FireBrick FB6202 version 3807 documentation

FB6202 L2TP configuration ©2008-9 FireBrick Ltd

Top level config

The top level config element contains all of the FireBrick configuration data.

config: Attributes
AttributeTypeDescriptionDefault
timestampdateTimeConfig store time
config: Elements
ElementTypeInstancesDescription
systemsystemOptionalSystem settings
useruserOptional, unlimitedAdmin users
syslogsyslogOptionalSyslog controls
interfaceinterfaceOptional, up to 8192Config ethernet port/vlan and subnets
servicesservicesOptionalGeneral system services
routeroute (network-base)Optional, unlimitedStatic routes
networknetwork (network-base)Optional, unlimitedList of locally originated networks
loopbackloopback (network-base)Optional, unlimitedList of extra local addresses
bgpbgpOptional, up to 10BGP config
cqmcqmOptionalConstant Quality Monitoring config
l2tpl2tpOptionalL2TP settings
shapershaperOptional, unlimitedNamed traffic shapers

Traffic shaper

Settings for a named traffic shaper

shaper: Attributes
AttributeTypeDescriptionDefault
namestringGraph nameNot optional
egressunsignedLongEgress rate limit/target
egress-minunsignedLongEgress rate limit min
egress-maxunsignedLongEgress rate limit max
egress-stepunsignedLongEgress rate adjust step
egress-intervalunsignedLongEgress rate adjust interval (seconds)3600
ingressunsignedLongIngress rate limit
ingress-minunsignedLongIngress rate limit min
ingress-maxunsignedLongIngress rate limit max
ingress-stepunsignedLongIngress rate adjust step
ingress-intervalunsignedLongIngress rate adjust interval (seconds)3600
sourcestringSource of data, used in automated config management
commentstringComment

RADIUS accounting server settings

Server settings for RADIUS Accounting for L2TP

radius-acct: Attributes
AttributeTypeDescriptionDefault
namestringName
secretstringShared secret for RADIUS requestsNot optional
tableroutetable 0-10Routing table number
ipList of IPAddrOne or more IPs of RADIUS servers (picked at random)Not optional
timeoutunsignedByteMin retry timeout on RADIUS requests3
fail-countunsignedByteHow many failures in a row before blacklisting20
fail-timeunsignedShortHow long to blacklist before retrying (secs)120
relay-nas-ipbooleanPass remote L2TP endpoint as NAS IP
sourcestringSource of data, used in automated config management
commentstringComment
portunsignedShortAccounting UDP port1813
attemptsunsignedByteHow many times to try on this server20

RADIUS authentication server settings

Server settings for RADIUS Authentication for L2TP

radius-auth: Attributes
AttributeTypeDescriptionDefault
namestringName
secretstringShared secret for RADIUS requestsNot optional
tableroutetable 0-10Routing table number
ipList of IPAddrOne or more IPs of RADIUS servers (picked at random)Not optional
timeoutunsignedByteMin retry timeout on RADIUS requests3
fail-countunsignedByteHow many failures in a row before blacklisting20
fail-timeunsignedShortHow long to blacklist before retrying (secs)120
relay-nas-ipbooleanPass remote L2TP endpoint as NAS IP
sourcestringSource of data, used in automated config management
commentstringComment
portunsignedShortAuthentication UDP port1812
attemptsunsignedByteHow many times to try on this server2

Relay rules for L2TP

Rules for relaying L2TP

l2tp-relay: Attributes
AttributeTypeDescriptionDefault
namestringName
graphstringGraph name
user-nameList of stringOne or more patterns to match user-name
calling-station-idList of stringOne or more patterns to match calling-station-id
called-station-idList of stringOne or more patterns to match called-station-id
target-ipList of IPAddrTarget IP(s) for L2TP connection
target-secretstringShared secret for L2TP connection
target-hostnamestringHostname for L2TP connection
testList of IPAddrList of IPs that must have routing for this target to be valid
sourcestringSource of data, used in automated config management
commentstringComment

L2TP settings for incoming L2TP connections

L2TP tunnel settings for incoming L2TP connections

l2tp-incoming: Attributes
AttributeTypeDescriptionDefault
namestringName
graphstringGraph name
tableroutetable 0-10Routing table number for L2TP session
testList of IPAddrList of IPs to which routing must exist else tunnel dropped
payload-tableroutetable 0-10Routing table number for payload traffic
bgpbgpmodeBGP announce mode for routesno-export
hostnamestringHostname quoted on incoming tunnel
secretstringShared secret
allowList of IPPrefixList of IP ranges from which connects can be made
mtuunsignedShortDefault MTU for sessions in this tunnel
ipv6epIP4AddrLocal end IPv4 for IPv6 tunnels
pppipIP4AddrLocal end PPP IPv4
pppdns1IP4AddrLocal end PPP DNS1 IPv4 default
pppdns2IP4AddrLocal end PPP DNS2 IPv4 default
dos-limitunsignedLongPer second per session tx packet drop limit for DOS protection10000
tx-speedunsignedLongDefault tx rate limit
hdlcbooleanSend HDLC header (FF03) on all PPP framestrue
tcp-mss-fixbooleanAdjust MSS option in TCP SYN to fix session MSSfalse
require-platformbooleanAll sessions require a platform RADIUS firstfalse
shutdownbooleanRefuse all new sessions or tunnelsfalse
sourcestringSource of data, used in automated config management
commentstringComment
l2tp-incoming: Elements
ElementTypeInstancesDescription
matchl2tp-relayOptional, unlimitedRules for relaying inbound connections to outbound

L2TP settings

L2TP settings list the incoming and outgoing L2TP connections allowed

l2tp: Attributes
AttributeTypeDescriptionDefault
accounting-intervalunsignedLongPeriodic interim accounting interval3600
l2tp: Elements
ElementTypeInstancesDescription
incomingl2tp-incomingOptional, unlimitedIncoming L2TP connections
authenticationradius-auth (radius)Optional, unlimitedRADIUS authentication server settings
accountingradius-acct (radius)Optional, unlimitedRADIUS accounting server settings

Constant Quality Monitoring settings

Constant quality monitoring (graphs and data) have a number of settings. Most of the graphing settings can be overridden when a graph is collected so these define the defaults in many cases.

cqm: Attributes
AttributeTypeDescriptionDefault
secretstringSecret for MD5 coded URLs
headingstringHeading of graph
subheadingstringSubheading of graph
text1stringText line 1
text2stringText line 2
text3stringText line 3
text4stringText line 4
backgroundColourBackground colourwhite
graticuleColourGraticule colourgrey
axisColourAxis colourblack
label-failstringLabel for seconds (%) failedFail
label-dropstringLabel for % shaper dropsDrop%
failColourColour for failed (dropped) secondsred
label-sentstringLabel for seconds polledSent
sentColourColour for polled seconds#ff8
label-offstringLabel for off line secondsOff
offColourColour for off line seconds#c8f
label-minstringLabel for minimum latencyMin
minColourColour for minimum latencyblue
label-avestringLabel for average latencyAve
aveColourColour for average latency#0cc
label-maxstringLabel for maximum latencyMax
maxColourColour for maximum latencygreen
label-downstringLabel for download traffic levelDown
downColourColour for downstream traffic level#080
label-upstringLabel for upload traffic levelUp
upColourColour for upstream traffic level#800
textColourColour for textblack
outsideColourColour for outer bordertransparent
fblogoColourColour for logo#c00
label-latencystringLabel for latencyLatency
label-shaperstringLabel for shaperShaper
label-pollstringLabel for pollsPolls
label-trafficstringLabel for traffic levelTraffic (bit/s)
label-timestringLabel for timeTime
label-scorestringLabel for scoreScore
label-periodstringLabel for periodPeriod
timeformatstringTime format%Y-%m-%d %H:%M:%S
hourformatstringHour format%H
dateformatstringDate format%Y-%m-%d
dayformatstringDay format%a
keyunsignedBytePixels space for key90
leftunsignedBytePixels space left of main graph0
rightunsignedBytePixels space right of main graph50
topunsignedBytePixels space at top of graph4
bottomunsignedBytePixels space at bottom of graph11
fail-level1unsignedByteLoss level 13
fail-score1unsignedByteScore for on/above level 1100
fail-level2unsignedByteLoss level 250
fail-score2unsignedByteScore for on/above level 2200
latency-level1unsignedIntLatency level 1 (ns)100000000
latency-score1unsignedByteScore for on/above level 110
latency-level2unsignedIntLatency level 2 (ns)500000000
latency-score2unsignedByteScore for on/above level 220
latency-usageunsignedIntUsage below which latency is not expected128000
latency-levelunsignedIntLatency level not expected on low usage100000000
latency-scoreunsignedByteScore for high latency and low usage200
fail-usageunsignedIntUsage below which fail is not expected128000
fail-levelunsignedIntFail level not expected on low usage1
fail-scoreunsignedByteScore for fail and low usage200

BGP peer definitions

The peer definition specifies the attributes of an individual peer. Multiple IP addresses can be specified, typically for IPv4 and IPv6 addresses for the same peer, but this can be used for a group of similar peers.

bgppeer: Attributes
AttributeTypeDescriptionDefault
namestringName
typepeertypeType of neighbour (affects some defaults)normal
ipList of IPAddrOne or more IPs of neighbours (omit to allow incoming)
md5stringMD5 signing secret
ttl-securityunsignedByteEnable RFC5082 TTL security for specified number of hops (set to 1 for adjacent router) and set both ends
max-prefixbgp-prefix-limit 1-100Limit prefixes (IPv4+IPv6)100
asunsignedIntPeer AS
holdtimeunsignedIntHold time30
localprefunsignedIntDefault inbound localpref assumed100
timer-openwaitunsignedIntTime to wait for OPEN on connection10
timer-retryunsignedIntTime to retry the neighbour10
timer-idleunsignedIntIdle time after error60
capability-mpe-ipv4booleanIf supporting MPE for IPv4true
capability-mpe-ipv6booleanIf supporting MPE for IPv6true
capability-as4booleanIf supporting AS4true
capability-graceful-restartbooleanIf supporting Graceful Restarttrue
capability-route-refreshbooleanIf supporting Route Refreshtrue
same-ip-typebooleanOnly accept/send IPv4 routes to IPv4 peers and IPv6 routes to IPv6 peerstrue
next-hop-selfbooleanForce us as next hop outboundfalse
allow-own-asbooleanAllow our AS inbound
add-own-asbooleanAdd our AS on exported routes
no-fibbooleanDon't include received routes in packet forwarding
in-softbooleanMark received routes as soft
allow-only-their-asbooleanOnly accept routes that are solely the peers AS
allow-exportbooleanIgnore no-export community and export anyway
drop-defaultbooleanIgnore default route receivedfalse
ignore-bad-optional-partialbooleanIgnore routes with a regognised badly formed optional that is flagged partialtrue
shutdownbooleanShutdown this neighbour
padunsignedBytePad our AS by this many
in-medunsignedIntSet inbound MED
out-medunsignedIntSet outbound MED
in-tagbgpmodeSet inbound well-known community
out-tagbgpmodeSet outbound well-known community
sourcestringSource of data, used in automated config management
commentstringComment
logbooleanLog inbound route updates

Overall BGP settings

The BGP element defines general BGP settings and a list of peer definitions for the individual BGP peers.

bgp: Attributes
AttributeTypeDescriptionDefault
namestringName
tableroutetable 0-10Routing table number
asunsignedIntOur AS
idIP4AddrOur router ID
cluster-idIP4AddrOur cluster ID
bgp: Elements
ElementTypeInstancesDescription
peerbgppeerOptional, up to 20List of peers/neighbours

Locally originated networks

Loopback addresses define local IP addresses

loopback: Attributes
AttributeTypeDescriptionDefault
namestringName
tableroutetable 0-10Routing table number
as-pathList of up to 10 unsignedIntCustom AS path as if network received
localprefunsignedIntLocalpref of network4294967295
ospfbooleanOSPF announce mode for route
sourcestringSource of data, used in automated config management
commentstringComment
ipList of IPAddrOne or more local network addressesNot optional
bgpbgpmodeBGP announce mode for loopbackfalse

Locally originated networks

Network settings define prefixes which are to be announced by some routing protocol but do not actually have a routing entry.

network: Attributes
AttributeTypeDescriptionDefault
namestringName
tableroutetable 0-10Routing table number
as-pathList of up to 10 unsignedIntCustom AS path as if network received
localprefunsignedIntLocalpref of network4294967295
ospfbooleanOSPF announce mode for route
sourcestringSource of data, used in automated config management
commentstringComment
ipList of IPPrefixOne or more local network prefixesNot optional
bgpbgpmodeBGP announce mode for networktrue

Static routes

Static routes define prefixes which are permanently in the routing table, and whether these should be announced by routing protocols or not.

route: Attributes
AttributeTypeDescriptionDefault
namestringName
tableroutetable 0-10Routing table number
as-pathList of up to 10 unsignedIntCustom AS path as if network received
localprefunsignedIntLocalpref of network4294967295
ospfbooleanOSPF announce mode for route
sourcestringSource of data, used in automated config management
commentstringComment
ipList of IPPrefixOne or more local network prefixesNot optional
gatewayList of IPAddrOne or more target gateway IPs
bgpbgpmodeBGP announce mode for routefalse

Matching rules for platform RADIUS

Rules for matching RADIUS requests

platform-radius-match: Attributes
AttributeTypeDescriptionDefault
namestringName
target-ipList of IPAddrTarget IP(s) for L2TP connection
target-secretstringShared secret for L2TP connection
target-hostnamestringHostname for L2TP connection
relay-ipList of IPAddrAddress to copy RADIUS request
relay-portunsignedShortAuthentication UDP port for copy RADIUS request1812
relay-tableroutetable 0-10Routing table number for copy of RADIUS request
testList of IPAddrList of IPs that must have routing for this target to be valid
sourcestringSource of data, used in automated config management
commentstringComment
user-nameList of stringOne or more patterns to match user-name
calling-station-idList of stringOne or more patterns to match calling-station-id
called-station-idList of stringOne or more patterns to match called-station-id

Platform RADIUS definition

Platform RADIUS server and proxy definitions

platform-radius: Attributes
AttributeTypeDescriptionDefault
namestringName
target-ipList of IPAddrTarget IP(s) for L2TP connection
target-secretstringShared secret for L2TP connection
target-hostnamestringHostname for L2TP connection
relay-ipList of IPAddrAddress to copy RADIUS request
relay-portunsignedShortAuthentication UDP port for copy RADIUS request1812
relay-tableroutetable 0-10Routing table number for copy of RADIUS request
testList of IPAddrList of IPs that must have routing for this target to be valid
sourcestringSource of data, used in automated config management
commentstringComment
portunsignedShortAuthentication UDP port1812
secretstringShared secret for RADIUS requests (needed for replies)
platform-radius: Elements
ElementTypeInstancesDescription
matchplatform-radius-match (platform-radius-target)Optional, unlimitedMatching rules for specific responses

HTTP service settings

Web management pages

http-service: Attributes
AttributeTypeDescriptionDefault
tableroutetable 0-10Routing table number
portunsignedShortService port
allowList of IPPrefixList of IP ranges from which service can be accessed
trustedList of IPPrefixList of IP ranges from which trusted access is allowed

NTP service settings

The NTP settings define how the system clock is set, from what servers, and controls for dalylight saving (summer time). The defaults are those that apply to the EU

ntp-service: Attributes
AttributeTypeDescriptionDefault
tableroutetable 0-10Routing table number
portunsignedShortService port
allowList of IPPrefixList of IP ranges from which service can be accessed
timeserverList of IPAddrList of time servers from which time may be set by ntp
tz1-namestringTimezone 1 nameGMT
tz1-offsetdurationTimezone 1 offset from UTC00:00:00
tz12-monthmonthTimezone 1 to 2 monthMar
tz12-datedatenum 1-31Timezone 1 to 2 earliest date in month25
tz12-daydayTimezone 1 to 2 day of week of changeSun
tz12-timedurationTimezone 1 to 2 local time of change01:00:00
tz2-namestringTimezone 2 nameBST
tz2-offsetdurationTimezone 2 offset from UTC01:00:00
tz21-monthmonthTimezone 2 to 1 monthOct
tz21-datedatenum 1-31Timezone 2 to 1 earliest date in month25
tz21-daydayTimezone 2 to 1 day of week of changeSun
tz21-timedurationTimezone 2 to 1 local time of change02:00:00

SNMP service settings

The SNMP service has general service settings and also specific attributes for SNMP such as community

snmp-service: Attributes
AttributeTypeDescriptionDefault
tableroutetable 0-10Routing table number
portunsignedShortService port
allowList of IPPrefixList of IP ranges from which service can be accessed
communitystringCommunity stringpublic

General service settings

The service settings allow basic control of the service, the port on which it operates (if not default for the service) and access controls.

service: Attributes
AttributeTypeDescriptionDefault
tableroutetable 0-10Routing table number
portunsignedShortService port
allowList of IPPrefixList of IP ranges from which service can be accessed

TFTP service settings

The TFTP service has general service settings plus file names for specific TFTP operations

tftp-service: Attributes
AttributeTypeDescriptionDefault
tableroutetable 0-10Routing table number
portunsignedShortService port
allowList of IPPrefixList of IP ranges from which service can be accessed
configstringFilename used to save/load configconfig
imagestringFilename used to save/load imagesimage

System services

System services are various generic services that the system provides, and allows access controls and settings for these to be specified. The service is only active if the corresponding element is included in services, otherwise it is disabled.

services: Elements
ElementTypeInstancesDescription
tftptftp-service (service)OptionalTFTP server settings (image and config load/save)
snmpsnmp-service (service)OptionalSNMP server settings
ntpntp-service (service)OptionalNTP client settings (server not implimented yet)
telnetserviceOptionalTelnet server settings
httphttp-service (service)OptionalHTTP server settings
platform-radiusplatform-radius (platform-radius-target)OptionalPlatform RADIUS server/proxy settings

VRRP settings

VRRP settings provide virtual router redundancy for the FireBrick

vrrp: Attributes
AttributeTypeDescriptionDefault
namestringName
ipList of IP4AddrOne or more IP addresses to annouceNot optional
vridunsignedByteVRIDNot optional
priorityunsignedByteNormal priority100
intervalunsignedByteTransit interval (sec)1
preemptbooleanWhether pre-empt allowedtrue
testList of IPAddrList of IPs to which routing must exist else low priority
low-priorityunsignedByteLower priority applicable until routing established1
delayunsignedLongDelay after routing established before priority returns to normal10
use-vmacbooleanWhether to use the special VMAC or use normal MACfalse
answer-pingbooleanWhether to answer PING to VRRP IPs when mastertrue
log-errorsbooleanWhether to log errorsfalse
sourcestringSource of data, used in automated config management
commentstringComment

Subnet settings

Subnet settings define the IP address(es) of the FireBrick, and also allow default routes to be set.

subnet: Attributes
AttributeTypeDescriptionDefault
namestringName
ipList of IPSubnetOne or more IP/len (omit for DHCP client)
gatewayList of IPAddrOne or more gateways to install
raramodeIf to announce IPv6 RA for this subnetfalse
ra-maxra-max 4-1800Max RA send interval600
ra-minra-min 3-1350Min RA send interval
ra-testList of IPAddrOne or more IPs to which routing must exist else RA is lower priority
localprefunsignedIntLocalpref for subnet4294967295
bgpbgpmodeBGP announce mode for subnet
ospfbooleanOSPF announce mode for subnet
mtuunsignedShortMTU for subnet
ttlunsignedByteTTL for originating traffic via subnet64
arp-timeoutunsignedShortMax lifetime on ARP and ND60
broadcastbooleanIf broadcast address allowedfalse
sourcestringSource of data, used in automated config management
commentstringComment

Physical/VLAN interface settings

The interface definition relates to a specific physical port and VLAN. It includes subnets and VRRP that apply to that interface.

interface: Attributes
AttributeTypeDescriptionDefault
namestringName
graphstringGraph name
portport 0-1Physical port0
vlanvlan 0-4095VLAN (0=untagged)0
rabooleanAccept IPv6 RA and create auto config subnets and routestrue
tableroutetable 0-10Routing table applicable
mtuunsignedShortMTU for this interface1500
cugcug 1-32767Closed user group ID
cug-restrictbooleanClosed user group restricted traffic (only to/from same CUG ID)
sourcestringSource of data, used in automated config management
commentstringComment
interface: Elements
ElementTypeInstancesDescription
subnetsubnetOptional, unlimitedDefine subnet
vrrpvrrpOptional, unlimitedDefine VRRP settings

Syslog settings

Syslog settings specify where logging is to be sent using syslog.

syslog: Attributes
AttributeTypeDescriptionDefault
serverIPAddrServer IP addressNot optional
portunsignedShortServer port514
severitysyslog-severityLog events that are this severe or moreNOTICE
facilitysyslog-facilityFacility for logLOCAL0
tableroutetable 0-10Routing table number for sending syslogs

Admin users

User names, passwords and abilities for admin users

user: Attributes
AttributeTypeDescriptionDefault
namestringUser nameNot optional
passwordPasswordUser password
timeoutunsignedShortLogin idle timeout (seconds)300
sourcestringSource of data, used in automated config management
commentstringComment
leveluser-levelLogin levelADMIN

System settings

The system settings are the top level attributes of the system which apply globally.

system: Attributes
AttributeTypeDescriptionDefault
namestringSystem hostname
contactstringContact name
locationstringLocation description
fast-rebootbooleanDebug - causes fast reboot on new code load
dos-limitunsignedIntInterrupt DoS packet limit, leave at default1000
dos-delayunsignedIntInterrupt DoS restoration counter, leave at default2
sourcestringSource of data, used in automated config management
commentstringComment

BGP peer type

Peer type controls many of the defaults for a peer setting. It allows typical settings to be defined with one attribute that reflects the type of peer.

TagDescription
normalNormal BGP operation
transitEBGP Mark received as no-export
peerEBGP Mark received as no-export, only accept peer AS
customerEBGP Allow export as if confederate, only accept peer AS
internalIBGP allowing own AS
reflectorIBGP allowing own AS and working in route reflector mode
confederateEBGP confederate
ixpInternet exchange point peer on route server

Day name (3 letter)

TagDescription
SunSunday
MonMonday
TueTuesday
WedWednesday
ThuThursday
FriFriday
SatSaturday

Month name (3 letter)

TagDescription
JanJanuary
FebFebruary
MarMarch
AprApril
MayMay
JunJune
JulJuly
AugAugust
SepSeptember
OctOctober
NovNovember
DecDecember

BGP announcement mode

BGP mode defines the default advertisement mode for prefixes, based on well-known community tags

TagDescription
falseNot included in BGP at all
dropDrop routes (used in-tag or out-tag)
no_advertiseNot included in BGP, not advertised at all
no_exportNot normally exported from local AS/confederation
local_asNot exported from local AS
no_peerExported with no-peer community tag
trueExported as normal with no special tags added

IPv6 route announce level

IPv6 route announcement mode and level

TagDescription
falseDo not announce
lowAnnounce as low priority
mediumAnnounce as medium priority
highAnnounce as high priority
trueAnnounce as default (medium) priority

Syslog facility

Syslog facility, usually used to control which log file the syslog is written to.

TagDescription
KERNKernel messages
USERUser level messges
MAILMail system
DAEMONSystem Daemons
AUTHSecurity/auth
SYSLOGInternal to syslogd
LPRPrinter
NEWSNews
UUCPUUCP
CRONCron deamon
AUTHPRIVprivate security/auth
FTPFile transfer
12Unused
13Unused
14Unused
15Unused
LOCAL0Local 0
LOCAL1Local 1
LOCAL2Local 2
LOCAL3Local 3
LOCAL4Local 4
LOCAL5Local 5
LOCAL6Local 6
LOCAL7Local 7

Syslog severity

Log severity - different loggable events log at different levels.

TagDescription
EMERGSystem is unstable
ALERTAction must be taken immediately
CRIT Critical conditions
ERRError conditions
WARNINGWarning conditions
NOTICENormal but significant events
INFOInformational
DEBUGDebug level messages

User login level

User login level - commands available are restricted according to user's assigned level.

TagDescription
NOBODYUnknown or not logged in user
GUESTGuest user
USERNormal unprivileged user
ADMINSystem administrator
DEBUGSystem debugger

Basic types

TypeDescription
ses-id[unsignedShort] Local session ID (1-65535)
tun-id[unsignedShort] Local tunnel ID (1-1000)
bgp-prefix-limit[unsignedInt] Maximum prefixes accepted on BGP session (1-100)
prefixlist[IPPrefix] List of IP Prefixes
unsignedIntList[unsignedInt] List of integers
aslist[unsignedIntList] List of AS numbers
stringlist[string] List of strings
datenum[unsignedByte] Day number in month (1-31)
iprangelist[IPPrefix] List of IPranges
cug[unsignedShort] CUG ID (1-32767)
vlan[unsignedShort] VLAN ID (0=untagged) (0-4095)
port[unsignedByte] Physical port (0-1)
ip4list[IP4Addr] List of IPv4 addresses
ra-min[unsignedByte] Route announcement min interval (seconds) (3-1350)
ra-max[unsignedShort] Route announcement max interval (seconds) (4-1800)
iplist[IPAddr] List of IP addresses
subnetlist[IPSubnet] List of subnets
routetable[unsignedByte] Route table number (0-10)
Colour#rgb #rrggbb #rgba #rrggbbaa colour
PasswordPassword
IPSubnetIP address / bitlen
IPPrefixIP address / bitlen
IP4AddrIPv4 address
IPAddrIP address
dateTimeYYYY-MM-DDTHH:MM:SS date/time
durationduration in seconds
booleanBoolean
unsignedByteunsigned byte integer (0-255)
unsignedShortunsigned short integer (0-65535)
unsignedIntunsigned integer (0-4294967295)
unsignedLongunsigned long integer (0-4294967295)
stringtext string