Home  Prev  cOS Stream 4.00.05 CLI Reference Guide  Next

2.3. Utility

2.3.1. backup

Handles configuration/system backup.

Description

Backup, restore, or revert the status of current system.

There are different types of backups: partial system backups, which only stores system configuration data, and complete system backup, which stores both the system software and configuration data. The configuration and/or software data is stored to a single backup file on the device as they are created. Backup files may also be transferred to the device remotely.

Using the restore command option, backup files can be used to restore the configuration and/or software from a previously backed up state. Following a backup restore, it is possible to revert to the previous configuration and/or software using the revert command option. Note that performing a complete system restore or complete system revert will require the system to be restarted.

Performing a factory reset will reset the configuration and/or software to the factory defaults of the device. Please consult the administrators guide before using this option.

Example 2.18. List all backup files

Device:/> backup
(command output)
Device:/> backup -list
(command output)

Example 2.19. Perform a partial (configuration only) system backup and restore

Device:/> backup -create configuration_backup.bkp
Backup file "configuration_backup.bkp" created
(command output)
Device:/> backup -restore configuration_backup.bkp
(command output)
Backup restore successful using "configuration_backup.bkp"
Changes must be activated and committed to be applied

Example 2.20. Perform a complete system backup and restore

Device:/> backup -create complete_backup.bkp -system
Creating full system backup. This may take some time...
Backup file "complete_backup.bkp" created
(command output)
Device:/> backup -restore complete_backup.bkp -system

This will restore the system backup "complete_backup.bkp". On 
completion the system will be rebooted.
Are you sure you want to restore the system backup? [yes/no]:
(command output)

Example 2.21. Revert the system following a partial system restore

Device:/> backup -revert
(command output)
Revert successful
Changes must be activated and committed to be applied

Example 2.22. Revert the system following a complete system restore

Device:/> backup -revert
This will revert the system to the point BEFORE the last backup 
restore. On completion the system will be rebooted.
Are you sure you want to revert the system? [yes/no]
(command output)

Example 2.23. Deleting backup files

Device:/> backup -delete backupfile.bkp
Removed simplebackup.bkp successfully.
Device:/> backup -delete backupfile-???.bkp
Removed some files successfully.
Device:/> backup -delete backupfile-2015*.bkp
Removed some files successfully.
Device:/> backup -delete all
Removed all files successfully.

Example 2.24. Perform a partial factory reset (configuration only)

Device:/> backup -factoryreset
This will reset the configuration (but not the firmware) to factory 
default.
This change is not reversible.
Are you sure you want to continue? [yes/no]: 
(command output)

Example 2.25. Perform a complete factory reset

Device:/> backup -factoryreset -system
This will reset the whole system (both firmware and configuration) to 
factory default.
This change is not reversible.
Are you sure you want to continue? [yes/no]:
(command output)

Usage

backup -list
List backup files.
backup -create [<create filename>] [-system] [-force]
Create backup.
backup -restore <restore filename> [-force] [-reboot]
Restore backup.
backup -delete <delete filename>
Delete backup.
backup -revert
Revert applied restore.
backup -factoryreset [-system] [-force]
Reset the configuration or system to default.
backup
List backup files.

Options

-create
Create backup.
-delete
Delete backup files ['all' deletes all files].
-factoryreset
Reset configuration and/or system to the factory defaults. Please consult the administrator guide before using this option.
-force
Force continue (never prompt).
-list
List backup files.
-reboot
Reboot the firewall and load the backup file.
-restore
Restore backup.
-revert
Revert applied restore.
-system
Full system backup.
<create filename>
Name of the backup file to create.
<delete filename>
Backup file to delete. (Matching: *.bkp)
<restore filename>
Backup file to restore. (Matching: *.bkp)
[Note] Note
Requires Administrator privileges.

2.3.2. certmgr

Certificate management.

Description

Manages certificate retrieval and updates.

An example of a "subject" string:
CN=name,O=organization,C=country

An example of a "subjectAltName" string:
172.22.36.1,fc01:2002::1,email@somewhere.com,fqdn.network.org

Usage

certmgr -initiate -clientcert=<Certificate> -username=<String>
        -password=<String> -subject=<String>
        [-subjectAltName=<String>] [-hex]
Initiate certificate fetching from a CA.
certmgr -update -clientcert=<Certificate>
Update an existing valid certificate.
certmgr -revoke -clientcert=<Certificate> [-password=<String>]
        [-hex]
Revoke an existing valid certificate.

Options

-clientcert=<Certificate>
Client certificate to install or update.
-hex
If the username and password are hex values.
-initiate
Fetch a new certificate.
-password=<String>
Password used when fetching a certificate from the CA.
-revoke
Revoke an existing valid certificate. (Admin only)
-subject=<String>
The X509 subject name for the certificate Template.
-subjectAltName=<String>
List of alternate names (FQDN, IP literal or email) for the certificate Template.
-update
Update an existing valid certificate.
-username=<String>
Username used when fetching a certificate from the CA.

2.3.3. cloudconfig

Display Openstack config drive contents. (NOTE: Command not available when running as a container)

Description

This command is used to display Openstack config drive contents.

Usage

cloudconfig -show <filename> [-nopages]
Show config drive file contents.
cloudconfig
Display config drive availability.

Options

-nopages
Display information without paging. (Admin only)
-show
Show config drive contents. (Admin only)
<filename>
File to display. (Admin only)

2.3.4. crashdump

Manage application crash dumps.

Description

The crashdump command is used to manage crashdump files. Crashdump files are binary files created if the system or subsystem crashes. They hold information on the state of the system at the time of the crash.

Example 2.26. List all crashdump files

Device:/> crashdump
(not shown here)
Device:/> crashdump -list
(not shown here)

Example 2.27. Delete a single crashdump file

Device:/> crashdump -delete 2016-04-21_13.54.25_dhcpserver.dump
(not shown here)

Example 2.28. Delete a crashdump file using wildcards (*?[])

Device:/> crashdump -delete 2014-11-16_12.??.??_dhcpserver.dump
(not shown here)
Device:/> crashdump -delete *_dhcpserver.dump
(not shown here)

Example 2.29. Delete all crashdump files

Device:/> crashdump -delete all
(not shown here)

Usage

crashdump
List all crash dump files.
crashdump -list
List all crash dump files.
crashdump -delete {ALL | <filename>}
Delete crash dump file(s).

Options

-delete
Delete crash dump files. (Admin only)
-list
List stored crash dump files.
{ALL | <filename>}
Name of crashdump file to delete ['all' deletes all files]. (Admin only)

2.3.5. dconsole

View Diagnostic messages generated by the system.

Description

The diagnostic console is used to help troubleshooting internal problems within the firewall.

Using date, severity,app and category options it is possible to filter the diagnostic messages. Setting a date limit will only show entries from this date and forward. Setting Category(s) only will show entries with the specified Category(s).The categories will be the same as is used for logging. Setting a app(application name) will show only entries with the specified application. Setting severity will show only entries with specified severity and higher. Severity levels are (in order precedence from highest to lowest): Critical, High, Info(Informational) and Debug.

Aborting the dconsole command can be by pressing CTRL-C. Using CTRL-C will also terminate all other running CLI commands.

Usage

dconsole
Show all Dcon log entries.
dconsole -show [-severity={CRITICAL | HIGH | INFO | DEBUG}]
         [-app=<String>] [-category=<String>] [-date=<String>]
Show Dcon log entries.
dconsole -clean
Clears the event message list and removes event message disk file.
dconsole -flush
Flushes the event message list to disk.

Options

-app=<String>
Only show entries with specified application.
-category=<String>
Only show entries with the specified message category(s).
-clean
Clears the event message list and removes event message disk file.
-date=<String>
YYYY-MM-DD. Only show entries from this date and forward.
-flush
Flushes the event message list to disk.
-severity={CRITICAL | HIGH | INFO | DEBUG}
Only show entries with the specified severity and higher.
-show
Filter Dcon log entries.

2.3.6. echoserver

IP echoserver.

Description

The echo server functionality is used to receive, interpret and echo back IP packets. The rules that are set up when enabling the echo server can be listed using the 'ruledb' CLI command. These rules are among the ones named 'socket'.

IP protocols that are fully supported are the ones listed within the 'protocol' property - there protocol headers are parsed and modified accordingly when echoed back to the sender. It is however possible to set up a echo server for any IP protocol by specifying the IP protocol number and also specifying to use raw IP format.

The echo server statistics that can be listed using '-stats' show the number of received and echoed packets along with the sum of data sizes for received and sent packets. The packet data sizes are counted without packet headers. I.e. for UPD packets it the size of the UPD packet data and for any raw packet it is the size of the data without the IP header.

Usage

echoserver [-ip=<ip addr>] [-iface=<Interface>] [-stats] [-start]
           [-stop] [-verbose] [-ipv6] [-protocol={UDP | ICMP |
           ICMPV4 | ICMPV6 | ANY | <String>}] [-port=<port>]
           [-flowcnt=<n>] [-raw]

Options

-flowcnt=<n>
Maximum number of allowed flows, 0 = unlimited.
-iface=<Interface>
Interface to listen on.
-ip=<ip addr>
Local IP address to listen on.
-ipv6
Listen on IPv6 instead of IPv4 (ip option overrides this one).
-port=<port>
Local port number to listen on.
-protocol={UDP | ICMP | ICMPV4 | ICMPV6 | ANY | <String>}
IP Protocol - supported protocols are predefined but any protocol number 1-254 can be used.
-raw
Raw IP echoing. Must be used for unlisted IP protocols.
-start
Start echo server.
-stats
View statictics.
-stop
Stop echo server.
-verbose
Verbose information.
[Note] Note
Requires Administrator privileges.

2.3.7. ethupdate

List ethernet devices and add new devices to the configuration.

Description

The ethupdate command detects available ethernet interfaces and allows for listing these as well as automatically creating the appropriate EthernetDevice configuration objects.

Usage

ethupdate
List all ethernet devices.
ethupdate -cfgupdate
Update the configuration by adding new ethernet devices.
ethupdate -status
Show status of the ethernet devices configuration.

Options

-cfgupdate
Update the configuration by adding new ethernet devices. (Admin only)
-status
Ethernet devices configuration status.

2.3.8. license

Manage and show information about the license.

Description

Activate a new license, show information about the license, or remove the license.

To activate a new license file, first upload it using scp.

Usage

license
Show information about the license.
license remove
Remove the license.
license activate [<Filename>]
Activate new license.

Options

<Filename>
License file. (Matching: *.lic)
{ACTIVATE | REMOVE}
Specifies which action to take. (Admin only)

2.3.9. log

View log messages generated by the system.

Description

View log messages generated by the system.

This command displays the system log messages. By specifying filter conditions (like 'category', 'action', 'srcip' etc), unwanted log messages can be filtered out. There are two modes, include and exclude mode. By default include mode is used, which means that only the log messages satisfying filter conditions will be shown. Specifying the switch 'excl' will turn on exclude mode. In this case only the log messages not satisfying the filter conditions will be displayed. If the command is already running, users can reset the filter conditions by submitting new ones.

Using 'rate' and 'num' display limits can prevent the console from message flooding. Setting a 'rate' limit will allow the system to show only the specified number of log messages per second, discarding the rest. When a 'num' limit is set, showing is automatically turned off as soon as the amount of log messages displayed reaches the specified limit.

Aborting the log command can be achieved by calling it without arguments or by pressing CTRL-C. Notice that using CTRL-C will also terminate all other running CLI commands.

Example 2.30.  Show logs with different filter conditions setup

Destination IP address ranges from 192.168.1.1 to 192.168.1.254:
System:/> log -on -destip=192.168.1.1-192.168.1.254

Actions is NOT drop:
System:/> log -on -action=drop -excl

Logs containing text "user" and limit to at most 10 logs per second:
System:/> log -on -text=user -rate=10

First 9 logs with category either "IPv4" or "ARP":
System:/> log -on -category=IPV4,ARP -num=9

Usage

log -on [-excl] [-text=<String>] [-regexp=<String>]
    [-category=<String>] [-action=<String>] [-id=<String>] [-tag]
    [-prio=<String>] [-srcip=<ip addr>] [-destip=<ip addr>]
    [-ip=<ip addr>] [-srciface=<Interface>]
    [-destiface=<Interface>] [-iface=<Interface>]
    [-srcport=<Integer Range>] [-destport=<Integer Range>]
    [-rate=<Integer>] [-num=<Integer>] [-event=<String>]
Start displaying log messages, with specified filter conditions. If logging is already enabled, filter conditions will be changed to the new ones specified.
log -off
Stop receiving log messages.
log
Toggle logging on/off.

Options

-action=<String>
Filter on log action, by specifying either one or several actions, separated by ",". A successful match requires that at least one of the specified actions matches the value of the log parameter "action".
-category=<String>
Filter on log category, by specifying either one or several categories, separated by ",". A successful match requires that at least one of the specified categories matches the value of the log parameter "category".
-destiface=<Interface>
Filter on destination interface. The specified interface will be matched against the values of the log parameters "destiface" and "flowrev_recvif".
-destip=<ip addr>
Filter on destination IP address by specifying an IP address or IP address range. The specified IP address will be matched against the values of all log parameters where the name ends with "destip". Ex: "pkt_destip", "flowfwd_destip".
-destport=<Integer Range>
Filter on destination TCP/UDP port by specifying a number or a range. The port number will be matched against the values of log parameters where the name ends with "destport". Ex: "pkt_destport".
-event=<String>
Filter on log Event.
-excl
Exclude mode: Invert the result by showing only log messages that do NOT match all the filter conditions.
-id=<String>
Filter on log ID.
-iface=<Interface>
Filter on interface. The specified interface will be matched against the values of the log parameters "destiface", "flowrev_recvif", "recviface", "srciface", "pkt_recvif" and "flowfwd_recvif".
-ip=<ip addr>
Filter on IP address by specifying an IP address or IP address range. The specified IP address will be matched against the values of all log parameters where the name ends with "ip". Ex: "pkt_srcip", "serverip".
-num=<Integer>
Limit the max number of log messages to show before automatically turning logging off.
-off
Stop displaying log messages.
-on
Start displaying log messages, with specified filter conditions. If logging is already enabled, filter conditions will be changed to the new ones specified.
-prio=<String>
Filter on minimum log priority. A successful match requires the log parameter "prio" to have the same or higher priority level, as the specified priority. For detailed description of priority levels, see the Log Reference Guide.
-rate=<Integer>
Maximum display rate in log messages per second. Additional logs are discarded.
-regexp=<String>
Filter on log text content by regular expression. The specified regular expression will be matched against the entire text content of logs.
-srciface=<Interface>
Filter on source interface. The specified interface will be matched against the values of the log parameters "recviface", "srciface", "pkt_recvif" and "flowfwd_recvif".
-srcip=<ip addr>
Filter on source IP address by specifying an IP address or IP address range. The specified IP address will be matched against the values of all log parameters where the name ends with "srcip". Ex: "pkt_srctip", "flowfwd_srcip".
-srcport=<Integer Range>
Filter on source TCP/UDP port by specifying a number or a range. The port number will be matched against the values of log parameters where the name ends with "srcport". Ex: "pkt_srcport".
-tag
Filter on tagged flows. (Advanced view)
-text=<String>
Filter on log text content. The specified text will be matched against the entire text content of logs. A successful match requires that a log contains the specified text.

2.3.10. pcapdump

Packet capture utility.

Description

Capture, save and view packets.

Example 2.31. Perform packet capture on interface "if1". Packets will be written to a file with an auto-generated name when capture is stopped.

Device:/> pcapdump -start if1
Device:/> pcapdump -stop if1
Stopping packet capture: if1.
Interface  Pkts(In)  Pkts(Out)  Saved to file
---------  --------  ---------  ---------------------------
if1        26        25         if1_2015-01-01_00.00.00.cap

Example 2.32. Perform packet capture on interface "if1". Write the packets to a file called "if1.cap".

Device:/> pcapdump -start if1 -nowrite
Device:/> pcapdump -stop if1
Device:/> pcapdump -write if1 if1.cap

Example 2.33. Perform packet snoop on interface "if1" with filters.

Device:/> pcapdump -start if1 -out -nocap -ipsrc=192.168.0.1 -port=999
#1 >if1 IP 192.168.0.1->192.168.255.255  IHL:20  DataLen:48 TTL:255 Prot
o:UDP
   UDP 999->999  DataLen:40
Device:/> pcapdump -stop if1

Example 2.34. Show the capture status. 

System:/> pcapdump -status
                      PCAP Status

Interface  Mode    Packets(In)  Packets(Out)  Filter
---------  ------  -----------  ------------  ------
if1        Active  27           0        
Explanation of the "Mode" column: 
  "Active" - The interface is being captured.
  "Snoop"  - Packets are being printed out but not captured.
  "Idle"   - Capture has stopped and packets can to be written to storag
e by using "pcapdump -write".

Example 2.35. List the capture files.

Device:/> pcapdump -list

Example 2.36. Show the content of a capture file in hexadecimal format.

Device:/> pcapdump -show if1_2015-01-01_00.00.00.cap -hex

Example 2.37. Remove the capture files and free the memory used by pcapdump.

Device:/> pcapdump -remove

Usage

pcapdump
Show capture status.
pcapdump -status
Show capture status.
pcapdump -list
List capture files in the storage.
pcapdump -start [<interface>] [-eth=<EthernetAddress>]
         [-ethsrc=<EthernetAddress>] [-ethdest=<EthernetAddress>]
         [-ip=<IP>] [-ipsrc=<IP>] [-ipdest=<IP>] [-proto={ICMP |
         IGMP | IPV4 | TCP | UDP | IPV6 | GRE | ESP | AH | ICMPV6 |
         OSPF | MTP | L2TP | SCTP | <Integer Range>}]
         [-port={BOOTPS | BOOTPC | FTP | SSH | TELNET | SMTP | HTTP
         | NTP | SNMP | BGP | HTTPS | <Integer Range>}]
         [-portsrc={BOOTPS | BOOTPC | FTP | SSH | TELNET | SMTP |
         HTTP | NTP | SNMP | BGP | HTTPS | <Integer Range>}]
         [-portdest={BOOTPS | BOOTPC | FTP | SSH | TELNET | SMTP |
         HTTP | NTP | SNMP | BGP | HTTPS | <Integer Range>}]
         [-bufsize=<Integer>] [-count=<Integer>]
         [-snaplen=<Integer>] [-out] [-nocap] [-hex] [-k12]
         [-nowrite] [-verbose]
Start capture with specified filters and limits. If capture is already started, the filters and limits will be changed to the new ones specified.
pcapdump -stop [<interface>]
Stop capture.
pcapdump -show [<interface>] [-filename=<filename>] [-num[={ALL |
         <1...65535>}]] [-hex] [-k12] [-verbose]
Show a brief of captured packets.
pcapdump -write [<interface> [<filename>]]
Write the captured packets to storage.
pcapdump -remove [<interface>] [-filename=<filename>]
Remove the packets captured on an interface, or remove a capture file. If interface and filename are not specified, all captured packets and files will be removed.

Options

-bufsize=<Integer>
The maximum total size (KB) of the packets can be captured on an interface before the capture is stopped automatically. (Default: 128)
-count=<Integer>
The maximum number of the packets can be captured on an interface before the capture is stopped automatically.
-eth=<EthernetAddress>
Ethernet address filter.
-ethdest=<EthernetAddress>
Ethernet destination address filter.
-ethsrc=<EthernetAddress>
Ethernet source address filter.
-filename=<filename>
File name. (Matching: *.cap)
-hex
Display the packets in hexadecimal format.
-ip=<IP>
IP address filter.
-ipdest=<IP>
Destination IP address filter.
-ipsrc=<IP>
Source IP address filter.
-k12
Display the packets in K12 format.
-list
List capture files in the storage.
-nocap
Do not store packets in the buffer.
-nowrite
Do not write the captured packets to storage automatically when the capture stops.
-num[={ALL | <1...65535>}]
Maximum number of entries to show. (Default: 20)
-out
Display realtime packet brief.
-port={BOOTPS | BOOTPC | FTP | SSH | TELNET | SMTP | HTTP | NTP | SNMP | BGP | HTTPS | <Integer Range>}
TCP/UDP port filter.
 
 
-portdest={BOOTPS | BOOTPC | FTP | SSH | TELNET | SMTP | HTTP | NTP | SNMP | BGP | HTTPS | <Integer Range>}
Destination TCP/UDP port filter.
 
 
-portsrc={BOOTPS | BOOTPC | FTP | SSH | TELNET | SMTP | HTTP | NTP | SNMP | BGP | HTTPS | <Integer Range>}
Source TCP/UDP port filter.
 
 
-proto={ICMP | IGMP | IPV4 | TCP | UDP | IPV6 | GRE | ESP | AH | ICMPV6 | OSPF | MTP | L2TP | SCTP | <Integer Range>}
IP protocol filter.
 
 
-remove
Remove packets.
-show
Show a captured packets brief.
-snaplen=<Integer>
Maximum length (in Bytes) of each packet to capture.
-start
Start capture.
-status
Show capture status.
-stop
Stop capture.
-verbose
Display more information.
-write
Write the captured packets to storage.
<filename>
Name of the file to be written to. Leave it empty to use a name automatically generated.
<interface>
Name of interface.
[Note] Note
Requires Administrator privileges.

2.3.11. ping

Ping host.

Description

Sends one or more ICMP ECHO, TCP or UDP packets to the specified IP address of a host. All datagrams are sent preloaded-style (all at once).

The data size -length given is the ICMP or UDP data size. 1472 bytes of ICMP data results in a 1500-byte IP datagram (1514 bytes ethernet).

When -srciface IS NOT specified, the outbound packet is routed using the "main" RoutingTable, unless -routingtable is specified. Once route lookup is done, the packet is always allowed to be sent out, regardless of configured rule sets.

When -srciface IS specified, the system simulates that it has received the packet from -srcip on -srciface and will perform route lookup according to the system configuration (RoutingRules, InterfaceMembership, etc.). Then the packet will be processed according to the configured rule sets.

It's possible to use -v or even -vv to show more information.

Example 2.38. Using TCP to probe network connectivity against a HTTP server.

gw-world:/> ping -tcp server_ip -port=80 -request="GET / HTTP/1.0\n\n"

Example 2.39. Using ICMP simulation to troubleshoot connectivity from an endpoint on the LAN network to a server on the WAN network.

gw-world:/> ping server_ip -srcip=ip-of-lan-endpoint -srciface=lan -vv

Usage

ping <host> [-sharedip] [-srciface=<interface>]
     [-srcip=<ip address>] [-iface=<interface>]
     [-routingtable=<table>] [-num=<1...10>] [-length=<4...59948>]
     [-v] [-verbose] [-vv]
Send an ICMP ping.
ping -udp <host> [-sharedip] [-srciface=<interface>]
     [-srcip=<ip address>] [-routingtable=<table>] [-num=<1...10>]
     [-length=<4...59948>] [-srcport=<1...65535>]
     [-port=<1...65535>] [-v] [-verbose] [-vv]
Send a UDP ping.
ping -tcp <host> [-iface=<interface>] [-srciface=<interface>]
     [-srcip=<ip address>] [-routingtable=<table>]
     [-port=<1...65535>] [-request=<String>] [-v] [-verbose] [-vv]
     [-num=<1...10>] [-srcport=<1...65535>]
Send a TCP ping.

Options

-iface=<interface>
Interface to send on when using an IPv6 link-local address as destination.
-length=<4...59948>
Packet size. (Default: 4)
-num=<1...10>
Number of packets to send. (Default: 1)
-port=<1...65535>
Destination port of UDP or TCP ping. (Default: 7)
-request=<String>
Request to send to the host. It is not possible to combine this with the 'srciface' option. (Default: ping)
-routingtable=<table>
Route using named routing table. It is not possible to combine this with the 'srciface' option.
-sharedip
Send ping using shared IP/MAC (HA).
-srciface=<interface>
Pass packet through the rule set, simulating that it was received by <srciface>.
-srcip=<ip address>
Use this source IP.
-srcport=<1...65535>
Source port of UDP or TCP ping.
-tcp
Send a TCP ping. When 'srciface' is not specified, the system will try to establish a TCP connection with the host and send data through the connection. When 'srciface' is specified, the system will simulate and send a TCP SYN packet to the destination.
-udp
Send a UDP ping.
-v
Alias for 'verbose' option.
-verbose
Verbose (more information).
-vv
More verbose.
<host>
IP address of host to ping.
[Note] Note
Requires Administrator privileges.

2.3.12. script

Run and manage script files.

Description

The script command can be used to create, run and manage scripts.

Configuration script files are files that consists of CLI configuration commands, one per line. Script file comment lines begin with the character '#'. Arguments to scripts are available by variable substitution, where '$0' is replaced by the script file name and the variables $1-$N are replaced by the supplied arguments. Escaping the '$' sign is done as '\$'.

All or parts of the current running configuration that are not read-only can be created as a script file and either displayed to the console or stored to disk. When selecting to create a script of parts of the configuration this can be done with the granularity of object category e.g. [Address], object class e.g. IPAddress or a single object.

When a script is created from the configuration it will include any uncommitted objects. I.e. it is possible to create script files of changes without committing them to the system first.

Script files are transfered to and from the device by using the SCP protocol. On the device, script files must be stored in the "/scripts" folder in order for the script command to make use of them.

When adding or changing configuration objects using a script file it is possible to do the changes 'out-of-order'. I.e. if one object refers to another object, the first object can be added and refer to the second object even though that object has not yet been added. Normally when a configuration change is done through the CLI, it is immediately validated and any errors are reported back to the user. When running commands from a script file the reference validation is turned off during execution of consecutive 'add' and 'set' commands and turned back on again when any other command is executed, or the script ends.

It is not recommended running scripts while doing configuration modifications from other user sessions.

Example 2.40. Create script of all configuration objects

Device:/> script -create -filename all.sgs

Example 2.41. Create and show script of Address objects

Show script of Address category objects:
Device:/> script -create Address
(not shown here)
Show script of all IPAddress objects:
Device:/> script -create Address IPAddress
(not shown here)
Show script of a single IPAddress object:
Device:/> script -create Address IPAddress myaddress
(not shown here)

Example 2.42. View and run the example script example.sgs

Show the file:
Device:/> script -show example.sgs
(not shown here)  
Running the script:
Device:/> script -run example.sgs test 1.2.3.4   
(not shown here)

Example 2.43. Script using substitution

"script.sgs":
add Address IPAddress $1 Address=$2 Comments="$0: \$100".
Device:/> script -run script.sgs ip_test 127.0.0.1
is executed as line: 
add Address IPAddress ip_test Address=127.0.0.1 Comments="script.sgs: $1
00"

Usage

script
List script files.
script -list
List script files.
script -create [[<Category>] <Type> [<Identifier>]]
       [-filename=<script file>]
Create a script containing the selected object types.
script -run <script file> [-verbose] [-force] [<arguments>]...
Run script.
script -delete <script file>
Delete script.
script -show <script file>
Show script in console window.

Options

-create
Create a script containing specified object types.
-delete
Delete script file.
-filename=<script file>
Name of script.
-force
Force completion of script execution despite errors.
-list
List script files.
-run
Run selected script.
-show
Show script in console window.
-verbose
Verbose mode.
<arguments>
List of input arguments.
<Category>
Category that groups object types.
<Identifier>
The property that identifies the configuration object. May not be applicable depending on the specified <Type>.
<script file>
Name of script.
<Type>
Type of configuration object to perform operation on.
[Note] Note
Requires Administrator privileges.

2.3.13. sshserver

SSH Server.

Description

Show SSH Server status, or restart SSH Server.

Usage

sshserver
Show server status and list all connected clients.
sshserver -status [-verbose]
Show server status and list all connected clients.
sshserver -keygen [-bits=<bits>] [-type={RSA | DSA | ECDSA}]
Generate SSH Server private keys.
sshserver -fingerprint [-md5]
Show the fingerprints of the SSH keys.
sshserver -restart [<ssh server>] [-full]
Restart SSH Server.

Options

-bits=<bits>
Bitsize.
-fingerprint
Display the fingerprints of the system's SSH keys.
-full
when requiring a full restart.
-keygen
Generate SSH Server private keys. This operation may take a long time to finish, up to several minutes!
-md5
Display the fingerprint as MD5 instead of the default.
-restart
Stop and start the SSH Server.
-status
Show server status and list all connected clients.
-type={RSA | DSA | ECDSA}
Type, (default: both RSA and DSA keys will be created).
-verbose
Verbose output.
<ssh server>
SSH Server.
[Note] Note
Requires Administrator privileges.

2.3.14. system

Handles system operations and shows system information.

Description

Handles system operations and shows system information.

Usage

system -cpuinfo [-verbose]
Show information about the CPU.
system -update-bootloader-configuration [-force]
Update the bootloader configuration. This command should only be run when instructed to do so.

Options

-cpuinfo
Show information about the CPU.
-force
Force continue (never prompt). (NOTE: Option not available when running as a container)
-update-bootloader-configuration
Update the bootloader configuration. (NOTE: Option not available when running as a container). (Admin only)
-verbose
Verbose (more information).

2.3.15. techsupport

Stores and views Technical Support Information.

Description

Used to collect technical support information from the system. Issuing the command without options will write the information to a file stored locally on the device. Any existing file will be overwritten.

After successful storage, the file may be remotely copied over the SSH Remote Management interface (using SCP) or printed to console using the 'show' command option.

Usage

techsupport
Store technical support information to file.
techsupport -show [-nopages]
Display stored technical support information.
techsupport -printconf [-nopages]
Display system configuration as XML.
techsupport
Store technical support information to file.

Options

-nopages
Display information without paging.
-printconf
Display system configuration as XML.
-show
Display stored technical support information.
[Note] Note
Requires Administrator privileges.

2.3.16. time

Display and set current system time.

Description

Display and set the system date and time.

Usage

time -sleep=<Float>
Pause CLI session for the specified number of seconds.
time -sync [-force]
Synchronize time with timeserver(s) (specified in settings).
time -status
Show time synchronization status information.
time -set <date> <time>
Set local system time: <YYYY-MM-DD> <HH:MM:SS>.
time
Display current system time.

Options

-force
Force synchronization regardless of the MaxAdjust setting. (Admin only)
-set
Set local system time: <YYYY-MM-DD> <HH:MM:SS>. (Admin only)
-sleep=<Float>
Pause CLI session for the specified number of seconds.
-status
Show runtime time synchronization status.
-sync
Synchronize time with timeserver(s) (specified in settings). (Admin only)
<date>
Date YYYY-MM-DD.
<time>
Time HH:MM:SS.

2.3.17. top

Show CPU usage of the system.

Description

Show CPU usage of the system.

Time - The time measurement uses the format S.s, MM:SS or HH:MM:SS depending on the amount of time to display.

CPU - The system CPU measurement spans from zero to a hundred percent, measuring the current amount of CPU resources not beeing idle. When measuring the CPU usage per module a value above 100% indicates that this module utilizes resources from several CPU units.

Example 2.44. Sort on name

top -list -sort=alpha

Usage

top
List processes and show CPU utilization.
top -list [-num=<n>] [-sort={ALPHA | TIME | TOP}]
List processes and show CPU utilization.

Options

-list
List running US applications.
-num=<n>
Number of entries to display. (Default: 20)
-sort={ALPHA | TIME | TOP}
Set display sort order.

2.3.18. traceroute

Trace the route to a destination.

Description

Print the route packets take to a network host.

Usage

traceroute <host> [-timeout=<1...60000>] [-srcip=<ip address>]
           [-iface=<interface>] [-routingtable=<table>]
           [-interval=<0...60000>] [-length=<1...8192>] [-verbose]
           [-queries=<1...10>] [-ttl=<1...255>] [-maxttl=<1...255>]
           [-noresolve] [-ipver={4 | 6}]
Send a ICMP probe.
traceroute -udp <host> [-timeout=<1...60000>] [-srcip=<ip address>]
           [-routingtable=<table>] [-queries=<1...10>]
           [-length=<1...8192>] [-port=<1...65535>] [-verbose]
           [-interval=<0...60000>] [-ttl=<1...255>]
           [-maxttl=<1...255>] [-noresolve] [-ipver={4 | 6}]
Send a UDP probe.
traceroute -tcp <host> [-timeout=<1...60000>] [-srcip=<ip address>]
           [-routingtable=<table>] [-queries=<1...10>]
           [-length=<1...8192>] [-port=<1...65535>] [-verbose]
           [-iface=<interface>] [-interval=<0...60000>]
           [-ttl=<1...255>] [-maxttl=<1...255>] [-noresolve]
           [-ipver={4 | 6}]
Send a TCP probe.

Options

-iface=<interface>
Interface to send on when using an IPv6 link-local address as destination.
-interval=<0...60000>
Time in milliseconds between sending probes. (Default: 1000)
-ipver={4 | 6}
Use IPv4/IPv6.
-length=<1...8192>
Packet payload size. (Default: 32)
-maxttl=<1...255>
Maximum time-to-live value (number of hops). (Default: 32)
-noresolve
Do not resolve addresses.
-port=<1...65535>
Destination port.
-queries=<1...10>
Number of queries to send each hop. (Default: 3)
-routingtable=<table>
Route using specified routing table.
-srcip=<ip address>
Use specified source IP.
-tcp
Send TCP probes instead of default ICMP.
-timeout=<1...60000>
Time in milliseconds to wait for each response. (Default: 4000)
-ttl=<1...255>
Start time-to-live value on probes (first hop). (Default: 1)
-udp
Send UDP probes instead of default ICMP.
-verbose
Verbose (more information).
<host>
IP address or hostname of destination to trace.
[Note] Note
Requires Administrator privileges.

2.3.19. upgrade

Upgrade system. (NOTE: Command not available when running as a container)

Description

Perform system upgrades and manage upgrade files.

Upgrading the system software/firmware is performed by applying upgrade files stored on the device. Upgrade files are digitally signed software binary files created specifically for different hardware models. Apart from performing upgrades, the command also allows listing of upgrade files stored on the device as well as deleting the files.

NOTE: Make sure to select an upgrade file that matches the hardware model used.

NOTE: Upgrading the software/firmware will require a complete system restart and it is therefore highly recommended to perform a complete backup of the system before proceeding.

Example 2.45. Upgrade to a new software/firmware version

Device:/> upgrade firmware_v1_20.upg
(command output)

Example 2.46. List all upgrade files

Device:/> upgrade
(command output)
Device:/> upgrade -list
(command output)

Example 2.47. Delete upgrade files

Device:/> upgrade -delete firmware_v1_20.upg
Removed firmware_version_x.upg successfully.
Device:/> upgrade -delete firmware_v1_??.upg
Removed some files successfully.
Device:/> upgrade -delete firmware_*.upg
Removed some files successfully.
Device:/> upgrade -delete *
Removed all files successfully.

Usage

upgrade
List upgrade files.
upgrade -list
List upgrade files.
upgrade <upgrade filename> [-force]
Apply upgrade.
upgrade -delete <delete filename>
Delete upgrade file.
upgrade
List upgrade files.

Options

-delete
Delete upgrade files.
-force
Force continue (never prompt).
-list
List upgrade files.
<delete filename>
Upgrade file to delete. (Matching: *.upg)
<upgrade filename>
Upgrade file. (Matching: *.upg)
[Note] Note
Requires Administrator privileges.

2.3.20. uptime

Display current system uptime.

Description

Display current system uptime.

Usage

uptime

Home  Prev   Next