CI Command Reference
1. Command Syntax and General User Interface
CI has the following command syntax:
command <iface | device > subcommand [param]
command subcommand [param]
command ? | help
command subcommand ? | help
General user interface:
1. |
? | Shows the following commands and all major (sub)commands |
2. |
exit | Returns to SMT |
[ch-name]: enet0, enet1
sys | ||||
baud | <1|2|3|4|5> | change console speed if parameter present 1: 38400 bps 2: 19200 bps 3: 9600 bps 4: 57600 bps 5: 115200 bps |
||
callhist | ||||
add | <name> <dir> <rate> <uptime> | Add the call history | ||
display | display the call history | |||
remove | <index> | remove call history | ||
cbuf | ||||
cnt | disp | display cbuf static | ||
clear | clear cbuf static | |||
disp | [a|f|u] | display cbuf a: all f: free u: used | ||
cmgr | ||||
cnt | [ch-name] | display call related counter | ||
data | display phone number related data | |||
trace | [display|clear] [ch-name] | display call related event | ||
country | <country code> | set country code | ||
cpu | disp | display CPU utilization | ||
date | <yy> <mm> <dd> | Change current date if parameter present | ||
dir | display file directory | |||
edit | <filename> | edit a text file | ||
errctl | [level] | set the error control level 0:crash no save,not in debug mode (default) 1:crash no save,in debug mode 2:crash save,not in debug mode 3:crash save,in debug mode |
||
event | ||||
display | display tag flags information | |||
trace | [display|clear] | display system event information | ||
extraphnum | ||||
add | <set 1-3> <1st phone number> [2nd phone number] | add extra phone number | ||
display | display extra phone number | |||
node | map the extra phone number for remote node n | |||
remove | remove the extra phone number for remote node n | |||
reset | reset the extra phone number | |||
feature | display feature bit | |||
fid | display | display function id list | ||
filter | ||||
disp | display filter statistic counters | |||
clear | clear filter statistic counter | |||
sw | [on|off] | switch on|off filter counter | ||
addNetBios | add default NetBIOS_LAN and NetBIOS_WAN filter sets | |||
removeNetBios | remove default NetBIOS_LAN and NetBIOS_WAN filter sets | |||
firewall | ||||
acl | ||||
clear | clear firewall counter | |||
cnt clear | clear firewall counter | |||
cnt display | display firewall counter | |||
display | display firewall log | |||
dynamicrule | display firewall dynamic acl rule usage | |||
icmp | ||||
block_co | set block icmp packet with type 3 code 3 | |||
display | display current code status | |||
online | display firewall log online | |||
pktdump | dump the 64 bytes of packets dropped by firewall | |||
trcprst | ||||
rst | set sending tcp rst when reject a tcp connection except port 1 | |||
rst113 | set sending tcp rst when reject a tcp connection on tcp port 1 | |||
display | display current tcp reset status | |||
update | update firewall rule | |||
hostname | display system hostname | |||
iface | disp | display iface list | ||
log | ||||
disp | display log error | |||
clear | clear log error | |||
online | [on|off] | turn on/off error log online display | ||
mbuf | ||||
cnt | [disp|cl] | display or clear system mbuf count | ||
link | link | list system mbuf link | ||
pool | [id] [type] | list system mbuf pool | ||
status | display system mbuf status | |||
. | . | disp | <address> | display mbuf status |
memutil | ||||
usage | display memory allocate and heap status | |||
mq | <address> <len> | display memory queues | ||
mcell | mid [f|u] | display memory cells by given ID | ||
msecs | display memory sections | |||
pro | ||||
disp | display all process information | |||
stack | [TAG] | display process's stack by a give TAG | ||
ps | [TAG] | display process's status by a give TAG | ||
queue | ||||
disp | [a|f|u] [start#] [end#] | display queue by given status and range numbers | ||
ndisp | [#] | display a queue by a given number | ||
quit | quit CI command mode | |||
reboot | [code] | reboot system code =0 cold boot, =1 immediately boot = 2 bootModule debug mode |
||
reslog | [disp|clear] | display resources trace | ||
. | roadrun | disp | <iface-name> | display roadrunner information iface-name: enif1 (WAN port) |
. | . | debug | <level> | enable/disable roadrunner service 0: disable <default> 1: enable |
. | . | restart | <iface-name> | . |
socket | display system socket information | |||
spt | dump | [root|rn|user|slot] | dump spt raw data | |
size | display spt record size | |||
stdio | [second] | change terminal timeout value | ||
syslog | ||||
facility | <facility number> | set UNIX syslog server facility | ||
mode | [on|off] | enable/disable the syslog service | ||
server | <server ip> | |||
time | [hh:mm:ss] | set the current system time if the parameter present | ||
timer | ||||
disp | [a|f|u] | display timer cell | ||
trcdisp | monitor packets | |||
. | . | brief | . | online display packet content briefly |
. | . | parse | . | online parse packet content |
trcl | ||||
call | display call event | |||
clear | clear trace | |||
disp | display trace log | |||
level | [#] | set trace level of trace log #:1-10 | ||
online | [on|off] | set on/off trace log online | ||
switch | [on|off] | set system trace log | ||
type | <bitmap> | set trace type of trace log | ||
trcp | ||||
chann | <name> [none|incoming|outgoing|bothway] | <name>=enet0,enet1 set packet trace direction for a given channel |
||
create | <entry> <size> | create packet trace buffer | ||
destroy | packet trace related commands | |||
disp | display packet trace | |||
switch | [on|off] | turn on/off the packet trace | ||
udp | [sw|addr|port] | send packet trace to other system | ||
. | . | brief | . | display packet content briefly |
. | . | parse | [[begin_idx], end_idx] | parse packet content |
version | display RAS code and driver version | |||
wdog | <filename> | view a text file | ||
switch | [on|off] | set on/off wdog | ||
cnt | <value> | display watchdog counts value: 0-34463 |
<hostid> format : xxx.xxx.xxx.xxx (ip Address)
<ether addr> format : xx:xx:xx:xx:xx:xx
<iface> : enif0, enif1
<gw> : gateway ip address
ip | address | display host ip address | ||
arp | ||||
add | <hostid> ether <ether addr> | add arp | ||
drop | <hostid> [ether] | drop arp | ||
flush | flush arp | |||
publish | add proxy arp | |||
status | display ip arp status | |||
dhcp <iface name> | set dhcp configuration | |||
server | arpcount | <num> | ||
. | dnsserver | <dnsIP1> <dnsIP2> | ||
. | gateway | <gateway IP> | ||
. | hostname | <hostname> | ||
. | leasetime | <period> | ||
. | netmask | <netmask> | ||
. | pool | <start IP> <num> | ||
. | rebindtime | <period> | ||
. | renewaltime | <period> | ||
. | reset | |||
. | . | status | . | display iface DHCP information iface-name: enif1, enif0. |
. | . | client | release | release DHCP client IP |
. | . | . | renew | renew DHCP client IP |
dns | ||||
table | display dns table | |||
stats | [disp|clear] | display or clear dns statistics | ||
icmp | ||||
echo | [on|off] | response for ICMP echo request | ||
status | display icmp statistic counter | |||
trace | [on|off] | turn on/off trace for debugging | ||
. | . | discovery | <iface name> [on|off] | turn on|off icmp router discovery response |
ifconfig | display ifconfig | |||
nat | iface <iface> | disp | display current NAT statistics | |
nat | loopback | on | LAN user can use Internet IP to access internal server on the LAN | |
ping | <hostid> | ping remote host | ||
. | rip | |||
dialin_user | [show|in|out|both|none] | set sending RIP to remote dial-in user | ||
merge | [on|off] | RIP merging | ||
mode | <iface> [in|out] [mode] | mode: 0 - 3 | ||
status | display rip statistic counters | |||
route | ||||
add | <dest addr>[/<bits>] <gateway> [<metric>] | add route | ||
addprivate | add private route | |||
drop | <host address> [/bits] | drop a route | ||
errcnt | [disp|clear] | display|clear routing statistic counters | ||
flush | flush route table | |||
status | display routing table | |||
status | display ip statistic counters | |||
tcp | ||||
status | display TCP statistic counters | |||
udp | status |
<ch-name> : enet0, enet1
ether | ||||
config | display Ethernet driver configuration information | |||
driver | ||||
cnt | disp <ch-name> | display ether driver counters | ||
clear <ch-name> | ch-name: enet0, enet1 | |||
. | . | reg | . | display LAN hardware related registers |
. | . | status | <ch-name> | ch-name: enet0, enet1 |
. | . | rxmod | <mode> | set LAN receive mode. mode: 1: turn off receiving 2: receive only packets of this interface 3: mode 2+ broadcast 5: mode 2 + multicast 6: all packets |
. | debug | . | . | display Ethernet debug information |
. | . | disp | <ch-name> | display Ethernet debug information |
. | . | level | <ch-name> <level> | set the Ethernet debug level level 0: disable debug log level 1: enable debug log (default) |
pkttest | ||||
arp | [ip-addr] | send an arp request | ||
disp event | [ch-name] [on|off] | enable packet test event trace | ||
disp packet | [1|2|3] | packet test display level | ||
sap | send an sap packet | |||
version | display driver version |
The value for <set#> can be 1 or 2
set 1 = LAN to WAN direction
set 2 = WAN to LAN direction
The value for <rule #> starts from 1 to 10, i.e., 10 rules in total for a set
config | ||||||
edit | firewall | active <yes|no> | Activate or deactivate the saved firewall settings | |||
retrieve | firewall | Retrieve current saved firewall settings | ||||
save | firewall | Save the current firewall settings | ||||
display | firewall | Displays all the firewall settings | ||||
. | . | set <set#> | Display current entries of a set configuration; including timeout values, name, default-permit, and number of rules in the set. | |||
. | . | set <set#> | rule <rule#> | Display current entries of a rule in a set. | ||
. | . | attack | Display all the attack alert settings in PNC | |||
. | Display all the e-mail settings in PNC | |||||
. | . | ? | Display all the available sub commands | |||
. | . | mail-server <mail server IP> | Edit the mail server IP to send the alert | |||
return-addr <e-mail address> | Edit the mail address for returning an email alert | |||||
e-mail-to <e-mail address> | Edit the mail address to send the alert | |||||
policy <full | hourly |daily | weekly> | Edit email schedule when log is full or per hour, day, week. | |||||
day <sunday | monday | tuesday | wednesday | thursday | friday | saturday> | Edit the day to send the log when the email policy is set to Weekly | |||||
hour <0~23> | Edit the hour to send the log when the email policy is set to daily or weekly | |||||
minute <0~59> | Edit the minute to send to log when the email policy is set to daily or weekly | |||||
attack | send-alert <yes|no> | Activate or deactivate the firewall DoS attacks notification emails | ||||
block <yes|no> | Yes: Block the traffic when exceeds the tcp-max-incomplete
threshold No: Delete the oldest half-open session when exceeds the tcp-max-incomplete threshold |
|||||
block-minute <0~255> | Only valid when sets 'Block' to yes. The unit is minute | |||||
minute-high <0~255> | The threshold to start to delete the old half-opened sessions to minute-low | |||||
minute-low <0~255> | The threshold to stop deleting the old half-opened session | |||||
max-incomplete-high <0~255> | The threshold to start to delete the old half-opened sessions to max-incomplete-low | |||||
max-incomplete-low <0~255> | The threshold to stop deleting the half-opened session | |||||
tcp-max-incomplete <0~255> | The threshold to start executing the block field | |||||
set <set#> | name <desired name> | Edit the name for a set | ||||
default-permit <forward|block> | Edit whether a packet is dropped or allowed when it does not match the default set | |||||
icmp-timeout <seconds> | Edit the timeout for an idle ICMP session before it is terminated | |||||
udp-idle-timeout <seconds> | Edit the timeout for an idle UDP session before it is terminated | |||||
connection-timeout <seconds> | Edit the wait time for the SYN TCP sessions before it is terminated | |||||
fin-wait-timeout <seconds> | Edit the wait time for FIN in concluding a TCP session before it is terminated | |||||
tcp-idle-timeout <seconds> | Edit the timeout for an idle TCP session before it is terminated | |||||
pnc <yes|no> | PNC is allowed when 'yes' is set even there is a rule to block PNC | |||||
log <yes|no> | Switch on/off sending the log for matching the default permit | |||||
rule <rule#> | permit <forward|block> | Edit whether a packet is dropped or allowed when it matches this rule | ||||
active <yes|no> | Edit whether a rule is enabled or not | |||||
protocol <0~255> | Edit the protocol number for a rule. 1=ICMP, 6=TCP, 17=UDP... | |||||
log <none|match|not-match|both> | Sending a log for a rule when the packet none|matches|not match|both the rule | |||||
alert <yes|no> | Activate or deactivate the notification when a DoS attack occurs or there is a violation of any alert settings. In case of such instances, the function will send an email to the SMTP destination address and log an alert. | |||||
srcaddr-single <ip address> | Select and edit a source address of a packet which complies to this rule | |||||
srcaddr-subnet <ip address> <subnet mask> | Select and edit a source address and subnet mask if a packet which complies to this rule. | |||||
srcaddr-range <start ip address> <end ip address> | Select and edit a source address range of a packet which complies to this rule. | |||||
destaddr-single <ip address> | Select and edit a destination address of a packet which complies to this rule | |||||
destaddr-subnet <ip address> <subnet mask> | Select and edit a destination address and subnet mask if a packet which complies to this rule. | |||||
destaddr-range <start ip address> <end ip address> | Select and edit a destination address range of a packet which complies to this rule. | |||||
tcp destport-single <port#> | Select and edit the destination port of a packet which comply to this rule. For non-consecutive port numbers, the user may repeat this command line to enter the multiple port numbers. | |||||
tcp destport-range <start port#> <end port#> | Select and edit a destination port range of a packet which comply to this rule. | |||||
udp destport-single <port#> | Select and edit the destination port of a packet which comply to this rule. For non-consecutive port numbers, users may repeat this command line to enter the multiple port numbers. | |||||
udp destport-range <start port#> <end port#> | Select and edit a destination port range of a packet which comply to this rule. | |||||
desport-custom <desired custom port name> | Type in the desired custom port name | |||||
delete | firewall | Remove all email alert settings | ||||
attack | Reset all alert settings to defaults | |||||
set <set#> | Remove a specified set from the firewall configuration | |||||
set <set#> | rule <rule#> | Remove a specified rule in a set from the firewall configuration |
ipsec | . | . | . | . |
. | debug | <1|0> | . | turn on|off trace for IPsec debug information |
. | ipsec_log_disp | . | . | show IPSec log, same as menu 27.3 |
. | route | dmz | <on|off> | After a packet is IPSec processed and will be
sent to DMZ side, this switch is to control if this packet can be applied IPSec again. Remark: Command available since 3.50(WA.3) |
. | . | lan | <on|off> | After a packet is IPSec processed and will be
sent to LAN side, this switch is to control if this packet can be applied IPSec again. Remark: Command available since 3.50(WA.3) |
. | . | wan | <on|off> | After a packet is IPSec processed and will be
sent to WAN side, this switch is to control if this packet can be applied IPSec again. Remark: Command available since 3.50(WA.3) |
.. | show_runtime | sa | . | display runtime phase 1 and phase 2 SA information |
. | .. | spd | .. | When a dynamic rule accepts a request and a tunnel is established, a runtime SPD is created according to peer local IP address. This command is to show these runtime SPD. |
.. | switch | <on|off> | . | As long as there exists one active IPSec rule, all packets will run into IPSec process to check SPD. This switch is to control if a packet should do this. If it is turned on, even there exists active IPSec rules, packets will not run IPSec process. |
. | timer | chk_my_ip | <1~3600> | - Adjust timer to check if WAN IP in menu is
changed - Interval is in seconds - Default is 10 seconds - 0 is not a valid value |
.. | .. | chk_conn. | <2~255> | - Adjust auto-timer to check if any IPsec
connection has no traffic for certain period. If yes, system will disconnect it. - Interval is in minutes - Default is 2 minuets - 0 means never timeout |
. | .. | update_peer | <5~255> | - Adjust auto-timer to update IPSec rules which
use domain name as the secure gateway IP. - Interval is in minutes - Default is 30 minutes - 0 means never update Remark: Command available since 3.50(WA.3) |
. | updatePeerIp | .... | .. | Force system to update IPSec rules which use
domain name as the secure gateway IP right away. Remark: Command available since 3.50(WA.3) |
. | dial | <rule #> | .. | Initiate IPSec rule <#> from Prestige
box Remark: Command available since 3.50(WA.3) |
All contents copyright (c) 2000 ZyXEL Communications Corporation.