Fortinet black logo

CLI Reference

Home FortiProxy 2.0.12 CLI Reference
2.0.12
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.0.17
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
2.0.13
2.0.12
2.0.0
1.2.4

config system interface

config system interface

Configure interfaces.

config system interface
    Description: Configure interfaces.
    edit <name>
        set mode [static|dhcp]
        set distance {integer}
        set priority {integer}
        set dhcp-relay-service [disable|enable]
        set dhcp-relay-ip {user}
        set dhcp-relay-type {option}
        set ip {ipv4-classnet-host}
        set allowaccess [ping|https|...]
        set fail-detect [enable|disable]
        set fail-detect-option [detectserver|link-down]
        set fail-alert-method [link-failed-signal|link-down]
        set fail-action-on-extender [soft-restart|hard-restart|...]
        config fail-alert-interfaces
            Description: Physical interfaces that will be alerted.
            edit <name>
            next
        end
        set dhcp-client-identifier {string}
        set dhcp-renew-time {integer}
        set defaultgw [enable|disable]
        set dns-server-override [enable|disable]
        set macaddr {mac-address}
        set speed [auto|10full|...]
        set status [up|down]
        set type [physical|vlan|...]
        set dedicated-to [none|management]
        set trust-ip-1 {ipv4-classnet-any}
        set trust-ip-2 {ipv4-classnet-any}
        set trust-ip-3 {ipv4-classnet-any}
        set trust-ip6-1 {ipv6-prefix}
        set trust-ip6-2 {ipv6-prefix}
        set trust-ip6-3 {ipv6-prefix}
        set mtu-override [enable|disable]
        set mtu {integer}
        set wccp [enable|disable]
        set drop-overlapped-fragment [enable|disable]
        set drop-fragment [enable|disable]
        set large-receive-offload [enable|disable]
        set generic-receive-offload [enable|disable]
        set explicit-web-proxy [enable|disable]
        set explicit-ftp-proxy [enable|disable]
        set proxy-captive-portal [enable|disable]
        set tcp-mss {integer}
        set inbandwidth {integer}
        set outbandwidth {integer}
        set egress-shaping-profile {string}
        set ingress-shaping-profile {string}
        set weight {integer}
        set interface {string}
        set vlanid {integer}
        config member
            Description: Physical interfaces that belong to the aggregate/redundant interface.
            edit <interface-name>
            next
        end
        set lacp-mode [static|passive|...]
        set lacp-ha-secondary [enable|disable]
        set lacp-speed [slow|fast]
        set min-links {integer}
        set min-links-down [operational|administrative]
        set algorithm [L2|L3|...]
        set link-up-delay {integer}
        set priority-override [enable|disable]
        set aggregate {string}
        set redundant-interface {string}
        set devindex {integer}
        set description {var-string}
        set alias {string}
        set security-mode [none|captive-portal|...]
        set security-mac-auth-bypass [enable|disable]
        set security-external-web {string}
        set security-external-logout {string}
        set replacemsg-override-group {string}
        set security-redirect-url {string}
        set security-exempt-list {string}
        config security-groups
            Description: Group name.
            edit <name>
            next
        end
        set role [lan|wan|...]
        set snmp-index {integer}
        set secondary-IP [enable|disable]
        config secondaryip
            Description: Second IP address of interface.
            edit <id>
                set ip {ipv4-classnet-host}
                set allowaccess [ping|https|...]
            next
        end
        set scan-botnet-connections [disable|block]
        config ipv6
            Description: IPv6 of interface.
            set ip6-mode [static|dhcp|...]
            set ip6-dns-server-override [enable|disable]
            set ip6-address {ipv6-prefix}
            config ip6-extra-addr
                Description: Extra IPv6 address prefixes of interface.
                edit <prefix>
                next
            end
            set ip6-allowaccess [ping|https|...]
            set ip6-send-adv [enable|disable]
            set ip6-manage-flag [enable|disable]
            set ip6-other-flag [enable|disable]
            set ip6-max-interval {integer}
            set ip6-min-interval {integer}
            set ip6-link-mtu {integer}
            set ip6-reachable-time {integer}
            set ip6-retrans-time {integer}
            set ip6-default-life {integer}
            set ip6-hop-limit {integer}
            set autoconf [enable|disable]
            set ip6-upstream-interface {string}
            set ip6-subnet {ipv6-prefix}
            config ip6-prefix-list
                Description: Advertised prefix list.
                edit <prefix>
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set valid-life-time {integer}
                    set preferred-life-time {integer}
                next
            end
            config ip6-delegated-prefix-list
                Description: Advertised IPv6 delegated prefix list.
                edit <prefix-id>
                    set upstream-interface {string}
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set subnet {ipv6-network}
                next
            end
            set dhcp6-relay-service [disable|enable]
            set dhcp6-relay-type {option}
            set dhcp6-relay-ip {user}
            set dhcp6-client-options [rapid|iapd|...]
            set dhcp6-prefix-delegation [enable|disable]
            set dhcp6-information-request [enable|disable]
            set dhcp6-prefix-hint {ipv6-network}
            set dhcp6-prefix-hint-plt {integer}
            set dhcp6-prefix-hint-vlt {integer}
        end
    next
end

config system interface

Parameter

Description

Type

Size

mode

Addressing mode (static, DHCP).

option

-

Option

Description

static

Static setting.

dhcp

External DHCP client mode.

distance

Distance for routes learned through DHCP, lower distance indicates preferred route.

integer

Minimum value: 1 Maximum value: 255

priority

Priority of learned routes.

integer

Minimum value: 0 Maximum value: 4294967295

dhcp-relay-service

Enable/disable allowing this interface to act as a DHCP relay.

option

-

Option

Description

disable

None.

enable

DHCP relay agent.

dhcp-relay-ip

DHCP relay IP address.

user

Not Specified

dhcp-relay-type

DHCP relay type (regular).

option

-

Option

Description

regular

Regular DHCP relay.

ip

IP address of interface.

ipv4-classnet-host

Not Specified

allowaccess

Allow management access to the interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

radius-acct

RADIUS accounting access.

ftm

FTM access.

fail-detect

Enable/disable interface failed option status.

option

-

Option

Description

enable

Enable interface failed option status.

disable

Disable interface failed option status.

fail-detect-option

Interface fail detect option.

option

-

Option

Description

detectserver

Detect server.

link-down

Link-down.

fail-alert-method

Interface fail alert.

option

-

Option

Description

link-failed-signal

Link-failed-signal.

link-down

Link-down.

fail-action-on-extender

Action on extender when interface fail .

option

-

Option

Description

soft-restart

Soft-restart-on-extender.

hard-restart

Hard-restart-on-extender.

reboot

Reboot-on-extender.

dhcp-client-identifier

DHCP client identifier.

string

Maximum length: 48

dhcp-renew-time

DHCP renew time .

integer

Minimum value: 300 Maximum value: 604800

defaultgw

Enable to get the gateway IP from the DHCP or PPPoE server.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

dns-server-override

Enable/disable use DNS acquired by DHCP or PPPoE.

option

-

Option

Description

enable

Use DNS acquired by DHCP.

disable

No not use DNS acquired by DHCP.

macaddr

MAC address.

mac-address

Not Specified

speed

Speed

option

-

Option

Description

auto

Automatically adjust speed.

10full

10M full-duplex.

10half

10M half-duplex.

100full

100M full-duplex.

100half

100M half-duplex.

1000full

1000M full-duplex.

1000half

1000M half-duplex.

1000auto

1000M auto adjust.

status

Interface status.

option

-

Option

Description

up

Interface up.

down

Interface down.

type

Interface type.

option

-

Option

Description

physical

Physical interface.

vlan

VLAN interface.

aggregate

aggregate interface

redundant

Redundant interface.

tunnel

Tunnel interface.

loopback

Loopback interface.

dedicated-to

Configure interface for single purpose.

option

-

Option

Description

none

Interface not dedicated for any purpose.

management

Dedicate this interface for management purposes only.

trust-ip-1

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip-2

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip-3

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip6-1

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

trust-ip6-2

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

trust-ip6-3

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

mtu-override

Enable/disable use custom MTU.

option

-

Option

Description

enable

Override default MTU.

disable

Use default MTU (1500).

mtu

Maximum transportation unit.

integer

Minimum value: 0 Maximum value: 4294967295

wccp

Enable/disable WCCP protocol on this interface.

option

-

Option

Description

enable

Enable WCCP protocol on this interface.

disable

Disable WCCP protocol on this interface.

drop-overlapped-fragment

Enable/disable drop overlapped fragment packets.

option

-

Option

Description

enable

Enable drop of overlapped fragment packets.

disable

Disable drop of overlapped fragment packets.

drop-fragment

Enable/disable drop fragment packets.

option

-

Option

Description

enable

Enable/disable drop fragment packets.

disable

Do not drop fragment packets.

large-receive-offload

Enable/disable large-receive-offload.

option

-

Option

Description

enable

Enable large-receive-offload.

disable

Disable large-receive-offload.

generic-receive-offload

Enable/disable generic-receive-offload.

option

-

Option

Description

enable

Enable generic-receive-offload.

disable

Disable generic-receive-offload.

explicit-web-proxy

Enable/disable explicit Web proxy.

option

-

Option

Description

enable

Enable explicit Web proxy on this interface.

disable

Disable explicit Web proxy on this interface.

explicit-ftp-proxy

Enable/disable explicit FTP proxy.

option

-

Option

Description

enable

Enable explicit FTP proxy on this interface.

disable

Disable explicit FTP proxy on this interface.

proxy-captive-portal

Enable/disable proxy captive portal on this interface.

option

-

Option

Description

enable

Enable proxy captive portal on this interface.

disable

Disable proxy captive portal on this interface.

tcp-mss

Maximum sending TCP packet size.

integer

Minimum value: 0 Maximum value: 4294967295

inbandwidth

Bandwidth limit for incoming traffic , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

outbandwidth

Bandwidth limit for outgoing traffic .

integer

Minimum value: 0 Maximum value: 16776000

egress-shaping-profile

Outgoing traffic shaping profile.

string

Maximum length: 35

ingress-shaping-profile

Incoming traffic shaping profile.

string

Maximum length: 35

weight

Default weight for static routes (if route has no weight configured).

integer

Minimum value: 0 Maximum value: 255

interface

Interface name.

string

Maximum length: 15

vlanid

VLAN ID.

integer

Minimum value: 1 Maximum value: 4094

lacp-mode

LACP mode.

option

-

Option

Description

static

Use static aggregation, do not send and ignore any LACP messages.

passive

Passively use LACP to negotiate 802.3ad aggregation.

active

Actively use LACP to negotiate 802.3ad aggregation.

lacp-ha-secondary

LACP HA secondary.

option

-

Option

Description

enable

Allow HA secondary to send/receive LACP messages.

disable

Block HA secondary from sending/receiving LACP messages.

lacp-speed

LACP speed.

option

-

Option

Description

slow

Send LACP message every 30 seconds.

fast

Send LACP message every second.

min-links

Minimum number of aggregated ports that must be up.

integer

Minimum value: 1 Maximum value: 32

min-links-down

Action to take when there are less than min-links active members.

option

-

Option

Description

operational

Set the aggregate operationally down.

administrative

Set the aggregate administratively down.

algorithm

Frame distribution algorithm.

option

-

Option

Description

L2

Use layer 2 address for distribution.

L3

Use layer 3 address for distribution.

L4

Use layer 4 information for distribution.

link-up-delay

Number of milliseconds to wait before considering a link is up.

integer

Minimum value: 50 Maximum value: 3600000

priority-override

Enable/disable fail back to higher priority port once recovered.

option

-

Option

Description

enable

Enable fail back to higher priority port once recovered.

disable

Disable fail back to higher priority port once recovered.

aggregate

Aggregate interface.

string

Maximum length: 15

redundant-interface

Redundant interface.

string

Maximum length: 15

devindex

Device Index.

integer

Minimum value: 0 Maximum value: 4294967295

description

Description.

var-string

Maximum length: 255

alias

Alias.

string

Maximum length: 25

security-mode

Security mode.

option

-

Option

Description

none

No security option.

captive-portal

Captive portal authentication.

802.1X

802.1X port-based authentication.

security-mac-auth-bypass

Enable/disable MAC authentication bypass.

option

-

Option

Description

enable

Enable MAC authentication bypass.

disable

Disable MAC authentication bypass.

security-external-web

URL of external authentication web server.

string

Maximum length: 127

security-external-logout

URL of external authentication logout server.

string

Maximum length: 127

replacemsg-override-group

Specify replacement message override group.

string

Maximum length: 35

security-redirect-url

URL redirection after disclaimer/authentication.

string

Maximum length: 127

security-exempt-list

Name of security-exempt-list.

string

Maximum length: 35

role

Interface role.

option

-

Option

Description

lan

Connected to local network of endpoints.

wan

Connected to Internet.

dmz

Connected to server zone.

undefined

Interface has no specific role.

snmp-index

Permanent SNMP Index of the interface.

integer

Minimum value: 0 Maximum value: 4294967295

secondary-IP

Enable/disable secondary IP.

option

-

Option

Description

enable

Enable secondary IP.

disable

Disable secondary IP.

scan-botnet-connections

Enable monitoring or blocking connections to Botnet servers through this interface.

option

-

Option

Description

disable

Do not scan connections to botnet servers.

block

Block connections to botnet servers.

config secondaryip

Parameter

Description

Type

Size

ip

IP address of interface.

ipv4-classnet-host

Not Specified

allowaccess

Allow management access to the interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

radius-acct

RADIUS accounting access.

ftm

FTM access.

config ipv6

Parameter

Description

Type

Size

ip6-mode

Addressing mode (static, DHCP, delegated).

option

-

Option

Description

static

Static setting.

dhcp

DHCPv6 client mode.

delegated

IPv6 address with delegated prefix.

ip6-dns-server-override

Enable/disable using the DNS server acquired by DHCP.

option

-

Option

Description

enable

Enable using the DNS server acquired by DHCP.

disable

Disable using the DNS server acquired by DHCP.

ip6-address

Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx

ipv6-prefix

Not Specified

ip6-allowaccess

Allow management access to the interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

ip6-send-adv

Enable/disable sending advertisements about the interface.

option

-

Option

Description

enable

Enable sending advertisements about this interface.

disable

Disable sending advertisements about this interface.

ip6-manage-flag

Enable/disable the managed flag.

option

-

Option

Description

enable

Enable the managed IPv6 flag.

disable

Disable the managed IPv6 flag.

ip6-other-flag

Enable/disable the other IPv6 flag.

option

-

Option

Description

enable

Enable the other IPv6 flag.

disable

Disable the other IPv6 flag.

ip6-max-interval

IPv6 maximum interval (4 to 1800 sec).

integer

Minimum value: 4 Maximum value: 1800

ip6-min-interval

IPv6 minimum interval (3 to 1350 sec).

integer

Minimum value: 3 Maximum value: 1350

ip6-link-mtu

IPv6 link MTU.

integer

Minimum value: 1280 Maximum value: 16000

ip6-reachable-time

IPv6 reachable time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 3600000

ip6-retrans-time

IPv6 retransmit time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 4294967295

ip6-default-life

Default life (sec).

integer

Minimum value: 0 Maximum value: 9000

ip6-hop-limit

Hop limit (0 means unspecified).

integer

Minimum value: 0 Maximum value: 255

autoconf

Enable/disable address auto config.

option

-

Option

Description

enable

Enable auto-configuration.

disable

Disable auto-configuration.

ip6-upstream-interface

Interface name providing delegated information.

string

Maximum length: 15

ip6-subnet

Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx

ipv6-prefix

Not Specified

dhcp6-relay-service

Enable/disable DHCPv6 relay.

option

-

Option

Description

disable

Disable DHCPv6 relay

enable

Enable DHCPv6 relay.

dhcp6-relay-type

DHCPv6 relay type.

option

-

Option

Description

regular

Regular DHCP relay.

dhcp6-relay-ip

DHCPv6 relay IP address.

user

Not Specified

dhcp6-client-options

DHCPv6 client options.

option

-

Option

Description

rapid

Send rapid commit option.

iapd

Send including IA-PD option.

iana

Send including IA-NA option.

dhcp6-prefix-delegation

Enable/disable DHCPv6 prefix delegation.

option

-

Option

Description

enable

Enable DHCPv6 prefix delegation.

disable

Disable DHCPv6 prefix delegation.

dhcp6-information-request

Enable/disable DHCPv6 information request.

option

-

Option

Description

enable

Enable DHCPv6 information request.

disable

Disable DHCPv6 information request.

dhcp6-prefix-hint

DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.

ipv6-network

Not Specified

dhcp6-prefix-hint-plt

DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.

integer

Minimum value: 0 Maximum value: 4294967295

dhcp6-prefix-hint-vlt

DHCPv6 prefix hint valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-prefix-list

Parameter

Description

Type

Size

autonomous-flag

Enable/disable the autonomous flag.

option

-

Option

Description

enable

Enable the autonomous flag.

disable

Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

-

Option

Description

enable

Enable the onlink flag.

disable

Disable the onlink flag.

valid-life-time

Valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

preferred-life-time

Preferred life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-delegated-prefix-list

Parameter

Description

Type

Size

upstream-interface

Name of the interface that provides delegated information.

string

Maximum length: 15

autonomous-flag

Enable/disable the autonomous flag.

option

-

Option

Description

enable

Enable the autonomous flag.

disable

Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

-

Option

Description

enable

Enable the onlink flag.

disable

Disable the onlink flag.

subnet

Add subnet ID to routing prefix.

ipv6-network

Not Specified
Previous
Next

config system interface

Configure interfaces.

config system interface
    Description: Configure interfaces.
    edit <name>
        set mode [static|dhcp]
        set distance {integer}
        set priority {integer}
        set dhcp-relay-service [disable|enable]
        set dhcp-relay-ip {user}
        set dhcp-relay-type {option}
        set ip {ipv4-classnet-host}
        set allowaccess [ping|https|...]
        set fail-detect [enable|disable]
        set fail-detect-option [detectserver|link-down]
        set fail-alert-method [link-failed-signal|link-down]
        set fail-action-on-extender [soft-restart|hard-restart|...]
        config fail-alert-interfaces
            Description: Physical interfaces that will be alerted.
            edit <name>
            next
        end
        set dhcp-client-identifier {string}
        set dhcp-renew-time {integer}
        set defaultgw [enable|disable]
        set dns-server-override [enable|disable]
        set macaddr {mac-address}
        set speed [auto|10full|...]
        set status [up|down]
        set type [physical|vlan|...]
        set dedicated-to [none|management]
        set trust-ip-1 {ipv4-classnet-any}
        set trust-ip-2 {ipv4-classnet-any}
        set trust-ip-3 {ipv4-classnet-any}
        set trust-ip6-1 {ipv6-prefix}
        set trust-ip6-2 {ipv6-prefix}
        set trust-ip6-3 {ipv6-prefix}
        set mtu-override [enable|disable]
        set mtu {integer}
        set wccp [enable|disable]
        set drop-overlapped-fragment [enable|disable]
        set drop-fragment [enable|disable]
        set large-receive-offload [enable|disable]
        set generic-receive-offload [enable|disable]
        set explicit-web-proxy [enable|disable]
        set explicit-ftp-proxy [enable|disable]
        set proxy-captive-portal [enable|disable]
        set tcp-mss {integer}
        set inbandwidth {integer}
        set outbandwidth {integer}
        set egress-shaping-profile {string}
        set ingress-shaping-profile {string}
        set weight {integer}
        set interface {string}
        set vlanid {integer}
        config member
            Description: Physical interfaces that belong to the aggregate/redundant interface.
            edit <interface-name>
            next
        end
        set lacp-mode [static|passive|...]
        set lacp-ha-secondary [enable|disable]
        set lacp-speed [slow|fast]
        set min-links {integer}
        set min-links-down [operational|administrative]
        set algorithm [L2|L3|...]
        set link-up-delay {integer}
        set priority-override [enable|disable]
        set aggregate {string}
        set redundant-interface {string}
        set devindex {integer}
        set description {var-string}
        set alias {string}
        set security-mode [none|captive-portal|...]
        set security-mac-auth-bypass [enable|disable]
        set security-external-web {string}
        set security-external-logout {string}
        set replacemsg-override-group {string}
        set security-redirect-url {string}
        set security-exempt-list {string}
        config security-groups
            Description: Group name.
            edit <name>
            next
        end
        set role [lan|wan|...]
        set snmp-index {integer}
        set secondary-IP [enable|disable]
        config secondaryip
            Description: Second IP address of interface.
            edit <id>
                set ip {ipv4-classnet-host}
                set allowaccess [ping|https|...]
            next
        end
        set scan-botnet-connections [disable|block]
        config ipv6
            Description: IPv6 of interface.
            set ip6-mode [static|dhcp|...]
            set ip6-dns-server-override [enable|disable]
            set ip6-address {ipv6-prefix}
            config ip6-extra-addr
                Description: Extra IPv6 address prefixes of interface.
                edit <prefix>
                next
            end
            set ip6-allowaccess [ping|https|...]
            set ip6-send-adv [enable|disable]
            set ip6-manage-flag [enable|disable]
            set ip6-other-flag [enable|disable]
            set ip6-max-interval {integer}
            set ip6-min-interval {integer}
            set ip6-link-mtu {integer}
            set ip6-reachable-time {integer}
            set ip6-retrans-time {integer}
            set ip6-default-life {integer}
            set ip6-hop-limit {integer}
            set autoconf [enable|disable]
            set ip6-upstream-interface {string}
            set ip6-subnet {ipv6-prefix}
            config ip6-prefix-list
                Description: Advertised prefix list.
                edit <prefix>
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set valid-life-time {integer}
                    set preferred-life-time {integer}
                next
            end
            config ip6-delegated-prefix-list
                Description: Advertised IPv6 delegated prefix list.
                edit <prefix-id>
                    set upstream-interface {string}
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set subnet {ipv6-network}
                next
            end
            set dhcp6-relay-service [disable|enable]
            set dhcp6-relay-type {option}
            set dhcp6-relay-ip {user}
            set dhcp6-client-options [rapid|iapd|...]
            set dhcp6-prefix-delegation [enable|disable]
            set dhcp6-information-request [enable|disable]
            set dhcp6-prefix-hint {ipv6-network}
            set dhcp6-prefix-hint-plt {integer}
            set dhcp6-prefix-hint-vlt {integer}
        end
    next
end

config system interface

Parameter

Description

Type

Size

mode

Addressing mode (static, DHCP).

option

-

Option

Description

static

Static setting.

dhcp

External DHCP client mode.

distance

Distance for routes learned through DHCP, lower distance indicates preferred route.

integer

Minimum value: 1 Maximum value: 255

priority

Priority of learned routes.

integer

Minimum value: 0 Maximum value: 4294967295

dhcp-relay-service

Enable/disable allowing this interface to act as a DHCP relay.

option

-

Option

Description

disable

None.

enable

DHCP relay agent.

dhcp-relay-ip

DHCP relay IP address.

user

Not Specified

dhcp-relay-type

DHCP relay type (regular).

option

-

Option

Description

regular

Regular DHCP relay.

ip

IP address of interface.

ipv4-classnet-host

Not Specified

allowaccess

Allow management access to the interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

radius-acct

RADIUS accounting access.

ftm

FTM access.

fail-detect

Enable/disable interface failed option status.

option

-

Option

Description

enable

Enable interface failed option status.

disable

Disable interface failed option status.

fail-detect-option

Interface fail detect option.

option

-

Option

Description

detectserver

Detect server.

link-down

Link-down.

fail-alert-method

Interface fail alert.

option

-

Option

Description

link-failed-signal

Link-failed-signal.

link-down

Link-down.

fail-action-on-extender

Action on extender when interface fail .

option

-

Option

Description

soft-restart

Soft-restart-on-extender.

hard-restart

Hard-restart-on-extender.

reboot

Reboot-on-extender.

dhcp-client-identifier

DHCP client identifier.

string

Maximum length: 48

dhcp-renew-time

DHCP renew time .

integer

Minimum value: 300 Maximum value: 604800

defaultgw

Enable to get the gateway IP from the DHCP or PPPoE server.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

dns-server-override

Enable/disable use DNS acquired by DHCP or PPPoE.

option

-

Option

Description

enable

Use DNS acquired by DHCP.

disable

No not use DNS acquired by DHCP.

macaddr

MAC address.

mac-address

Not Specified

speed

Speed

option

-

Option

Description

auto

Automatically adjust speed.

10full

10M full-duplex.

10half

10M half-duplex.

100full

100M full-duplex.

100half

100M half-duplex.

1000full

1000M full-duplex.

1000half

1000M half-duplex.

1000auto

1000M auto adjust.

status

Interface status.

option

-

Option

Description

up

Interface up.

down

Interface down.

type

Interface type.

option

-

Option

Description

physical

Physical interface.

vlan

VLAN interface.

aggregate

aggregate interface

redundant

Redundant interface.

tunnel

Tunnel interface.

loopback

Loopback interface.

dedicated-to

Configure interface for single purpose.

option

-

Option

Description

none

Interface not dedicated for any purpose.

management

Dedicate this interface for management purposes only.

trust-ip-1

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip-2

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip-3

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

trust-ip6-1

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

trust-ip6-2

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

trust-ip6-3

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

mtu-override

Enable/disable use custom MTU.

option

-

Option

Description

enable

Override default MTU.

disable

Use default MTU (1500).

mtu

Maximum transportation unit.

integer

Minimum value: 0 Maximum value: 4294967295

wccp

Enable/disable WCCP protocol on this interface.

option

-

Option

Description

enable

Enable WCCP protocol on this interface.

disable

Disable WCCP protocol on this interface.

drop-overlapped-fragment

Enable/disable drop overlapped fragment packets.

option

-

Option

Description

enable

Enable drop of overlapped fragment packets.

disable

Disable drop of overlapped fragment packets.

drop-fragment

Enable/disable drop fragment packets.

option

-

Option

Description

enable

Enable/disable drop fragment packets.

disable

Do not drop fragment packets.

large-receive-offload

Enable/disable large-receive-offload.

option

-

Option

Description

enable

Enable large-receive-offload.

disable

Disable large-receive-offload.

generic-receive-offload

Enable/disable generic-receive-offload.

option

-

Option

Description

enable

Enable generic-receive-offload.

disable

Disable generic-receive-offload.

explicit-web-proxy

Enable/disable explicit Web proxy.

option

-

Option

Description

enable

Enable explicit Web proxy on this interface.

disable

Disable explicit Web proxy on this interface.

explicit-ftp-proxy

Enable/disable explicit FTP proxy.

option

-

Option

Description

enable

Enable explicit FTP proxy on this interface.

disable

Disable explicit FTP proxy on this interface.

proxy-captive-portal

Enable/disable proxy captive portal on this interface.

option

-

Option

Description

enable

Enable proxy captive portal on this interface.

disable

Disable proxy captive portal on this interface.

tcp-mss

Maximum sending TCP packet size.

integer

Minimum value: 0 Maximum value: 4294967295

inbandwidth

Bandwidth limit for incoming traffic , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

outbandwidth

Bandwidth limit for outgoing traffic .

integer

Minimum value: 0 Maximum value: 16776000

egress-shaping-profile

Outgoing traffic shaping profile.

string

Maximum length: 35

ingress-shaping-profile

Incoming traffic shaping profile.

string

Maximum length: 35

weight

Default weight for static routes (if route has no weight configured).

integer

Minimum value: 0 Maximum value: 255

interface

Interface name.

string

Maximum length: 15

vlanid

VLAN ID.

integer

Minimum value: 1 Maximum value: 4094

lacp-mode

LACP mode.

option

-

Option

Description

static

Use static aggregation, do not send and ignore any LACP messages.

passive

Passively use LACP to negotiate 802.3ad aggregation.

active

Actively use LACP to negotiate 802.3ad aggregation.

lacp-ha-secondary

LACP HA secondary.

option

-

Option

Description

enable

Allow HA secondary to send/receive LACP messages.

disable

Block HA secondary from sending/receiving LACP messages.

lacp-speed

LACP speed.

option

-

Option

Description

slow

Send LACP message every 30 seconds.

fast

Send LACP message every second.

min-links

Minimum number of aggregated ports that must be up.

integer

Minimum value: 1 Maximum value: 32

min-links-down

Action to take when there are less than min-links active members.

option

-

Option

Description

operational

Set the aggregate operationally down.

administrative

Set the aggregate administratively down.

algorithm

Frame distribution algorithm.

option

-

Option

Description

L2

Use layer 2 address for distribution.

L3

Use layer 3 address for distribution.

L4

Use layer 4 information for distribution.

link-up-delay

Number of milliseconds to wait before considering a link is up.

integer

Minimum value: 50 Maximum value: 3600000

priority-override

Enable/disable fail back to higher priority port once recovered.

option

-

Option

Description

enable

Enable fail back to higher priority port once recovered.

disable

Disable fail back to higher priority port once recovered.

aggregate

Aggregate interface.

string

Maximum length: 15

redundant-interface

Redundant interface.

string

Maximum length: 15

devindex

Device Index.

integer

Minimum value: 0 Maximum value: 4294967295

description

Description.

var-string

Maximum length: 255

alias

Alias.

string

Maximum length: 25

security-mode

Security mode.

option

-

Option

Description

none

No security option.

captive-portal

Captive portal authentication.

802.1X

802.1X port-based authentication.

security-mac-auth-bypass

Enable/disable MAC authentication bypass.

option

-

Option

Description

enable

Enable MAC authentication bypass.

disable

Disable MAC authentication bypass.

security-external-web

URL of external authentication web server.

string

Maximum length: 127

security-external-logout

URL of external authentication logout server.

string

Maximum length: 127

replacemsg-override-group

Specify replacement message override group.

string

Maximum length: 35

security-redirect-url

URL redirection after disclaimer/authentication.

string

Maximum length: 127

security-exempt-list

Name of security-exempt-list.

string

Maximum length: 35

role

Interface role.

option

-

Option

Description

lan

Connected to local network of endpoints.

wan

Connected to Internet.

dmz

Connected to server zone.

undefined

Interface has no specific role.

snmp-index

Permanent SNMP Index of the interface.

integer

Minimum value: 0 Maximum value: 4294967295

secondary-IP

Enable/disable secondary IP.

option

-

Option

Description

enable

Enable secondary IP.

disable

Disable secondary IP.

scan-botnet-connections

Enable monitoring or blocking connections to Botnet servers through this interface.

option

-

Option

Description

disable

Do not scan connections to botnet servers.

block

Block connections to botnet servers.

config secondaryip

Parameter

Description

Type

Size

ip

IP address of interface.

ipv4-classnet-host

Not Specified

allowaccess

Allow management access to the interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

radius-acct

RADIUS accounting access.

ftm

FTM access.

config ipv6

Parameter

Description

Type

Size

ip6-mode

Addressing mode (static, DHCP, delegated).

option

-

Option

Description

static

Static setting.

dhcp

DHCPv6 client mode.

delegated

IPv6 address with delegated prefix.

ip6-dns-server-override

Enable/disable using the DNS server acquired by DHCP.

option

-

Option

Description

enable

Enable using the DNS server acquired by DHCP.

disable

Disable using the DNS server acquired by DHCP.

ip6-address

Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx

ipv6-prefix

Not Specified

ip6-allowaccess

Allow management access to the interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

ip6-send-adv

Enable/disable sending advertisements about the interface.

option

-

Option

Description

enable

Enable sending advertisements about this interface.

disable

Disable sending advertisements about this interface.

ip6-manage-flag

Enable/disable the managed flag.

option

-

Option

Description

enable

Enable the managed IPv6 flag.

disable

Disable the managed IPv6 flag.

ip6-other-flag

Enable/disable the other IPv6 flag.

option

-

Option

Description

enable

Enable the other IPv6 flag.

disable

Disable the other IPv6 flag.

ip6-max-interval

IPv6 maximum interval (4 to 1800 sec).

integer

Minimum value: 4 Maximum value: 1800

ip6-min-interval

IPv6 minimum interval (3 to 1350 sec).

integer

Minimum value: 3 Maximum value: 1350

ip6-link-mtu

IPv6 link MTU.

integer

Minimum value: 1280 Maximum value: 16000

ip6-reachable-time

IPv6 reachable time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 3600000

ip6-retrans-time

IPv6 retransmit time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 4294967295

ip6-default-life

Default life (sec).

integer

Minimum value: 0 Maximum value: 9000

ip6-hop-limit

Hop limit (0 means unspecified).

integer

Minimum value: 0 Maximum value: 255

autoconf

Enable/disable address auto config.

option

-

Option

Description

enable

Enable auto-configuration.

disable

Disable auto-configuration.

ip6-upstream-interface

Interface name providing delegated information.

string

Maximum length: 15

ip6-subnet

Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx

ipv6-prefix

Not Specified

dhcp6-relay-service

Enable/disable DHCPv6 relay.

option

-

Option

Description

disable

Disable DHCPv6 relay

enable

Enable DHCPv6 relay.

dhcp6-relay-type

DHCPv6 relay type.

option

-

Option

Description

regular

Regular DHCP relay.

dhcp6-relay-ip

DHCPv6 relay IP address.

user

Not Specified

dhcp6-client-options

DHCPv6 client options.

option

-

Option

Description

rapid

Send rapid commit option.

iapd

Send including IA-PD option.

iana

Send including IA-NA option.

dhcp6-prefix-delegation

Enable/disable DHCPv6 prefix delegation.

option

-

Option

Description

enable

Enable DHCPv6 prefix delegation.

disable

Disable DHCPv6 prefix delegation.

dhcp6-information-request

Enable/disable DHCPv6 information request.

option

-

Option

Description

enable

Enable DHCPv6 information request.

disable

Disable DHCPv6 information request.

dhcp6-prefix-hint

DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.

ipv6-network

Not Specified

dhcp6-prefix-hint-plt

DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.

integer

Minimum value: 0 Maximum value: 4294967295

dhcp6-prefix-hint-vlt

DHCPv6 prefix hint valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-prefix-list

Parameter

Description

Type

Size

autonomous-flag

Enable/disable the autonomous flag.

option

-

Option

Description

enable

Enable the autonomous flag.

disable

Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

-

Option

Description

enable

Enable the onlink flag.

disable

Disable the onlink flag.

valid-life-time

Valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

preferred-life-time

Preferred life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-delegated-prefix-list

Parameter

Description

Type

Size

upstream-interface

Name of the interface that provides delegated information.

string

Maximum length: 15

autonomous-flag

Enable/disable the autonomous flag.

option

-

Option

Description

enable

Enable the autonomous flag.

disable

Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

-

Option

Description

enable

Enable the onlink flag.

disable

Disable the onlink flag.

subnet

Add subnet ID to routing prefix.

ipv6-network

Not Specified
Previous
Next