User login level - commands available are restricted according to assigned level.
Table I.86. user-level: User login level
Value | Description |
NOBODY | Unknown or not logged in user |
GUEST | Guest user |
USER | Normal unprivileged user |
ADMIN | System administrator |
DEBUG | System debugger |
Table I.87. ppp-dump: PPP dump format
Value | Description |
default | Mixed hex/decode |
decoded | Decoded only |
decoded+raw | Decoded + raw |
raw | Raw hex |
Table I.88. autoloadtype: Type of s/w auto load
Value | Description |
false | Do no auto load |
factory | Load factory releases |
beta | Load beta test releases |
alpha | Load test releases |
Table I.89. lacp-hot-standby: LACP hot standby mode
Value | Description |
enabled | Normal hot standby |
nosync | Don't set SYNC (helps with some switches) |
disabled | Don't do hot standby |
Table I.90. config-access: Type of access user has to config
Value | Description |
none | No access unless explicitly listed |
view | View only access (no passwords) |
read | Read only access (with passwords) |
demo | Full view and edit access but can only test config, not save |
test | Full view and edit access but must test save config first |
full | Full view and edit access |
Log severity - different loggable events log at different levels.
Table I.93. syslog-severity: Syslog severity
Value | Description |
EMERG | System is unstable |
ALERT | Action must be taken immediately |
CRIT | Critical conditions |
ERR | Error conditions |
WARNING | Warning conditions |
NOTICE | Normal but significant events |
INFO | Informational |
DEBUG | Debug level messages |
NO-LOGGING | No logging |
Syslog facility, usually used to control which log file the syslog is written to.
Table I.94. syslog-facility: Syslog facility
Value | Description |
KERN | Kernel messages |
USER | User level messges |
Mail system | |
DAEMON | System Daemons |
AUTH | Security/auth |
SYSLOG | Internal to syslogd |
LPR | Printer |
NEWS | News |
UUCP | UUCP |
CRON | Cron deamon |
AUTHPRIV | private security/auth |
FTP | File transfer |
12 | Unused |
13 | Unused |
14 | Unused |
15 | Unused |
LOCAL0 | Local 0 |
LOCAL1 | Local 1 |
LOCAL2 | Local 2 |
LOCAL3 | Local 3 |
LOCAL4 | Local 4 |
LOCAL5 | Local 5 |
LOCAL6 | Local 6 |
LOCAL7 | Local 7 |
Table I.95. http-mode: HTTP/HTTPS security mode
Value | Description |
http-only | No HTTPS access |
http+https | Both HTTP and HTTPS access |
https-only | No HTTP access |
redirect-to-https | HTTP accesses are redirected to use HTTPS |
redirect-to-https-if-acme | HTTP accesses are redirected to use HTTPS if ACME set up for hostname |
redirect-to-https-except-trusted | HTTP accesses are redirected to use HTTPS (except trusted IPs) |
Table I.96. month: Month name (3 letter)
Value | Description |
Jan | January |
Feb | February |
Mar | March |
Apr | April |
May | May |
Jun | June |
Jul | July |
Aug | August |
Sep | September |
Oct | October |
Nov | November |
Dec | December |
Table I.97. day: Day name (3 letter)
Value | Description |
Sun | Sunday |
Mon | Monday |
Tue | Tuesday |
Wed | Wednesday |
Thu | Thursday |
Fri | Friday |
Sat | Saturday |
Physical port crossover configuration.
Table I.99. Crossover: Crossover configuration
Value | Description |
auto | Crossover is determined automatically |
MDI | Force no crossover |
Table I.100. LinkFlow: Physical port flow control setting
Value | Description |
none | No flow control |
symmetric | Can support two-way flow control |
send-pauses | Can send pauses but does not support pause reception |
any | Can receive pauses and may send pauses if required |
Table I.101. LinkClock: Physical port Gigabit clock master/slave setting
Value | Description |
prefer-master | Master status negotiated; preference for master |
prefer-slave | Master status negotiated; preference for slave |
force-master | Master status forced |
force-slave | Slave status forced |
Table I.102. LinkLED-y: Yellow LED setting
Value | Description |
Link/Collision | On when link up; blink when collisions detected |
Activity | Blink when Tx or Rx activity |
Fault | On when autonegotiation mismatch |
Tx | Blink when Tx activity |
Off | Permanently off |
On | Permanently on |
Table I.103. LinkLED-g: Green LED setting
Value | Description |
Link/Activity | On when link up; blink when Tx or Rx activity |
Collision | Blink when collisions detected |
Rx | Blink when Rx activity |
Off | Permanently off |
On | Permanently on |
Table I.104. LinkPower: PHY power saving options
Value | Description |
none | No power saving |
full | Full power saving |
Table I.105. LinkFault: Link fault type to send
Value | Description |
false | No fault |
true | Send fault |
off-line | Send offline fault (1G) |
ane | Send ANE fault (1G) |
Table I.106. sampling-protocol: Sampling protocol
Value | Description |
sflow | Use sFlow protocol |
ipfix-psamp | Use IPFIX/PSAMP protocol |
ipfix-legacy | Use legacy (Cisco-style) IPFIX |
Table I.107. trunk-mode: Trunk port mode
Value | Description |
false | Not trunking |
random | Random trunking |
l2-hash | L2 hashed trunking |
l23-hash | L2 and L3 hashed trunking |
l3-hash | L3 hashed trunking |
IPv6 route announcement mode and level
Table I.108. ramode: IPv6 route announce level
Value | Description |
false | Do not announce |
low | Announce as low priority |
medium | Announce as medium priority |
high | Announce as high priority |
true | Announce as default (medium) priority |
dhcp6triggered | When triggered by DHCPv6 |
BGP mode defines the default advertisement mode for prefixes, based on well-known community tags
Table I.109. bgpmode: BGP announcement mode
Value | Description |
false | Not included in BGP at all |
no-advertise | Not included in BGP, not advertised at all |
no-export | Not normally exported from local AS/confederation |
local-as | Not exported from local AS |
no-peer | Exported with no-peer community tag |
true | Exported as normal with no special tags added |
Table I.110. sampling-mode: Sampling mode
Value | Description |
off | Don't perform sampling |
ingress | Sample incoming traffic |
egress | Sample outgoing traffic |
both | Sample incoming and outgoing traffic |
Table I.111. sfoption: Source filter option
Value | Description |
false | No source filter checks |
blackhole | Check replies blackholed |
nowhere | Check replies valid |
self | Check replies valid and not self |
true | Check replies down same port/vlan |
Peer type controls many of the defaults for a peer setting. It allows typical settings to be defined with one attribute that reflects the type of peer.
Table I.112. peertype: BGP peer type
Value | Description |
normal | Normal BGP operation |
transit | EBGP Mark received as no-export |
peer | EBGP Mark received as no-export, only accept peer AS |
customer | EBGP Allow export as if confederate, only accept peer AS |
internal | IBGP allowing own AS |
reflector | IBGP allowing own AS and working in route reflector mode |
confederate | EBGP confederate |
ixp | Internet exchange point peer on route server, soft routes EBGP only |
Table I.113. ipsec-type: IPsec encapsulation type
Value | Description |
AH | Authentication Header |
ESP | Encapsulating Security Payload |
Table I.114. ike-authmethod: authentication method
Value | Description |
Secret | Shared Secret |
Certificate | X.509 certificate |
EAP | Use EAP for authentication |
Table I.115. ike-mode: connection setup mode
Value | Description |
Wait | Wait for peer to initiate the connection |
On-demand | Bring up when needed for traffic |
Immediate | Always attempt to bring up connection |
Table I.116. ipsec-auth-algorithm: IPsec authentication algorithm
Value | Description |
null | No authentication |
HMAC-MD5 | HMAC-MD5-96 (RFC 2403) |
HMAC-SHA1 | HMAC-SHA1-96 (RFC 2404) |
AES-XCBC | AES-XCBC-MAC-96 (RFC 3566) |
HMAC-SHA256 | HMAC-SHA-256-128 (RFC 4868) |
Table I.117. ipsec-crypt-algorithm: IPsec encryption algorithm
Value | Description |
null | No encryption (RFC 2410) |
3DES-CBC | 3DES-CBC (RFC 2451) |
blowfish | Blowfish CBC (RFC 2451) with 16-byte key |
blowfish-192 | Blowfish CBC (RFC 2451) with 24-byte key |
blowfish-256 | Blowfish CBC (RFC 2451) with 32-byte key |
AES-CBC | AES-CBC (Rijndael) (RFC 3602) with 16-byte key |
AES-192-CBC | AES-CBC (Rijndael) (RFC 3602) with 24-byte key |
AES-256-CBC | AES-CBC (Rijndael) (RFC 3602) with 32-byte key |
Table I.118. ike-PRF: IKE Pseudo-Random Function
Value | Description |
HMAC-MD5 | HMAC-MD5 |
HMAC-SHA1 | HMAC-SHA1 |
AES-XCBC-128 | AES-XCBC with 128-bit key |
HMAC-SHA256 | PRF-HMAC-SHA-256 (rfc4868) |
Table I.119. ike-DH: IKE Diffie-Hellman group
Value | Description |
none | No D-H negotiation (only used with AH/ESP) |
MODP-1024 | 1024-bit Sophie Germain Prime MODP Group |
MODP-2048 | 2048-bit Sophie Germain Prime MODP Group |
Table I.120. ike-ESN: IKE Sequence Number support
Value | Description |
ALLOW-ESN | Allow Extended Sequence Numbers (64 bits) |
ALLOW-SHORT-SN | Allow short sequence numbers (32 bits) |
Table I.121. ipsec-encapsulation: Manually keyed IPsec encapsulation mode
Value | Description |
tunnel | IPsec tunnel |
transport | IPsec transport |
Manual setting control for profile
Table I.122. switch: Profile manual setting
Value | Description |
false | Profile set to OFF |
true | Profile set to ON |
control-switch | Profile set based on control switch on home page |
Table I.123. chksum-action: Handling of TCP/UDP packet checksum
Value | Description |
leave | Don't correct checksum |
udp-remove | Remove checksum for UDP packets |
recalc | Recalculate new checksum |
check-recalc | Check old value and recalculate new |
Table I.124. dynamic-graph: Type of dynamic graph
Value | Description |
false | No dynamic graph |
ip | Use source IP address |
mac | Use source MAC address |
Table I.125. firewall-action: Firewall action
Value | Description |
continue | Continue rule-set checking |
accept | Allow but no more rule-set checking |
reject | End all rule checking now and set to send ICMP reject |
drop | End all rule checking now and set to drop |
ignore | End all rule checking and ignore (drop) just this packet, not making a session |