Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system npu

Configure NPU attributes.

config system npu

Description: Configure NPU attributes.

set dedicated-management-cpu [enable|disable]

config port-cpu-map

Description: Configure NPU interface to CPU core mapping.

edit <interface>

set cpu-core {string}

next

end

set fastpath [disable|enable]

set capwap-offload [enable|disable]

set ipsec-enc-subengine-mask {user}

set ipsec-dec-subengine-mask {user}

set sw-np-bandwidth [0G|2G|...]

set strip-esp-padding [enable|disable]

set strip-clear-text-padding [enable|disable]

set ipsec-inbound-cache [enable|disable]

set sse-backpressure [enable|disable]

set rdp-offload [enable|disable]

set ipsec-over-vlink [enable|disable]

set qos-mode [disable|priority|...]

config isf-np-queues

Description: Configure queues of switch port connected to NP6 XAUI on ingress path.

set cos0 {string}

set cos1 {string}

set cos2 {string}

set cos3 {string}

set cos4 {string}

set cos5 {string}

set cos6 {string}

set cos7 {string}

end

set recover-np6-link [enable|disable]

set mcast-session-accounting [tpe-based|session-based|...]

set ipsec-mtu-override [disable|enable]

config priority-protocol

Description: Configure NPU priority protocol.

set bgp [enable|disable]

set slbc [enable|disable]

set bfd [enable|disable]

end

end

config system npu

Parameter

Description

Type

Size

Default

dedicated-management-cpu

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

option

-

disable

 

Option

Description

enable

Enable dedication of CPU #0 for management tasks.

disable

Disable dedication of CPU #0 for management tasks.

fastpath

Enable/disable NP6 offloading (also called fast path).

option

-

enable

 

Option

Description

disable

Disable NP6 offloading (fast path).

enable

Enable NP6 offloading (fast path).

capwap-offload

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

option

-

enable

 

Option

Description

enable

Enable CAPWAP offload.

disable

Disable CAPWAP offload.

ipsec-enc-subengine-mask

IPsec encryption subengine mask (0x1 - 0xff, default 0xff).

user

Not Specified

ipsec-dec-subengine-mask

IPsec decryption subengine mask (0x1 - 0xff, default 0xff).

user

Not Specified

sw-np-bandwidth

Bandwidth from switch to NP.

option

-

0G

 

Option

Description

0G

Default value. No bandwidth control.

2G

2Gbps.

4G

4Gbps.

5G

5Gbps.

6G

6Gbps.

strip-esp-padding

Enable/disable stripping ESP padding.

option

-

disable

 

Option

Description

enable

Enable stripping ESP padding.

disable

Disable stripping ESP padding.

strip-clear-text-padding

Enable/disable stripping clear text padding.

option

-

disable

 

Option

Description

enable

Enable stripping clear text padding.

disable

Disable stripping clear text padding.

ipsec-inbound-cache

Enable/disable IPsec inbound cache for anti-replay.

option

-

enable

 

Option

Description

enable

Enable inbound cache always.

disable

Disable inbound cache when IPsec anti-replay is on.

sse-backpressure

Enable/disable sse backpressure.

option

-

disable

 

Option

Description

enable

Enable sse backpressureg.

disable

Disable sse backpressureg.

rdp-offload

Enable/disable rdp offload.

option

-

enable

 

Option

Description

enable

Enable reliable datagram protocol traffic offload.

disable

Disable reliable datagram protocol traffic offload.

ipsec-over-vlink

Enable/disable IPSEC over vlink.

option

-

disable

 

Option

Description

enable

Enable IPSEC over vlink.

disable

Disable IPSEC over vlink.

qos-mode

QoS mode on switch and NP.

option

-

disable

 

Option

Description

disable

Disable QoS on switch and NP.

priority

Priority based.

round-robin

Round Robin Scheduler.

recover-np6-link

Enable/disable internal link failure check and recovery after boot up.

option

-

disable

 

Option

Description

enable

Enable internal link failure check and recovery after boot up.

disable

Disable internal link failure check and recovery after boot up.

mcast-session-accounting

Enable/disable traffic accounting for each multicast session through TAE counter.

option

-

tpe-based

 

Option

Description

tpe-based

Enable TPE-based multicast session accounting.

session-based

Enable session-based multicast session accounting.

disable

Disable multicast session accounting.

ipsec-mtu-override

Enable/disable NP6 IPsec MTU override.

option

-

disable

 

Option

Description

disable

Disable NP6 IPsec MTU override.

enable

Enable NP6 IPsec MTU override.

Parameter

Description

Type

Size

Default

cpu-core

The CPU core to map to an interface.

string

Maximum length: 31

all

Parameter

Description

Type

Size

Default

cos0

CoS profile name for CoS 0.

string

Maximum length: 35

cos1

CoS profile name for CoS 1.

string

Maximum length: 35

cos2

CoS profile name for CoS 2.

string

Maximum length: 35

cos3

CoS profile name for CoS 3.

string

Maximum length: 35

cos4

CoS profile name for CoS 4.

string

Maximum length: 35

cos5

CoS profile name for CoS 5.

string

Maximum length: 35

cos6

CoS profile name for CoS 6.

string

Maximum length: 35

cos7

CoS profile name for CoS 7.

string

Maximum length: 35

Parameter

Description

Type

Size

Default

bgp

Enable/disable NPU BGP priority protocol.

option

-

disable

 

Option

Description

enable

Enable NPU BGP priority protocol.

disable

Disable NPU BGP priority protocol.

slbc

Enable/disable NPU SLBC priority protocol.

option

-

enable

 

Option

Description

enable

Enable NPU SLBC priority protocol.

disable

Disable NPU SLBC priority protocol.

bfd

Enable/disable NPU BFD priority protocol.

option

-

enable

 

Option

Description

enable

Enable NPU BFD priority protocol.

disable

Disable NPU BFD priority protocol.

config system npu

Configure NPU attributes.

config system npu

Description: Configure NPU attributes.

set dedicated-management-cpu [enable|disable]

config port-cpu-map

Description: Configure NPU interface to CPU core mapping.

edit <interface>

set cpu-core {string}

next

end

set fastpath [disable|enable]

set capwap-offload [enable|disable]

set ipsec-enc-subengine-mask {user}

set ipsec-dec-subengine-mask {user}

set sw-np-bandwidth [0G|2G|...]

set strip-esp-padding [enable|disable]

set strip-clear-text-padding [enable|disable]

set ipsec-inbound-cache [enable|disable]

set sse-backpressure [enable|disable]

set rdp-offload [enable|disable]

set ipsec-over-vlink [enable|disable]

set qos-mode [disable|priority|...]

config isf-np-queues

Description: Configure queues of switch port connected to NP6 XAUI on ingress path.

set cos0 {string}

set cos1 {string}

set cos2 {string}

set cos3 {string}

set cos4 {string}

set cos5 {string}

set cos6 {string}

set cos7 {string}

end

set recover-np6-link [enable|disable]

set mcast-session-accounting [tpe-based|session-based|...]

set ipsec-mtu-override [disable|enable]

config priority-protocol

Description: Configure NPU priority protocol.

set bgp [enable|disable]

set slbc [enable|disable]

set bfd [enable|disable]

end

end

config system npu

Parameter

Description

Type

Size

Default

dedicated-management-cpu

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

option

-

disable

 

Option

Description

enable

Enable dedication of CPU #0 for management tasks.

disable

Disable dedication of CPU #0 for management tasks.

fastpath

Enable/disable NP6 offloading (also called fast path).

option

-

enable

 

Option

Description

disable

Disable NP6 offloading (fast path).

enable

Enable NP6 offloading (fast path).

capwap-offload

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

option

-

enable

 

Option

Description

enable

Enable CAPWAP offload.

disable

Disable CAPWAP offload.

ipsec-enc-subengine-mask

IPsec encryption subengine mask (0x1 - 0xff, default 0xff).

user

Not Specified

ipsec-dec-subengine-mask

IPsec decryption subengine mask (0x1 - 0xff, default 0xff).

user

Not Specified

sw-np-bandwidth

Bandwidth from switch to NP.

option

-

0G

 

Option

Description

0G

Default value. No bandwidth control.

2G

2Gbps.

4G

4Gbps.

5G

5Gbps.

6G

6Gbps.

strip-esp-padding

Enable/disable stripping ESP padding.

option

-

disable

 

Option

Description

enable

Enable stripping ESP padding.

disable

Disable stripping ESP padding.

strip-clear-text-padding

Enable/disable stripping clear text padding.

option

-

disable

 

Option

Description

enable

Enable stripping clear text padding.

disable

Disable stripping clear text padding.

ipsec-inbound-cache

Enable/disable IPsec inbound cache for anti-replay.

option

-

enable

 

Option

Description

enable

Enable inbound cache always.

disable

Disable inbound cache when IPsec anti-replay is on.

sse-backpressure

Enable/disable sse backpressure.

option

-

disable

 

Option

Description

enable

Enable sse backpressureg.

disable

Disable sse backpressureg.

rdp-offload

Enable/disable rdp offload.

option

-

enable

 

Option

Description

enable

Enable reliable datagram protocol traffic offload.

disable

Disable reliable datagram protocol traffic offload.

ipsec-over-vlink

Enable/disable IPSEC over vlink.

option

-

disable

 

Option

Description

enable

Enable IPSEC over vlink.

disable

Disable IPSEC over vlink.

qos-mode

QoS mode on switch and NP.

option

-

disable

 

Option

Description

disable

Disable QoS on switch and NP.

priority

Priority based.

round-robin

Round Robin Scheduler.

recover-np6-link

Enable/disable internal link failure check and recovery after boot up.

option

-

disable

 

Option

Description

enable

Enable internal link failure check and recovery after boot up.

disable

Disable internal link failure check and recovery after boot up.

mcast-session-accounting

Enable/disable traffic accounting for each multicast session through TAE counter.

option

-

tpe-based

 

Option

Description

tpe-based

Enable TPE-based multicast session accounting.

session-based

Enable session-based multicast session accounting.

disable

Disable multicast session accounting.

ipsec-mtu-override

Enable/disable NP6 IPsec MTU override.

option

-

disable

 

Option

Description

disable

Disable NP6 IPsec MTU override.

enable

Enable NP6 IPsec MTU override.

Parameter

Description

Type

Size

Default

cpu-core

The CPU core to map to an interface.

string

Maximum length: 31

all

Parameter

Description

Type

Size

Default

cos0

CoS profile name for CoS 0.

string

Maximum length: 35

cos1

CoS profile name for CoS 1.

string

Maximum length: 35

cos2

CoS profile name for CoS 2.

string

Maximum length: 35

cos3

CoS profile name for CoS 3.

string

Maximum length: 35

cos4

CoS profile name for CoS 4.

string

Maximum length: 35

cos5

CoS profile name for CoS 5.

string

Maximum length: 35

cos6

CoS profile name for CoS 6.

string

Maximum length: 35

cos7

CoS profile name for CoS 7.

string

Maximum length: 35

Parameter

Description

Type

Size

Default

bgp

Enable/disable NPU BGP priority protocol.

option

-

disable

 

Option

Description

enable

Enable NPU BGP priority protocol.

disable

Disable NPU BGP priority protocol.

slbc

Enable/disable NPU SLBC priority protocol.

option

-

enable

 

Option

Description

enable

Enable NPU SLBC priority protocol.

disable

Disable NPU SLBC priority protocol.

bfd

Enable/disable NPU BFD priority protocol.

option

-

enable

 

Option

Description

enable

Enable NPU BFD priority protocol.

disable

Disable NPU BFD priority protocol.