ZyNOS CI Command List

ZyNOS CI Command List
http://www.zyxeltech.de/snotep660hw/ci_cmd/p660hw_ci.htm
System Related Commands Exit Command Ethernet Related Commands WAN Related Commands WLAN Related Commands IP Related Commands PPP Related Commands Bridge Related Commands Radius Related Commands 802.1x Related Commands Firewall Related Commands Configuration Related Commands SMT Related Commands 1. Command Syntax and General User Interface CI has the following command syntax: command <iface | device > subcommand [param] command subcommand [param] command ? | help command subcommand ? | help General user interface: ? 1. exit 2. Shows the following commands and all major (sub)commands Returns to SMT
System Related Commands [ch-name]: enet0, mpoa00
1 of 26
6/4/2013 10:33
Command sys adjtime cbuf display cnt display clear baud callhist display remove clear countrycode date domainname edit enhanced errctl [level] <filename> [countrycode] [year month date] <index> <1..5> [a|f|u]
Description retrive date and time from Internet display cbuf a: all f: free u: used cbuf static display cbuf static clear cbuf static change console speed display call history remove entry from call history clear the counters in GUI status menu set country code set/display date display domain name edit a text file return OK if commands are supported for PWC purposes set the error control level 0:crash no save,not in debug mode (default) 1:crash no save,in debug mode 2:crash save,not in debug mode 3:crash save,in debug mode display tag flags information display system event information
event display trace display clear <num> extraphnum add display node remove reset feature fid display firmware hostname iface disp [#] display iface list [hostname] display function id list display ISDN firmware type display system hostname <num> <set 1-3> <set 1-3> <1st phone num> [2nd phone num]
display trace event clear trace event maintain extra phone numbers for outcalls add extra phone numbers display extra phone numbers set all extend phone number to remote node <num> remove extra phone numbers reset flag and mask display feature bit
2 of 26
6/4/2013 10:33
isr interrupt logs category
[all|used|free]
display interrupt service routine display interrupt status
access [0:none/1:log] attack [0:none/1:log/2:alert/3:both] display error [0:none/1:log/2:alert/3:both] ipsec [0:none/1:log] mten [0:none/1:log] upnp [0:none/1:log] urlblocked [0:none/1:log/2:alert /3:both] urlforward [0:none/1:log] clear display errlog clear disp online load mail alertAddr [mail address] display logAddr [mail address] schedule display schedule hour [0-23] schedule minute [0-59] schedule policy [0:full/1:hourly /2:daily/3:weekly/4:none] schedule week [0:sun/1:mon/2:tue /3:wed/4:thu/5:fri/6:sat] server [domainName/IP] subject [mail subject] save syslog active [0:no/1:yes] display facility [Local ID(1-7)] server [domainName/IP] mbuf cnt disp clear
record the access control logs record and alert the firewall attack logs display the category setting record and alert the system error logs record the access control logs record the system maintenance logs record upnp logs record and alert the web blocked logs record web forward logs clear log display all logs display log error clear log error turn on/off error log online display load the log setting buffer send alerts to this mail address display mail setting send logs to this mail address display mail schedule hour time to send the logs minute time to send the logs mail schedule policy weekly time to send the logs mail server to send the logs mail subject save the log setting buffer active to enable unix syslog display syslog setting log the messages to different files syslog server to send the logs
display system mbuf count clear system mbuf count
3 of 26
6/4/2013 10:33
link pool status disp debug memory memwrite memwl memrl memutil usage mqueue mcell msecs mtstart mtstop mtalloc mtfree model proc display stack pstatus queue display ndisp quit reboot
link <id> [type] <address> [on|off] <address> <length> <address> <len> [data list ...] <address> <address>
list system mbuf link list system mbuf pool display system mbuf status display mbuf status display memory content write some data to memory at <address> write long word to memory at <address> read long word at <address> display memory allocate and heap status display memory queues display memory cells by given ID display memory sections start memory test stop memory test allocate memory for testing free the test memory display server model name display all process information
<address> <len> mid [f|u] [a|f|u] <n-mcell> <size> [n-mcell] <start-idx> [end-idx]
[tag]
display process's stack by a give TAG display process's status by a give TAG display queue by given status and range numbers display a queue by a given number quit CI command mode reboot system code = 0 cold boot, = 1 immediately boot = 2 bootModule debug mode display resources trace clear resources trace
[a|f|u] [start#] [end#] [qid] [code]
reslog disp clear stdio time timer disp trace start stop trcdisp trclog [on|off] [tmValue] <ID> display timer cell set/display timer information online start a timer stop a timer monitor packets [second] [hour [min [sec]]]
change terminal timeout value display/set system time
4 of 26
6/4/2013 10:33
switch online level type disp clear call encapmask trcpacket create destroy channel
[on|off] [on|off] [level] <bitmap>
set system trace log set on/off trace log online set trace level of trace log #:1-10 set trace type of trace log display trace log clear trace display call event
[mask]
set/display tracelog encapsulation mask create packet trace buffer packet trace related commands <channel name>=enet0,sdsl00, fr0 set packet trace direction for a given channel enable smt trace log turn on/off the packet trace display packet trace send packet trace to other system
<entry> <size> <name> [none|incoming|outgoing|bothway]
string switch disp udp switch [on|off] addr <addr> port <port> parse brief version view wdog switch cnt romreset server access load disp port save secureip spt dump root rn user slot save <telnet|ftp|web|icmp|snmp|dns> <ip> <telnet|ftp|web|snmp> <port> <telnet|ftp|web|icmp|snmp|dns> <value> [on|off] [value] <filename> [[start_idx], end_idx] [on|off]
set tracepacket upd switch send trace packet to remote udp address set tracepacket udp port parse packet content display packet content briefly display RAS code and driver version view a text file set on/off wdog display watchdog counts value: 0-34463 restore default romfile set server access type load server information display server information set server port save server information set server secure ip addr dump spt raw data dump spt root data dump spt remote node data dump spt user data dump spt slot data save spt data
5 of 26
6/4/2013 10:33
size clear cmgr trace disp <ch-name> clear <ch-name> cnt socket filter clear disp sw set [on|off] <set> <ch-name>
display spt record size clear spt data
show the connection trace of this channel clear the connection trace of this channel show channel connection related counter display system socket information clear filter statistic counter display filter statistic counters set filter status switch display filter rule
netbios disp config <0:LAN to WAN, 1:WAN to LAN, 2:LAN to DMZ, 3:IPSec passthrough, 4:Trigger Dial> <on|off> ddns debug display restart logout cpu display display CPU utilization <level> <iface name> <iface name> <iface name> enable/disable ddns service display ddns information restart ddns logout ddns display netbios filter status config netbios filter
Exit Related Commands

Command exit exit smt menu Description
Ethernet Related Commands <ch-name> : enet0, mpoa00
Command ether config driver cnt disp <name>
Description display LAN configuration information
display ether driver counters
6 of 26
6/4/2013 10:33
clear <name> iface ioctl mac reg rxmod <ch_name> <num> <ch_name> <ch_name> <mac_addr> <ch_name> <ch_name> <mode>
clear ether driver counters send driver iface Useless in this stage. Set LAN Mac address display LAN hardware related registers set LAN receive mode. mode: 1: turn off receiving 2: receive only packets of this interface 3: mode 2+ broadcast 5: mode 2 + multicast 6: all packets see LAN status initialize LAN see ethernet device type
status init version pkttest disp
<ch_name> <ch_name>
packet <level> event <ch> [on|off] sap arp mem test pncconfig mac [ch_name] <ch_name> <ip-addr> <addr> <data> [type] <ch_id> <test_id> [arg3] [arg4] <ch_name> <src_ch> <dest_ch> <ipaddr>
set ether test packet display level turn on/off ether test event display send sap packet send arp packet to ip-addr write memory data in address do LAN test do pnc config fake mac address
IP Related Commands <hostid> format : xxx.xxx.xxx.xxx (ip Address) <ether addr> format : xx:xx:xx:xx:xx:xx <iface> : enif0, wanif0 <gw> : gateway ip address
Command ip address loopbackaddr alias aliasdis arp status <iface> display ip arp status [addr] <IP1> [IP2] <iface> <0|1> display host ip address Set loopback address. Description
alias iface
disable alias
7 of 26
6/4/2013 10:33
add resolve drop flush publish dhcp client
<hostid> ether <ether addr> <hostid> <hostid> [hardware]
add arp information resolve ip-addr drop arp flush arp table add proxy arp
<iface> release renew mode relay reset server probecount <num> dnsserver <IP1> [IP2] [IP3] winsserver <winsIP1> [<winsIP2>] gateway <gatewayIP> hostname <hostname> initialize leasetime <period> netmask <netmask> pool <startIP> <numIP> renewaltime <period> rebindtime <period> reset server <serverIP> dnsorder [router|isp] status static delete <num>|all display update <num> <mac> <ip> delete static dhcp mac table display static dhcp mac table update static dhcp mac table [option] set dhcp probe count <server|relay|none|client> server <serverIP> release DHCP client IP renew DHCP client IP set dhcp mode set dicp relay server ip-addr reset dhcp table
set dns server ip-addr

set wins server ip-addr set gateway set hostname fills in DHCP parameters and initializes (for PWC purposes) set dhcp leasetime set dhcp netmask set dhcp ip pool set dhcp renew time set dhcp rebind time reset dhcp table set dhcp server ip for relay set dhcp dns order show dhcp status
dns query address <ipaddr> [timeout] debug <num> name <hostname> [timeout] status table server stats clear disp clear dns statistics display dns statistics <primary> [secondary] [third] resolve ip-addr to name enable dns debug value resolve name to ip-addr display dns query status display dns query table set dns server
8 of 26
6/4/2013 10:33
table httpd debug icmp echo data status trace discovery ifconfig ifdrop ping pong extping [on|off] <iface> [on|off] [iface] [ipaddr] [broadcast <addr> |mtu <value>|dynamic] <iface> <hostid> <hostid> [<size> <time-interval>] <target address> [-t] [-c] [-d] [Data] [-f] [-l] [Data size] [-v] [TOS value] [-n] [Repeat value] [-w] [Timeout value] [-o] [IP address/IFace] [on|off] <option> [on|off]
display dns table set http debug flag set icmp echo response flag select general data type display icmp statistic counter turn on/off trace for debugging set icmp router discovery flag configure network interface chaek if iface is available. ping remote host pong remote host Continue to send ECHO_REQ until Ctrl-C input Validate the reply data Data pattern. The maximum length of data is 255 characters. Set DF flag. Datagram size in bytes (with 28 bytes Header). Specify the value of TOS flag. The number of times to send ECHO_REQ packet. Specify the value of Timeout in seconds. To specify one IP address or interface to be the Source IP address. Sweep range of sizes.
[-p] [Min MTU] [Max MTU] [Interval size] route status add addiface addprivate drop flush lookup errcnt disp clear status adjTcp udp status <iface> [<mss>] <addr> [if] <dest_addr|default>[/<bits>] <gateway> [<metric>] <dest_addr|default>[/<bits>] <gateway> [<metric>] <dest_addr|default>[/<bits>] <gateway> [<metric>] <host addr> [/<bits>]
display routing table add route add an entry to the routing table to iface add private route drop a route flush route table find a route to the destination display routing statistic counters clear routing statistic counters display ip statistic counters adjust the TCP mss of iface display udp status
9 of 26
6/4/2013 10:33
rip accept activate merge refuse request reverse status trace mode <iface> in [mode] <iface> out [mode] dialin_user tcp ceiling floor irtt kick limit max-incomplete mss reset rtt status syndata trace window samenet uninet tftp support stats xparent join break antiprobe igmp debug forwardall querier iface <iface> grouptm <timeout> set igmp group timeout [level] [on|off] [on|off] set igmp debug level turn on/off igmp forward to all interfaces flag turn on/off igmp stop query flag <iface1> [<iface2>] <iface> <0|1> 1:yes 0:no join iface2 to iface1 group break iface to leave ipxparent group set ip anti-probe flag pritn if tfpt is support display tftp status [value] [value] [value] <tcb> [value] [number] [value] <tcb> <tcb> <value> [tcb] [<interval>] [on|off] [on|off] [tcb] <iface1> [<iface2>] <iface> TCP maximum round trip time TCP minimum rtt TCP default init rtt kick tcb set tcp output window limit Set the maximum number of TCP incomplete connection. TCP input MSS reset tcb set round trip time for tcb display TCP statistic counters TCP syndata piggyback turn on/off trace for debugging TCP input window size display the ifaces that in the same net set the iface to uninet [show|in|out|both|none] set rip in mode set rip out mode show dialin user rip direction [on|off] <gateway> <addr> [port] [on|off] <gateway> drop an entry from the RIP refuse list enable rip set RIP merge flag add an entry to the rip refuse list send rip request to some address and port RIP Poisoned Reverse display rip statistic counters enable debug rip trace
10 of 26
6/4/2013 10:33
<iface> interval <interval> <iface> join <group> <iface> leave <group> <iface> query <iface> rsptime [time] <iface> start <iface> stop <iface> ttl <threshold> <iface> v1compat [on|off] robustness status pr clear disp switch nat timeout gre [timeout] iamt [timeout] generic [timeout] reset [timeout] tcp [timeout] tcpother [timeout] update iamt iface lookup new-lookup loopback reset server disp load <set id> save clear <set id> edit active <yes|no> edit svrport <start port> [end port] edit intport <start port> [end port] edit remotehost <start ip> [end ip] edit leasetime [time] edit rulename [name] edit forwardip [ip] edit protocol [protocol id] <iface> <rule set> <rule set> [on|off] <iface> <num>
set igmp query interval join a group on iface leave a group on iface send query on iface set igmp response time turn on of igmp on iface turn off of igmp on iface set ttl threshold turn on/off v1compat on iface set igmp robustness variable dump igmp status clear ip pr table counter information dump ip pr table counter information turn on/off ip pr table counter flag
set nat gre timeout value set nat iamt timeout value set nat generic timeout value set nat reset timeout value set nat tcp timeout value set nat tcp other timeout value create nat system information from spSysParam display nat iamt information show nat status of an interface display nat lookup rule display new nat lookup rule turn on/off nat loopback flag reset nat table of an iface display nat server table load nat server information from ROM save nat server information to ROM clear nat server information set nat server edit active flag set nat server server port set nat server forward port set nat server remote host ip set nat server lease time set nat server rule name set nat server server ip set nat server protocol
11 of 26
6/4/2013 10:33
service irc [on|off] resetport incikeport [on|off] turn on/off irc flag reset all nat server table entries turn on/off increase ike port flag
WAN Related Commands

Command wan adsl bert chandata close coding ctrleint defbitmap dyinggasp fwav fwdl linedata near far open opencmd opmode perfdata rdata reset selftest long short status version vendorid utopia cellcnt display shutdown rateup rateadap dumpcondition [on|off] [on|off] Show the counter of rate adaptive mechanism happening Show real status that rate adaptive mechanism happened Turn on/off rate adaptive mechanism Turn on/off online debug information of rate adaptive mechanism ADSL long loop test ADSL short loop test ADSL status (ex: up, down or wait for init) ADSL version information ADSL vendor information Show ADSL utopia information Show ADSL cell counter [start] [length] Show ADSL near end noise margin Show ADSL far end noise margin Open ADSL line Open ADSL line with specific standard Show the operational mode Show performance information,CRC,FEC, error seconds.. Read DSP CTRLE registers 512 bytes Reset ADSL modem, and must reload the modem code again Description
ADSL ber
ADSL channel data, line rate Close ADSL line ADSL standard current ADSL CTRLE response command ADSL defect bitmap status Send ADSL dyinggasp Test the ADSL F/W available ping Download modem code, but must reset first
12 of 26
6/4/2013 10:33
sampletime noisegt
[mins] [dB]
noisemargin
[dB]
Tune the sample time of rate adaptive mechanism if noise margin is 3db greater than before, and rate is worse than before, then system will do L1 shutdown RA3, default is 3db if noise margin is greater than this value, and rate is worse than before, then system will do L1 shutdown RA3, default is 8db
persisttime
[time]
when the adaptive condition is matched system will continue to monitor the time period persisttime before doing L1 shutdown RA3, default is 30 seconds
when L1 shutdown RA3 is done twice, and still cant reach the max rate which system recorded, it will delay a time period that the period base time istimeinterval before starting again. The time-based default is 2 hrs Turn on/off detect table checking, default is on Set the CTRLE register (0xc3), the value is from 0xfa to 0x06 Set the CTRLE register (0xc4), the value is from 0xfa to 0x06 Set the CTRLE register (0xc5), the value is from 0xfa to 0x06 Set the CTRLE register (0xc6), the value is from 0xfa to 0x06 Set the CTRLE register (0xc7), the value is from 0xfa to 0x06 Set the CTRLE register (0xc8), the value is from 0xfa to 0x06 Set the CTRLE register (0xc9), the value is from 0xfa to 0x06 Send current error second information immediately By default is 100, after receiving 100 dying gasp system will reboot Turn on/off this mechanism Turn on means to response signal loss of CTRLE immediately, default is off Generate ATM traffic Display hwsar packets incoming/outgoing information Clear hwsar packets information
timeinterval
[mins]
defectcheck txgain targetnoise maxtonelimit rxgain txoutputpwr rxoutputpwr maxoutputpwr errorsecond
[on|off] [value] [value] [value] [value] [value] [value] [value]
sendes dygasprecover dygasprecover dygasprecover rsploss atm hwsar test disp clear level [value] active [on|off| [1|0] [fix|rand|period|oam|loopback]
PPP Related Command
13 of 26
6/4/2013 10:33
Command ppp bod remote reset setremote status clear on off node <node> <dir> <iface> <wan_iface> <wan_iface> <iface>
Description
show remote bod information reset bod set remote bod show wan port bod status clear wan port bod data set bod flag on set bod flag off config the statistic method for remote node bod traffic data show bod debug flag show bod state clear bod state set/display dial-in ccp switch set address/control field compression flag set protocol field compression flag set incoming call MP flag set callback flag set bandwidth allocation control flag set/display retry count to send echo-request set/display time interval to send echo-request close connection on ppp interface show ipcp state open fsm link set timeout interval when waiting for response from remote peer set/display fsm try config set/display fsm try failure set/display fsm try terminate set compress flag set number of slots set/display slot id compress
debug cnt
[on|off] disp clear
ccp lcp acfc pfc mpin callback bacp echo
[on|off]
[on|off] [on|off] [on|off] [on|off] [on|off]
retry <retry_count> time <interval> ipcp close list open timeout [value] <iface>
try configure [value] failure [value] terminate [value] compress [ slots idcompress [on| on|off] [slot_num] off]
14 of 26
6/4/2013 10:33
address mp default
[on|off]
set/display ip one address option show link default flag
rotate split split rotate sequence configure ipcp compress [on|off] slots [slot_num] idcompress [on|off] address [on|off] atcp ccp ascend [on|off] history <count> check [argv] reset <mode> pfc [on|off] debug [on|off] iface <iface> ipcp <iface> ipxcp <iface> atcp <iface> ccp [reset|skip|flush] show <iface> mp show fsm trace break [num] [count] [flag] clear disp filter [mask] [protocol] Tdata filter [protocol1] [protocol2] disp <channel> [0|1] [0|1]
set link default to rotate set link default to split set/display link split set/display link rotate set/display mp start sequence
enable/disable compress select number of slots enable/disable slot id compress set/display ip one address option apple talk feature not supported anymore set/display ascend stac flag set/display stac history count set/display stac check mode set/display stac reset mode set/display pfc flag set/display ccp debug flag show the ipcp status of the given iface show the ipxcp status of the given iface the ccp status of the given iface show the mp status of the given iface show the ppp channel status
set the fsm log break value clear the fsm log data display the fsm log data set the fsm log filter value set the fsm filter data display the fsm data
15 of 26
6/4/2013 10:33
clear Struc delay [inteval]
clear the fsm data dump fsm data structure set the delay timer for sending first PPP packet after call answered
Bridge Related Command

Command bridge mode blt Disp reset traffic monitor Time brt Disp reset cnt Disp clear stat Disp Clear disp [id] [id] [on|off] <sec> <channel> <channel> <1/0> (enable/disable) turn on/off (1/0) LAN promiscious mode related to bridge local table display blt data reset blt data display local LAN traffic table turn on/off traffice monotor. Default is off. set blt re-init interval related to bridge route table display brt data reset brt data related to bridge routing statistic table display bridge route counter clear bridge route counter related to bridge packet statistic table display bridge route packet counter clear bridge route packet counter display bridge source table Description
WLAN Related Commands
Command Wlan active [on|off] [0|1]
Description Turn on/off wireless lan
16 of 26
6/4/2013 10:33
association load Display chid essid hiddenssid threshold rts Fragment wep type Key Key macfilter Enable Disable Action Set Clear Save Power reset 1130cmd restart_stat chg_dot11mode show_rxDesc acxstat [1:19dbm, 2:18dbm, 3:16dbm, 4:15dbm, 5:14dbm] <allow|deny> <Set#> <MAC Address> <none|64|128|256> Set <set> <value> Default <set> <RTS threshold value> <Fragment threshold value> [on/off]
Show association list Load WLAN configuration into buffer. Display WLAN configuration data. Configure channel ID Configure ESSID Enable/Disable hidden SSID Set threshold rts value Set threshold fragmentation value Set WEP key to 64, 128 or 256 bits. Set WEP key value per set Set WEP default key set Enable macfilter Disable macfilter When action match, allow or deny this mac Set mac address by set Clear all WLAN configuration data. Save WLAN configuration working buffer to Rom file. Change TX power level. Reset WLAN Internal usage. Show WLAN restart statistics Set WLAN state to mix mode, B only or G only Show number of Rx host descriptors Show acx run time statistics
Radius Related Command

Command radius auth acco show current radius authentication server configuration show current radius accounting server configuration Description
8021x Related Command

Command 8021x debug level trace [debug level] set ieee802.1x debug message level show all supplications in the supplication table Description
17 of 26
6/4/2013 10:33
user
[username]
show the specified user status in the supplicant table
Configuration Related Command

Command config edit retrieve save display firewall firewall firewall firewall set <set#> active <yes|no> Description The parameters of config are listed below. Activate or deactivate the saved firewall settings Retrieve current saved firewall settings Save the current firewall settings Displays all the firewall settings Display current entries of a set configuration; including timeout values, name, default-permit, and number of rules in the set. Display current entries of a rule in a set. Display all the attack alert settings in PNC Display all the e-mail settings in PNC Display all the available sub commands Edit the mail server IP to send the alert Edit the mail address for returning an email alert Edit the mail address to send the alert Edit email schedule when log is full or per hour, day, week. Edit the day to send the log when the email policy is set to Weekly
set <set#> attack e-mail ? e-mail
rule <rule#>
mail-server <mail server IP> return-addr <e-mail address> e-mail-to <e-mail address> policy <full | hourly |daily | weekly> day <sunday | monday | tuesday | wednesday | thursday | friday | saturday> hour <0~23>
minute <0~59>
attack
Subject <mail subject> send-alert <yes|no> block <yes|no>
Edit the hour to send the log when the email policy is set to daily or weekly Edit the minute to send to log when the email policy is set to daily or weekly Edit the email subject Activate or deactivate the firewall DoS attacks notification emails Yes: Block the traffic when exceeds the tcp-max-incomplete threshold No: Delete the oldest half-open session when exceeds the tcp-maxincomplete threshold Only valid when sets 'Block' to yes. The unit is minute
block-minute <0~255>
18 of 26
6/4/2013 10:33
minute-high <0~255> minute-low <0~255> max-incomplete-high <0~255> max-incomplete-low <0~255> tcp-max-incomplete <0~255> name <desired name> default-permit <forward|block> icmp-timeout <seconds> udp-idle-timeout <seconds> connection-timeout <seconds> fin-wait-timeout <seconds> tcp-idle-timeout <seconds> pnc <yes|no> log <yes|no> rule <rule#> permit <forward|block> active <yes|no> protocol <0~255> log <none|match|notmatch|both> alert <yes|no>
set <set#>
The threshold to start to delete the old half-opened sessions to minute-low The threshold to stop deleting the old half-opened session The threshold to start to delete the old half-opened sessions to max-incomplete-low The threshold to stop deleting the half-opened session The threshold to start executing the block field Edit the name for a set Edit whether a packet is dropped or allowed when it does not match the default set Edit the timeout for an idle ICMP session before it is terminated Edit the timeout for an idle UDP session before it is terminated Edit the wait time for the SYN TCP sessions before it is terminated Edit the wait time for FIN in concluding a TCP session before it is terminated Edit the timeout for an idle TCP session before it is terminated PNC is allowed when 'yes' is set even there is a rule to block PNC Switch on/off sending the log for matching the default permit Edit whether a packet is dropped or allowed when it matches this rule Edit whether a rule is enabled or not Edit the protocol number for a rule. 1=ICMP, 6=TCP, 17=UDP... Sending a log for a rule when the packet none|matches|not match|both the rule Activate or deactivate the notification when a DoS attack occurs or there is a violation of any alert settings. In case of such instances, the function will send an email to the SMTP destination address and log an alert. Select and edit a source address of a packet which complies to this rule Select and edit a source address and subnet mask if a packet which complies to this rule. Select and edit a source address range of a packet which complies to this rule. Select and edit a destination address of a packet which complies to this rule
srcaddr-single <ip address> srcaddr-subnet <ip address> <subnet mask> srcaddr-range <start ip address> <end ip address> destaddr-single <ip address>
19 of 26
6/4/2013 10:33
destaddr-subnet <ip address> <subnet mask> destaddr-range <start ip address> <end ip address> tcp destport-single <port#>
tcp destport-range <start port#> <end port#> udp destport-single <port#>
udp destport-range <start port#> <end port#> desport-custom <desired custom port name> delete firewall e-mail attack set <set#> set <set#> insert firewall e-mail attack set <set#> set <set#> cli rule <rule#> rule <rule#>
Select and edit a destination address and subnet mask if a packet which complies to this rule. Select and edit a destination address range of a packet which complies to this rule. Select and edit the destination port of a packet which comply to this rule. For non-consecutive port numbers, the user may repeat this command line to enter the multiple port numbers. Select and edit a destination port range of a packet which comply to this rule. Select and edit the destination port of a packet which comply to this rule. For non-consecutive port numbers, users may repeat this command line to enter the multiple port numbers. Select and edit a destination port range of a packet which comply to this rule. Type in the desired custom port name Remove all email alert settings Reset all alert settings to defaults Remove a specified set from the firewall configuration Remove a specified rule in a set from the firewall configuration Insert email alert settings Insert attack alert settings Insert a specified rule set to the firewall configuration Insert a specified rule in a set to the firewall configuration Display the choices of command list.
Firewall Related Command

Command sys firewall acl disp active cnt disp clear pktdump Display firewall log type and count. Clear firewall log count. Dump the 64 bytes of dropped packet by firewall <yes|no> Display specific ACL set # rule #, or all ACLs. Active firewall or deactivate firewall Description
20 of 26
6/4/2013 10:33
update dynamicrule tcprst rst rst113 display icmp dos smtp display ignore ignore triangle
Update firewall
Set TCP reset sending on/off. Set TCP reset sending for port 113 on/off. Display TCP reset sending setting.
Set SMTP DoS defender on/off Display SMTP DoS defender setting. Set if firewall ignore DoS in lan/wan /dmz/wlan Set if firewall ignore triangle route in lan/wan/dmz/wlan
SMT Related command

No Command sys bridge [on|off] sys routeip [on|off] sys hostname [hostname] sys display sys default Description Set system bridge on/off Set system IP routing on/off Comment Menu 1 Menu 1
sys save
Menu 1 Set system name Display hostname, routing/bridge mode information Display Menu 1 in menu 1 Load All Default Settings Except LAN and DHCP. Save all the parameters which will include menu1, menu 3.2 LAN, menu 4 or menu 11 WAN, menu 12 static route, menu 15 NAT server set, menu 21 filter sets, menu 22 SNMP, menu 24.11 remote management and 3.5 Wireless LAN
wan backup mechanism [dsl | icmp] wan backup addr [index] [IP addr] wan backup tolerance [number] wan backup recovery [interval(sec)] wan backup timeout [number] wan backup save wan backup display wan tredir active [on|off] wan tredir ip [IP addr] wan tredir metric [number] wan tredir save
Set wan backup mechanism to DSL link or ICMP Set wan ip address <index> Set keepalive fail tolerance Set recovery interval Set ICMP timeout Save wan backup related parameters Display wan backup configurations Set traffic redirect on/off Set traffic redirect gateway IP address Set traffic redirect metric Save traffic redirect related parameters ** Have to apply wan backup save command thereafter
Menu 2 Menu 2 Menu 2 Menu 2 Menu 2 Menu 2 Menu 2 Menu 2.1 Menu 2.1 Menu 2.1 Menu 2.1
21 of 26
6/4/2013 10:33
wan tredir display lan index [1|2|3] 1: Select main LAN Interface
Display traffic redirect configurations
Menu 2.1 Menu 3.2
Select a LAN interface to edit 2: Select IP Alias 1 3: Select IP Alias 2 lan active [on|off]
Turn on or off on IP Alias Interface Set LAN IP address and subnet mask Example:
Menu 3.2.1 Menu 3.2
lan ipaddr [address] [subnet mask]
> lan ipaddr 192.168.1.1 255.255.255.0 Set LAN IP RIP mode and RIP version, if you Menu 3.2 lan rip [none|in|out|both] [rip1|rip2b|rip2m] choose none in the first parameter, the second parameter is also necessary Menu 3.2 lan multicast [none|igmpv1|igmpv2] Set LAN IP multicast mode Set LAN filter to be incoming/outgoing or protocol Menu 3.1 /device and the filter set could be 1-12, 0 means empty lan filter [incoming|outgoing] [tcpip|generic] [set#1] [set#2] [set#3] [set#4] Example: Lan filter incoming tcpip 1 0 0 0 Set DHCP mode to beserver, relay, none
lan dhcp mode [server|relay|none] lan dhcp server dnsserver [pri dns] [sec Set primary and secondary LAN DNS server dns] lan dhcp server pool [start-address] [num] Set DHCP start address and pool size lan dhcp server gateway [IP address] lan dhcp server netmask [subnet mask] lan dhcp server leasetime [second] lan dhcp server renewaltime [second] lan dhcp server rebindtime [second] lan dhcp relay server [IP address] lan display lan clear lan save Set DHCP gateway Set DHCP subnet mask Set DHCP lease time Set DHCP renew time Set DHCP rebind time Set IP address of DHCP relay server Display LAN or IP alias parameters Clear the Working Buffer Save LAN related parameters
Menu 3.2 Menu 3.2 Menu 3.2 Menu 3.2 Menu 3.2 Menu 3.2 Menu 3.2 Menu 3.2 Menu 3.2 Display Menu 3
wan node index [1-8]
wan node clear wan node ispname [ISP name] wan node enable wan node disable wan node encap [1483|pppoa|pppoe|enet] wan node mux [vc|llc]
Set the node pointer to specific wan profile. If you Menu 11.1 want to set WAN profile, please use this command first, system will use the index number for pointing to specific PVC (remote node), and for consequent commands reference, if index = 1 means its ISP node Clear the parameters of the temporary WAN profile Menu 11.1 Menu 11.1 Enable the name of wan node Enable the wan profile Disable the wan profile Set the wan protocol Set the wan multiplex Menu 11.1 Menu 11.1 Menu 11.1 Menu 11.1
22 of 26
6/4/2013 10:33
wan node ppp authen [chap|pap|both] wan node ppp username [name] wan node ppp password [password] wan node service [name] wan node bridge [on|off]
Set PPP authentication type Set PPP username Set PPP password Set PPPoE service name Set the wan bridge mode
Menu 11.1 Menu 11.1 Menu 11.1 Menu 11.1 Menu 11.1
Set the wan IP routing mode wan node routeip [on|off] wan node callsch [set1#][set2#][set3#] [set4#] wan node nailedup [on|off] wan node vpi [num] wan node vci [num] wan node qos[ubr|cbr] wan node pcr [num] wan node scr [num] wan node mbs [num] wan node wanip [static|dynamic] [address] wan node remoteip [address] [subnet mask] wan node nat [off | sua | full] [address mapping #] wan node rip [none|in|out|both] [rip1|rip2b|rip2m] wan node multicast [none|igmpv1|igmpv2] wan node filter [incoming|outgoing] [tcpip|generic] [set #1] [set #2] [set #3] [set #4] wan node save wan node display ip route addrom index [Rule #] ip route addrom name [Name] ip route addrom active [on|off] ip route addrom set [dest address/ mask bits] [gateway] [metric] ip route addrom private [yes|no] ip route addrom disp ip route addrom freememory ip route addrom save ip route addrom clear [Index #] Set call schedule set, set number 0 means empty Set nailed up connection on/off Set the wan vpi. Range : 0~255 Set the wan vci. Range : 32~65535 Set the wan QOS type to be UBR or CBR Set the wan PCR value Set the wan SCR value Set the wan MBS value Set the wan IP address Set the remote gateway IP address and subnet mask Set type wan NAT mode to be off or SUA or Full feature Set the wan RIP mode and RIP version Set the wan IP multicast mode Set WAN filter, incoming or outgoing can be specified, and filter set can be 1-12, value 0 means empty Save the related parameters of WAN node Display WAN profile configuration in buffer Select a Static Route index 1-16 to edit Set Rule Name Set Active or Inactive Flag Set IP static route Example: > ip ro addrom set 192.168.1.33/24 192.168.1.1 2 Set Private Flag Display both working buffer and Editing Entry Discard all changes Save edited settings Clear Static Route Index
Menu 11.1
Menu 11.1 Menu 11.1 Menu 11.6 Menu 11.6 Menu 11.6 Menu 11.6 Menu 11.6 Menu 11.6 Menu 11.3 Menu 11.3 Menu 11.3 Menu 11.3 Menu 11.3 Menu 11.5
Display Menu 11 Menu 12.1 Menu 12.1 Menu 12.1 Menu 12.1
23 of 26
6/4/2013 10:33
Select NAT address mapping set and set mapping set name, but set name is optional ip nat addrmap map [map#] [set name] Example:
Menu 15.1
> ip nat addrmap map 1 myset Set NAT address mapping rule. If the type is not Menu 15.1 inside-server then the type field will still need a dummy value like 0. Type is 0 - 4 = one-to-one, many-to-one, many-toip nat addrmap rule [rule#] [insert | edit] many-overload, many-to-many-non overload, [type] [local start IP] [local end IP] [global inside-server start IP] [global end IP] [server set #] Example: > ip nat addrmap rule 1 edit 3 192.168.1.10 192.168.1.20 192.168.10.56 192.168.1.56 0 Clear the selected rule of the set Discard Changes Display nat set information Save settings
ip nat addrmap clear [map#] [rule#] ip nat addrmap freememory ip nat addrmap disp ip nat addrmap save ip nat server load [set#]
Menu 15.1 Menu 15.1 Menu 15.1 Menu 15.1 Menu 15.2 Menu 15.2
Load the server sets of NAT into buffer disp 1 means to display the NAT server set in ip nat server disp [1] buffer, if parameter 1 is omitted, then it will display all the server sets ip nat server save Save the NAT server set buffer into flash Clear the server set [set#], must use save ip nat server clear [set#] command to let it save into flash Activate the rule [rule#], rule number is 1 to 24, the ip nat server edit [rule#] active number 25-36 is for UPNP application ip nat server edit [rule#] svrport <start Configure the port range from <start port > to <end port> <end port> port> Configure the IP address range of remote host ip nat server edit [rule#] remotehost <start (Leave it to be default value if you dont need this IP> <end IP> command) ip nat server edit [rule#] leasetime Configure the lease time (Leave it to be default <seconds> value if you dont want this command) Configure the name of the rule (Leave it to be ip nat server edit [rule#] rulename <string> default value if you dont want this command) ip nat server edit [rule#] forwardip <IP Configure the LAN IP address to be forwarded address> ip nat server edit [rule#] protocol Configure the protocol to be used TCP , UDP or <TCP|UDP|ALL> ALL (it must be capital) Set the index of filter set rule, you may apply this sys filter set index [set#] [rule#] command first before you begin to configure the filter rules sys filter set name [set name] Set the name of filter set sys filter set type [tcpip | generic] sys filter set enable sys filter set disable sys filter set protocol [protocol #] sys filter set sourceroute [yes|no] Set the type of filter rule Enable the rule Disable the rule Set the protocol ID of the rule
Menu 15.2 Menu 15.2 Menu 15.2 Menu 15.2 Menu 21 filter sets
Menu 21 filter sets Menu 21 filter sets Menu 21 filter sets Menu 21 filter sets Menu 21 filter sets Menu 21 filter sets Menu 21 filter sets
Set the sourceroute yes/no Set the destination IP address and subnet mask of sys filter set destip [address] [subnet mask] the rule
24 of 26
6/4/2013 10:33
Set the destination port and compare type (compare Menu 21 filter sets type could be 0(none)|1(equal)|2(not equal)|3(less)|4(greater) ) Menu 21 filter sets sys filter set srcip [address] [subnet mask] Set the source IP address and subnet mask Set the source port and compare type (compare type Menu 21 filter sets sys filter set srcport [port#] [compare type could be 0(none)|1(equal)|2(not = none|equal|not equal|less|greater] equal)|3(less)|4(greater) ) sys filter set tcpEstab [yes|no] Set TCP establish option Menu 21 filter sets sys filter set more [yes|no] Set the more option to yes/no sys filter set destport [port#] [compare type = none|equal|notequal|less|greater] sys filter set log [type 0-3= none | match| notmatch | both ] sys filter set actmatch[type 0-2 = checknext | forward | drop] sys filter set actnomatch [type 0-2 = checknext | forward | drop] sys filter set offset [#] sys filter set length [#] sys filter set mask [#] sys filter set value [(depend on length in hex)] sys filter set clear sys filter set save sys filter set display [set#][rule#] sys filter set freememory Set the log type (it could be 0-3 =none, match, not match, both) Set the action for match Set the action for not match Set offset for the generic rule Set the length for generic rule Set the mask for generic rule Set the value for generic rule Clear the current filter set Save the filter set parameters Display Filter set information. W/o parameter, it will display buffer information. Discard Changes Display SNMP parameters Set the community string of get Set the community string of set Set the IP address of trusted host Set the community string of trap Set the destination address of trap Discard changes Clear Working Buffer Set the SNMP parameters Menu 22 SNMP Menu 23 system password Menu 24.2.2 console speed Menu 22 Menu 22 SNMP Menu 22 SNMP Menu 22 SNMP Menu 22 SNMP Menu 22 SNMP Menu 21 filter sets Menu 21 filter sets Menu 21 filter sets Menu 21, its for generic filter Menu 21, its for generic filter Menu 21, its for generic filter Menu 21, its for generic filter Menu 21
sys snmp disp

sys snmp get [community] sys snmp set [community] sys snmp trusthost [IP address] sys snmp trap community [community] sys snmp trap destination [IP address] sys snmp discard sys snmp clear sys snmp save
sys password [new password]
Set system password [save immediately] Index 12,3 will be 38400,19200, 9600, 57600, 115200 bps [save immediately] Load setting before editing Set the server access type to be 0: ALL, 1: None, 2:LAN only, 3:WAN only Set the server port number Set the server security IP address Display server settings, [1] means display buffer
sys baud [1-5]
sys server load

sys server access [ftp|telnet|web] [access type] sys server port [ftp|telnet|web] [port] sys server secureip[ftp|telnet|web] [address] sys server disp [1]
Menu 24.11 remote management Menu 24.11 remote management Menu 24.11 remote management
25 of 26
6/4/2013 10:33
sys server save
Save the embedded server (remote management) parameters Load system parameters into working buffer Display the working buffer Set the wireless ESSID Set to hide ESSID or not Menu 3.5 for Wireless LAN Menu 3.5 for Wireless LAN Menu 3.5 for wireless LAN Menu 3.5 for wireless LAN Menu 3.5 for wireless LAN Menu 3.5 for wireless LAN Menu 3.5 for wireless LAN Menu 3.5 for wireless LAN Menu 3.5 for wireless LAN Menu 3.5 for wireless LAN Menu 3.5.1 for wireless LAN Menu 3.5.1 for wireless LAN Menu 3.5.1 for wireless LAN Menu 3.5.1 for wireless LAN
wlan load wlan disp wlan essid [name] wlan hideessid [on|off] wlan chid [#=1~11] wlan threshold rts [value] wlan threshold fragment [value] wlan wep type [none|64|128]
Set channel ID 1-11 Set the RTS threshold value Set fragment threshold Set the wep type to be none, 64bit or 128bits
wlan wep key set [key set#1-4] [key value] Set wep key value wlan wep key default [key set # 1-4] Set default key set value
wlan macfilter enable wlan macfilter disable wlan macfilter action [allow|deny] wlan macfilter set [set# 1-12] [mac address] wlan clear wlan save
Enable mac filter Disable mac filter Set the action type of filter Set the mac address of filter Clear Working Buffer Save wireless MAC filter parameters
All contents copyright 2004 ZyXEL Communications Corporation.
26 of 26
6/4/2013 10:33

ZyNOS CI Command List

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

ZyNOS CI Command List

Загружено:

Авторское право:

Доступные форматы

ZyNOS CI Command List

System Related Commands [ch-name]: enet0, mpoa00