L.3. Data types

L.3.1. user-level: User login level

User login level - commands available are restricted according to assigned level.

Table L.100. user-level: User login level

ValueDescription
NOBODYUnknown or not logged in user
GUESTGuest user
USERNormal unprivileged user
ADMINSystem administrator
DEBUGSystem debugger

L.3.2. ppp-dump: PPP dump format

Table L.101. ppp-dump: PPP dump format

ValueDescription
defaultMixed hex/decode
decodedDecoded only
decoded+rawDecoded + raw
rawRaw hex

L.3.3. autoloadtype: Type of s/w auto load

Table L.102. autoloadtype: Type of s/w auto load

ValueDescription
falseDo no auto load
factoryLoad factory releases
betaLoad beta test releases
alphaLoad test releases

L.3.4. config-access: Type of access user has to config

Table L.103. config-access: Type of access user has to config

ValueDescription
noneNo access unless explicitly listed
viewView only access (no passwords)
readRead only access (with passwords)
demoFull view and edit access but can only test config, not save
testFull view and edit access but must test save config first
fullFull view and edit access

L.3.5. eap-subsystem: Subsystem with EAP access control

Table L.104. eap-subsystem: Subsystem with EAP access control

ValueDescription
IPsecIPsec/IKEv2 VPN

L.3.6. eap-method: EAP access method

Table L.105. eap-method: EAP access method

ValueDescription
MD5MD5 Challenge
MSChapV2MS Challenge

L.3.7. syslog-severity: Syslog severity

Log severity - different loggable events log at different levels.

Table L.106. syslog-severity: Syslog severity

ValueDescription
EMERGSystem is unstable
ALERTAction must be taken immediately
CRIT Critical conditions
ERRError conditions
WARNINGWarning conditions
NOTICENormal but significant events
INFOInformational
DEBUGDebug level messages
NO-LOGGINGNo logging

L.3.8. syslog-facility: Syslog facility

Syslog facility, usually used to control which log file the syslog is written to.

Table L.107. syslog-facility: Syslog facility

ValueDescription
KERNKernel messages
USERUser level messges
MAILMail system
DAEMONSystem Daemons
AUTHSecurity/auth
SYSLOGInternal to syslogd
LPRPrinter
NEWSNews
UUCPUUCP
CRONCron deamon
AUTHPRIVprivate security/auth
FTPFile transfer
12Unused
13Unused
14Unused
15Unused
LOCAL0Local 0
LOCAL1Local 1
LOCAL2Local 2
LOCAL3Local 3
LOCAL4Local 4
LOCAL5Local 5
LOCAL6Local 6
LOCAL7Local 7

L.3.9. http-mode: HTTP/HTTPS security mode

Table L.108. http-mode: HTTP/HTTPS security mode

ValueDescription
http-onlyNo HTTPS access
http+httpsBoth HTTP and HTTPS access
https-onlyNo HTTP access
redirect-to-httpsHTTP accesses are redirected to use HTTPS
redirect-to-https-if-acmeHTTP accesses are redirected to use HTTPS if ACME set up for hostname
redirect-to-https-except-trustedHTTP accesses are redirected to use HTTPS (except trusted IPs)

L.3.10. radiuspriority: Options for controlling platform RADIUS response priority tagging

Table L.109. radiuspriority: Options for controlling platform RADIUS response priority tagging

ValueDescription
equalAll the same priority
strictIn order specified
randomRandom order
callingHashed on calling station id
calledHashed on called station id
usernameHashed on full username
userHashed on username before @
realmHashed on username after @
prefixHashed on username initial letters and numbers only

L.3.11. radiustype: Type of RADIUS server

Table L.110. radiustype: Type of RADIUS server

ValueDescription
authenticationAuthentication server
accountingAccounting server
controlAllowed to send control (CoA/DM)

L.3.12. month: Month name (3 letter)

Table L.111. month: Month name (3 letter)

ValueDescription
JanJanuary
FebFebruary
MarMarch
AprApril
MayMay
JunJune
JulJuly
AugAugust
SepSeptember
OctOctober
NovNovember
DecDecember

L.3.13. day: Day name (3 letter)

Table L.112. day: Day name (3 letter)

ValueDescription
SunSunday
MonMonday
TueTuesday
WedWednesday
ThuThursday
FriFriday
SatSaturday

L.3.14. port: Physical port

Table L.113. port: Physical port

ValueDescription
0 Port 0 (not valid) (deprecated)
1Port 1
2Port 2
3Port 3
4Port 4
5Port 5
6Port 6
7Port 7
8Port 8
9Port 9
10Port 10

L.3.15. LinkFlow: Physical port flow control setting

Table L.114. LinkFlow: Physical port flow control setting

ValueDescription
noneNo flow control
symmetricCan support two-way flow control
send-pausesCan send pauses but does not support pause reception
anyCan receive pauses and may send pauses if required

L.3.16. LinkClock: Physical port Gigabit clock master/slave setting

Table L.115. LinkClock: Physical port Gigabit clock master/slave setting

ValueDescription
prefer-masterMaster status negotiated; preference for master
prefer-slaveMaster status negotiated; preference for slave
force-masterMaster status forced
force-slaveSlave status forced

L.3.17. LinkFault: Link fault type to send

Table L.116. LinkFault: Link fault type to send

ValueDescription
falseNo fault
trueSend fault
off-lineSend offline fault (1G)
aneSend ANE fault (1G)

L.3.18. sampling-protocol: Sampling protocol

Table L.117. sampling-protocol: Sampling protocol

ValueDescription
sflowUse sFlow protocol
ipfix-psampUse IPFIX/PSAMP protocol
ipfix-legacyUse legacy (Cisco-style) IPFIX

L.3.19. trunk-mode: Trunk port mode

Table L.118. trunk-mode: Trunk port mode

ValueDescription
falseNot trunking
randomRandom trunking
l2-hashL2 hashed trunking
l23-hashL2 and L3 hashed trunking
l3-hashL3 hashed trunking

L.3.20. ramode: IPv6 route announce level

IPv6 route announcement mode and level

Table L.119. ramode: IPv6 route announce level

ValueDescription
falseDo not announce
lowAnnounce as low priority
mediumAnnounce as medium priority
highAnnounce as high priority
trueAnnounce as default (medium) priority

L.3.21. bgpmode: BGP announcement mode

BGP mode defines the default advertisement mode for prefixes, based on well-known community tags

Table L.120. bgpmode: BGP announcement mode

ValueDescription
falseNot included in BGP at all
no-advertiseNot included in BGP, not advertised at all
no-exportNot normally exported from local AS/confederation
local-asNot exported from local AS
no-peerExported with no-peer community tag
trueExported as normal with no special tags added

L.3.22. sampling-mode: Sampling mode

Table L.121. sampling-mode: Sampling mode

ValueDescription
offDon't perform sampling
ingressSample incoming traffic
egressSample outgoing traffic
bothSample incoming and outgoing traffic

L.3.23. sfoption: Source filter option

Table L.122. sfoption: Source filter option

ValueDescription
falseNo source filter checks
blackholeCheck replies blackholed
nowhereCheck replies valid
selfCheck replies valid and not self
trueCheck replies down same port/vlan

L.3.24. pppoe-mode: Type of PPPoE connection

Table L.123. pppoe-mode: Type of PPPoE connection

ValueDescription
clientNormal PPPoE client connects to access controller
bras-l2tpPPPoE server mode linked to L2TP operation

L.3.25. pppoe-calling: Additional prefix on PPPoE calling ID

Table L.124. pppoe-calling: Additional prefix on PPPoE calling ID

ValueDescription
noneNone
macMAC
vlanInner VLAN
mac-vlanMAC and inner VLAN
vlanvlanOuter and inner VLANs padded to 4 digits

L.3.26. peertype: BGP peer type

Peer type controls many of the defaults for a peer setting. It allows typical settings to be defined with one attribute that reflects the type of peer.

Table L.125. peertype: BGP peer type

ValueDescription
normalNormal BGP operation
transitEBGP Mark received as no-export
peerEBGP Mark received as no-export, only accept peer AS
customerEBGP Allow export as if confederate, only accept peer AS
internalIBGP allowing own AS
reflectorIBGP allowing own AS and working in route reflector mode
confederateEBGP confederate
ixpInternet exchange point peer on route server, soft routes EBGP only

L.3.27. ha-set: High availability set ID

Table L.126. ha-set: High availability set ID

ValueDescription
A 
B 
C 
D 
E 
F 
G 

L.3.28. radius-nas: NAS IP to report

Table L.127. radius-nas: NAS IP to report

ValueDescription
false Local LNS IP (deprecated)
lnsLocal LNS IP
bothSend NAS IP twice (LAC then LNS)
lacRemote LAC IP
true Remote LAC IP (deprecated)

L.3.29. ipsec-type: IPsec encapsulation type

Table L.128. ipsec-type: IPsec encapsulation type

ValueDescription
AHAuthentication Header
ESPEncapsulating Security Payload

L.3.30. ike-authmethod: authentication method

Table L.129. ike-authmethod: authentication method

ValueDescription
SecretShared Secret
CertificateX.509 certificate
EAPUse EAP for authentication

L.3.31. ike-mode: connection setup mode

Table L.130. ike-mode: connection setup mode

ValueDescription
WaitWait for peer to initiate the connection
On-demandBring up when needed for traffic
ImmediateAlways attempt to bring up connection

L.3.32. ipsec-auth-algorithm: IPsec authentication algorithm

Table L.131. ipsec-auth-algorithm: IPsec authentication algorithm

ValueDescription
nullNo authentication
HMAC-MD5HMAC-MD5-96 (RFC 2403)
HMAC-SHA1HMAC-SHA1-96 (RFC 2404)
AES-XCBCAES-XCBC-MAC-96 (RFC 3566)
HMAC-SHA256HMAC-SHA-256-128 (RFC 4868)

L.3.33. ipsec-crypt-algorithm: IPsec encryption algorithm

Table L.132. ipsec-crypt-algorithm: IPsec encryption algorithm

ValueDescription
nullNo encryption (RFC 2410)
3DES-CBC3DES-CBC (RFC 2451)
blowfishBlowfish CBC (RFC 2451) with 16-byte key
blowfish-192Blowfish CBC (RFC 2451) with 24-byte key
blowfish-256Blowfish CBC (RFC 2451) with 32-byte key
AES-CBCAES-CBC (Rijndael) (RFC 3602) with 16-byte key
AES-192-CBCAES-CBC (Rijndael) (RFC 3602) with 24-byte key
AES-256-CBCAES-CBC (Rijndael) (RFC 3602) with 32-byte key

L.3.34. ike-PRF: IKE Pseudo-Random Function

Table L.133. ike-PRF: IKE Pseudo-Random Function

ValueDescription
HMAC-MD5HMAC-MD5
HMAC-SHA1HMAC-SHA1
AES-XCBC-128AES-XCBC with 128-bit key
HMAC-SHA256PRF-HMAC-SHA-256 (rfc4868)

L.3.35. ike-DH: IKE Diffie-Hellman group

Table L.134. ike-DH: IKE Diffie-Hellman group

ValueDescription
noneNo D-H negotiation (only used with AH/ESP)
MODP-10241024-bit Sophie Germain Prime MODP Group
MODP-20482048-bit Sophie Germain Prime MODP Group

L.3.36. ike-ESN: IKE Sequence Number support

Table L.135. ike-ESN: IKE Sequence Number support

ValueDescription
ALLOW-ESNAllow Extended Sequence Numbers (64 bits)
ALLOW-SHORT-SNAllow short sequence numbers (32 bits)

L.3.37. ipsec-encapsulation: Manually keyed IPsec encapsulation mode

Table L.136. ipsec-encapsulation: Manually keyed IPsec encapsulation mode

ValueDescription
tunnelIPsec tunnel
transportIPsec transport

L.3.38. switch: Profile manual setting

Manual setting control for profile

Table L.137. switch: Profile manual setting

ValueDescription
falseProfile set to OFF
trueProfile set to ON
control-switchProfile set based on control switch on home page

L.3.39. dynamic-graph: Type of dynamic graph

Table L.138. dynamic-graph: Type of dynamic graph

ValueDescription
falseNo dynamic graph
ipUse source IP address
macUse source MAC address

L.3.40. firewall-action: Firewall action

Table L.139. firewall-action: Firewall action

ValueDescription
continueContinue rule-set checking
acceptAllow but no more rule-set checking
rejectEnd all rule checking now and set to send ICMP reject
dropEnd all rule checking now and set to drop
ignoreEnd all rule checking and ignore (drop) just this packet, not making a session