L.3. Data types

L.3. Data types
	Appendix L. Configuration Objects

L.3.1. user-level: User login level

User login level - commands available are restricted according to assigned level.

Table L.101. user-level: User login level

Value	Description
NOBODY	Unknown or not logged in user
GUEST	Guest user
USER	Normal unprivileged user
ADMIN	System administrator
DEBUG	System debugger

L.3.2. ppp-dump: PPP dump format

Table L.102. ppp-dump: PPP dump format

Value	Description
default	Mixed hex/decode
decoded	Decoded only
decoded+raw	Decoded + raw
raw	Raw hex

L.3.3. autoloadtype: Type of s/w auto load

Table L.103. autoloadtype: Type of s/w auto load

Value	Description
false	Do no auto load
factory	Load factory releases
beta	Load beta test releases
alpha	Load test releases

L.3.4. config-access: Type of access user has to config

Table L.104. config-access: Type of access user has to config

Value	Description
none	No access unless explicitly listed
view	View only access (no passwords)
read	Read only access (with passwords)
demo	Full view and edit access but can only test config, not save
test	Full view and edit access but must test save config first
full	Full view and edit access

L.3.5. eap-subsystem: Subsystem with EAP access control

Table L.105. eap-subsystem: Subsystem with EAP access control

Value	Description
IPsec	IPsec/IKEv2 VPN

L.3.6. eap-method: EAP access method

Table L.106. eap-method: EAP access method

Value	Description
MD5	MD5 Challenge
MSChapV2	MS Challenge

L.3.7. syslog-severity: Syslog severity

Log severity - different loggable events log at different levels.

Table L.107. syslog-severity: Syslog severity

Value	Description
EMERG	System is unstable
ALERT	Action must be taken immediately
CRIT	Critical conditions
ERR	Error conditions
WARNING	Warning conditions
NOTICE	Normal but significant events
INFO	Informational
DEBUG	Debug level messages
NO-LOGGING	No logging

L.3.8. syslog-facility: Syslog facility

Syslog facility, usually used to control which log file the syslog is written to.

Table L.108. syslog-facility: Syslog facility

Value	Description
KERN	Kernel messages
USER	User level messges
MAIL	Mail system
DAEMON	System Daemons
AUTH	Security/auth
SYSLOG	Internal to syslogd
LPR	Printer
NEWS	News
UUCP	UUCP
CRON	Cron deamon
AUTHPRIV	private security/auth
FTP	File transfer
12	Unused
13	Unused
14	Unused
15	Unused
LOCAL0	Local 0
LOCAL1	Local 1
LOCAL2	Local 2
LOCAL3	Local 3
LOCAL4	Local 4
LOCAL5	Local 5
LOCAL6	Local 6
LOCAL7	Local 7

L.3.9. http-mode: HTTP/HTTPS security mode

Table L.109. http-mode: HTTP/HTTPS security mode

Value	Description
http-only	No HTTPS access
http+https	Both HTTP and HTTPS access
https-only	No HTTP access
redirect-to-https	HTTP accesses are redirected to use HTTPS
redirect-to-https-if-acme	HTTP accesses are redirected to use HTTPS if ACME set up for hostname
redirect-to-https-except-trusted	HTTP accesses are redirected to use HTTPS (except trusted IPs)

L.3.10. radiuspriority: Options for controlling platform RADIUS response priority tagging

Table L.110. radiuspriority: Options for controlling platform RADIUS response priority tagging

Value	Description
equal	All the same priority
strict	In order specified
random	Random order
calling	Hashed on calling station id
called	Hashed on called station id
username	Hashed on full username
user	Hashed on username before @
realm	Hashed on username after @
prefix	Hashed on username initial letters and numbers only

L.3.11. radiustype: Type of RADIUS server

Table L.111. radiustype: Type of RADIUS server

Value	Description
authentication	Authentication server
accounting	Accounting server
control	Allowed to send control (CoA/DM)

L.3.12. month: Month name (3 letter)

Table L.112. month: Month name (3 letter)

Value	Description
Jan	January
Feb	February
Mar	March
Apr	April
May	May
Jun	June
Jul	July
Aug	August
Sep	September
Oct	October
Nov	November
Dec	December

L.3.13. day: Day name (3 letter)

Table L.113. day: Day name (3 letter)

Value	Description
Sun	Sunday
Mon	Monday
Tue	Tuesday
Wed	Wednesday
Thu	Thursday
Fri	Friday
Sat	Saturday

L.3.14. port: Physical port

Table L.114. port: Physical port

Value	Description
0	Port 0 (not valid) (deprecated)
1	Port 1
2	Port 2
3	Port 3
4	Port 4
5	Port 5
6	Port 6
7	Port 7
8	Port 8
9	Port 9
10	Port 10

L.3.15. LinkFlow: Physical port flow control setting

Table L.115. LinkFlow: Physical port flow control setting

Value	Description
none	No flow control
symmetric	Can support two-way flow control
send-pauses	Can send pauses but does not support pause reception
any	Can receive pauses and may send pauses if required

L.3.16. LinkClock: Physical port Gigabit clock master/slave setting

Table L.116. LinkClock: Physical port Gigabit clock master/slave setting

Value	Description
prefer-master	Master status negotiated; preference for master
prefer-slave	Master status negotiated; preference for slave
force-master	Master status forced
force-slave	Slave status forced

L.3.17. LinkFault: Link fault type to send

Table L.117. LinkFault: Link fault type to send

Value	Description
false	No fault
true	Send fault
off-line	Send offline fault (1G)
ane	Send ANE fault (1G)

L.3.18. sampling-protocol: Sampling protocol

Table L.118. sampling-protocol: Sampling protocol

Value	Description
sflow	Use sFlow protocol
ipfix-psamp	Use IPFIX/PSAMP protocol
ipfix-legacy	Use legacy (Cisco-style) IPFIX

L.3.19. trunk-mode: Trunk port mode

Table L.119. trunk-mode: Trunk port mode

Value	Description
false	Not trunking
random	Random trunking
l2-hash	L2 hashed trunking
l23-hash	L2 and L3 hashed trunking
l3-hash	L3 hashed trunking

L.3.20. ramode: IPv6 route announce level

IPv6 route announcement mode and level

Table L.120. ramode: IPv6 route announce level

Value	Description
false	Do not announce
low	Announce as low priority
medium	Announce as medium priority
high	Announce as high priority
true	Announce as default (medium) priority

L.3.21. bgpmode: BGP announcement mode

BGP mode defines the default advertisement mode for prefixes, based on well-known community tags

Table L.121. bgpmode: BGP announcement mode

Value	Description
false	Not included in BGP at all
no-advertise	Not included in BGP, not advertised at all
no-export	Not normally exported from local AS/confederation
local-as	Not exported from local AS
no-peer	Exported with no-peer community tag
true	Exported as normal with no special tags added

L.3.22. sampling-mode: Sampling mode

Table L.122. sampling-mode: Sampling mode

Value	Description
off	Don't perform sampling
ingress	Sample incoming traffic
egress	Sample outgoing traffic
both	Sample incoming and outgoing traffic

L.3.23. sfoption: Source filter option

Table L.123. sfoption: Source filter option

Value	Description
false	No source filter checks
blackhole	Check replies blackholed
nowhere	Check replies valid
self	Check replies valid and not self
true	Check replies down same port/vlan

L.3.24. pppoe-mode: Type of PPPoE connection

Table L.124. pppoe-mode: Type of PPPoE connection

Value	Description
client	Normal PPPoE client connects to access controller
bras-l2tp	PPPoE server mode linked to L2TP operation

L.3.25. pppoe-calling: Additional prefix on PPPoE calling ID

Table L.125. pppoe-calling: Additional prefix on PPPoE calling ID

Value	Description
none	None
mac	MAC
vlan	Inner VLAN
mac-vlan	MAC and inner VLAN
vlanvlan	Outer and inner VLANs padded to 4 digits

L.3.26. peertype: BGP peer type

Peer type controls many of the defaults for a peer setting. It allows typical settings to be defined with one attribute that reflects the type of peer.

Table L.126. peertype: BGP peer type

Value	Description
normal	Normal BGP operation
transit	EBGP Mark received as no-export
peer	EBGP Mark received as no-export, only accept peer AS
customer	EBGP Allow export as if confederate, only accept peer AS
internal	IBGP allowing own AS
reflector	IBGP allowing own AS and working in route reflector mode
confederate	EBGP confederate
ixp	Internet exchange point peer on route server, soft routes EBGP only

L.3.27. ha-set: High availability set ID

Table L.127. ha-set: High availability set ID

Value	Description
A
B
C
D
E
F
G

L.3.28. radius-nas: NAS IP to report

Table L.128. radius-nas: NAS IP to report

Value	Description
false	Local LNS IP (deprecated)
lns	Local LNS IP
both	Send NAS IP twice (LAC then LNS)
lac	Remote LAC IP
true	Remote LAC IP (deprecated)

L.3.29. ipsec-type: IPsec encapsulation type

Table L.129. ipsec-type: IPsec encapsulation type

Value	Description
AH	Authentication Header
ESP	Encapsulating Security Payload

L.3.30. ike-authmethod: authentication method

Table L.130. ike-authmethod: authentication method

Value	Description
Secret	Shared Secret
Certificate	X.509 certificate
EAP	Use EAP for authentication

L.3.31. ike-mode: connection setup mode

Table L.131. ike-mode: connection setup mode

Value	Description
Wait	Wait for peer to initiate the connection
On-demand	Bring up when needed for traffic
Immediate	Always attempt to bring up connection

L.3.32. ipsec-auth-algorithm: IPsec authentication algorithm

Table L.132. ipsec-auth-algorithm: IPsec authentication algorithm

Value	Description
null	No authentication
HMAC-MD5	HMAC-MD5-96 (RFC 2403)
HMAC-SHA1	HMAC-SHA1-96 (RFC 2404)
AES-XCBC	AES-XCBC-MAC-96 (RFC 3566)
HMAC-SHA256	HMAC-SHA-256-128 (RFC 4868)

L.3.33. ipsec-crypt-algorithm: IPsec encryption algorithm

Table L.133. ipsec-crypt-algorithm: IPsec encryption algorithm

Value	Description
null	No encryption (RFC 2410)
3DES-CBC	3DES-CBC (RFC 2451)
blowfish	Blowfish CBC (RFC 2451) with 16-byte key
blowfish-192	Blowfish CBC (RFC 2451) with 24-byte key
blowfish-256	Blowfish CBC (RFC 2451) with 32-byte key
AES-CBC	AES-CBC (Rijndael) (RFC 3602) with 16-byte key
AES-192-CBC	AES-CBC (Rijndael) (RFC 3602) with 24-byte key
AES-256-CBC	AES-CBC (Rijndael) (RFC 3602) with 32-byte key

L.3.34. ike-PRF: IKE Pseudo-Random Function

Table L.134. ike-PRF: IKE Pseudo-Random Function

Value	Description
HMAC-MD5	HMAC-MD5
HMAC-SHA1	HMAC-SHA1
AES-XCBC-128	AES-XCBC with 128-bit key
HMAC-SHA256	PRF-HMAC-SHA-256 (rfc4868)

L.3.35. ike-DH: IKE Diffie-Hellman group

Table L.135. ike-DH: IKE Diffie-Hellman group

Value	Description
none	No D-H negotiation (only used with AH/ESP)
MODP-1024	1024-bit Sophie Germain Prime MODP Group
MODP-2048	2048-bit Sophie Germain Prime MODP Group

L.3.36. ike-ESN: IKE Sequence Number support

Table L.136. ike-ESN: IKE Sequence Number support

Value	Description
ALLOW-ESN	Allow Extended Sequence Numbers (64 bits)
ALLOW-SHORT-SN	Allow short sequence numbers (32 bits)

L.3.37. ipsec-encapsulation: Manually keyed IPsec encapsulation mode

Table L.137. ipsec-encapsulation: Manually keyed IPsec encapsulation mode

Value	Description
tunnel	IPsec tunnel
transport	IPsec transport

L.3.38. switch: Profile manual setting

Manual setting control for profile

Table L.138. switch: Profile manual setting

Value	Description
false	Profile set to OFF
true	Profile set to ON
control-switch	Profile set based on control switch on home page

L.3.39. dynamic-graph: Type of dynamic graph

Table L.139. dynamic-graph: Type of dynamic graph

Value	Description
false	No dynamic graph
ip	Use source IP address
mac	Use source MAC address

L.3.40. firewall-action: Firewall action

Table L.140. firewall-action: Firewall action

Value	Description
continue	Continue rule-set checking
accept	Allow but no more rule-set checking
reject	End all rule checking now and set to send ICMP reject
drop	End all rule checking now and set to drop
ignore	End all rule checking and ignore (drop) just this packet, not making a session