...
This command uploads a new version of software.
Syntax:
flashnet get|put login[:password]@host/file [-S src_addr]
- “get” - loads a new software version into the device from a remote server using FTP
- “put” - downloads current software from the device.
File is the name of the file containing the information transferred. The file name shall be specified in full, in the format of the remote server's file system. Host is the IP_address of the remote FTP server.
By default, the sending interface's address is put in the "source address" field of the packets. Using the "-S" option, any other IP address (SourceAddress) may be substituted for this default address.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
flashnet get ftp:ftp@ftp://91.191.225.246/pub/Firmware/XG/H12H11/firmware.H11S01v1.6.6.bin |
here instead "H11S01v1.6.6" insert the latest firmware version in InfiNet ftp-server, and set:
Username: ftp
Password: ftp
The download process has two phases:
- File uploading into RAM of InfiNet device
- Programming InfiNet device flash memory from RAM firmware image.
Both phases are indicated with symbol ".".
During installation process all system events should be observed in the system journal (command “sys log”). After firmware updating, restart the unit with the command "restart yes"
restart command
The command performs soft router reset.
Syntax:
restart [y]
restart SECONDS
restart stop
Full reset and re-initialization of a router. Equivalent to toggling the power switch off and on. May be used to restore initial configuration after a number of unsuccessful attempts to understand what exactly is done wrong, and after loading a new version of software. With the "y" option, RESTART command is executed immediately, without asking the operator for confirmation.
This command can be used for the postponed re-initialization (after certain number of seconds, e.g. restart 300). This option can be useful in case of dangerous manipulations with device's configuration when there is a risk to lose control over the device. The system will periodically inform the user about the time left to re-initialization by putting the corresponding message to the system log. Repeated call of this command will start the countdown from the beginning. Restart stop command will cancel a postponed re-initialization.
ping command
The command sends test packets.
Syntax:
ping IP [size|-s size_in_bytes] [count|-c count_packets] [source|-S IP]
Sends test packets (ICMP_ECHO_REQUEST) to the given IP-address. It allows estimating the attainability of a host and the destination response time. The command has the following parameters:
- "IP" - the IP-address of the tested host
- "Size/-s" - the test packet length within the range of 10 to 8000 bytes (optional, 64 by default)
- "Count/-c" - the number of the test packets (optional, 5 by default)
- "Source/-S" – sets different source address. By default, the sending interface's address is put in the "source address" field of the packets. Using the "-S" option, any other IP address (SourceAddress) may be substituted for this default address.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
ping 192.168.1.1 size 20 count 7 |
telnet command
Use telnet protocol to enter a remote host.
Syntax:
telnet IP-address
Sets up a connection with a remote host specified by the IP-address in the terminal emulation mode. The "telnet" command uses transparent symbols stream without any intermediate interpretation; therefore, the terminal type is defined by the terminal from which the command has been executed. To interrupt the terminal emulation session, press "Ctrl/D".
tracert command
The command trace attainability of an IP-node.
Syntax:
tracert [-s SourceAddress] HostAddress
Traces the packet transmission path up to the IP node (host), specified by the "HostAddress" parameter. The command sends packets to the specified host, assigning different values to the "time to live" field in their IP headers, and analyzes "ICMP TIME_EXCEEDED" indications coming from different routers along the path to that host.
By default, the sending interface's address is put in the "source address" field of the packets. Using the "-s" option, any other IP address (SourceAddress) may be substituted for this default address.
Tracing is limited to a path with maximum 30 intermediate IP nodes. Trace packets are 36 bytes long. The trace procedure makes 3 attempts for every intermediate node.
Every trace result contains the IP-address of an intermediate node and the response time (in milliseconds) of every attempt. In addition, it may contain some special symbols corresponding to specific reply codes of the ICMP protocol:
- ! - Port unattainable
- !N - Network unattainable
- !H - Node (host) unattainable
- !P - Inappropriate protocol
- !F - Too long packet
- !X - Access to a node is administratively restricted (filter, proxy etc.)
- * - No reply.
webcfg (Web interface support)
Web-interface support module.
Syntax:
webcfg start|stop
webcfg –lang={en|ru|fr|it|cn}
This command enables/disables Web-interface support on the device. Web-interface allows easy graphical device configuration with the help of a Web-browser.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
webcfg start |
Default web-interface locale can be set by using the "–lang" key with the "webcfg" command. Current locale set includes English, Russian, French, Italian and Chinese locales.
rshd command (Remote Shell)
RSH (remote shell) protocol support module.
Syntax:
rshd enable | disable RemoteUSER RemoteHOST LocalUSER
rshd start | stop | flush
The built-in RSH server makes it possible remote command execution using the rsh program. Identification is based on using privileged TCP ports and a list of authorized hosts.
By default, the RSH server is disabled. To start and stop the server, the commands "rshd start" and "rshd stop" are executed. When started, the server ignores requests for command execution until at least one valid system entry is enabled.
A system entry is specified by an "rshd enable" command with three parameters:
- "RemoteUSER" - the name of a remote user (up to 16 symbols)
- "RemoteHOST" – IP-address of a remote host
- "LocalUSER" - the name of a local user (up to 16 symbols).
A request for command execution is serviced only if for all three parameters it specifies the values corresponding to a valid entry.
Up to 6 independent entries may be defined.
The name of a local user is in no relation with the WANFleX main authorization system; it may be considered simply as a keyword.
To disable an entry, an "rshd disable" command is executed with parameters defining that entry.
The "rshd flush" command clears the "rsh" server configuration.
The RSH server may be conveniently used e.g. for periodic reading of a router statistics:
Code Block | ||||
---|---|---|---|---|
| ||||
rsh -l mysecretuser RWR.domain.ru ipstat get |
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
rshd enable admin 195.38.44.1 mysecretuser rshd enable root 195.38.45.123 mysecret2 rshd start |
SSH protocol support
SSH (Secure Shell) protocol allows secure remote management of network devices. Its functionality is similar to Telnet protocol but, as opposed to Telnet, SSH encodes all protocol messages/datagrams including transmitted passwords. Moreover, SSH is a flexible protocol that allows requiring multiple forms of authentication for access and choosing different encoding algorithms.
For using SSH protocol SSH Server and SSH Client is needed. SSH Server accepts connections from client hosts (SSH Clients), performs their authentification and start serving the authorized clients. SSH Client is used for access and management of the remote device.
InfiNet Wireless devices has built-in SSH Server and SSH Client functionality.
sshd command (SSH Server)
Built-in SSH Server (SSH daemon) configuration is performed using “sshd” command.
Syntax:
sshd -window=SIZE
sshd -keepalive=TIME
sshd -banner=on | off
sshd -log-level={emerg | alert | crit | error | warning | notice | info | debug | LEVEL}
sshd -algo-list
sshd -kex-algos=ALGO-LIST
sshd -hostkey-algos=ALGO-LIST
sshd -cipher-algos=ALGO-LIST
sshd -hash-algos=ALGO-LIST
sshd -comp-algos=ALGO-LIST
sshd -auth-methods[=AUTH-METHODS-LIST]
sshd start
sshd stop
sshd newkeys
sshd pub[key] {sh[ow] | cl[ear] | de[lete] N}
sshd pub[key] {in[stall] | im[port] [LOGIN[:PASSWORD]@]HOST/FILE} [COMMENT]
By default, the SSH Server is disabled. To start/stop the server “sshd start”/ “sshd stop” commands are executed.
When first-time started SSH Server generates DSS and RSA Host Keys to be used for public key based authentication of the SSH Server. Compulsory Host Keys re-generation is possible at any time by typing “sshd newkeys” command.
When started, SSH Server accepts authorization requests from SSH Clients.
Access to the device via SSH protocol may be limited by using "$ACLOCAL" access control list. When "$ACLOCAL" list is configured on the device SSH Server rejects all connection attempts from SSH Clients with IP-address or networks that are not present in the list. More information about "$ACLOCAL" list can be achieved in Access Control Lists section of this manual.
The following SSH Server options are available for management:
- "-window=SIZE" - allows changing SSH Server internal receiving window size in bytes. SSH Server window size defines maximum allowed bandwidth for “SSH Client - SSH Server” data channel. By default, SSH Server window size is 24576 bytes.
- "-log-level={emerg | alert | crit | error | warning | notice | info | debug | LEVEL}" – allows choosing logging levels of the SSH Server service information that will be written into the system log (to manage system log please use “sys log” command). Different levels of logging can be chosen by “emerg”, “alert”, “crit”, “error”, “warning”, “notice”, “info”, “debug” parameters or specified by the number of the needed level (from 0 to 7) using numeric “LEVEL” parameter. By default, “info” (6th level) is chosen.
- "-keepalive=TIME" - sets session activity check duration period in seconds. By default server doesn’t make activity check (“0” value).
- "-banner=on/off" – shows/hide IW WANFleX SSH login banner.
Options for SSH algorithms management:
- "-algo-list" – shows a list of all available SSH algorithms for key exchange (kex), authentification (host key), data encoding, data verification (hash) and data compression (compress)
- "-kex-algos=ALGO-LIST" - allows choosing kex algorithms from the list of algorithms (-algo-list) to be used in SSH key exchange process
- "-hostkey-algos=ALGO-LIST" - allows choosing host key algorithms from the list of algorithms (-algo-list) to be used in SSH Server-Client authentification process
- "-cipher-algos=ALGO-LIST" - allows choosing cicpher algorithms from the list of algorithms (-algo-list) to be used in SSH data encoding
- "-hash-algos= ALGO-LIST" - allows choosing hash algorithms from the list of algorithms (-algo-list) to be used in SSH data verification
- "-comp-algos=ALGO-LIST" - allows choosing compression algorithms from the list of algorithms (-algo-list) to be used in SSH data compression.
Authentication of SSH Clients
By default, SSH Clients are authorized by SSH Server after typing a valid password. However, password authentication may be not enough to provide the needed security level. InfiNet Wireless devices have several built-in SSH authentication methods that are managed by “sshd pubkey” and “sshd -auth-methods” commands.
“Sshd pubkey” command allows enabling public key based authentification of SSH Clients. In the Public key authentication mode SSH Server authorize SSH Client bypassing password login procedure. This mode is enabled automatically once a public key of the SSH Client is cached in SSH Server’s registry.
To upload SSH Client’s public key into the SSH Server registry from a remote FTP server use the following command:
Code Block | ||||
---|---|---|---|---|
| ||||
sshd pubkey import [LOGIN[:PASSWORD]@]HOST/FILE [COMMENT] |
- "HOST" – is an IP-address of the remote FTP server
- "FILE" - is a file containing SSH Client’s RSA/DSS public key in OpenSSH or SSH2 format. If login and password are set on the remote FTP server they should be specified as “LOGIN” and “PASSWORD” parameters in the command syntax.
- "COMMENT" - parameter allows adding a comment to the public key entry in the SSH Server list of clients public keys. By default, a comment with clients IP-address or FTP IP-address from where the key was obtained is added.
The other way to cash SSH Client’s public key in the SSH Server registry is to perform a password authentification of the SSH Client and then type the following command on the SSH Server:
Code Block | ||||
---|---|---|---|---|
| ||||
sshd pubkey install [COMMENT] |
By doing this SSH Server will save a public key of the connected SSH Client. Usage of the “COMMENT” parameter here is the same as it is in the “sshd import” command described above.
- “Sshd show” command shows SSH Client’s public keys that are registered in the SSH Server list.
- ”Sshd clear” command deletes all the SSH Client’s public keys from the SSH Server.
- ”Sshd delete N” command deletes a certain SSH Client’s public key from the SSH Server list. Parameter “N” – is an index of the key in the list.
- “Sshd -auth-methods” command allows viewing available authentification methods and choosing them for using in authentification process.
To view all available authentification methods please type:
Code Block | ||||
---|---|---|---|---|
| ||||
sshd -auth-methods |
To choose which of them to use:
Code Block | ||||
---|---|---|---|---|
| ||||
sshd -auth-methods=AUTH-METHODS-LIST |
Where “AUTH-METHODS-LIST” is a list of authentification methods allowed for using. To enable all authentification methods you can use “all” value for “AUTH-METHODS-LIST” parameter (set by default).
Example,
The following command prohibits using password authentification allowing only “Public key” method.
Code Block | ||||
---|---|---|---|---|
| ||||
sshd -auth-methods=publickey |
sshc command SSH Client
Built-in SSH Client configuration is performed using “sshc” command.
Syntax:
sshc [options] [LOGIN@]HOST [REMOTE-COMMAND]
- Options:
- window=SIZE
- keepalive=TIME
- compress, -C
- bind-addr=ADDR, -b ADDR
- pubkey-show
- pubkey-new=BITS
- pubkey-clear
- pubkey-export=[LOGIN[:PASSWORD]@]HOST/FILE
- algo-list
- kex-algos=ALGO-LIST
- hostkey-algos=ALGO-LIST
- cipher-algos=ALGO-LIST, -c ALGO-LIST
- hash-algos=ALGO-LIST, -m ALGO-LIST
- comp-algos=ALGO-LIST.
To connect to the remote device (with SSH Server running on it) using SSH Client type the following command:
Code Block | ||||
---|---|---|---|---|
| ||||
sshc [options] [LOGIN@]HOST [REMOTE-COMMAND] |
- "LOGIN" - a login user name for remote device (maybe omitted when default logging name is used on the remote device)
- "HOST" - an IP-address of a remote device
- "REMOTE-COMAND" - parameters defines a command that should be executed on the SSH Server after successful login.
The following SSH Client «options» are available:
- "window=SIZE" - allows changing SSH Client internal receiving window size in bytes. SSH Client window size defines maximum allowed bandwidth for “SSH Server - SSH Client” data channel. By default, SSH Client window size is 24576 bytes.
- "keepalive=TIME" - sets a frequency of sending compulsory session activity confirmations to the server. This allows not to loose the session to the server when SSH Client leaved unused for a long time period. By default, SSH Client doesn’t send any special activity confirmations (“0” value). Measured in seconds.
- "compress, -C" – enables data compression.
- "bin-addr=ADDR" (short form: -b ADDR) – sets source IP-address of the SSH packets. This source IP-address substitutes the default sending interface's IP-address field of the SSH packets.
“Options” for Public key management:
- "pubkey-new=BITS" – generates new DSS and RSA SSH Client’s public keys. “BITS” parameter should be specified as a key size in bits (possible values: 512-4096). For example, the following command generates RSA and DSS 512 bits public keys:
Code Block | ||||
---|---|---|---|---|
| ||||
sshc –pubkey-new=512 |
- "pubkey-show" – shows generated public keys
- "pubkey-export=[LOGIN[:PASSWORD]@]HOST/FILE" – exports public keys from SSH Client to a file on the remote FTP server.
- "pubkey-clear" – deletes public keys on SSH Client.
Options for SSH algorithms management:
- "algo-list" – shows a list of all available SSH algorithms for key exchange (kex), authentification (host key), data encoding, data verification (hash) and data compression (compress).
- "kex-algos=ALGO-LIST" - allows choosing kex algorithms from the list of algorithms (-algo-list) to be used in SSH key exchange process.
- "hostkey-algos=ALGO-LIST" - allows choosing hostkey algorithms from the list of algorithms (-algo-list) to be used in SSH Server-Client authentification process.
- "cipher-algos=ALGO-LIST" (short form "-c ALGO-LIST") - allows choosing cicpher algorithms from the list of algorithms (-algo-list) to be used in SSH data encoding.
- "hash-algos=ALGO-LIST" (short form "-m ALGO-LIST") - allows choosing hash algorithms from the list of algorithms (-algo-list) to be used in SSH data verification.
- "comp-algos=ALGO-LIST" - allows choosing compression algorithms from the list of algorithms (-algo-list) to be used in SSH data compression.
For compulsory interruption of the SSH Client’s session (for example, if SSH Server is not responding to SSH Client’s requests) please use the following key sequence: <Enter>~. (on the keyboard, firstly, press «Enter» key, then «~» key, then «.» key).
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
sshc -C root@1.2.3.4 |
This command will try to connect SSH Client to the SSH Server located on the host with IP-address 1.2.3.4 under “root” login user name and enable compression of the data flow.
ipstat command (IP-statistics)
IP statistics gathering module.
Syntax:
ipstat enable [incoming|outgoing|full] [detail] [SLOTS] | disable
ipstat clear
ipstat traf [detail] [bytes | total_bytes]
ipstat fixit | fixget | fixclear
ipstat strict | -strict
ipstat add [intf] rule...
ipstat del N
ipstat rearrange [N]
The IP statistics gathering module provides for collecting information on data flows traversing the router, for further analysis and/or for accounting.
Information is accumulated in the router's RAM memory as a series of records having three fields: source address, destination address, number of bytes transferred. By default, only outgoing packets are counted, at the moment they are sent to a physical interface. One record takes 12 bytes.
The maximum number of records is specified by the “SLOTS” numeric parameter of an “ipstat enable SLOTS” command; it shall not exceed the size of memory available. By default the number of records is 1000; typically it's sufficient for recording 15 to 20 minutes of operation of a client unit.
Accumulated information is displayed on the current terminal (or rsh session) using the following commands:
- "ipstat enable [incoming|outgoing|full] [detail] [SLOTS] |" - disable – enables/disables ip statistics gathering. It can allow gathering only incoming/outgoing or full (both) data flows. Detail option switch on detailed ip statistics gathering including ports and protocols information. "SLOTS" option allows setting the maximum number of rows in the ipstat table
- "ipstat clear" - clear accumulated statistical info.
If the record table in the router memory overflows, or if there is not enough memory currently available, an appropriate warning is written into the system log, and further statistical data are discarded. If the “ipstat strict” option has been specified, then at the overflow condition the transit routing is disabled, but the router still responds to any protocol.
To get the gathered statistic info remotely one can use the following commands:
- "ipstat fixit" - dumps the currently collected info from the router's memory into an intermediate buffer. The memory is cleared, and continues receiving info over again
- "ipstat fixget" - shows the content of the dump buffer. This command may be executed any number of times, with no damage to the dumped statistical info
- "ipstat fixclear" - clears the temporary dump buffer.
The listing of statistical info provides:
- time elapsed since the previous "clear" operation
- number of records effectively used, and total record space available
- number of bytes lost due to record memory overflow list of all records.
The "ipstat add [ifname] rule" command makes it possible to filter packets for statistic gathering, taking into account only those packets which satisfy the rule. The syntax of the "rule" parameter is the same as defined in the "ipfw" command description.
The "ipstat del N" command deletes the N-th rule from the list of rules.
The "ipstat rearrange N" command renumbers all the ipstat rules with the given increment (default step is 1).
The "ipstat traf [detail] [bytes | total_bytes]" allows for visually inspecting statistics collection process in real time. Detail option switch on detailed ip statistics gathering including ports and protocols information. "Bytes(/total_bytes)" option sort ipstat output according to the number of transmittered bytes in the moment(/bytes transmitted for the whole period).
This is the script for the reliable device statistics receiving with "rsh" command usage:
Code Block | ||||
---|---|---|---|---|
| ||||
#!/usr/bin/perl -w for(;;) { my $stat; do { $stat = system("rsh -t 30 -n -l root IWR_IP ips fixit >/dev/null"); if(int($stat) != 0) { sleep(5); } } while (int($stat) != 0); do { $stat = system("rsh -t 30 -n -l root IWR_IP ips fixget >stat.tmp"); if(int($stat) != 0) { sleep(5); } } while (int($stat) != 0); do { $stat = system("rsh -t 30 -n -l root IWR_IP ips fixclear >/dev/null"); if(int($stat) != 0) { sleep(5); } } while (int($stat) != 0); system("cat stat.tmp >>stat.txt"); sleep(300); } |
sflowagent (Sflow Agent)
Sflow Agent is a realization of a standard Sflow protocol agent.
Syntax:
Available commands are:
sta[rt] Start Sflow agent
sto[p] Stop Sflow agent
wi[pe] Stop Sflow agent and clean all configuration
add[instance] 'name' Add instance (default 'ipstat')
del[instance] 'name' Delete instance (default 'ipstat')
stat 'name' Show statistics for instance (default 'ipstat')
cl[earstat] 'name' Clear statistics for instance (default 'ipstat')
Available options are:
collector=IPaddress[:port] Set collector address
agent=IPaddress Set agent address (default 0.0.0.0)
maxpacket=size Set maximal datagram size (default 1500)
interval=number Set statistics recieve interval, in seconds (default 5)
datagrams=number Set datagrams per statistics interval (default 100)
rawheader={on|off} Sends original ipV4 headers (default off)
debug={on|off} Puts debug output to log (default off)
version -v Display Version
"Sflow" protocol for monitoring computer networks. It is commonly used by Internet Providers to capture traffic data in switched or routed networks. "Sflowagent" command allows configuration of Sflow agent on the device.
- "sflow sta[rt]" – starts Sflow agent
- "sflow sto[p]" – stops Sflow agent
- "sflow wi[pe]" – stops Sflow agent and clears its configuration
- "sflow add[instance] ‘name’" – adds statistics gathering component (if ‘name’ parameter is not specified then ‘ipstat’ component will be used)
- "sflow del[instance] ‘name’" – deletes statistics gathering component (if ‘name’ parameter is not specified then ‘ipstat’ component will be used)
- "sflow stat ‘name’" – shows statistics for a component (if ‘name’ parameter is not specified then ‘ipstat’ component will be used)
Command output
Center | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
- "sflow cl[earstat] ‘name’" – clears statistics for a component (if ‘name’ parameter is not specified then ‘ipstat’ component will be used)
- "sflow collector=IPaddress[:port]" – sets address of a collector that process sflow-packets. Default port is 6343
- "sflow -agent=IPaddress" – sets agent's own address (device)
- "sflow -maxpacket=size" – sets maximum size of a Sflow-packet in bytes. 1472 bytes by default. Upper bound is limited by hardware and operational system capabilities. In case of its exceeding packet size will be decreased to acceptable value.
- "sflow -interval=number" – time in seconds equal to interval with which statistics is delivered from instance. Increasing of this parameter leads to increasing in overall system efficiency but in case of unexpected network activity splash data could be lost. 15 seconds by default.
- "sflow -datagrams=number" - maximum number of datagrams between times of receiving statistics from instance. The increase of this parameter leads to the decrease in datagram average size and increases in theoretical number of delivered statistics data. Reduces the load on the CPU but in the same time reduces overall system efficiency. However, reducing of system efficiency doesn’t happen with low traffic. It is recommended to increase this parameter when decreasing maxpacket parameter and/or when increasing interval parameter. 100 by default. Maximum flow: sflow= datagrams/interval* maxpacket, (Bytes/sec)
- "sflow -rawheader={on|off}" – sends original ipV4 headers in spite of statistics data (off by default). Used for compliance with traffic monitoring programs
- "Sflow -debug={on|off}" – puts statistics information to log.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
ipstat enable full detail 3000 # starting the process of gathering statisticssflow add ipstat # adding gathering component sflow -collector=1.2.3.4 start # starting process of processing the statistics |
acl command (Access Control Lists)
Anchor | ||||
---|---|---|---|---|
|
Syntax:
acl add $NAME TYPE params...
acl del $NAME [params...]
acl ren $NAME1 $NAME2
acl flush
Possible TYPES: net num
Predefined ACL names: $ACLOCAL - Hosts (networks) permitted to configure the device.
Command description
While network planning you may often need to group similar parameters in lists which can be used for different filters (e.g. ipfw, qm, ipstat). Access control lists (ACL) can effectively solve this problem.
acl add command creates an access list of NAME title and TYPE type. Lists names MUST start with $ symbol and can include up to 7 letters, digits and other symbols excluding spaces and semicolon. At the same time the command can contain several parameters of TYPE type which will be included in the list. If the list with this name has been already created listed parameters will be attached to this list.
- "acl del" command deletes specified parameters from the NAME list. If none of parameters are mentioned all list will be deleted
- "acl rename" command changes list's name from NAME1 to NAME2
- "acl flush" command deletes all lists.
Accepted list types (TYPE):
- net - contains network addresses in dot format
- xxx.xxx.xxx.xxx or xxx.xxx.xxx.xxx/MASK_LENGTH or
- xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
Lists of net type optimize their parameters by excluding duplicates and by having the feature that enables bigger networks include smaller networks. For example, if the list contained 1.1.1.1 parameter, when you include 1.1.1.0/24 parameter in the list 1.1.1.1 will be excluded.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
acl add $LIST1 net 10.0.0.0/8 192.168.0.0/16 5.5.5.5 acl del $LIST1 5.5.5.5 |
Reserved access lists:
- "$ACLOCAL" – reserved list for access limitation to the device via Telnet, FTP, HTTP and SSH protocols. Having "$ACLOCAL" access list in the configuration all attempts to establish a connection with the device from addresses (networks) that are not in this list will be rejected.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
acl add $ACLOCAL net 10.0.0.0/8 192.168.0.0/16 |
Sntp command
SNTP parameters management.
SNTP support developed in WANFleX lets the system to synchronize the time with configured NTP server using fourth version of SNTP protocol RFC 2030.
Client works in unicast server request mode in certain time range.
Syntax:
sntp [options] [command]
Commands are the following:
- "start" - start service
- "stop" - stop service.
Options are the following:
- "server={ipaddr}" - set sntp server address
- "interval={seconds}" - specify poll interval in seconds
- "debug={on|off}" - enable/disable debug information
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
sntp -interval=3600 -debug=on sntp -server=9.1.1.1 start |
Commands:
- start
Make the process of time synchronization active.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
sntp start |
- stop
Stop the process of time synchronization.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
sntp stop |
Parameters:
The parameters can be set using any sequence with or without the command itself.
- server
Using server parameter you can set the IP-address of your NTP server.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
sntp -server=9.1.1.1 |
- interval
Using interval parameter one can set the time value (in seconds) defining client's periodicity of NTP server requesting. 3600 by default.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
console> sntp -interval=5000 |
- debug
This parameter enables/disables printing of debugging information (packets) in the system log of WANFleX OS.
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
sntp -debug=on sntp -debug=off |
date command
Date and time management.
This command shows or sets the date and time in WANFleX system. While setting the date and time not only kernel clock is being changed but hardware clock changes its value either (if the device supports this feature).
Syntax:
date [[[[[cc]yy]mm]dd]HH]MM[.ss]]
- "cc" - Century (is added before Year)
- "yy" - Year in abbreviated form (i.e. 89 for 1989, 05 for 2005)
- "mm" - Month in numeric form (1 to 12)
- "dd" - Day (1 to 31)
- "HH" - Hour (0 to 23)
- "MM" - Minute (0 to 59)
- "ss" - Second (0 to 61 - 59 plus maximum two leap seconds).
Example,
Code Block | ||||
---|---|---|---|---|
| ||||
date 200402100530.04 Tue Feb 10 05:30:04 2004 |
Code Block | ||||
---|---|---|---|---|
| ||||
date Tue Feb 10 05:30:10 2004 |
erp command (Emergency Repair Procedure)
ERP (Emergency Repair Procedure) utility allows restoring lost system password to the device.
Syntax:
erp [options] [command]
- Options:
- "serial <n>" - device serial number
- "code <c>" - special ERP code
- "ip <address>" - IP-address of device’s Ethernet interface
- "mask <mask>" - net mask of device’s Ethernet interface.
- Command:
- "boot" - speeds up device boot
- "reset" - resets device configuration including system user name and password. Serial number and special ERP-code must be specified
- "ifup" - turns up device's Ethernet interface (eth0) and adds IP-address and net mask alias to it. Serial number, IP address and net mask should be specified. If command is not specified, then it's assumed the 'boot' command.
How it works
To do Emergency Repair Procedure one needs two InfiNet Wireless devices. First device is a device which should be repaired (device “a”), second – device on which ERP utility will be run to repair the first device (device “b”). Both of the devices should be connected to the same Ethernet segment via their Ethernet interfaces. Device “b” should have no “switch local tag <х>” option configured on its Ethernet interface.
Procedure:
On the device “b” run ERP utility with “-serial <n>” option, where n – is a serial number of the device which should be repaired (device “a”)
Code Block language java theme DJango erp –serial <n>
Example,
Code Block language java theme DJango erp –serial <36696>
ERP will come to “hearing” mode waiting for device “a” to reboot.
- Reboot device which should be repaired (device “a”) by disabling power and enabling it again. For example, by disconnecting and connecting again service cable on the IDU.
- After device “a” is rebooted, on device “b” ERP will show «Sequence» parameter value and serial number of device “a”. Please contact InfiNet Wireless tech support and provide these values.
- In return tech support will give you special ERP-code and new password for device “a”.
On device “b” run the following ERP command:
Code Block language java theme DJango erp –serial <n> -code <c> reset
n – is a serial number of the device which should be repaired (device “a”)
c – is special ERP-code received from tech support
- Reboot device “a” again
- ERP utility will reset login, password and configuration on device “a” to default (use any characters as default login and password).
Login to device “a” with any non-blank username and password and issue the following command:
Code Block language java theme DJango config save
- Login device “a” with a serial number as a user name and a new password that was received from tech support.
To change IP-address on Ethernet interface of a device “a” from device “b” without login to device “a”:
Code Block | ||||
---|---|---|---|---|
| ||||
erp –serial <SERIAL> -ip <address> -mask <mask> ifup |
aaa (access control using RADIUS server)
"aaa" module allows access control configuration on the device using remote RADIUS server.
Syntax:
aaa [options] [command]
- Options:
"auth=ip[:port],secret[,identifier]" - sets parameters to access remote RADIUS server
"remove=ip[:port]" - removes information about a RADIUS server from the configuration of the unit
- "debug={on|off}]" - enables/disables "aaa" module service information system log.
- Commands:
- "start" - start service
- "stop" - stop service
Whenever the debug mode is activated on a device that uses "aaa" access authentication via the remote RADIUS server, the authentication debug info is displayed on the local console to verify the settings.
The output has the following parameters:
Center | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
license
This command manages operations with a license file on the device.
Syntax:
license [options]
- Options:
File-name is the name of the file containing the information transferred. The file name shall be specified in full, in the format of the remote server's file system. IP-address is the IP_address of the remote server.
Examples,
Code Block | ||||
---|---|---|---|---|
| ||||
li --export=ftp://ftp_login:ftp_password@192.168.145.1/license_file li --show |
dport
Syntax:
dport BAUD
This command sets a bitrate of the console port. Available values are: 9600, 19200, 38400, 57600, 115200 Bit/sec. Default value is 38400 Bit/sec.
mem
Syntax:
mem
This command show statistics for allocated device memory, network buffers, queues and drops on interfaces. Command output is described in the picture below.
Center | |||||
---|---|---|---|---|---|
|
grep command
Grep is a console output filtering utility. It filters a command output with lines containing a match to the given regular expression.
Warning | ||
---|---|---|
| ||
This command is not available on the H01/H02 platforms. |
Syntax:
grep [OPTIONS] [-e]PATTERN "command"
or
command | grep [OPTIONS] [-e]PATTERN
- Options:
- "e PATTERN" --regexp=PATTERN
- "i" -- ignore-case
- "v" -- invert-match
- "w" -- word-regexp
- "x" -- line-regexp
- "c" -- count
- "m NUM" -- max-count=NUM
- "n" -- line-number
- "A NUM" -- after-context=NUM
- "B NUM" -- before-context=NUM
- "C NUM" -- context=NUM
Grep utility searches the output of the given command for lines matching the given PATTERN and displays the result.
When used with “-e” option ("-e PATTERN" or "--regexp=PATTERN") allows searching a PATTERN that begins with dash sign (-).
To ignore case distinction between capital and lowercase letters while searching "–i" (or "--ignore-case") option is used.
To perform the invert filtering, i.e. find non-matching lines, "-v" (or "-invert-match") option is used.
To find and display only those lines that matches only the whole world (-w) or line (-x) the corresponding options are used.
To count the number of the result lines (matching or non-matching if used together with "–v" option) "–c" option is used. Result lines themselves are not displayed.
The "–m" option (-m NUM) stops search after the specified number of matching lines.
All the command output lines are index numbered starting from 1. To show the matching lines with their index numbers "–n" option is used.
The "–A NUM", "-B NUM" and "–C NUM" options are used to print the specified number (NUM) of nearby lines after, before or after and before the matching lines correspondingly. When using these options each matching line in the grep output will be printed together with the specified number of the nearby lines separated from other matching entries with a special line (---).