroup <GS group alias>
   hb-counters <alias <alias> | all>
   ipv6 neighbors
   ip destination stats all   load-balance port-group stats <alias <alias> | all>
   map stats <alias <alias> | all>
   nhb-counters <alias <alias> | all>   pcap all   port
      phy port-list <port-list>
      quadphy <port ID>
      stats <all | box-id <box ID> | port-list <port list> | slot <slot ID>>
   tunnel <l2gre | vxlan>
   tunnel-endpoint stats port-list <GigaSMART group alias>
   vport stats [alias <alias> | all]

cli

cli
   clear-history
   default
      auto-logout <number of minutes>
      init-resize
      paging enable
      progress enable
      prompt <confirm-reload | confirm-reset | confirm-unsaved | empty-password>   session
      auto-logout <number of minutes>
      paging enable
      progress enable
      terminal
         length <number of lines>
         resize
         type <ansi | console | dumb | linux | screen | vt52 | vt100 | vt102 | vt220 | xterm>
         width <number of characters>

clock

clock
   set <hh:mm:ss> [<yyyy/mm/dd>]
   timezone <zone> [<zone word> [<zone word> [<zone word>] [<zone word>]]

Cluster

cluster
   enable
   id <cluster ID>
   interface <interface> <ipv4 | ipv6>   
   ip-ver-switch diagnostics
   cluster ip-ver-switch

   leader
      address
         primary ip <cluster leader IP> [port <leader port number>]
         secondary ip <cluster leader IP> [port <leader port number>]
         vip <cluster leader vip> <netmask | mask length>
      auto-discovery
      connect timeout <seconds>
      interface <interface>
      preference <1-100>
      yield
   name <cluster name>
   port <cluster port number>
   reload [box-id <box ID>] | [force] | [node-id <node ID>]
   reload sequential
   remove <node ID>
   shared-secret <shared secret>
   shutdown
   startup-time <cluster startup time (secs)

Configuration

configuration
   audit max-changes <number>
   copy <source filename | initial> <destination filename>
   delete <filename | initial>
  
   fetch <download URL> <filename>   jump-start
   move <source filename | initial> <destination filename>
   new <filename> [factory [keep-basic] [keep-connect]]
   revert saved   
switch-to <filename | initial>
   text
      fetch <download URL>
         apply [discard] [fail-continue] [filename <filename>] [overwrite] [verbose]
         filename <filename> [apply] [fail-continue] [overwrite] [verbose]
         overwrite [apply] [fail-continue] [filename <filename>] [verbose]
      file <filename>
         apply [fail-continue] [verbose]
         delete
         rename <filename>
         upload <upload URL>
      generate
         active running <only-traffic> <save <filename>> | <upload <upload URL>>
         active saved <only-traffic> <save <filename>> | <upload <upload URL>>
         file <filename | initial> <save <filename>> | <upload <upload URL>>
   upload <initial | active> <upload URL>   write [local | to <filename>] [no-switch]

Configure

configure terminal

Coreboot

coreboot install

Crypto

crypto

acme client clear

cert-req-msg
      generate upload <upload URL>
      generation default
         country-code <country code>
         days-valid <number of days>
         email-addr <email address>
         key-size-bits <number of bits>
         locality <locality name>
         org-unit <organizational unit name>
         organization <organization name>
         state-or-prov <state or province name>
   certificate

acme issue box-id <box-id>

domain <xyz.gigamon.com>

ca-url <url> |algorithm <rsa-2048 | rsa-4096 | ec-prime256v1 |ec-secp384r1>|

|renew-days <1-365>| |root-cert <certificate_name>|

acme renew box-id <box-id> domain <xyz.gigamon.com>

acme revoke box-id <box-id>domain <xyz.gigamon.com>

ca-list default-ca-list name <CA list name> [system-self-signed]
      default-cert name <cert name> [system-self-signed]
      generation default
         country-code <country code>
         days-valid <number of days>
         email-addr <email address>
         key-size-bits <number of bits>
         locality <locality name>
         org-unit <organizational unit name>
         organization <organization name>
         state-or-prov <state or province name>
      name <cert name>
         comment <new comment>
         generate self-signed
            comment <comment>
            common-name <issuer and subject common name>
            country-code <country code>
            days-valid <number of days>
            email-addr <email address>
            key-size-bits <number of bits>
            locality <locality name>
            org-unit <organizational unit name>
            organization <organization name>
            serial-num <serial number>
            state-or-prov <state or province name>
         private-key pem <PEM string>

private-key pem fetch <url>
         prompt-private-key
         public-cert <comment <comment string>> <pem <PEM string>>
         regenerate [days-valid <number of days>]
         rename <new name>
      system-self-signed regenerate [days-valid <number of days 1-7300>]

 

debug

debug generate dump

box-id <box-id>

 

email

email
   auth
      enable
      password [password]
      username <username>
   autosupport
      enable
      event <event name>
      ssl
         ca-list <none | default-ca-list>
         cert-verify
         mode <none | tls | tls-none>
   dead-letter
      cleanup max-age cleanup <duration>
      enable
   domain <hostname or IP address>
   mailhub <hostname, IPv4, or IPv6 address>
   mailhub-port <port number>
   notify
      event <<event name> | all>
      recipient <email address>
        class <failure | info>
        detail
   return-addr <username>
   return-host
   send-test
   ssl
      ca-list <none | default-ca-list>
      cert-verify
      mode <none | tls | tls-none>

fabric advanced hash

fabric advanced-hash
     all box-id
    default
    fields
        ethertype
        gtpteid
        ip6dst
        ip6nextHeader
        ip6src
        ipdst
        ipsrc
        macdst
        macsrc
        mpls
        port6dst
        port6src
        portdst

        portsrc

        protocol

        ingressport

   none

 

file

file
   debug-dump
      delete <filename>
      email <filename>
      upload <filename> <upload URL>
 
  pcap
      delete <filename>
      delete-all
      upload <filename> <upload URL>    tcpdump
      delete <filename>
      upload <filename> <upload URL>

filter template

filter-template alias <alias>
   
comment <comment>
   qualifiers <add | remove> <ethertype | innervlan | ip6dst | ip6src | ipdst | ipsrc | macdst | macsrc |
      portdst | portsrc | protocol | qset1 | uda1 | uda2 | vlan>

 

 

gigasmart

gigasmart engine <port-list>
   interface
      [eth2] | <eth3> [vlan <VLAN ID>]
      <IP address> <netmask> gateway <gateway IP> dns <DNS IP>split-dns <alias>[mtu <1280-9400>]
      dhcp
      ping
   ping <IP address | hostname> <start | stop>

gigastream

gigastream   
  advanced-hash   
alias <alias>       
comment <comment>   
   hash-bucket-id <ID/range> <port <port ID/port range>> 
   hash-size <1-256>
  port-list <port-list> [params hash advanced]
  hash-weight <weight-list>
  drop-weight <weight>
  rehash

gigastream advanced-hsh

gigastream
advanced-hash
   slot <slot number>
   all
   default
   fields 
       ethertype 
       gtpteid
      ip6dst
     ip6nextHeader   
      ip6src
      ipdst 
      ipsrc
      macdst
      macsrc 
      mpls 
     port6dst  
     port6src 
     portdst    
    portsrc
    protocol  
    ingressport   
none

 

gsgroup

gsgroup alias <alias>    port-list <port-list>

gsop

gsop alias <alias>  
 add-header vlan <1-4094> 
 apf set

asf enhanced <enhanced asf alias> port-list <gsgroup name>   asf <ASF alias>
  dedup set  
 flow-ops <flow-filtering <gtp> | flow-sampling | gtp-flowsample | gtp-whitelist | netflow | sip-flowsample | sip-whitelist | diameter-flowsample | diameter-whitelist | 5g-whitelist | 5g-flowsample>

   inline-ssl <inline SSL profile alias>
lb     
 app <asf | gtp | tunnel | 5G> metric <lt-bw | lt-pkt-rate | round-robin | lt-conn | lt-tt-traffic | wt-lt-bw |         
 wt-lt-pkt-rate | wt-round-robin | wt-lt-conn | wt-lt-tt-traffic | wt-supi | wt-imsi | hashing <key <imsi | imei | msisdn>>     
 app <sip> metric hashing key caller-id  
 app <diameter> metric hashing key <user-name | command-code | session-id>

app <diameter> metric multi-hash key user-name application-id command-code

user-name

command-code

session-id

end-to-end id

hop-by-hop-id

app <<5g> metric hashing key <supi | pei | gpsi>>

application-id

avp-code
      hash <ip-only <inner | outer> | ip-and-port <inner | outer> | 5-tuple <inner | outer> | gtpu-teid>   masking protocol
      enhanced <elb-name>
      none offset <0-9000>
      ipv4 offset <1-9000>
      ipv6 offset <1-9000>
      udp offset <1-9000>
      tcp offset <1-9000>
      ftp-data offset <1-9000>
      https offset <1-9000>
      ssh offset <1-9000> 
     gtp offset <1-9000>
      gtp-ipv4 offset <1-9000>
      gtp-udp offset <1-9000>
      gtp-tcp offset <1-9000>
      <pattern: 1-byte-hex>
      <length: 1-9600>
      sip content-type message/cpim
   port-list <GigaSMART group alias>
   slicing protocol
      none offset <64-9000>
      ipv4 offset <4-9000>
      ipv6 offset <4-9000>
      udp offset <4-9000>
      tcp offset <4-9000>
      ftp-data offset <4-9000>
      https offset <4-9000>
      ssh offset <4-9000>
      gtp offset <4-9000>
      gtp-ipv4 offset <4-9000>
      gtp-udp offset <4-9000>
      gtp-tcp offset <4-9000>
   ssl-decrypt in-port <<ingress port> | any> out-port <<egress port> | auto>
   strip-header
      erspan <0-1023>
      fabric-path <dst-switch-id <0-(2^12-1)>> <src-switch-id <0-(2^12-1)>> 
     fm6000-ts <gs | none | x12-ts>
      generic anchor-hdr1 <none | eth | vlan | mpls | ipv4 | ipv6><offset <start | end | <integer>>
         <header-count<1-32> [custom-len <1-1500>]<anchor-hdr2 <none | eth | vlan | mpls | ipv4 | ipv6 | tcp |          udp | any>>
      gre
      gtp 
     isl 
     mpls
     mpls+vlan
     vlan <outer | all>
     vntag
     vxlan <0-(2^24-1)>
   trailer
      add crc <enable | disable> <srcid <enable | disable>
      remove
   tunnel-decap type

tunnel-decap type tcp add <listener>
      custom <portsrc <0-65535> portdst <0-65535>>
      erspan flow-id <0-1023>
      gmip portdst <0-65535>
      l2gre key <0~(2^32-1)>
      vxlan <portsrc <0-65535> portdst <1-65535> vni <0~(2^24-1)>>
   tunnel-encap type
   gmip <portsrc <0-65535> portdst <0-65535> ipdst <IP address>> [dscp <0-63>] [prec <0-7>]
         [ttl <1-255>]
   l2gre
         ip6dst <IPv6 destination address> key <0~(2^32-1)> [dscp <0-63>] [flow-label <0~(2^20-1)>]
            [prec <0-7>] [ttl <1-255>]
         ipdst <IP address> key <0~(2^32-1)>
         pgdst <port group name> key <0~(2^32-1)> session-field <3-tuple-any | 3-tuple-ipv4 | 3-tuple-ipv6 |
            5-tuple-any | 5-tuple-ipv4 | 5-tuple-ipv6 | ip-any | ipv4-only | ipv6-only> <inner | outer>

   vxlan <portsrc <1-65536> portdst <1-65536> vni <0~(2^24-1) ipdst | ip6dst <ipv4/ipv6 address>>
         

gsparams

gsparams gsgroup <GigaSMART group alias>

apptcp-lb <enable | disable>

apptcb-lb <application | control> <broadcast | drop>

cpu utilization type total rising <20-99%>

dedup-action <count | drop>
   dedup-ip-tclass <ignore | include>
   dedup-ip-tos <ignore | include>
   dedup-tcp-seq <ignore | include>
   dedup-timer <10-500000μs>
   dedup-vlan <ignore | include>

diameter-s6a-session <limit | timeout>

diameter-packet <timeout>

diameter-whitelist <add <diameter whitelist file alias> | delete>
eflow <enable | disable>

eflow interval <0- 3600>

eflow packet-count <integer>

eflow packet-ratio <0-100>

eflow logging <enable | disable>

eng-watchdog-timer <<60-600> | disable>

erspan3-timestamp format <gs | none | x12-ts>
   flow-mask <disable | enable <default | offset <0-111> length <1-112>>>
   flow-sampling-device-ip-ranges
      add ip4addr <IP address> <netmask>
      delete <all | <ip-id <1-64>>
   flow-sampling-rate <5-95%>
   flow-sampling-timeout <1-60 min>
   flow-sampling-type <device-ip | device-ip-in-gtp>

5g-flow timeout <1-6000 in unit of 10 minutes>
   generic-session-timeout <5-600 seconds>
   gtp-control-sample <disable | enable>

  gtp-randomsample <disable | enable>

  gtp-randomsample interval <12-48 hours>

   gtp-flow timeout <1-6000 in the unit of 10 minutes>
   gtp-persistence 
     disable 
     enable
      file-age-timeout <10-1440>
      interval <10-1440>
      restart-age-time <10-1440>

 

   gtp-whitelist <add <GTP whitelist file alias> | delete>
   hsm-group
      add <HSM group alias>
      delete
   ip-frag
      forward <disable | enable>
      frag-timeout <5-180 sec>
      head-session-timeout <15-240 sec>
   lb
      failover <disable | enable>
      failover-thres lt-bw <threshold bandwidth 50-90%> | lt-pkt-rate <packet rate 500-5000kpps>
      replicate-gtp-c <disable | enable>
      use-link-spd-wt <disable | enable>
   netflow-monitor <add <monitor name> | delete>

3gpp-node-role [control | user [<1-12000> standalone] | disable][ 5G | LTE ] [<1-10000>]| [<1-12000> standalone]

         resource
      buffer-asf <<2-5> | disable>
      cpu overload-threshold <<50-90> | disable> 
     hsm-ssl
         buffer <<1-3> | disable> 
        packet-buffer <20-3000>
      packet-buffer overload-threshold <<50-80> | disable>

inline-ssl

      standalone <enable | disable>
   rtp-port range <1~65535 | x..y>

sffp-profile <add | delete> <sffp-profile alias>
   sip-portlist <1-65535>
   sip-session timeout <30-300>
   sip-tcp-idle-timeout <20-600>
   sip-whitelist
      add <SIP whitelist file>
      delete

  sip-nat <disable | enable>
   ssl-decrypt
      decrypt-fail-action <drop | pass-tool>
      disable
      enable
      hsm-pkcs11
         dynamic-object <disable | enable>
         load-sharing <disable | enable>
      hsm-timeout <2-5000> 
     key-cache-timeout <1-86400>
      key-map
         add service <service alias> key <key alias>
         delete service <<service alias> | all>
      non-ssl-traffic <drop | pass>
      pending-session-timeout <30-120>
      session-timeout <30-3600>
      tcp-syn-timeout <20-600>
      ticket-cache-timeout <1-86400>
         tunnel-health-check
      action <drop | pass>
      disable 
     dstport <destination port for UDP>
      enable
      interval <5-600>
      protocol <icmp | udp>
      rcvport <receive port on decapsulation side>
      retries <1-5>
      roundtriptime <1-4>
      srcport <source port for UDP>

halt

halt

hb-profile

hb-profile <alias <alias> | default>
   custom-packet <URL of PCAP file | none>
   direction <a-to-b | b-to-a | bi-directional>
   packet-format <arp | custom>
   period <period>
   recovery-time <recovery time>
   retry-count <retry count>
   timeout <timeout>

header-strip

header-strip box id <box id|all>   vxlan aging-interval <300 to 1000000 seconds and 0 to disable>

   mpls add <mpls labels>

   mpls delete <mpls labels | all>      

hostname

hostname <hostname>

ib_pathway

ib-pathway

image

image
   boot <location <1 | 2> | next> 
  delete <image filename>
   fetch <download URL> [filename]
   install <image filename>
   move <src filename> <dst filename>
   

inline-network

inline-network alias <alias>
   comment <comment>
   lfp enable
   hb-accept
   pair net-a <port ID or alias> and net-b <port ID or port alias>
   physical-bypass <enable | disable>
   redundancy-profile <redundancy profile alias>
   traffic-path <drop | bypass | monitoring | to-inline-tool>

 

inline-network-group

inline-network-group [alias <alias>] 
  comment <comment> 
  network-list <inline-network list>

inline-serial

inline-serial alias <alias>
   comment <comment>
   enable
   failover-action <tool-bypass | tool-drop | network-bypass | network-drop | network-port-forced-down |       per-tool>
   inline-tool-list <list of inline tools and inline tool groups>
   per-direction-order
<reverse | forward>

inline-tool

inline-tool alias <alias>
   comment <comment>
   enable
   inline-tool-type <external | gmon>
   failover-action <tool-bypass | tool-drop | network-bypass | network-drop | network-port-forced-down>
   flex-traffic-path <to-inline-tool | bypass | monitoring | drop>
   hb-ip-addr-a <tool-a heartbeat IP address>
   hb-ip-addr-b <tool-b heartbeat IP address>
   hb-profile <hb-profile alias | default>
   heart-beat
   negative-heart-beat
   nhb-profile <negative heartbeat profile alias>
   pair tool-a <port ID or port alias> and tool-b <port ID or port alias>
   recover
   recovery mode <automatic | manual>
   shared <true | false>

inline-tool-group

inline-tool-group alias <alias>
   comment <comment>
   enable
   failover-action <tool-bypass | tool-drop | network-bypass | network-drop | network-port-forced-down>
   failover-mode spread
   flex-traffic-path <to-inline-tool | bypass | monitoring | drop>
   hash <advanced | a-srcip-b-dstip | b-srcip-a-dstip>
   minimum-group-healthy-size <number>
   release-spare-if-possible
   spare-inline-tool <spare inline tool alias>
   tool-list <inline-tool list>
   hash-weights <inline-tool weights>

interface

interface <interface>
   bond <bonded interface>
   comment <comment>
   dhcp [renew]
   duplex <full | auto>
   ip address <IP address> <netmask>
   ipv6
      address <<IPv6 address>/<length> | autoconfigure> [default | privacy]
      dhcp client <enable | renew>
      enable
   mtu <MTU in bytes>
   shutdown   speed <10 | 100 | 1000 | auto>
   zeroconf

ip

ip
   default-gateway <next hop IP address> [interface name (eth0, eth1...)]
   dhcp
      default-gateway yield-to-static
      hostname <hostname>
      primary intf <interface name>
      send-hostname
   domain-list <domain name>
   filter
      chain <chain>
         clear
         policy <policy>
         rule <append tail | insert <rule number> | set <rule number> | modify <rule number>> target <target>
      move <old rule number> to <new rule number>
         [comment <comment> | dest-addr <network prefix> <netmask> | dest-port <port or port range> |
         dup-delete | in-intf <interface>| not-dest-addr <network prefix> <netmask> | not-dest-port <port
         or port range> | not-in-intf <interface> | not-out-intf <interface> | not-protocol <protocol> |
         not-source-addr <network prefix> <netmask> | not-source-port <port or port range> | out-intf
         <interface> | protocol <protocol> | source-addr <network prefix> <netmask> | source-port
         <port or port range> | state <state>]
      enable
      options include-bridges
   host <hostname> <IP address>
   map-hostname
   name-server <IPv4 or IPv6 address>
   route <network prefix> <netmask | mask length> <next hop IP address or interface name>

ip interface

ip interface alias <alias>
   attach <port-id>
   comment <comment for the ip interface>
   ip address <ip address> <netmask | mask length>
   ipv6 address <IPv6 address>/<len>
   gw <gw address>
   gw-ipv6 <ipv6 gw address>
   mtu <mtu value in bytes>
   gsgroup
     add <gsgroup-alias>
     delete <gsgroup-alias>
   netflow-exporter
     add <netflow-exporter-alias>
     delete <netflow-exporter-alias>

ipv6

ipv6
   default-gateway <next hop IP address or interface name> <eth0, eth1...>
   dhcp
      primary intf <interface name>
      stateless
   enable
   filter
      chain <chain>
         clear
         policy <policy>
         rule <append tail | insert <rule number> | set <rule number> | modify <rule number>> target <target>
            move <old rule number> to <new rule number>
               [comment <comment> | dest-addr <network prefix> <netmask> | dest-port <port or port range> |
                  dup-delete | in-intf <interface>| not-dest-addr <network prefix> <netmask> | not-dest-port
                  <port or port range> | not-in-intf <interface> | not-out-intf <interface> | not-protocol <protocol> |
                  not-source-addr <network prefix> <netmask> | not-source-port <port or port range> |
                  out-intf <interface> | protocol <protocol> | source-addr <network prefix> <netmask> |
                  source-port <port or port range> | state <state>]
      enable
      options include-bridges
   host <hostname> <IPv6 address>
   map-hostname
   neighbor <IPv6 address> <interface name> <MAC address>
   route <IPv6 prefix> <next hop IPv6 address or interface name> [eth0, eth1...]

 

job

job <job ID>
   command <sequence #> <CLI command>
   comment <string>
   enable
   execute
   fail-continue
   name <friendly name>
   schedule type <daily | monthly | once | periodic | type | weekly>

 

ldap

ldap
   base-dn <string>
   bind-dn <string>
   bind-password <string>
   extra-user-params roles enable
   group-attribute <<string> | member | uniqueMember>
   group-dn <string>
   host <IPv4/IPv6 address or hostname> [order <order number> | last]
   login-attribute <<string> | uid | sAMAccountName>
   port <port number>
   referrals
   remote-user-group
      base-dn <base-dn string> map-to <local account>
      map <disable | enable>
   scope <one-level | subtree>

   ssl ca-list <none | default-ca-list>
      cert-verify mode <none | ssl | tls>
      ssl-port <port number>
   timeout-bind <seconds>
   timeout-search <seconds>
   version <2 | 3>

license

license install box-id <box ID> key <license key>

logging

logging <hostname, IPv4 or IPv6 address> [tcp <0-65535> [ssh username <username>]] |
      [trap <severity level>]
   files
      delete <current | oldest [number of log files]>
      rotation force | max-num <number of files>
      upload <current | <file number>> <upload URL>
   level
      audit mgmt <severity level>
      cli commands <severity level>

   local <severity level>
   trap <severity level>

 

map

map alias <alias>
   a-to-b <<ordered list of inline tools and inline tool groups> | bypass | same | reverse>
   b-to-a <<ordered list of inline tools and inline tool groups> | bypass | same | reverse>
   comment <comment>
   enable

encap-tunnel <tunnel name>
   flowrule
      add <drop | pass> gtp <imsi | imei | msisdn> <number[*]> [comment <comment> | interface <Gn | S11 |
         S5 | S10> | version <1 | 2>]
      delete <all | rule-id <rule ID>>
   flowsample

fstype rotational timer <value> offset <value>

 flowsample

add 5g<dnn<pattern>> [comment <comment>] <pei<number[*]>> <supi<number[*]>>
         <gpsi<number[*]>> <nsiid <SST | SST.SD>> <nci><pattern><tac><pattern>< plmn-id> <mcc.mnc> <5qi><percentage <percentage range>>          
<qci <value>> <version <1 | 2>>

add diameter <username <username>
     interface <interface> <percentage <percentage range>
   delete diameter <all | priority-id <rule ID>>
      add gtp <apn <pattern>> [comment <comment>] <imei <number[*]>> <imsi <number[*]>>
         <interface <Gn | S11 | S5 | S10>> <msisdn <number[*]>> <eci><pattern>
<plmn-id> <mcc.mnc> <tac><pattern> <percentage <percentage range>>
         <qci <value>> <version <1 | 2>>
      add sip <caller-id <caller ID>> <percentage <percentage range>>
      delete <gtp | sip> <all | priority-id <rule ID>>
      insert <after | before> <priority index> <gtp> <apn <pattern>> [comment <comment>]
         <imei <number[*]>> <imsi <number[*]>> <msisdn <number[*]>> <interface <Gn | S11 | S5 | S10>>
         <percentage <percentage range>> | <qci <value>> <version <1 | 2>>
      insert <after | before> <priority index> <sip> <caller-id <caller ID>> <percentage <percentage range>>
   from <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-network-alias |
      inline-network-group-alias | vport-alias>
   gsrule
      add <drop | pass> <criteria>
      delete <all | rule-id <rule ID>>
   no-rule-match pass
   oob-copy from <inline-network alias | through-list item> [dir <a-to-b | b-to-a>] to <tool port list> tag <none |
      as-inline>
   param traffic control
   priority <after <map name> | before <map name> | highest | lowest>
   roles <assign | replace> <role> [to <role list>]
   rule
      add <drop | pass> <criteria>
      copy-from template <template alias>
      delete <all | rule-id <rule ID>>
      edit rule-id <rule ID> <comment <comment> | drop <criteria> | pass <criteria>>

rewrite-dstmac <xxxx.xxxx.xxxx | xx:xx:xx:xx:xx:xx>

rewrite-srcmac <xxxx.xxxx.xxxx | xx:xx:xx:xx:xx:xx>

 tag <<1-4000> | auto>
   to <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-tool-alias |one-arm|
inline-tool-group-alias | inline-serial-alias | bypass | vport-alias | null-port>
   encap-tunnel <tunnel-alias>
   type <firstLevel | flexInline | inline | regular | transitLevel| secondLevel>
      firstLevel [byRule]
      flexInline [byRule | collector]
      inline [byRule]
      regular [byRule]
      secondLevel [byRule | flowFilter | flowSample | flowSample-ol | flowSample-sip | flowWhitelist | lowSample-diameter | flowWhitelist-diameter |

|  flowWhitelist-ol | flowWhitelist-sip | flowWL-5g | flowSample-5G]
   use gsop <gsop alias>
   whitelist

add 5g

<dnn <pattern>| type <supi | ran | all >
      add gtp <apn <pattern> | interface <Gn | S10 | S11 | S5> | version <1 | 2>> | type <imsi | ran | all >
      delete all

   add sip <all | callee-id | caller-id | dest-ip | ip-addr | src-ip>
map priority <map names>

map rule

rule add <drop | pass>
   bidir    comment <comment>
   circuit-id <2-4000>
   dscp <af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | ef>
   ethertype <2-byte-hex>
   inner-vlan <vlan | vlan1..vlan2> innervlan-subset <even | odd>
   ip6dst <IPv6 address> <IPv6 netmask>
   ip6fl <3-byte-hex>
   ip6src <IPv6 address> <IPv6 netmask>
   ipdst <IP address> <netmask>
   ipfrag <no-frag | all-frag | all-frag-no-first | first-frag | first-or-no-frag>
   ipsrc <IP address> <netmask>
   ipver <4 | 6>
  l2gre <1-4294967295>
   macdst <MAC address> <MAC netmask>
   macsrc <MAC address> <MAC netmask>

   portdst <0-65535 | x..y> portdst-subset <even | odd>
   portsrc <0-65535 | x..y> portsrc-subset <even | odd>
   protocol <ipv6-hop | icmp-ipv4 | igmp | ipv4ov4 | tcp | udp | ipv6 | rsvp | gre | icmp-ipv6> <1- byte-hex>
   rewrite-dstmac <value> rewrite-srcmac <value>
   rewrite-dstip <value> rewrite-srcip <value>
   tcpctl <1-byte-hex> tcpctlmask <1-byte-hex>
   tosval <1-byte-hex>
   ttl <ttl | ttl1..ttl2>
   uda1-data <16-byte-hex> uda1-mask <16-byte-hex> uda1-offset <2-110 bytes>
   uda2-data <16-byte-hex> uda2-mask <16-byte-hex> uda2-offset <2-110 bytes>
   vlan <vlan | vlan1..vlan2> vlan-subset <even | odd>
   vxlan <1-16777215>

map gsrule

gsrule add <drop | pass>
   comment <comment>
   erspan id <range <erspanid1..erspanid2>> | <value <1-1024>>
   ethertype <any | pos <1-6>> <range <2-byte-hex..2-byte-hex> <subset <even | odd | none>> |
      <value <2-byte-hex>>
   gre key <range <4-byte-hex..4-byte-hex> <subset <even | odd | none>> | <value <4-byte-hex>>
   gtp gtpu-teid <range <4-byte-hex..4-byte-hex> <subset <even | odd | none>> | <value <4-byte-hex>>
   ipv4

      dscp <any | pos <1-3>> <value <af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 |          af43>>
      dst <any | pos <1-3>> <range <ipv4_address..ipv4_address>> | <value <ipv4_address> <netmask>>
      frag <any | pos <1-3>> <value <no-frag | all-frag | all-frag-no-first | first-frag | first-or-no-frag>>
      protocol <any | pos <1-3>> <range <1-byte-hex..1-byte-hex> <subset <even | odd | none>> |
         <value <1-byte-hex..1-byte-hex>>
      src <any | pos <1-3>> <range <ipv4_address..ipv4_address>> | <value <ipv4_address> <netmask>>
      tosval <any | pos <1-3>> <range <1-byte-hex..1-byte-hex>> | <value <1-byte-hex..1-byte-hex>>
      ttl <any | pos <1-3>> <range <x..y> <subset <even | odd | none>> | <value <0-255>>
   ipv6
      dscp <any | pos <1-3>> <value <af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 |
         af43>>
      dst <any | pos <1-3>> <range <ipv6_address..ipv64_address>> | <value <ipv6_address> <netmask>>
      flow-label <any | pos <1-3>> <range <3-byte-hex..3-byte-hex> <subset <even | odd | none>> |          <value <3-byte-hex>>
      src <any | pos <1-3>> <range <ipv6_address..ipv6_address>> | <value <ipv6_address> <netmask>>
   ipver <any | pos <1-3>> <value <4 | 6>>
   l4port
      dst <any | pos <1-3>> <range <x..y> <subset <even | odd | none>> | <value <0..65535>>
      src <any | pos <1-3>> <range <x..y> <subset <even | odd | none>> | <value <0..65535>>
   mac
      dst <any | pos <1-3>> <range <MAC_address..MAC_address>> | <value <MAC_address> <netmask>>
      src <any | pos <1-3>> <range <MAC_address..MAC_address>> | <value <MAC_address> <netmask>>
   mpls label <any | pos <1-4>> <range <label1..label2> <subset <even | odd | none>> | <value
      <0-1048576>>
   pmatch <protocol <ipv4 | ipv6 | tcp | udp>> <pos <1 | 2>> <string <pattern> | RegEx> <pattern> <offset |
      begin..end>
   pmatch <mask <1 byte-hex> from <start-of-match <offset> | end-of-match <offset>> to <end-of-match
      <length> | end-of-packet | <length>> <protocol <ipv4 | ipv6 | tcp | udp>> <pos <1 | 2>> <string <pattern>
      | RegEx> <pattern> <offset | begin..end> 
  pmatch-hint <hint string>
   tcp ctl <any | pos <1-3>> <value <1-byte-hex>> <mask <1-byte-hex | none>>
   vlan id <any | pos <1-4>> <range <vlan1..vlan2>> <subset <even | odd | none>> | <value <0-4094>>
   vntag 
     dvifid <any | pos <1-3>> <range <dvifid1..dvifid2>> <subset <even | odd | none>> | <value <0-16384>>
     svifid <any | pos <1-3>> <range <svifid1..svifid2>> <subset <even | odd | none>> | <value <0-4096>>
     viflistid <any | pos <1-3>> <range <viflistid1..viflistid2>> <subset <even | odd | none>> |
         <value <0-16384>>
   vxlan id <range <3-byte-hex..3-byte-hex>> <subset <even | odd | none>> | <value <3-byte-hex>>

map-group

map-group alias <alias>
   comment <comment>
   map-list <list of maps>

map-passall

map-passall alias <alias>
   comment <comment>   
from <port-id | port-alias | inline-network-alias | inline-network-group-alias>
   roles <assign | replace> <role> [to <role list>]
   to <tool port list | gigastream-alias | gigastream-alias-list | inline-tool-alias | inline-tool-group-alias |
      inline-serial-alias | bypass>

map-scollector

map-scollector alias <alias>
   collector <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-tool-alias |
      inline-tool-group-alias | inline-serial-alias | bypass>
   comment <comment>
   from <port-id | port-alias | port-list | inline-network-alias | inline-network-group-alias>

rewrite-dstmac <value> | rewrite-<value>

   roles <assign | replace> <role> [to <role list>]

map-template

rule add <drop | pass>

   bidir
  comment <comment>
   dscp <af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | ef>
   ethertype <2-byte-hex>
   ip6dst <IPv6 address> <IPv6 netmask>
   ip6fl <3-byte-hex>
   ip6src <IPv6 address> <IPv6 netmask>
   ipdst <IP address> <netmask>
   ipfrag <no-frag | all-frag | all-frag-no-first | first-frag | first-or-no-frag>
   ipsrc <IP address> <netmask>
   ipver <4 | 6>
   macdst <MAC address> <MAC netmask>
   macsrc <MAC address> <MAC netmask>

    portdst <0-65535 | x..y> portdst-subset <even | odd>
   portsrc <0-65535 | x..y> portsrc-subset <even | odd>
   protocol <ipv6-hop | icmp-ipv4 | igmp | ipv4ov4 | tcp | udp | ipv6 | rsvp | gre | icmp-ipv6> <1-byte-hex>
   rewrite-dstip <value>
   rewrite-dstmac <value>
   rewrite-srcip <value>
   rewrite-srcmac <value>
   tcpctl <1-byte-hex> tcpctlmask <1-byte-hex>
   tosval <1-byte-hex>
   ttl <ttl | ttl1..ttl2>
   uda1-data <16-byte-hex> uda1-mask <16-byte-hex> uda1-offset <2-110 bytes>
   uda2-data <16-byte-hex> uda2-mask <16-byte-hex> uda2-offset <2-110 bytes>
   vlan <vlan | vlan1..vlan2> vlan-subset <even | odd>

 

nhb-profile

nhb-profile alias <alias>
   custom-packet <URL of PCAP file | none>
   direction <a-to-b | b-to-a | bi-directional>
   period <period>
   recovery-time <recovery time>

no service

no service <tcp-small-servers | udp-small-servers>

no traffic

no traffic
   all [keep-stack]

notifications

notifications
   enable
   target host <IPv4 address or hostname> port <port ID> <secure | non-secure> username <username>
      password <password>>

ntp

ntp
   authentication enable
   authentication-key <key number>
   disable
   enable
   server <hostname, IPv4 or IPv6 address> [disable | key <key number> | keys enable | version <version
      number>]

ntpdate

ntpdate <hostname, IPv4 or IPv6 address>

onie

onie reboot mode <debug | reinstall | uninstall | update>

 

pcap

pcap   alias <alias>
      channel-port <port ID>
      packet-limit <1-20000>
      port <port ID> <tx | rx | both>
      filter

         ipdst <IP address> <netmask>

         ipsrc <IP address> <netmask>

         portdst <0-65535>

         portsrc <0-65535>

         protocol <ipv6-hop | icmp-ipv4 | igmp | ipv4ov4 | tcp | udp | ipv6 | rsvp | gre | icmp-ipv6>

         tcpctl <1-byte-hex>

ping

ping [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]
        [-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
        [-M mtu discovery hint] [-S sndbuf]
        [ -T timestamp option ] [ -Q tos ] [hop1 ...] destination

ping6

ping [-LUdfnqrvVaA] [-c count] [-i interval] [-w deadline]
        [-p pattern] [-s packetsize] [-t ttl] [-I interface]
        [-M mtu discovery hint] [-S sndbuf]
        [-F flow label] [-Q traffic class] [hop1 ...] destination

pld

The pld command for GigaVUE‑HC3,GigaVUE‑HC1-Plus has the following syntax:

pld
   upgrade slot <slot ID>

The pld command for G-TAP A Series 2 has the following syntax:

pld
   upgrade

policy

policy
   alias <alias>
      action
         add <action name> [param <param name> <param value>] .. [param <param name> <param value>]
         delete <action ID>
      comment <comment>
      condition
         add <condition name> [param <param name> <param value>] .. [param <param name>
            <param value>]
         delete <condition ID>
      enable
      reset
   all <enable |  reset>

port

port <port-id | port-alias | port-list>
   alarm
      buffer-threshold <0-100%> | [rx <0-100%> | tx <0-100%]>
      high-utilization-threshold <0-100%>
      low-utilization-threshold <0-100%>
   alias <alias string>
   assign role <user role> [level 1 | 2 | 3 | 4]
   buffer-index <<0-7> | low | default | high>
   comment <comment>
   egress-vlan strip
   filter rule
      add <drop <criteria>| pass <criteria>>
      delete <all | rule-id <rule ID>>
      edit rule-id <rule-ID> [drop <criteria> | pass <criteria>]
   ingress-vlan-tag <2-4000>
   lock [description <description>]
   lock-share <user <username>>
   mode <none | 4x10G | 4x25G | 2x40G>
   params
       admin <disable | enable>
       autoneg <disable | enable>

       brief [port-list <port list>]
       discovery <cdp | lldp | all | disable>
       duplex <full>
       fec <cl91|cl74|cl108 | off>
       forcelinkup <disable | enable>
       gdp <enable | disable>
       speed <10 | 100 | 1000 | 10000 | 25000 | 40000 | 100000>
       ude <enable | disable>
       taptx <active | passive>
   ptp <enable | disable>

vlan <value>
       announce-interval <value>
       delay-req-interval <value>
       sync-interval <value> 

tag-protocol-id <TPID value>
   timestamp <append-ingress | source-id <0-65535> | strip-egress>

threshold [rx | tx] [drop | error] [count | percent] [value <value>]

timestamp
       ingress insert
       ingress source-id <value>
       egress insert
       egress source-id <value>
       ingress disable
       egress disable
   tool-share role <user role>
   type <hybrid | inline-network | inline-tool | network | stack | tool | circuit>

   l2gre-id <L2GRE identifier>

   vxlan-id <VXLAN identifier>

   header-strip <vxlan | mpls-l3>

port-group

port-group alias <alias>
  comment <comment>
   gigastream-list <list of GigaStream aliases>
   port-list <port-id | port-alias | port-list | inline-network-alias | inline-network-group-alias>
   smart-lb <disable | enable>
   te-list <list of tunnel endpoints> or <range of tunnel endpoints>
   weight <port ID | te-id> <1-100>

port-pair

port-pair alias <alias>
   between <<port ID> | <port alias> and <port ID> | <port alias>>
      [comment <comment>]
      [lfp <enable | disable>]

ptp on GigaVUE-HD series

ptp
  enable
  mode <peer | end-to-end>

ptp on GigaVUE-TA200 Devices

Use the following syntax to configure PTP globally for a device:

ptp
  alias <string>
  domain <value>// Range is 24–43
 mode <ordinary | boundary>
  local-priority <value> // Range is 1—255
  priority2 <value> // Range is 0—255

Use the following syntax to configure PTP globally for a cluster:

ptp
  box-id <box-id/all> alias <string>
  domain <value>// Range is 24–43
 mode <ordinary | boundary>
  local-priority <value> // Range is 1—255
  priority2 <value> // Range is 0—255

radius-server

radius-server
   extra-user-params roles enable
   host <IPv4/IPv6 address or hostname> [auth-port <port-number>] [enable] [shared-secret <string>] [prompt-secret <string>] ]       [retransmit <retries>] | [timeout <seconds>]
   shared-secret <string>
   retransmit <retries>
   timeout <seconds>

redundancy-profile

redundancy-profile alias <alias>
   protection-role <primary | secondary | suspended>
   signaling-port <port ID or port alias>

reload

reload
   force [immediate]
   halt

reset

reset factory <all | keep-all-config | only-traffic>

serial

serial
   baudrate <9600 | 115200>
   enable

sffp profile

sffp-profile alias <alias>
profile <add | delete>

add
  ip interface <interface>

   port-list <port number>

     type <control | user>

       sx-ips <interface>

show

show <command> matching <regex>

sleep

sleep <number of seconds>

snmp-server

snmp-server
   community <community string>
   contact <string>
   enable [communities] [mult-communities] [notify]
   host <IPv4 / IPv6 address or Hostname>
      disable
      informs [community] [port <port number>] [version <2c | 3>]

         <engineID <engine ID> <user <username>> <auth | encrypted auth | prompt auth>
            <md5 <password> | sha <password> <priv <des <password> | aes-128 <password>> 
     traps [community] [port <port number>] [version <1 | 2c | 3>]

         <user <username>> <auth | encrypted auth | prompt auth>
            <md5 <password> | sha <password> <priv <des <password> | aes-128 <password>>
  location <string>
   notify
      community <string>
      event
[systemreset] [configsave] [modulechange] [linkspeedstatuschange] [unexpectedshutdown] [userauthfail] [firmwarechange] [packetdrop] [gspacketdrop] [tunnelstatus] [tunneldeststatus] [bufferoverusage] [rxtxerror] [powerchange] [fanchange] [portutilization] [lowportutilization] [ibstatechange] [gscpuutilization] [gsportutilz] [gsportlowutilz] [evallicensereminder] [watchdogreset] [inlinetoolrecovery] [gdpupdate] [opticstemp] [exhausttemp] [switchcputemp] [cputemp] [2ndflashboot] [operationmode] [gigasmartcputemp] [eporttemp] [policytrigger] [process-cpu-threshold] [process-mem-threshold] [system-cpu-threshold] [system-mem-threshold] [ipgatewaystatus] [all]
      port <port number>
   port <port number>
   user <username | admin> v3
<auth | encrypted auth | prompt auth> <md5 <password> | sha <password>
         <priv <des <password> | aes-128 <password>>
      <enable>

spine-link

spine-link alias <alias>
   comment <comment>
   port-list <port-list>

ssh

ssh
   client

     ciphers <aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm>
        global <host-key-check <yes | no | ask> | known-host <known host entry>>

        user <username> <authorized-key sshv2 <public key> | identity <rsa2 | ecdsa> <generate | private-key
         [private key] | public-key <public-key>>| known-host <known host> remove >
   server

     ciphers <aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm>
      enable
      host-key
                rsa2 <private-key [private key] | public-key <public-key>>
        ecdsa <private-key [private key] | public-key <public-key>>
         generate
      ports <port> [port] [port] [port]..

stack-link

stack-link alias <stack alias>
   between <gigastreams <stack-link gigastream> and <stack-link gigastream>> |
      <<ports <stack-link port> and <peer stack-link port>>
   comment <comment>

sync

sync
   database
   enable
   image
   reload-cc2
   uboot

system

system
   process <process name>
      clusterd restart
      httpd restart
      ntpd restart
      restapid restart
      snmpd restart
      sshd restart
      ugwd restart
      wsmd restart
   security crypto enhanced

security legacy

security log martian

security passwords
      enhanced
      login-blank
      min-length <length in characters>
   arp refresh-interval
   ndp refresh-interval

stacking-mode legacy

system-health

system-health
   box-id <box ID> threshold enable
   threshold enable

 

 

tacacs-server

tacacs-server
  extra-user-params roles enable
   host <IPv4/IPv6 address or hostname>
      [auth-port <port number>
      auth-type <ascii | pap>
      enable
      shared-secret <string>
      prompt-secret
      retransmit <retries>
      timeout <seconds>]
   shared-secret <nstring>
   retransmit <retries>
   service <gigamon | shell>
   timeout <seconds>

terminal

terminal
   length <number of lines>
   resize
   type <ansi | console | dumb | linux | screen | vt52 | vt100 | vt102 | vt220 | xterm>
   width <number of characters>

timestamp

timestamp
   pps-offset <1-280ns>
   pps-source <ext-coaxial | ext-rs232 | ext-rs485>

tool-mirror

tool-mirror <alias <alias>>
   from <port-id | port-alias | port-list | inline-network-alias | inline-network-group-alias>
   to <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-tool-alias |
      inline-tool-group-alias | inline-serial-alias | bypass> [comment <comment>]

traceroute

traceroute [ -46dFITUnrAV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ]
              [ -t tos ] [ -l flow_label ] [ -w waittime ] [ -q nqueries ] [ -s src_addr ] [ -z sendwait ] host [ packetlen ]

L2-Circuit Tunnel

tunnel alias <alias> encap l2-circuit
   circuit-id <value> => value between 2 to 4000>

L2GRE Tunnel for Encapsulation

tunnel alias <alias> encap l2gre
   comment <description>
   attach <ip-interface-name>

   ipdst <destination IP address>

   exit

VXLAN Tunnel for Encapsulation

tunnel alias <alias> encap vxlan
   comment <description>
   attach <ip-interface-name>

   ipdst <destination IP address>

   l4srcport <layer4 source port number>

   exit

tunnel-endpoint

tunnel-endpoint te-id <tunnel endpoint ID>
   alias <alias>
   type remote ip-address <IP address>

 

uboot

uboot install

username

username <username>
   disable [login]
   full-name
<full name>
 password <prompt | cleartext password>
   roles
<add <user role> [user role] | replace <user role> [user role]>

vport

vport alias <alias>
   gsgroup <GigaSMART group alias>
   failover-action <vport-bypass | vport-drop | network-bypass | network-drop | network-port-forced-down>
   mode gtp-overlap

 

web

web
   auto-logout <number of minutes>
   client
      ca-list <none | default-ca-list>
      cert-verify
   enable
   http
      enable
      port <port number>
      redirect
   httpd listen
      enable
      interface <interface>
   https
      certificate
         default-cert
         name <cert-name | system-self-signed>
         regenerate
      enable
      port <port number>
      require-dod-cert
   logs <access | error> upload <current | log file number> <upload URL>
   proxy
      auth
         authtype <none | basic>
         basic <password <password>> | <username <username>>
      host <IPv4 or IPv6 address> [port <port number>]
   server ssl min-version <tls1 | tls1.1 | tls1.2>
   session
      auto-logout <number of minutes>
      renewal <number of minutes>

write

write
   memory [local]
   terminal