User login level - commands available are restricted according to assigned level.
Table L.100. user-level: User login level
Value | Description |
NOBODY | Unknown or not logged in user |
GUEST | Guest user |
USER | Normal unprivileged user |
ADMIN | System administrator |
DEBUG | System debugger |
Table L.101. ppp-dump: PPP dump format
Value | Description |
default | Mixed hex/decode |
decoded | Decoded only |
decoded+raw | Decoded + raw |
raw | Raw hex |
Table L.102. autoloadtype: Type of s/w auto load
Value | Description |
false | Do no auto load |
factory | Load factory releases |
beta | Load beta test releases |
alpha | Load test releases |
Table L.103. config-access: Type of access user has to config
Value | Description |
none | No access unless explicitly listed |
view | View only access (no passwords) |
read | Read only access (with passwords) |
demo | Full view and edit access but can only test config, not save |
test | Full view and edit access but must test save config first |
full | Full view and edit access |
Log severity - different loggable events log at different levels.
Table L.106. syslog-severity: Syslog severity
Value | Description |
EMERG | System is unstable |
ALERT | Action must be taken immediately |
CRIT | Critical conditions |
ERR | Error conditions |
WARNING | Warning conditions |
NOTICE | Normal but significant events |
INFO | Informational |
DEBUG | Debug level messages |
NO-LOGGING | No logging |
Syslog facility, usually used to control which log file the syslog is written to.
Table L.107. syslog-facility: Syslog facility
Value | Description |
KERN | Kernel messages |
USER | User level messges |
Mail system | |
DAEMON | System Daemons |
AUTH | Security/auth |
SYSLOG | Internal to syslogd |
LPR | Printer |
NEWS | News |
UUCP | UUCP |
CRON | Cron deamon |
AUTHPRIV | private security/auth |
FTP | File transfer |
12 | Unused |
13 | Unused |
14 | Unused |
15 | Unused |
LOCAL0 | Local 0 |
LOCAL1 | Local 1 |
LOCAL2 | Local 2 |
LOCAL3 | Local 3 |
LOCAL4 | Local 4 |
LOCAL5 | Local 5 |
LOCAL6 | Local 6 |
LOCAL7 | Local 7 |
Table L.108. http-mode: HTTP/HTTPS security mode
Value | Description |
http-only | No HTTPS access |
http+https | Both HTTP and HTTPS access |
https-only | No HTTP access |
redirect-to-https | HTTP accesses are redirected to use HTTPS |
redirect-to-https-if-acme | HTTP accesses are redirected to use HTTPS if ACME set up for hostname |
redirect-to-https-except-trusted | HTTP accesses are redirected to use HTTPS (except trusted IPs) |
Table L.109. radiuspriority: Options for controlling platform RADIUS response priority tagging
Value | Description |
equal | All the same priority |
strict | In order specified |
random | Random order |
calling | Hashed on calling station id |
called | Hashed on called station id |
username | Hashed on full username |
user | Hashed on username before @ |
realm | Hashed on username after @ |
prefix | Hashed on username initial letters and numbers only |
Table L.110. radiustype: Type of RADIUS server
Value | Description |
authentication | Authentication server |
accounting | Accounting server |
control | Allowed to send control (CoA/DM) |
Table L.111. month: Month name (3 letter)
Value | Description |
Jan | January |
Feb | February |
Mar | March |
Apr | April |
May | May |
Jun | June |
Jul | July |
Aug | August |
Sep | September |
Oct | October |
Nov | November |
Dec | December |
Table L.112. day: Day name (3 letter)
Value | Description |
Sun | Sunday |
Mon | Monday |
Tue | Tuesday |
Wed | Wednesday |
Thu | Thursday |
Fri | Friday |
Sat | Saturday |
Table L.113. port: Physical port
Value | Description |
0 | Port 0 (not valid) (deprecated) |
1 | Port 1 |
2 | Port 2 |
3 | Port 3 |
4 | Port 4 |
5 | Port 5 |
6 | Port 6 |
7 | Port 7 |
8 | Port 8 |
9 | Port 9 |
10 | Port 10 |
Table L.114. LinkFlow: Physical port flow control setting
Value | Description |
none | No flow control |
symmetric | Can support two-way flow control |
send-pauses | Can send pauses but does not support pause reception |
any | Can receive pauses and may send pauses if required |
Table L.115. LinkClock: Physical port Gigabit clock master/slave setting
Value | Description |
prefer-master | Master status negotiated; preference for master |
prefer-slave | Master status negotiated; preference for slave |
force-master | Master status forced |
force-slave | Slave status forced |
Table L.116. LinkFault: Link fault type to send
Value | Description |
false | No fault |
true | Send fault |
off-line | Send offline fault (1G) |
ane | Send ANE fault (1G) |
Table L.117. sampling-protocol: Sampling protocol
Value | Description |
sflow | Use sFlow protocol |
ipfix-psamp | Use IPFIX/PSAMP protocol |
ipfix-legacy | Use legacy (Cisco-style) IPFIX |
Table L.118. trunk-mode: Trunk port mode
Value | Description |
false | Not trunking |
random | Random trunking |
l2-hash | L2 hashed trunking |
l23-hash | L2 and L3 hashed trunking |
l3-hash | L3 hashed trunking |
IPv6 route announcement mode and level
Table L.119. ramode: IPv6 route announce level
Value | Description |
false | Do not announce |
low | Announce as low priority |
medium | Announce as medium priority |
high | Announce as high priority |
true | Announce as default (medium) priority |
BGP mode defines the default advertisement mode for prefixes, based on well-known community tags
Table L.120. bgpmode: BGP announcement mode
Value | Description |
false | Not included in BGP at all |
no-advertise | Not included in BGP, not advertised at all |
no-export | Not normally exported from local AS/confederation |
local-as | Not exported from local AS |
no-peer | Exported with no-peer community tag |
true | Exported as normal with no special tags added |
Table L.121. sampling-mode: Sampling mode
Value | Description |
off | Don't perform sampling |
ingress | Sample incoming traffic |
egress | Sample outgoing traffic |
both | Sample incoming and outgoing traffic |
Table L.122. sfoption: Source filter option
Value | Description |
false | No source filter checks |
blackhole | Check replies blackholed |
nowhere | Check replies valid |
self | Check replies valid and not self |
true | Check replies down same port/vlan |
Table L.123. pppoe-mode: Type of PPPoE connection
Value | Description |
client | Normal PPPoE client connects to access controller |
bras-l2tp | PPPoE server mode linked to L2TP operation |
Table L.124. pppoe-calling: Additional prefix on PPPoE calling ID
Value | Description |
none | None |
mac | MAC |
vlan | Inner VLAN |
mac-vlan | MAC and inner VLAN |
vlanvlan | Outer and inner VLANs padded to 4 digits |
Peer type controls many of the defaults for a peer setting. It allows typical settings to be defined with one attribute that reflects the type of peer.
Table L.125. peertype: BGP peer type
Value | Description |
normal | Normal BGP operation |
transit | EBGP Mark received as no-export |
peer | EBGP Mark received as no-export, only accept peer AS |
customer | EBGP Allow export as if confederate, only accept peer AS |
internal | IBGP allowing own AS |
reflector | IBGP allowing own AS and working in route reflector mode |
confederate | EBGP confederate |
ixp | Internet exchange point peer on route server, soft routes EBGP only |
Table L.127. radius-nas: NAS IP to report
Value | Description |
false | Local LNS IP (deprecated) |
lns | Local LNS IP |
both | Send NAS IP twice (LAC then LNS) |
lac | Remote LAC IP |
true | Remote LAC IP (deprecated) |
Table L.128. ipsec-type: IPsec encapsulation type
Value | Description |
AH | Authentication Header |
ESP | Encapsulating Security Payload |
Table L.129. ike-authmethod: authentication method
Value | Description |
Secret | Shared Secret |
Certificate | X.509 certificate |
EAP | Use EAP for authentication |
Table L.130. ike-mode: connection setup mode
Value | Description |
Wait | Wait for peer to initiate the connection |
On-demand | Bring up when needed for traffic |
Immediate | Always attempt to bring up connection |
Table L.131. ipsec-auth-algorithm: IPsec authentication algorithm
Value | Description |
null | No authentication |
HMAC-MD5 | HMAC-MD5-96 (RFC 2403) |
HMAC-SHA1 | HMAC-SHA1-96 (RFC 2404) |
AES-XCBC | AES-XCBC-MAC-96 (RFC 3566) |
HMAC-SHA256 | HMAC-SHA-256-128 (RFC 4868) |
Table L.132. ipsec-crypt-algorithm: IPsec encryption algorithm
Value | Description |
null | No encryption (RFC 2410) |
3DES-CBC | 3DES-CBC (RFC 2451) |
blowfish | Blowfish CBC (RFC 2451) with 16-byte key |
blowfish-192 | Blowfish CBC (RFC 2451) with 24-byte key |
blowfish-256 | Blowfish CBC (RFC 2451) with 32-byte key |
AES-CBC | AES-CBC (Rijndael) (RFC 3602) with 16-byte key |
AES-192-CBC | AES-CBC (Rijndael) (RFC 3602) with 24-byte key |
AES-256-CBC | AES-CBC (Rijndael) (RFC 3602) with 32-byte key |
Table L.133. ike-PRF: IKE Pseudo-Random Function
Value | Description |
HMAC-MD5 | HMAC-MD5 |
HMAC-SHA1 | HMAC-SHA1 |
AES-XCBC-128 | AES-XCBC with 128-bit key |
HMAC-SHA256 | PRF-HMAC-SHA-256 (rfc4868) |
Table L.134. ike-DH: IKE Diffie-Hellman group
Value | Description |
none | No D-H negotiation (only used with AH/ESP) |
MODP-1024 | 1024-bit Sophie Germain Prime MODP Group |
MODP-2048 | 2048-bit Sophie Germain Prime MODP Group |
Table L.135. ike-ESN: IKE Sequence Number support
Value | Description |
ALLOW-ESN | Allow Extended Sequence Numbers (64 bits) |
ALLOW-SHORT-SN | Allow short sequence numbers (32 bits) |
Table L.136. ipsec-encapsulation: Manually keyed IPsec encapsulation mode
Value | Description |
tunnel | IPsec tunnel |
transport | IPsec transport |
Manual setting control for profile
Table L.137. switch: Profile manual setting
Value | Description |
false | Profile set to OFF |
true | Profile set to ON |
control-switch | Profile set based on control switch on home page |
Table L.138. dynamic-graph: Type of dynamic graph
Value | Description |
false | No dynamic graph |
ip | Use source IP address |
mac | Use source MAC address |
Table L.139. firewall-action: Firewall action
Value | Description |
continue | Continue rule-set checking |
accept | Allow but no more rule-set checking |
reject | End all rule checking now and set to send ICMP reject |
drop | End all rule checking now and set to drop |
ignore | End all rule checking and ignore (drop) just this packet, not making a session |