config system interface

Configure interfaces.

config system interface
    Description: Configure interfaces.
    edit <name>
        set mode [static|dhcp]
        set distance {integer}
        set priority {integer}
        set dhcp-relay-service [disable|enable]
        set dhcp-relay-ip {user}
        set dhcp-relay-type {option}
        set ip {ipv4-classnet-host}
        set allowaccess [ping|https|...]
        set fail-detect [enable|disable]
        set fail-detect-option [detectserver|link-down]
        set fail-alert-method [link-failed-signal|link-down]
        set fail-action-on-extender [soft-restart|hard-restart|...]
        config fail-alert-interfaces
            Description: Physical interfaces that will be alerted.
            edit <name>
            next
        end
        set dhcp-client-identifier {string}
        set dhcp-renew-time {integer}
        set defaultgw [enable|disable]
        set dns-server-override [enable|disable]
        set macaddr {mac-address}
        set speed [auto|10full|...]
        set status [up|down]
        set type [physical|vlan|...]
        set dedicated-to [none|management]
        set trust-ip-1 {ipv4-classnet-any}
        set trust-ip-2 {ipv4-classnet-any}
        set trust-ip-3 {ipv4-classnet-any}
        set trust-ip6-1 {ipv6-prefix}
        set trust-ip6-2 {ipv6-prefix}
        set trust-ip6-3 {ipv6-prefix}
        set mtu-override [enable|disable]
        set mtu {integer}
        set wccp [enable|disable]
        set drop-overlapped-fragment [enable|disable]
        set drop-fragment [enable|disable]
        set large-receive-offload [enable|disable]
        set generic-receive-offload [enable|disable]
        set explicit-web-proxy [enable|disable]
        set explicit-ftp-proxy [enable|disable]
        set proxy-captive-portal [enable|disable]
        set tcp-mss {integer}
        set inbandwidth {integer}
        set outbandwidth {integer}
        set egress-shaping-profile {string}
        set ingress-shaping-profile {string}
        set weight {integer}
        set interface {string}
        set vlanid {integer}
        config member
            Description: Physical interfaces that belong to the aggregate/redundant interface.
            edit <interface-name>
            next
        end
        set lacp-mode [static|passive|...]
        set lacp-ha-secondary [enable|disable]
        set lacp-speed [slow|fast]
        set min-links {integer}
        set min-links-down [operational|administrative]
        set algorithm [L2|L3|...]
        set link-up-delay {integer}
        set priority-override [enable|disable]
        set aggregate {string}
        set redundant-interface {string}
        set devindex {integer}
        set description {var-string}
        set alias {string}
        set security-mode [none|captive-portal|...]
        set security-mac-auth-bypass [enable|disable]
        set security-external-web {string}
        set security-external-logout {string}
        set replacemsg-override-group {string}
        set security-redirect-url {string}
        set security-exempt-list {string}
        config security-groups
            Description: Group name.
            edit <name>
            next
        end
        set role [lan|wan|...]
        set snmp-index {integer}
        set secondary-IP [enable|disable]
        config secondaryip
            Description: Second IP address of interface.
            edit <id>
                set ip {ipv4-classnet-host}
                set allowaccess [ping|https|...]
            next
        end
        set scan-botnet-connections [disable|block]
        config ipv6
            Description: IPv6 of interface.
            set ip6-mode [static|dhcp|...]
            set ip6-dns-server-override [enable|disable]
            set ip6-address {ipv6-prefix}
            config ip6-extra-addr
                Description: Extra IPv6 address prefixes of interface.
                edit <prefix>
                next
            end
            set ip6-allowaccess [ping|https|...]
            set ip6-send-adv [enable|disable]
            set ip6-manage-flag [enable|disable]
            set ip6-other-flag [enable|disable]
            set ip6-max-interval {integer}
            set ip6-min-interval {integer}
            set ip6-link-mtu {integer}
            set ip6-reachable-time {integer}
            set ip6-retrans-time {integer}
            set ip6-default-life {integer}
            set ip6-hop-limit {integer}
            set autoconf [enable|disable]
            set ip6-upstream-interface {string}
            set ip6-subnet {ipv6-prefix}
            config ip6-prefix-list
                Description: Advertised prefix list.
                edit <prefix>
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set valid-life-time {integer}
                    set preferred-life-time {integer}
                next
            end
            config ip6-delegated-prefix-list
                Description: Advertised IPv6 delegated prefix list.
                edit <prefix-id>
                    set upstream-interface {string}
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set subnet {ipv6-network}
                next
            end
            set dhcp6-relay-service [disable|enable]
            set dhcp6-relay-type {option}
            set dhcp6-relay-ip {user}
            set dhcp6-client-options [rapid|iapd|...]
            set dhcp6-prefix-delegation [enable|disable]
            set dhcp6-information-request [enable|disable]
            set dhcp6-prefix-hint {ipv6-network}
            set dhcp6-prefix-hint-plt {integer}
            set dhcp6-prefix-hint-vlt {integer}
        end
    next
end

config system interface

Parameter

Description

Type

Size

mode

Addressing mode (static, DHCP).

option

Option	Description
static	Static setting.
dhcp	External DHCP client mode.

distance

Distance for routes learned through DHCP, lower distance indicates preferred route.

integer

Minimum value: 1 Maximum value: 255

priority

Priority of learned routes.

integer

Minimum value: 0 Maximum value: 4294967295

dhcp-relay-service

Enable/disable allowing this interface to act as a DHCP relay.

option

Option	Description
disable	None.
enable	DHCP relay agent.

dhcp-relay-ip

DHCP relay IP address.

user

Not Specified

dhcp-relay-type

DHCP relay type (regular).

option

Option	Description
regular	Regular DHCP relay.

IP address of interface.

ipv4-classnet-host

Not Specified

allowaccess

Allow management access to the interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
radius-acct	RADIUS accounting access.
ftm	FTM access.

fail-detect

Enable/disable interface failed option status.

option

Option	Description
enable	Enable interface failed option status.
disable	Disable interface failed option status.

fail-detect-option

Interface fail detect option.

option

Option	Description
detectserver	Detect server.
link-down	Link-down.

fail-alert-method

Interface fail alert.

option

Option	Description
link-failed-signal	Link-failed-signal.
link-down	Link-down.

fail-action-on-extender

Action on extender when interface fail .

option

Option	Description
soft-restart	Soft-restart-on-extender.
hard-restart	Hard-restart-on-extender.
reboot	Reboot-on-extender.

dhcp-client-identifier

DHCP client identifier.

string

Maximum length: 48

dhcp-renew-time

DHCP renew time .

integer

Minimum value: 300 Maximum value: 604800

defaultgw

Enable to get the gateway IP from the DHCP or PPPoE server.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

dns-server-override

Enable/disable use DNS acquired by DHCP or PPPoE.

option

Option	Description
enable	Use DNS acquired by DHCP.
disable	No not use DNS acquired by DHCP.

macaddr

MAC address.

mac-address

Not Specified

speed

Speed

option

Option	Description
auto	Automatically adjust speed.
10full	10M full-duplex.
10half	10M half-duplex.
100full	100M full-duplex.
100half	100M half-duplex.
1000full	1000M full-duplex.
1000half	1000M half-duplex.
1000auto	1000M auto adjust.

status

Interface status.

option

Option	Description
up	Interface up.
down	Interface down.

type

Interface type.

option

Option	Description
physical	Physical interface.
vlan	VLAN interface.
aggregate	aggregate interface
redundant	Redundant interface.
tunnel	Tunnel interface.
loopback	Loopback interface.

dedicated-to

Configure interface for single purpose.

option

Option	Description
none	Interface not dedicated for any purpose.
management	Dedicate this interface for management purposes only.

trust-ip-1

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip-2

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip-3

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip6-1

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

trust-ip6-2

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

trust-ip6-3

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

mtu-override

Enable/disable use custom MTU.

option

Option	Description
enable	Override default MTU.
disable	Use default MTU (1500).

mtu

Maximum transportation unit.

integer

Minimum value: 0 Maximum value: 4294967295

wccp

Enable/disable WCCP protocol on this interface.

option

Option	Description
enable	Enable WCCP protocol on this interface.
disable	Disable WCCP protocol on this interface.

drop-overlapped-fragment

Enable/disable drop overlapped fragment packets.

option

Option	Description
enable	Enable drop of overlapped fragment packets.
disable	Disable drop of overlapped fragment packets.

drop-fragment

Enable/disable drop fragment packets.

option

Option	Description
enable	Enable/disable drop fragment packets.
disable	Do not drop fragment packets.

large-receive-offload

Enable/disable large-receive-offload.

option

Option	Description
enable	Enable large-receive-offload.
disable	Disable large-receive-offload.

generic-receive-offload

Enable/disable generic-receive-offload.

option

Option	Description
enable	Enable generic-receive-offload.
disable	Disable generic-receive-offload.

explicit-web-proxy

Enable/disable explicit Web proxy.

option

Option	Description
enable	Enable explicit Web proxy on this interface.
disable	Disable explicit Web proxy on this interface.

explicit-ftp-proxy

Enable/disable explicit FTP proxy.

option

Option	Description
enable	Enable explicit FTP proxy on this interface.
disable	Disable explicit FTP proxy on this interface.

proxy-captive-portal

Enable/disable proxy captive portal on this interface.

option

Option	Description
enable	Enable proxy captive portal on this interface.
disable	Disable proxy captive portal on this interface.

tcp-mss

Maximum sending TCP packet size.

integer

Minimum value: 0 Maximum value: 4294967295

inbandwidth

Bandwidth limit for incoming traffic , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

outbandwidth

Bandwidth limit for outgoing traffic .

integer

Minimum value: 0 Maximum value: 16776000

egress-shaping-profile

Outgoing traffic shaping profile.

string

Maximum length: 35

ingress-shaping-profile

Incoming traffic shaping profile.

string

Maximum length: 35

weight

Default weight for static routes (if route has no weight configured).

integer

Minimum value: 0 Maximum value: 255

interface

Interface name.

string

Maximum length: 15

vlanid

VLAN ID.

integer

Minimum value: 1 Maximum value: 4094

lacp-mode

LACP mode.

option

Option	Description
static	Use static aggregation, do not send and ignore any LACP messages.
passive	Passively use LACP to negotiate 802.3ad aggregation.
active	Actively use LACP to negotiate 802.3ad aggregation.

lacp-ha-secondary

LACP HA secondary.

option

Option	Description
enable	Allow HA secondary to send/receive LACP messages.
disable	Block HA secondary from sending/receiving LACP messages.

lacp-speed

LACP speed.

option

Option	Description
slow	Send LACP message every 30 seconds.
fast	Send LACP message every second.

min-links

Minimum number of aggregated ports that must be up.

integer

Minimum value: 1 Maximum value: 32

min-links-down

Action to take when there are less than min-links active members.

option

Option	Description
operational	Set the aggregate operationally down.
administrative	Set the aggregate administratively down.

algorithm

Frame distribution algorithm.

option

Option	Description
L2	Use layer 2 address for distribution.
L3	Use layer 3 address for distribution.
L4	Use layer 4 information for distribution.

link-up-delay

Number of milliseconds to wait before considering a link is up.

integer

Minimum value: 50 Maximum value: 3600000

priority-override

Enable/disable fail back to higher priority port once recovered.

option

Option	Description
enable	Enable fail back to higher priority port once recovered.
disable	Disable fail back to higher priority port once recovered.

aggregate

Aggregate interface.

string

Maximum length: 15

redundant-interface

Redundant interface.

string

Maximum length: 15

devindex

Device Index.

integer

Minimum value: 0 Maximum value: 4294967295

description

Description.

var-string

Maximum length: 255

alias

Alias.

string

Maximum length: 25

security-mode

Security mode.

option

Option	Description
none	No security option.
captive-portal	Captive portal authentication.
802.1X	802.1X port-based authentication.

security-mac-auth-bypass

Enable/disable MAC authentication bypass.

option

Option	Description
enable	Enable MAC authentication bypass.
disable	Disable MAC authentication bypass.

security-external-web

URL of external authentication web server.

string

Maximum length: 127

security-external-logout

URL of external authentication logout server.

string

Maximum length: 127

replacemsg-override-group

Specify replacement message override group.

string

Maximum length: 35

security-redirect-url

URL redirection after disclaimer/authentication.

string

Maximum length: 127

security-exempt-list

Name of security-exempt-list.

string

Maximum length: 35

role

Interface role.

option

Option	Description
lan	Connected to local network of endpoints.
wan	Connected to Internet.
dmz	Connected to server zone.
undefined	Interface has no specific role.

snmp-index

Permanent SNMP Index of the interface.

integer

Minimum value: 0 Maximum value: 4294967295

secondary-IP

Enable/disable secondary IP.

option

Option	Description
enable	Enable secondary IP.
disable	Disable secondary IP.

scan-botnet-connections

Enable monitoring or blocking connections to Botnet servers through this interface.

option

Option	Description
disable	Do not scan connections to botnet servers.
block	Block connections to botnet servers.

config secondaryip

Parameter

Description

Type

Size

IP address of interface.

ipv4-classnet-host

Not Specified

allowaccess

Allow management access to the interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
radius-acct	RADIUS accounting access.
ftm	FTM access.

config ipv6

Parameter

Description

Type

Size

ip6-mode

Addressing mode (static, DHCP, delegated).

option

Option	Description
static	Static setting.
dhcp	DHCPv6 client mode.
delegated	IPv6 address with delegated prefix.

ip6-dns-server-override

Enable/disable using the DNS server acquired by DHCP.

option

Option	Description
enable	Enable using the DNS server acquired by DHCP.
disable	Disable using the DNS server acquired by DHCP.

ip6-address

Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx

ipv6-prefix

Not Specified

ip6-allowaccess

Allow management access to the interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.

ip6-send-adv

Enable/disable sending advertisements about the interface.

option

Option	Description
enable	Enable sending advertisements about this interface.
disable	Disable sending advertisements about this interface.

ip6-manage-flag

Enable/disable the managed flag.

option

Option	Description
enable	Enable the managed IPv6 flag.
disable	Disable the managed IPv6 flag.

ip6-other-flag

Enable/disable the other IPv6 flag.

option

Option	Description
enable	Enable the other IPv6 flag.
disable	Disable the other IPv6 flag.

ip6-max-interval

IPv6 maximum interval (4 to 1800 sec).

integer

Minimum value: 4 Maximum value: 1800

ip6-min-interval

IPv6 minimum interval (3 to 1350 sec).

integer

Minimum value: 3 Maximum value: 1350

ip6-link-mtu

IPv6 link MTU.

integer

Minimum value: 1280 Maximum value: 16000

ip6-reachable-time

IPv6 reachable time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 3600000

ip6-retrans-time

IPv6 retransmit time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 4294967295

ip6-default-life

Default life (sec).

integer

Minimum value: 0 Maximum value: 9000

ip6-hop-limit

Hop limit (0 means unspecified).

integer

Minimum value: 0 Maximum value: 255

autoconf

Enable/disable address auto config.

option

Option	Description
enable	Enable auto-configuration.
disable	Disable auto-configuration.

ip6-upstream-interface

Interface name providing delegated information.

string

Maximum length: 15

ip6-subnet

Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx

ipv6-prefix

Not Specified

dhcp6-relay-service

Enable/disable DHCPv6 relay.

option

Option	Description
disable	Disable DHCPv6 relay
enable	Enable DHCPv6 relay.

dhcp6-relay-type

DHCPv6 relay type.

option

Option	Description
regular	Regular DHCP relay.

dhcp6-relay-ip

DHCPv6 relay IP address.

user

Not Specified

dhcp6-client-options

DHCPv6 client options.

option

Option	Description
rapid	Send rapid commit option.
iapd	Send including IA-PD option.
iana	Send including IA-NA option.

dhcp6-prefix-delegation

Enable/disable DHCPv6 prefix delegation.

option

Option	Description
enable	Enable DHCPv6 prefix delegation.
disable	Disable DHCPv6 prefix delegation.

dhcp6-information-request

Enable/disable DHCPv6 information request.

option

Option	Description
enable	Enable DHCPv6 information request.
disable	Disable DHCPv6 information request.

dhcp6-prefix-hint

DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.

ipv6-network

Not Specified

dhcp6-prefix-hint-plt

DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.

integer

Minimum value: 0 Maximum value: 4294967295

dhcp6-prefix-hint-vlt

DHCPv6 prefix hint valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-prefix-list

Parameter

Description

Type

Size

autonomous-flag

Enable/disable the autonomous flag.

option

Option	Description
enable	Enable the autonomous flag.
disable	Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

Option	Description
enable	Enable the onlink flag.
disable	Disable the onlink flag.

valid-life-time

Valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

preferred-life-time

Preferred life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-delegated-prefix-list

Parameter

Description

Type

Size

upstream-interface

Name of the interface that provides delegated information.

string

Maximum length: 15

autonomous-flag

Enable/disable the autonomous flag.

option

Option	Description
enable	Enable the autonomous flag.
disable	Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

Option	Description
enable	Enable the onlink flag.
disable	Disable the onlink flag.

subnet

Add subnet ID to routing prefix.

ipv6-network

Not Specified

config system interface

Configure interfaces.

config system interface
    Description: Configure interfaces.
    edit <name>
        set mode [static|dhcp]
        set distance {integer}
        set priority {integer}
        set dhcp-relay-service [disable|enable]
        set dhcp-relay-ip {user}
        set dhcp-relay-type {option}
        set ip {ipv4-classnet-host}
        set allowaccess [ping|https|...]
        set fail-detect [enable|disable]
        set fail-detect-option [detectserver|link-down]
        set fail-alert-method [link-failed-signal|link-down]
        set fail-action-on-extender [soft-restart|hard-restart|...]
        config fail-alert-interfaces
            Description: Physical interfaces that will be alerted.
            edit <name>
            next
        end
        set dhcp-client-identifier {string}
        set dhcp-renew-time {integer}
        set defaultgw [enable|disable]
        set dns-server-override [enable|disable]
        set macaddr {mac-address}
        set speed [auto|10full|...]
        set status [up|down]
        set type [physical|vlan|...]
        set dedicated-to [none|management]
        set trust-ip-1 {ipv4-classnet-any}
        set trust-ip-2 {ipv4-classnet-any}
        set trust-ip-3 {ipv4-classnet-any}
        set trust-ip6-1 {ipv6-prefix}
        set trust-ip6-2 {ipv6-prefix}
        set trust-ip6-3 {ipv6-prefix}
        set mtu-override [enable|disable]
        set mtu {integer}
        set wccp [enable|disable]
        set drop-overlapped-fragment [enable|disable]
        set drop-fragment [enable|disable]
        set large-receive-offload [enable|disable]
        set generic-receive-offload [enable|disable]
        set explicit-web-proxy [enable|disable]
        set explicit-ftp-proxy [enable|disable]
        set proxy-captive-portal [enable|disable]
        set tcp-mss {integer}
        set inbandwidth {integer}
        set outbandwidth {integer}
        set egress-shaping-profile {string}
        set ingress-shaping-profile {string}
        set weight {integer}
        set interface {string}
        set vlanid {integer}
        config member
            Description: Physical interfaces that belong to the aggregate/redundant interface.
            edit <interface-name>
            next
        end
        set lacp-mode [static|passive|...]
        set lacp-ha-secondary [enable|disable]
        set lacp-speed [slow|fast]
        set min-links {integer}
        set min-links-down [operational|administrative]
        set algorithm [L2|L3|...]
        set link-up-delay {integer}
        set priority-override [enable|disable]
        set aggregate {string}
        set redundant-interface {string}
        set devindex {integer}
        set description {var-string}
        set alias {string}
        set security-mode [none|captive-portal|...]
        set security-mac-auth-bypass [enable|disable]
        set security-external-web {string}
        set security-external-logout {string}
        set replacemsg-override-group {string}
        set security-redirect-url {string}
        set security-exempt-list {string}
        config security-groups
            Description: Group name.
            edit <name>
            next
        end
        set role [lan|wan|...]
        set snmp-index {integer}
        set secondary-IP [enable|disable]
        config secondaryip
            Description: Second IP address of interface.
            edit <id>
                set ip {ipv4-classnet-host}
                set allowaccess [ping|https|...]
            next
        end
        set scan-botnet-connections [disable|block]
        config ipv6
            Description: IPv6 of interface.
            set ip6-mode [static|dhcp|...]
            set ip6-dns-server-override [enable|disable]
            set ip6-address {ipv6-prefix}
            config ip6-extra-addr
                Description: Extra IPv6 address prefixes of interface.
                edit <prefix>
                next
            end
            set ip6-allowaccess [ping|https|...]
            set ip6-send-adv [enable|disable]
            set ip6-manage-flag [enable|disable]
            set ip6-other-flag [enable|disable]
            set ip6-max-interval {integer}
            set ip6-min-interval {integer}
            set ip6-link-mtu {integer}
            set ip6-reachable-time {integer}
            set ip6-retrans-time {integer}
            set ip6-default-life {integer}
            set ip6-hop-limit {integer}
            set autoconf [enable|disable]
            set ip6-upstream-interface {string}
            set ip6-subnet {ipv6-prefix}
            config ip6-prefix-list
                Description: Advertised prefix list.
                edit <prefix>
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set valid-life-time {integer}
                    set preferred-life-time {integer}
                next
            end
            config ip6-delegated-prefix-list
                Description: Advertised IPv6 delegated prefix list.
                edit <prefix-id>
                    set upstream-interface {string}
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set subnet {ipv6-network}
                next
            end
            set dhcp6-relay-service [disable|enable]
            set dhcp6-relay-type {option}
            set dhcp6-relay-ip {user}
            set dhcp6-client-options [rapid|iapd|...]
            set dhcp6-prefix-delegation [enable|disable]
            set dhcp6-information-request [enable|disable]
            set dhcp6-prefix-hint {ipv6-network}
            set dhcp6-prefix-hint-plt {integer}
            set dhcp6-prefix-hint-vlt {integer}
        end
    next
end

config system interface

Parameter

Description

Type

Size

mode

Addressing mode (static, DHCP).

option

Option	Description
static	Static setting.
dhcp	External DHCP client mode.

distance

Distance for routes learned through DHCP, lower distance indicates preferred route.

integer

Minimum value: 1 Maximum value: 255

priority

Priority of learned routes.

integer

Minimum value: 0 Maximum value: 4294967295

dhcp-relay-service

Enable/disable allowing this interface to act as a DHCP relay.

option

Option	Description
disable	None.
enable	DHCP relay agent.

dhcp-relay-ip

DHCP relay IP address.

user

Not Specified

dhcp-relay-type

DHCP relay type (regular).

option

Option	Description
regular	Regular DHCP relay.

IP address of interface.

ipv4-classnet-host

Not Specified

allowaccess

Allow management access to the interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
radius-acct	RADIUS accounting access.
ftm	FTM access.

fail-detect

Enable/disable interface failed option status.

option

Option	Description
enable	Enable interface failed option status.
disable	Disable interface failed option status.

fail-detect-option

Interface fail detect option.

option

Option	Description
detectserver	Detect server.
link-down	Link-down.

fail-alert-method

Interface fail alert.

option

Option	Description
link-failed-signal	Link-failed-signal.
link-down	Link-down.

fail-action-on-extender

Action on extender when interface fail .

option

Option	Description
soft-restart	Soft-restart-on-extender.
hard-restart	Hard-restart-on-extender.
reboot	Reboot-on-extender.

dhcp-client-identifier

DHCP client identifier.

string

Maximum length: 48

dhcp-renew-time

DHCP renew time .

integer

Minimum value: 300 Maximum value: 604800

defaultgw

Enable to get the gateway IP from the DHCP or PPPoE server.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

dns-server-override

Enable/disable use DNS acquired by DHCP or PPPoE.

option

Option	Description
enable	Use DNS acquired by DHCP.
disable	No not use DNS acquired by DHCP.

macaddr

MAC address.

mac-address

Not Specified

speed

Speed

option

Option	Description
auto	Automatically adjust speed.
10full	10M full-duplex.
10half	10M half-duplex.
100full	100M full-duplex.
100half	100M half-duplex.
1000full	1000M full-duplex.
1000half	1000M half-duplex.
1000auto	1000M auto adjust.

status

Interface status.

option

Option	Description
up	Interface up.
down	Interface down.

type

Interface type.

option

Option	Description
physical	Physical interface.
vlan	VLAN interface.
aggregate	aggregate interface
redundant	Redundant interface.
tunnel	Tunnel interface.
loopback	Loopback interface.

dedicated-to

Configure interface for single purpose.

option

Option	Description
none	Interface not dedicated for any purpose.
management	Dedicate this interface for management purposes only.

trust-ip-1

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip-2

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip-3

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip6-1

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

trust-ip6-2

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

trust-ip6-3

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

mtu-override

Enable/disable use custom MTU.

option

Option	Description
enable	Override default MTU.
disable	Use default MTU (1500).

mtu

Maximum transportation unit.

integer

Minimum value: 0 Maximum value: 4294967295

wccp

Enable/disable WCCP protocol on this interface.

option

Option	Description
enable	Enable WCCP protocol on this interface.
disable	Disable WCCP protocol on this interface.

drop-overlapped-fragment

Enable/disable drop overlapped fragment packets.

option

Option	Description
enable	Enable drop of overlapped fragment packets.
disable	Disable drop of overlapped fragment packets.

drop-fragment

Enable/disable drop fragment packets.

option

Option	Description
enable	Enable/disable drop fragment packets.
disable	Do not drop fragment packets.

large-receive-offload

Enable/disable large-receive-offload.

option

Option	Description
enable	Enable large-receive-offload.
disable	Disable large-receive-offload.

generic-receive-offload

Enable/disable generic-receive-offload.

option

Option	Description
enable	Enable generic-receive-offload.
disable	Disable generic-receive-offload.

explicit-web-proxy

Enable/disable explicit Web proxy.

option

Option	Description
enable	Enable explicit Web proxy on this interface.
disable	Disable explicit Web proxy on this interface.

explicit-ftp-proxy

Enable/disable explicit FTP proxy.

option

Option	Description
enable	Enable explicit FTP proxy on this interface.
disable	Disable explicit FTP proxy on this interface.

proxy-captive-portal

Enable/disable proxy captive portal on this interface.

option

Option	Description
enable	Enable proxy captive portal on this interface.
disable	Disable proxy captive portal on this interface.

tcp-mss

Maximum sending TCP packet size.

integer

Minimum value: 0 Maximum value: 4294967295

inbandwidth

Bandwidth limit for incoming traffic , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

outbandwidth

Bandwidth limit for outgoing traffic .

integer

Minimum value: 0 Maximum value: 16776000

egress-shaping-profile

Outgoing traffic shaping profile.

string

Maximum length: 35

ingress-shaping-profile

Incoming traffic shaping profile.

string

Maximum length: 35

weight

Default weight for static routes (if route has no weight configured).

integer

Minimum value: 0 Maximum value: 255

interface

Interface name.

string

Maximum length: 15

vlanid

VLAN ID.

integer

Minimum value: 1 Maximum value: 4094

lacp-mode

LACP mode.

option

Option	Description
static	Use static aggregation, do not send and ignore any LACP messages.
passive	Passively use LACP to negotiate 802.3ad aggregation.
active	Actively use LACP to negotiate 802.3ad aggregation.

lacp-ha-secondary

LACP HA secondary.

option

Option	Description
enable	Allow HA secondary to send/receive LACP messages.
disable	Block HA secondary from sending/receiving LACP messages.

lacp-speed

LACP speed.

option

Option	Description
slow	Send LACP message every 30 seconds.
fast	Send LACP message every second.

min-links

Minimum number of aggregated ports that must be up.

integer

Minimum value: 1 Maximum value: 32

min-links-down

Action to take when there are less than min-links active members.

option

Option	Description
operational	Set the aggregate operationally down.
administrative	Set the aggregate administratively down.

algorithm

Frame distribution algorithm.

option

Option	Description
L2	Use layer 2 address for distribution.
L3	Use layer 3 address for distribution.
L4	Use layer 4 information for distribution.

link-up-delay

Number of milliseconds to wait before considering a link is up.

integer

Minimum value: 50 Maximum value: 3600000

priority-override

Enable/disable fail back to higher priority port once recovered.

option

Option	Description
enable	Enable fail back to higher priority port once recovered.
disable	Disable fail back to higher priority port once recovered.

aggregate

Aggregate interface.

string

Maximum length: 15

redundant-interface

Redundant interface.

string

Maximum length: 15

devindex

Device Index.

integer

Minimum value: 0 Maximum value: 4294967295

description

Description.

var-string

Maximum length: 255

alias

Alias.

string

Maximum length: 25

security-mode

Security mode.

option

Option	Description
none	No security option.
captive-portal	Captive portal authentication.
802.1X	802.1X port-based authentication.

security-mac-auth-bypass

Enable/disable MAC authentication bypass.

option

Option	Description
enable	Enable MAC authentication bypass.
disable	Disable MAC authentication bypass.

security-external-web

URL of external authentication web server.

string

Maximum length: 127

security-external-logout

URL of external authentication logout server.

string

Maximum length: 127

replacemsg-override-group

Specify replacement message override group.

string

Maximum length: 35

security-redirect-url

URL redirection after disclaimer/authentication.

string

Maximum length: 127

security-exempt-list

Name of security-exempt-list.

string

Maximum length: 35

role

Interface role.

option

Option	Description
lan	Connected to local network of endpoints.
wan	Connected to Internet.
dmz	Connected to server zone.
undefined	Interface has no specific role.

snmp-index

Permanent SNMP Index of the interface.

integer

Minimum value: 0 Maximum value: 4294967295

secondary-IP

Enable/disable secondary IP.

option

Option	Description
enable	Enable secondary IP.
disable	Disable secondary IP.

scan-botnet-connections

Enable monitoring or blocking connections to Botnet servers through this interface.

option

Option	Description
disable	Do not scan connections to botnet servers.
block	Block connections to botnet servers.

config secondaryip

Parameter

Description

Type

Size

IP address of interface.

ipv4-classnet-host

Not Specified

allowaccess

Allow management access to the interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
radius-acct	RADIUS accounting access.
ftm	FTM access.

config ipv6

Parameter

Description

Type

Size

ip6-mode

Addressing mode (static, DHCP, delegated).

option

Option	Description
static	Static setting.
dhcp	DHCPv6 client mode.
delegated	IPv6 address with delegated prefix.

ip6-dns-server-override

Enable/disable using the DNS server acquired by DHCP.

option

Option	Description
enable	Enable using the DNS server acquired by DHCP.
disable	Disable using the DNS server acquired by DHCP.

ip6-address

Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx

ipv6-prefix

Not Specified

ip6-allowaccess

Allow management access to the interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.

ip6-send-adv

Enable/disable sending advertisements about the interface.

option

Option	Description
enable	Enable sending advertisements about this interface.
disable	Disable sending advertisements about this interface.

ip6-manage-flag

Enable/disable the managed flag.

option

Option	Description
enable	Enable the managed IPv6 flag.
disable	Disable the managed IPv6 flag.

ip6-other-flag

Enable/disable the other IPv6 flag.

option

Option	Description
enable	Enable the other IPv6 flag.
disable	Disable the other IPv6 flag.

ip6-max-interval

IPv6 maximum interval (4 to 1800 sec).

integer

Minimum value: 4 Maximum value: 1800

ip6-min-interval

IPv6 minimum interval (3 to 1350 sec).

integer

Minimum value: 3 Maximum value: 1350

ip6-link-mtu

IPv6 link MTU.

integer

Minimum value: 1280 Maximum value: 16000

ip6-reachable-time

IPv6 reachable time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 3600000

ip6-retrans-time

IPv6 retransmit time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 4294967295

ip6-default-life

Default life (sec).

integer

Minimum value: 0 Maximum value: 9000

ip6-hop-limit

Hop limit (0 means unspecified).

integer

Minimum value: 0 Maximum value: 255

autoconf

Enable/disable address auto config.

option

Option	Description
enable	Enable auto-configuration.
disable	Disable auto-configuration.

ip6-upstream-interface

Interface name providing delegated information.

string

Maximum length: 15

ip6-subnet

Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx

ipv6-prefix

Not Specified

dhcp6-relay-service

Enable/disable DHCPv6 relay.

option

Option	Description
disable	Disable DHCPv6 relay
enable	Enable DHCPv6 relay.

dhcp6-relay-type

DHCPv6 relay type.

option

Option	Description
regular	Regular DHCP relay.

dhcp6-relay-ip

DHCPv6 relay IP address.

user

Not Specified

dhcp6-client-options

DHCPv6 client options.

option

Option	Description
rapid	Send rapid commit option.
iapd	Send including IA-PD option.
iana	Send including IA-NA option.

dhcp6-prefix-delegation

Enable/disable DHCPv6 prefix delegation.

option

Option	Description
enable	Enable DHCPv6 prefix delegation.
disable	Disable DHCPv6 prefix delegation.

dhcp6-information-request

Enable/disable DHCPv6 information request.

option

Option	Description
enable	Enable DHCPv6 information request.
disable	Disable DHCPv6 information request.

dhcp6-prefix-hint

DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.

ipv6-network

Not Specified

dhcp6-prefix-hint-plt

DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.

integer

Minimum value: 0 Maximum value: 4294967295

dhcp6-prefix-hint-vlt

DHCPv6 prefix hint valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-prefix-list

Parameter

Description

Type

Size

autonomous-flag

Enable/disable the autonomous flag.

option

Option	Description
enable	Enable the autonomous flag.
disable	Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

Option	Description
enable	Enable the onlink flag.
disable	Disable the onlink flag.

valid-life-time

Valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

preferred-life-time

Preferred life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-delegated-prefix-list

Parameter

Description

Type

Size

upstream-interface

Name of the interface that provides delegated information.

string

Maximum length: 15

autonomous-flag

Enable/disable the autonomous flag.

option

Option	Description
enable	Enable the autonomous flag.
disable	Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

Option	Description
enable	Enable the onlink flag.
disable	Disable the onlink flag.

subnet

Add subnet ID to routing prefix.

ipv6-network

Not Specified

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config system interface

config system interface

config system interface

config secondaryip

config ipv6

config ip6-prefix-list

config ip6-delegated-prefix-list

config system interface

config system interface

config system interface

config secondaryip

config ipv6

config ip6-prefix-list