DSL & IAD CLI Reference
Guide
DSL, IAD, and VoIP (ZyNOS) ZyXEL Devices
CLI Reference Guide
Version 3.70
11/2008
Edition 3
www.zyxel.com
About This CLI Reference Guide
About This CLI Reference Guide
Intended Audience
This manual is intended for people who want to configure the ZyXEL Device via the
Command Line Interface (CLI). You should have at least a basic knowledge of TCP/IP
networking concepts and topology.
This guide covers the following product lines:
• DSL modems and routers
• IAD (Integrated Access Devices) - the P-2600 series
• VoIP: ATA (Analog Terminal Adapters and Station Gateways) - the P-2300 series
The version number on the cover page refers to the latest firmware version supported by the
products mentioned above. This guide applies to version 3.40 and 3.70 at the time of writing.
" This guide is intended as a command reference for a series of products.
Therefore many commands in this guide may not be available in your product.
See your User’s Guide for a list of supported features and details about feature
implementation.
Please refer to www.zyxel.com or your product’s CD for product specific User Guides and
product certifications.
How To Use This Guide
•Read Chapter 1 on page 13 for an overview of various ways you can get to the CLI on
your ZyXEL Device.
•Read Chapter 2 on page 17 for an introduction to some of the more commonly used
commands.
" It is highly recommended that you read at least these two chapters.
• The other chapters in this guide are arranged according to the CLI structure. Each chapter
describes commands related to a feature.
" See your ZyXEL Device’s User Guide for feature background information.
DSL & IAD CLI Reference Guide
3
About This CLI Reference Guide
• To find specific information in this guide, use the Contents Overview, the Index of
Commands, or search the PDF file.
Documentation Feedback
Help us help you. Send all documentation-related comments, questions or suggestions for
improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
4
DSL & IAD CLI Reference Guide
Document Conventions
Document Conventions
Warnings and Notes
Warnings and notes are indicated as follows in this guide.
1 Warnings tell you about things that could harm you or your device. See your
User’s Guide for product specific warnings.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
This manual follows these general conventions:
• ZyXEL Devices may also be referred to as the “device”, the “system” or the “product” in
this guide.
• Units of measurement may denote the “metric” value or the “scientific” value. For
example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000”
or “1048576” and so on.
Command descriptions follow these conventions:
• Commands are in
• Required input values are in angle brackets <>; for example,
means that you must specify an IP address for this command.
• Optional fields are in square brackets []; for instance show logins [name], the name
field is optional.
The following is an example of a required field within an optional field: snmp-server
[contact <system contact>], the contact field is optional. However, if you
use contact, then you must provide the system contact information.
•The | (bar) symbol means “or”.
• italic terms represent user-defined input values; for example, in sys datetime
date [year month date], year month date can be replaced by the actual
year month and date that you want to set, for example, 2007 08 15.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “Enter” or “Return” key on your keyboard.
• <cr> means press the [ENTER] key.
• An arrow (-->) indicates that this line is a continuation of the previous line.
courier new font.
ping <ip-address>
DSL & IAD CLI Reference Guide
5
Document Conventions
Command summary tables are organized as follows:
Table 1 Table Title
COMMAND DESCRIPTION
ip arp status [interface] Displays an interface’s ARP table.
ip dhcp <interface> client
release
ip dhcp <interface> client
renew
The Table Title identifies commands or the specific feature that the commands configure.
The COMMAND column shows the syntax of the command.
The DESCRIPTION column explains what the command does. It may also identify legal
input values.
A long list of pre-defined values may be replaced by a command input value ‘variable’ so as to
avoid a very long command in the description table. Refer to the command input values table
if you are unsure of what to enter.
Table 2 Common Command Input Values
LABEL DESCRIPTION
description Used when a command has a description field in order to add more detail.
ip-address An IP address in dotted decimal notation. For example, 192.168.1.3.
mask The subnet mask in dotted decimal notation, for example, 255.255.255.0.
mask-bits The number of bits in an address’s subnet mask. For example type /24 for a
port A protocol’s port number.
interface An interface on the ZyXEL Device. enif refers to an Ethernet interface.
hostname Hostname can be an IP address or domain name.
name Used for the name of a rule, policy, set, group and so on.
number Used for a number, for example 10, that you have to input.
Releases the specified interface’s DHCP IP address. The
interface must be a DHCP client to use this command.
Renews the specified interface’s DHCP IP address. The
interface must be a DHCP client to use this command.
subnet mask of 255.255.255.0.
enif0: LAN
enif1: WLAN
enif2: DMZ or WAN (Ethernet) (varies depending on your model)
wanif0: WAN (PPPoE or PPPoA)
For some commands you can also add a colon and a 0 or 1 to specify an IP alias.
This is only for the LAN and DMZ interfaces. For example, enif0:0 specifies
LAN IP alias 1 and enif0:1 specifies LAN IP alias 2.
" Commands are case sensitive! Enter commands exactly as seen in the
command interface. Remember to also include underscores if required.
6
DSL & IAD CLI Reference Guide
Document Conventions
Copy and Paste Commands
You can copy and paste commands directly from this document into your terminal emulation
console window (such as HyperTerminal). Use right-click (not CTRL-V) to paste your
command into the console window as shown next.
Icons Used in Figures
Figures in this guide may use the following generic icons. The ZyXEL Device icon is not an
exact representation of your device.
ZyXEL Device Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
DSL & IAD CLI Reference Guide
7
Document Conventions
8
DSL & IAD CLI Reference Guide
Contents Overview
Contents Overview
Introduction ............................................................................................................................11
How to Access and Use the CLI ................................................................................................ 13
Common Commands ................ ... .... ... ................................................ ... .... ... ... ... .... ... ... ... ... .... ... 17
Reference ................................................................................................................................31
IEEE 802.1Q/1P Commands ..................................................................................................... 33
IEEE 802.1x Commands ...........................................................................................................35
Dial Backup Commands ............................................................................................................ 37
Bandwidth Management .............................. .... ... ................................................ .... ... ... ... ... .... ... 41
Bridge Commands ................................. ... ... .... ... ... ... .... ... ................................................ ... ....... 45
Certificate Commands ............................................................................................................... 49
CNM Agent Commands .............................................................................................................57
VoIP DECT Commands .............................................................................................................61
Ethernet Commands ..................................................................................................................63
Firewall Commands ................................................................................................................... 67
IP Commands .................................. ... ... ... ... ................................................. ... ... .... ... ... ... .......... 71
IPSec Commands .................. ... ... ................................................. ... ... ... .... ... ............................. 89
LAN Interface Commands .........................................................................................................95
MyZyXEL.com Commands ........................................................................................................ 99
Quality of Service (QoS) .............................. .... ... ... ... .... ... ... ... .... ... ........................................... 109
RADIUS Commands .................................................................................................................115
System Commands .................................. ... .... ... ... ... ................................................. ... ... ... ......117
VoIP Commands ...................................................................................................................... 131
WAN Commands ............................. ... ... ... ... .... ... ................................................ .... ... ... ... ... ..... 153
Wireless LAN Commands .................................................. ... .... ... ... ... ... .... ... ... ... ..................... 175
Appendices and Index of Commands ................................................................................191
DSL & IAD CLI Reference Guide
9
Contents Overview
10
DSL & IAD CLI Reference Guide
PART I
Introduction
How to Access and Use the CLI (13)
Common Commands (17)
11
12
CHAPTER 1
How to Access and Use the CLI
This chapter introduces the command line interface (CLI).
1.1 Accessing the CLI
Use any of the following methods to access the CLI.
1.1.1 Console Port
You may use this method if your ZyXEL Device has a console port.
1 Connect your computer to the console port on the ZyXEL Device using the appropriate
cable.
2 Use terminal emulation software with the following settings:
Table 3 Default Settings for the Console Port
SETTING DEFAULT VALUE
Terminal Emulation VT100
Baud Rate 9600 bps
Parity None
Number of Data Bits 8
Number of Stop Bits 1
Flow Control None
3 Press [ENTER] to open the login screen.
1.1.2 Telnet
4 Open a Telnet session to the ZyXEL Device’s IP address. If this is your first login, use
the default values.
Table 4 Default Management IP Address
SETTING DEFAULT VALUE
IP Address 192.168.1.1
Subnet Mask 255.255.255.0
Make sure your computer IP address is in the same subnet, unless you are accessing the
ZyXEL Device through one or more routers. In the latter case, make sure remote
management of the ZyXEL Device is allowed via Telnet.
DSL & IAD CLI Reference Guide
13
Chapter 1 How to Access and Use the CLI
1.2 Logging in
Use the administrator password to log into the ZyXEL Device. The default value is ‘admin’ or
‘1234’ - see your ZyXEL Device User’s Guide to see which one to use. Some ZyXEL Devices
may require you to also enter a user name. The default user name is ‘admin’.
The ZyXEL Device automatically logs you out of the management interface after five minutes
of inactivity. If this happ ens to y ou, sim ply lo g ba ck i n again . Use t he sys st dio command
to extend the idle timeout. For example, the ZyXEL Device automatically logs you out of the
management interface after 60 minutes of inactivity after you use the sys stdio 60
command.
1.3 Using Shortcuts and Getting Help
This table identifies some shortcuts in the CLI, as well as how to get help.
Table 5 CLI Shortcuts and Help
COMMAND / KEY(S) DESCRIPTION
yz (up/down arrow keys) Scrolls through the list of recently-used commands. You can edit
[CTRL]+U Clears the current command.
? Displays the keywords and/or input values that are allowed in
help Displays the (full) commands that are allowed in place of help.
any command or press [ENTER] to run it again.
place of the ?.
Use the help command to view the available commands on the ZyXEL Device. Follow these
steps to create a list of supported commands:
1 Log into the CLI.
2 Type help and press [ENTER]. A list comes up which shows all the commands
available for this device.
ras> help
Valid commands are:
sys exit ether wan
wlan ip ipsec bridge
certificates bm lan radius
8021x voice
ras>
14
DSL & IAD CLI Reference Guide
Abbreviations
Commands can be abbreviated to the smallest unique string that differentiates the command.
For example sys version could be abbreviated to s v.
ras> sys version
ZyNOS version: V3.40(ADV.3)b4 | 05/09/2007
romRasSize: 3127550
system up time: 24:23:59 (86087c ticks)
bootbase version: V1.01 | 06/28/2005
ras> s v
ZyNOS version: V3.40(ADV.3)b4 | 05/09/2007
romRasSize: 3127550
system up time: 24:24:15 (860eae ticks)
bootbase version: V1.01 | 06/28/2005
ras>
1.4 Saving Your Configuration
Chapter 1 How to Access and Use the CLI
In the ZyXEL Device some commands are saved as you run them and others require you to
run a save command. For example, after configuring a static route rule, type ip route
addrom save to save the static route rule in non-volatile memory. See the related section
of this guide to see if a save command is required.
" Unsaved configuration changes to commands that require you to run a save
command are lost once you restart the ZyXEL Device
1.5 Logging Out
Enter exit to log out of the CLI.
Table 6 Exit Command
COMMAND DESCRIPTION
exit Logs you out of the CLI.
DSL & IAD CLI Reference Guide
15
Chapter 1 How to Access and Use the CLI
16
DSL & IAD CLI Reference Guide
CHAPTER 2
Common Commands
This chapter introduces some of the more commomly-used commands in the ZyXEL Device.
For more detailed usage, see the corresponding feature chapter in this guide.
In the following examples, ras is the prompt as that is the default. If you configure a system
name, then that prompt will display as the system name you configured. For example, change
the system name to zyxel using the sys hostname zyxel command; the command
prompt will then display as zyxel>.
2.1 Change the Idle Timeout
By default, the ZyXEL Device automatically logs you out of the management interface after
five minutes of inactivity . Use the sys stdio comman d to ext en d th e idle timeout. The
following example extends the idle timeout to 120 minutes.
ras> sys stdio 120
Stdio Timeout = 120 minutes
ras>
2.2 Interface Information
ZyXEL Device interfaces are defined as shown in Table 2 on page 6.
DSL & IAD CLI Reference Guide
17
Chapter 2 Common Commands
The first command in this example shows information about a LAN port, for example, its IP
address. The second command is used to change this IP address to 192.168.100.100.
ras> ip ifconfig enif0
enif0: mtu 1500
inet 172.16.1.203, netmask 0xffff0000, broadcast 172.16.1.203
RIP RX:None, TX:None,
[InOctets 2742079] [InUnicast 624] [InMulticast 29689]
[InDiscards 764] [InErrors 0] [InUnknownProtos 764]
[OutOctets 414311] [OutUnicast 7 82] [OutMulticast 2225]
[OutDiscards 2225] [OutErrors 0]
ras> ip ifconfig enif0 192.168.100.100
ras> ip ifconfig enif0
enif0: mtu 1500
inet 192.168.100.100, netmask 0xffffff00, broadcast 192.168.100.255
RIP RX:None, TX:None,
[InOctets 3278515] [InUnicast 633] [InMulticast 34632]
[InDiscards 926] [InErrors 0] [InUnknownProtos 926]
[OutOctets 419351] [OutUnicast 7 82] [OutMulticast 2405]
[OutDiscards 2405] [OutErrors 0]
" Afterwards, you have to use this new IP address to access the ZyXEL Device
via the LAN port.
To view information on all interfaces, enter ip ifconfig.
To view DHCP information on the LAN port, enter ip dhcp enif0 status.
ras> ip dhcp enif0 status
DHCP on iface enif0 is none
Status:
Packet InCount: 477, OutCount: 0, DiscardCount: 477
ras>
Use these commands to release and renew DHCP-assigned information on the specified
interface.
ras> ip dhcp enif0 client release
ras> ip dhcp enif0 client renew
ras>ras> ip ifconfig enif0
enif0: mtu 1500
inet 172.16.17.203, netmask 0xffff0000, broadcast 172.23.255.255
RIP RX:None, TX:None,
[InOctets 3327150] [InUnicast 658] [InMulticast 34937]
[InDiscards 943] [InErrors 0] [InUnknownProtos 943]
[OutOctets 420007] [OutUnicast 782] [OutMulticast 2407]
[OutDiscards 2405] [OutErrors 0]
ras>
18
DSL & IAD CLI Reference Guide
Chapter 2 Common Commands
To view the ARP table for the LAN port, enter ip arp status enif0.
ras> ip arp status enif0
received 23763 badtype 0 bogus addr 0 reqst in 3 replies 4 reqst out 34
cache hit 10529 (25%), cache miss 31410 (74%)
IP-addr Type Time Addr stat iface
172.16.17.18 10 Mb Ethernet 260 00:00:e8:7c:14:80 41 enif0
172.16.17.114 10 Mb Ethernet 210 00:10:b5:ae:56:9b 41 enif0
172.16.17.104 10 Mb Ethernet 150 00:c0:9f:cd:d4:bf 41 enif0
172.16.17.19 10 Mb Ethernet 130 00:02:e3:30:43:34 41 enif0
172.16.17.30 10 Mb Ethernet 220 00:60:b3:45:2b:c5 41 enif0
172.16.17.12 10 Mb Ethernet 80 00:c0:a8:fa:e9:27 41 enif0
172.16.17.24 10 Mb Ethernet 200 00:0e:7f:a6:a7:c1 41 enif0
172.16.17.34 10 Mb Ethernet 60 00:15:00:07:de:e1 41 enif0
172.16.17.32 10 Mb Ethernet 30 00:16:36:10:26:2d 41 enif0
172.16.17.41 10 Mb Ethernet 30 00:02:e3:57:ea:1c 41 enif0
172.16.17.44 10 Mb Ethernet 260 00:18:f8:04:f5:67 41 enif0
172.16.17.111 10 Mb Ethernet 230 00:19:cb:39:cb:ad 41 enif0
num of arp entries= 12
ras>
Each ZyXEL Device can support a specific number of NAT sessions in total. Y ou can limit the
number of NAT sessions allowed per host by using the ip nat session command. In the
following example, each host may have up to 4000 NAT sessions open at one time. The total
number of NAT sessions must not exceed the number for your ZyXEL Device.
ras> ip nat session 4000
ip nat session
NAT session number per host: 4000
ras>
To see the IP routing table, enter the following command.
ras> ip route status
Dest FF Len Device Gateway Metric stat Timer Use
192.168.1.1 00 32 enet0 172.16.1.203 1 001f 0 0
192.168.2.36 00 32 enet0 172.16.1.203 1 001f 0 0
172.16.1.254 00 32 enet0 192.168.1.1 1 001f 0 0
172.16.1.30 00 32 enet0 192.168.1.1 1 001f 0 0
192.168.1.0 00 24 enet0 192.168.1.1 1 041b 0 0
172.23.0.0 00 16 enet0 172.16.1.203 1 041b 0 23
default 00 0 Idle MyISP 2 002b 0 0
ras>
DSL & IAD CLI Reference Guide
19
Chapter 2 Common Commands
2.3 Basic System Information
Use the sys atsh command to view information about your ZyXEL Device.
ras> sys atsh
RAS version : V3.40(ADV.3)b4 | 05/09/2007
RamSize : 32768 Kbytes
Flash Type and Size : Intel 32Mbits*1
romRasSize : 3127550
bootbase version : V1.01 | 06/28/2005
Product Model : Prestige 2602HWNLI-D7A
MAC Address : 001349214124
Default Country Code : FF
Boot Module Debug Flag : 00
RomFile Version : 14
RomFile Checksum : b600
RAS F/W Checksum : 4825
SNMP MIB level & OID : 060102030405060708091011121314151617181920
Main Feature Bits : C0
Other Feature Bits :
9D 1A 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 03 41 13 00 00 00
ras>
Use the following command to view CPU utilization.
ras> sys cpu display
CPU usage status:
baseline 882924 ticks
sec ticks util sec ticks util sec ticks util sec ticks util
0 813191 7.89 1 807214 8.57 2 811101 8.13 3 811148 8.12
4 813577 7.85 5 811697 8.06 6 812425 7.98 7 811474 8.09
8 811686 8.06 9 809925 8.26 10 810349 8.21 11 811672 8.07
12 812057 8.02 13 811810 8.05 14 813531 7 .85 15 813221 7.89
16 811394 8.10 17 812418 7.98 18 807217 8 .57 19 808079 8.47
20 804720 8.85 21 808472 8.43 22 810576 8 .19 23 810342 8.22
24 813690 7.84 25 810798 8.16 26 793435 10.13 27 781556 11.48
28 800014 9.39 29 810944 8.15 30 811563 8 .08 31 814575 7.74
32 813225 7.89 33 812385 7.98 34 810931 8 .15 35 811374 8.10
36 812374 7.99 37 812445 7.98 38 782635 11.35 39 812026 8.02
40 809550 8.31 41 809632 8.30 42 808723 8 .40 43 811388 8.10
44 812818 7.94 45 810337 8.22 46 811520 8 .08 47 813600 7.85
48 811545 8.08 49 812811 7.94 50 812414 7 .98 51 812997 7.91
52 813775 7.83 53 811116 8.13 54 812586 7 .96 55 811772 8.05
56 811885 8.04 57 810952 8.15 58 808698 8 .40 59 811388 8.10
60 813476 7.86 61 809569 8.30 62 809041 8.36
ras>
20
DSL & IAD CLI Reference Guide
Chapter 2 Common Commands
Use the following command to get the date and time from a time server on the Internet (or
your network). You have to first configure a time server using the web configurator (or SMT
menu if your ZyXEL Device has one).
ras> sys adjtime
Connecting to time server....
Current date is Sat 2007/09/01
Current time is 02:46:53
ras>
Use the following command to restart your ZyXEL Device right away.
ras> sys reboot
Bootbase Version: V1.01 | 06/28/2005 19:47:11
RAM: Size = 32768 Kbytes
FLASH: Intel 32M *1
ZyNOS Version: V3.40(ADV.3)b4 | 05/09/2007 14:00:00
Press any key to enter debug mode within 3 seconds.
Press any key to enter debug mode within 3 seconds.
.
Use the following command to reset the ZyXEL Device to the factory defaults. Make sure you
back up your current configuration first (using the web configurator or SMT). The ZyXEL
Device will restart and the console port speed will also reset to 9,600 bps.
ras> sys romreset
Do you want to restore default ROM file(y/n)?y
Default Romfile reset...
OKstore default Romfile.
System Restart(Console speed will be changed to 9600 bps)
..........................................................................
......
.............. done
VDSP921 init............ done
ISDN init.. done
Press ENTER to continue...
DSL & IAD CLI Reference Guide
21
Chapter 2 Common Commands
Use the following command to change the console port speed. A higher console port speed is
recommended when uploading firmware via the console port. A console port speed of 1 1 5,200
bps is necessary to view CNM debug messages and packet traces on the ZyXEL Device.
ras> sys baud ?
Usage: baud <1..5>(1:38400, 2:19200, 3:9600, 4:57600, 5:115200)
ras> sys baud 5
Saving to ROM. Please wait...
Change Console Speed to 115200. Then hit any key to continue
ras>
" After you change the console port speed, you need to change it also on your
terminal emulation software (such as HyperTerminal) in order to reconnect to
the ZyXEL Device.
22
DSL & IAD CLI Reference Guide
Chapter 2 Common Commands
Logs are very useful for troubleshooting. If you are having problems with your ZyXEL
Device, then customer support may request that you send them the logs. Use the following
command to display all ZyXEL Device error logs
ras> sys logs errlog disp
32 Sat Jan 01 00:00:06 2000 PP01 INFO vc opened,vc=0,vpi=0,vci=0,qos=0
33 Sat Jan 01 00:00:08 2000 PP0a -WARN SNMP TRAP 3: link up
34 Sat Jan 01 00:00:10 2000 PP15 -WARN Last errorlog repeat 1 Times
35 Sat Jan 01 00:00:10 2000 PP15 INFO LAN promiscuous mode <0>
36 Sat Jan 01 00:00:10 2000 PP15 INFO LAN promiscuous mode <1>
37 Sat Jan 01 00:00:10 2000 PP15 INFO LAN promiscuous mode <0>
38 Sat Jan 01 00:00:10 2000 PP15 INFO LAN promiscuous mode <1>
39 Sat Jan 01 00:00:10 2000 PP01 -WARN SNMP TRAP 1: warm start
40 Sat Jan 01 00:00:10 2000 PP01 INFO main: init completed
41 Sat Jan 01 00:00:10 2000 PP01 INFO Starting Connectivity Monitor
42 Sat Jan 01 00:00:11 2000 PP26 INFO adjtime task pause 1 day
43 Sat Jan 01 00:00:11 2000 PP28 INFO monitoring WAN connectivity
44 Sat Jan 01 00:00:44 2000 PP15 WARN netMakeChannDial: err=-3001
rn_p=950cc
4d8
45 Sat Jan 01 00:05:15 2000 PP01 WARN Last errorlog repeat 20 Times
46 Sat Jan 01 00:05:15 2000 PP01 INFO SMT Session Begin
47 Sat Jan 01 00:05:47 2000 PP15 WARN netMakeChannDial: err=-3001
rn_p=950cc
4d8
48 Sat Jan 01 00:10:42 2000 PP01 WARN Last errorlog repeat 20 Times
49 Sat Jan 01 00:10:42 2000 PP01 -WARN SNMP TRAP 6: System reboot by user!
50 Sat Jan 01 00:10:48 2000 PP01 INFO vc opened,vc=0,vpi=0,vci=0,qos=0
51 Sat Jan 01 00:10:50 2000 PP0a -WARN SNMP TRAP 3: link up
52 Sat Jan 01 00:10:52 2000 PP15 -WARN Last errorlog repeat 1 Times
53 Sat Jan 01 00:10:52 2000 PP15 INFO LAN promiscuous mode <0>
54 Sat Jan 01 00:10:52 2000 PP15 INFO LAN promiscuous mode <1>
55 Sat Jan 01 00:10:52 2000 PP15 INFO LAN promiscuous mode <0>
56 Sat Jan 01 00:10:52 2000 PP15 INFO LAN promiscuous mode <1>
57 Sat Jan 01 00:10:52 2000 PP01 -WARN SNMP TRAP 1: warm start
58 Sat Jan 01 00:10:52 2000 PP01 INFO main: init completed
59 Sat Jan 01 00:10:52 2000 PP01 INFO Starting Connectivity Monitor
60 Sat Jan 01 00:10:53 2000 PP26 INFO adjtime task pause 1 day
61 Sat Jan 01 00:10:53 2000 PP28 INFO monitoring WAN connectivity
62 Sat Jan 01 00:11:30 2000 PP01 INFO SMT Session Begin
63 Sat Jan 01 00:12:01 2000 PP15 WARN netMakeChannDial: err=-3001
rn_p=950cc
4d8
Clear Error Log (y/n):
DSL & IAD CLI Reference Guide
23
Chapter 2 Common Commands
Use the following commands for system debugging. A console po rt speed of 115,200 bps is
necessary to view packet traces on the ZyXEL Device.
ras> sys trcpacket sw on
ras> sys trcdisp brief
0 02:13:43.650 ENET1-R[0092] UDP 192.168.1.33:137->192.168.1.255:137
1 02:13:43.650 ENET1-R[0092] UDP 192.168.1.33:137->192.168.1.255:137
2 02:13:44.010 ENET1-T[0060] ARP Request 192.168.1.1->192.168.1.200
3 02:13:44.390 ENET1-R[0092] UDP 192.168.1.33:137->192.168.1.255:137
4 02:13:44.390 ENET1-R[0092] UDP 192.168.1.33:137->192.168.1.255:137
5 02:13:45.140 ENET1-R[0092] UDP 192.168.1.33:137->192.168.1.255:137
6 02:13:45.140 ENET1-R[0092] UDP 192.168.1.33:137->192.168.1.255:137
ras>
ras> sys trcdisp enif0 bothway
TIME:02:17:08.780 enet1-XMIT len:1192 call=0
0000: ff ff ff ff ff ff 00 18 f8 04 f5 67 88 a2 10 00
0010: ff ff ff 01 00 00 00 00 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0030: 00 00 00 00 00 00 00 00 00 00 00 00
ras>
Use the ping command to have the ZyXEL Device ping an IP address as shown in the
following example.
ras> ip ping 172.16.17.12
Resolving 172.16.17.12... 172.16.17.12
sent rcvd rate rtt avg mdev max min
1 1 100 10 10 0 10 10
2 2 100 0 9 3 10 0
3 3 100 0 8 5 10 0
ras>
2.4 UTM and myZyXEL.com
Use these commands to create an account at myZyXEL.com and view what services you have
activated.
" Ensure your ZyXEL Device is connected to the Internet before you use the
following commands.
24
DSL & IAD CLI Reference Guide
Chapter 2 Common Commands
You need to create an account at my ZyXEL.com in order to activate content filtering, antispam and anti-virus UTM (Unified Threat Management) services. See the myZyXEL.com
chapter for information on the country code you should use.
ras> sys myZyxelCom register <username> <password> <email> <countryCode>
This command displays your ZyXEL Device’s registration information.
ras> sys myZyxelCom display
register server address : www.myzyxel.com
register server path : /register/registration?
username : aseawfasf
password : aaaaaa
email : aa@aa.aa.aa
sku : CFRT=1&CFST=319&ZASS=469&ISUS=469&ZAVS=469
country code : 204
register state 1
register MAC : 0000AA220765
CF expired day : 2008-05-26 14:58:19
Last update day : 2007-07-12 14:58:19
This command displays ZyXEL Device service registration details.
ras> sys myZyxelCom serviceDisplay
Content Filter Service :
Actived, Licenced, Trial, Expired : 2007-07-08 16:36:15
ras>
Use the following commands to enable anti-virus on the ZyXEL Device You first need to use
the load command.
ras> av load
ras> av config enable on
ras> av save
ras> av disp
AV Enable : On
AV Forward Over ZIP Session : Off
AV Forward Over ZIP Session : Off
------------------------------------
DSL & IAD CLI Reference Guide
25
Chapter 2 Common Commands
Use the following commands to enable content filtering on the ZyXEL Device, then on the
external database (DB) and then display the default policy.
ras> ip cf common enable on
ras> ip cf externalDB enable on
ras> ip cf policy displayAll
index Name Active IP Group
Start Addr End Addr
==========================================================================
1 Default Policy Y 0.0.0.0/0.0.0.0
The default policy does not actually block anything. Use the following commands to edit the
default policy, turn the external database service content filtering (category-based content
filtering), see what the categories are, block a category 92 in the following example) and then
save the policy.
26
DSL & IAD CLI Reference Guide
ras> ip cf policy edit 1
ras> ip cf policy config webControl enable on
ras> ip cf policy config webControl display
The Categories:
type 1 :Adult/Mature Content
type 2 :Pornography
type 3 :Sex Education
type 4 :Intimate Apparel/Swimsuit
type 5 :Nudity
type 6 :Alcohol/Tobacco
type 7 :Illegal/Questionable
type 8 :Gambling
type 9 :Violence/Hate/Racism
type10 :Weapons
type11 :Abortion
type12 :Hacking
type13 :Phishing
type14 :Arts/Entertainment
type15 :Business/Economy
type16 :Alternative Spirituality/Occult
type17 :Illegal Drugs
type18 :Education
type19 :Cultural/Charitable Organization
type20 :Financial Services
type21 :Brokerage/Trading
type22 :Online Games
type23 :Government/Legal
type24 :Military
type25 :Political/Activist Groups
type26 :Health
type27 :Computers/Internet
type28 :Search Engines/Portals
type29 :Spyware/Malware Sources
type30 :Spyware Effects/Privacy Concerns
type31 :Job Search/Careers
type32 :News/Media
type33 :Personals/Dating
type34 :Reference
type35 :Open Image/Media Search
type36 :Chat/Instant Messaging
type37 :Email
type38 :Blogs/Newsgroups
type39 :Religion
type40 :Social Networking
type41 :Online Storage
type42 :Remote Access Tools
type43 :Shopping
type44 :Auctions
type45 :Real Estate
type46 :Society/Lifestyle
type47 :Sexuality/Alternative Lifestyles
type48 :Restaurants/Dining/Food
type49 :Sports/Recreation/Hobbies
type50 :Travel
type51 :Vehicles
type52 :Humor/Jokes
type53 :Software Downloads
type54 :Pay to Surf
type55 :Peer-to-Peer
type56 :Streaming Media/MP3s
type57 :Proxy Avoidance
type58 :For Kids
type59 :Web Advertisements
type60 :Web Hosting
type61 :Unrated
ras> ip cf policy config webControl category block 2
The Categories:
type 1 :Adult/Mature Content
type 2 (block):Pornography
------ras> ip cf policy save
ras>
Chapter 2 Common Commands
DSL & IAD CLI Reference Guide
27
Chapter 2 Common Commands
You may also configure and schedule new policies using commands as well as configure what
to block using the external database.
2.5 Firewall
Use the following command to enable the firewall on the ZyXEL Device.
ras> sys firewall active yes
ras>
2.6 VPN
Use the following command to show what IPsec VPN tunnels are active on your ZyXEL
Device.
ras> ipsec show_runtime sa
Runtime SA status:
No phase 1 IKE SA exist
No phase 2 IPSec SA exist
Active SA pair = 0
ras>
Use the following command to manually bring up a previously configured VPN tunnel.
ras> ipsec dial 1
Start dialing for tunnel <rule# 1>...
.....................
2.7 Dialing PPPoE and PPTP Connections
This example shows dialing up remote node “WAN 1” using PPPoE..
ras> poe dial "WAN 1"
Start dialing for node <WAN 1>...
### Hit any key to continue.###
$$$ DIALING dev=6 ch=0..........
$$$ OUTGOING-CALL phone()
$$$ CALL CONNECT speed<100000000> type<6> chan<0>
$$$ LCP opened
$$$ PAP sending user/pswd
$$$ IPCP negotiation started
$$$ IPCP neg' Primary DNS 192.168.30.1
$$$ IPCP neg' Primary DNS 172.16.5.2
$$$ IPCP opened
28
DSL & IAD CLI Reference Guide
Chapter 2 Common Commands
This example shows dialing up remote node “WAN 1” using PPTP.
ras> pptp dial "WAN 1"
Start dialing for node <WAN 1>...
### Hit any key to continue.###
ras>
DSL & IAD CLI Reference Guide
29
Chapter 2 Common Commands
30
DSL & IAD CLI Reference Guide
PART II
Reference
IEEE 802.1Q/1P Commands (33)
IEEE 802.1x Commands (35)
Dial Backup Commands (37)
Bandwidth Management (41)
Bridge Commands (45)
Certificate Commands (49)
CNM Agent Commands (57)
VoIP DECT Commands (61)
Ethernet Commands (63)
Firewall Commands (67)
IP Commands (71)
IPSec Commands (89)
LAN Interface Commands (95)
MyZyXEL.com Commands (99)
RADIUS Commands (115)
System Commands (117)
VoIP Commands (131)
WAN Commands (153)
Wireless LAN Commands (175)
31
32
CHAPTER 3
IEEE 802.1Q/1P Commands
Use these commands to configure IEEE 802.1Q VLAN groups and IEEE 802.1P priority
levels for the ports on the ZyXEL Device.
3.1 Command Summary
The following section lists the commands for this feature.
Table 7 8021Q Command Summary
COMMAND DESCRIPTION
802.1Q load Loads the IEEE 802.1Q settings for configuration.
802.1Q disp Shows the current IEEE 802.1Q settings.
802.1Q clear Resets the IEEE 802.1Q settings to the factory defaults.
802.1Q active <1:active|0:inactive> Enables or disables the IEEE 802.1Q feature on the
ZyXEL Device.
802.1Q mgtvid <1~4094> Sets the ID number of the management VLAN group.
802.1Q setpvid <LAN|PVC|WLAN> <index>
<1~4094>
802.1Q set1p <LAN|PVC|WLAN> <index> <0~7> Sets the IEEE 802.1P priority level of the specified
802.1Q groupset <groupid> <vid> <LAN
<index>|<PVC|WLAN> <index>> <u|t>
802.1Q setlanAttri LAN <index> <t|u> Sets an Ethernet port to tag or untag all outgoing traffic
802.1Q igmpsnp enable Enables IGMP snooping.
802.1Q igmpsnp disable Disables IGMP snooping.
802.1Q igmpsnp maxresptime <0~255> Sets the maximum response time that can elapse before
802.1Q igmpsnp queryinterval <0~255> Sets the IGMP snooping query interval (in seconds) at
802.1Q igmpsnp robust <0~255> Sets the IGMP robust value.
802.1Q igmpsnp disp Displays the IGMP table on the ZyXEL Device.
802.1Q save Saves the IEEE 802.1Q settings.
Sets the port VLAN ID of the specified interface on the
ZyXEL Device.
interface on the ZyXEL Device.
Sets a VLAN group.
u|t: Sets the interface to tag or untag all outgoing traffic
transmitted through this VLAN.
transmitted.
the ZyXEL Device removes an IGMP group membership
entry.
which the ZyXEL Device sends host-query messages.
DSL & IAD CLI Reference Guide
33
Chapter 3 IEEE 802.1Q/1P Commands
3.2 Command Examples
This example loads the IEEE 802.1Q settings and enables the IEEE 802.1Q feature on the
ZyXEL Device.
ras> 8021Q load
ras> 8021Q active 1
set 802.1Q active
ras>
This example sets the port VLAN ID of Ethernet LAN port 4 to 123.
ras> 8021Q setpvid LAN 4 123
ras>
This example adds Ethernet LAN port 2 and WLAN 2 to VLAN group 2. The VLAN ID of
this group is “111”. This example also displays and saves the current IEEE 802.1Q settings.
ras> 8021Q groupset 2 111 LAN 2 WLAN 2 u
ras> 8021Q disp
802.1Q is: Enabled
Management VID: 1
-------------------------------------------------------PVID:
LAN1: 2 LAN2: 2 LAN3: 3 LAN4:123 SSID1: 4 SSID2: 4 SSID3: 4 SSID4: 4
PVC1: 1 PVC2: 1 PVC3: 1 PVC4: 1 PVC5: 1 PVC6: 1 PVC7: 1 PVC8: 1
Priority:
LAN1: 7 LAN2: 7 LAN3: 2 LAN4: 2 SSID1: 5 SSID2: 5 SSID3: 5 SSID4: 5
PVC1:-1 PVC2:-1 PVC3:-1 PVC4:-1 PVC5:-1 PVC6:-1 PVC7:-1 PVC8:-1
========================================================
VLAN Group Setting: (u-untagged t-tagged)
Group 1 VID: 1 LAN: 1 u 2 u 3 u 4 u
WLAN: 1 u 2 u 3 u 4 u
PVC: 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 u
Group 2 VID: 111 LAN: 2 u
WLAN: 2 u
PVC:
Group 3 VID: 3 LAN: 3 u 4 u
WLAN:
PVC: 2 u
Group 4 VID: 4 LAN:
WLAN: 1 u 2 u
PVC: 3 u
ras> 8021Q save
ras>
34
DSL & IAD CLI Reference Guide
CHAPTER 4
IEEE 802.1x Commands
Use these commans to configure IEEE 802.1x authentication on the ZyXEL Device.
4.1 Command Summary
The following section lists the commands for this feature.
Table 8 8021x Command Summary
COMMAND DESCRIPTION
8021x debug level <debug-level> [filter
<mac-address>]
8021x debug trace Displays all supplicants (users and/or clients which are
8021x debug user <username> Displays the specified user status in the supplicant table.
8021x show showkey Displays details about the authentication key used for
8021x set mode <WPA_PSK|others> Sets the IEEE 802.1x security mode.
Sets the IEEE 802.1x debug message level. Optionally,
specifies the MAC address of the debug target.
debug-level: the following are the debug levels
available, type the number in parenthesis () to activate
the debug level.
• debug packet (1)
• debug state machine (2)
• debug timer (4)
• debug supplicant (8)
• debug error (16)
• debug backend server (32)
• debug function (64)
• debug vlantag (128)
type 0 to turn all debugging off.
going to be authenticated) in the supplicants table.
IEEE 802.1x authentication.
Note: At the time of writing only WPA-PSK can
be selected.
8021x set key <key> Sets the IEEE 802.1x key . The key must consist of ASCII
characters including spaces and symbols and must be
between 8-63 characters long.
8021x set save Saves the IEEE 802.1x configuration settings.
DSL & IAD CLI Reference Guide
35
Chapter 4 IEEE 802.1x Commands
4.2 Command Examples
This example activates WPA-PSK mode for IEEE 802.1x authentication and specifies the
authentication key (shared secret) to be abSecret123.
ras> 8021x set mode WPA_PSK
ras> 8021x set key abSecret123
ras> 8021x set save
36
DSL & IAD CLI Reference Guide
CHAPTER 5
Dial Backup Commands
Use these commands to configure dial backup port settings on the ZyXEL Device.
" At the time of writing, only P-662 series has the commands described in this
chapter.
5.1 Command Summary
The following table describes the values required for many dial backup commands. Other
values are discussed with the corresponding commands.
Table 9 AUX Command Input Values
LABEL DESCRIPTION
aux-port This identifies the channel for dial backup.
aux0: This is the dial backup port.
The following section lists the aux commands.
Table 10 AUX Commands
COMMAND DESCRIPTION
aux atring <aux-port> Shows the AT command binary strings that the ZyXEL Device
sent to the connected modem and the responses.
aux clearstat <aux-port> Resets channel statistics.
aux cnt disp <aux-port> Displays the auxiliary port’s counter information.
aux cnt clear <aux-port> Clears the auxiliary port’s counter information.
aux drop <aux-port> Disconnects the auxiliary port’s connection.
aux init <aux-port> Initializes the the auxiliary port’s connection.
aux mstatus <aux-port> Displays the status of the modem’s last call.
aux mtype <aux-port> Displays the type of modem connected to the auxiliary port.
aux netstat <aux-port> Displays upper layer packet information and the
corresponding transmit and receive counts.
aux rate <aux-port> Displays the transmit and receive rates.
aux signal <aux-port> Displays the auxiliary port’s signal.
DSL & IAD CLI Reference Guide
37
Chapter 5 Dial Backup Commands
5.2 Command Examples
This example displays the historical AT commands the ZyWALL sent to the modem connected
to the dial backup port and the responses.
ras> aux atring aux0
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
94b13960: 02 0d 0c 00 be af 00 00 00 00 08 00 61 74 68 0d ............ath.
94b13970: 0d 0a 4f 4b 0d 0a 61 74 26 66 73 30 3d 30 0d 0d ..OK..at&fs0=0..
94b13980: 0a 4f 4b 0d 0a 61 74 64 30 2c 34 30 35 30 38 38 .OK..atd0,405088
94b13990: 38 38 0d 0d 0a 42 55 53 59 0d 0a 61 74 64 30 2c 88...BUSY..atd0,
94b139a0: 34 30 35 30 38 38 38 38 0d 0d 0a 52 49 4e 47 49 40508888...RINGI
94b139b0: 4e 47 0d 0a 0d 0a 42 55 53 59 0d 0a 61 74 64 30 NG....BUSY..atd0
94b139c0: 2c 34 30 35 30 38 38 38 38 0d 0d 0a 43 4f 4e 4e ,40508888...CONN
94b139d0: 45 43 54 20 31 31 35 32 30 30 2f 56 2e 33 34 20 ECT 115200/V.34
94b139e0: 31 36 38 30 30 2f 56 34 32 62 0d 0d 0a 4e 4f 20 16800/V42b...NO
94b139f0: 43 41 52 52 49 45 52 0d 0a 61 74 68 0d 0d 0a 4f CARRIER..ath...O
94b13a00: 4b 0d 61 74 68 0d 0d 0a 4f 4b 0d 0a 61 74 26 66 K.ath...OK..at&f
94b13a10: 73 30 3d 30 0d 0d 0a 4f 4b 0d 0a 61 74 64 30 2c s0=0...OK..atd0,
94b13a20: 34 30 35 30 38 38 38 38 0d 0d 0a 43 4f 4e 4e 45 40508888...CONNE
94b13a30: 43 54 20 31 31 35 32 30 30 2f 56 2e 33 34 20 31 CT 11 5200/V.34 1
94b13a40: 34 34 30 30 2f 56 34 32 62 0d 0d 0a 4e 4f 20 43 4400/V42b...NO C
94b13a50: 41 52 52 49 45 52 0d 0a 61 74 68 0d 0d 0a 4f 4b ARRIER..ath...OK
94b13a60: 0d 61 74 68 0d 0d 0a 4f 4b 0d 0a 61 74 26 66 73 .ath...OK..at&fs
94b13a70: 30 3d 30 0d 0d 0a 4f 4b 0d 0a 61 74 64 30 2c 34 0=0...OK..atd0,4
94b13a80: 30 35 30 38 38 38 38 0d 0d 0a 43 4f 4e 4e 45 43 0508888...CONNEC
94b13a90: 54 20 31 31 35 32 30 30 2f 56 2e 33 34 20 20 39 T 115200/V.34 9
94b13aa0: 36 30 30 2f 56 34 32 62 0d 00 00 00 00 00 00 00 600/V42b........
This example displays upper layer packet information for the dial backup port.
ras> aux netstat aux0
Name : aux0, Dev type : 3, Chann id: 0
RX(pkt): 73, RX discard: 0, RX error: 0, RX(octet): 7764
TX(pkt): 89, TX discard: 0, TX error: 0, TX(octet): 6801
38
DSL & IAD CLI Reference Guide
Chapter 5 Dial Backup Commands
The following table describes the labels in this display.
Table 11 aux netstat aux0
LABEL DESCRIPTION
Name Name of the channel.
Dev type The type of auxillary device, there are several possibilities:
0: NONE
1: 56k modem
2: modems other than 56k
3: TA
4: X25_PAD
5: MultiProtocol over AAL5
6: PPP over Ethernet, RFC-2516
7: PPTP
Chann id The number of the channel that the device is using.
RX (pkt) Received packets.
TX (pkt) Transmitted packets.
RX discard Received octets the ZyXEL Device discarded.
TX discard Transmitted octets the ZyXEL Device discarded.
RX error Received errored frames.
TX error Transmitted errored frames.
RX(octet) Received errored octects.
TX(octet) Transmitted errored octets.
This example displays the dial backup port’s transmit and receive rates.
ras> aux rate aux0
No. TX(byte) Rx(byte) TX Rate RX Rate TX Queue
==== ======== ======== ========= ========= ==========
1 0 0 0 0 0
2 0 15 0 5 0
3 14 14 4 4 0
4 0 15 0 5 0
5 14 14 4 4 0
6 0 15 0 5 0
7 14 14 4 4 0
8 0 0 0 0 0
9 14 29 4 9 0
10 0 0 0 0 0
11 14 29 4 9 0
12 0 0 0 0 0
13 14 29 4 9 0
14 3 14 1 4 0
15 4 10 1 3 0
16 0 0 0 0 0
17 27 39 9 13 0
18 14 29 4 9 0
19 0 0 0 0 0
20 14 29 4 9 0
DSL & IAD CLI Reference Guide
39
Chapter 5 Dial Backup Commands
The following table describes the labels in this display.
Table 12 aux rate aux0
LABEL DESCRIPTION
No. The entry in the rate statistics.
TX (byte) Transmitted bypts.
Rx (byte) Received bytes.
TX Rate Transmission rate.
RX Rate Reiceived rate
TX Queue Number of packets waiting to be transmitte.
This example displays details about the dial backup port’s signal.
ras> aux signal aux0
DTR: ON DSR: ON RTS: ON CTS: ON DCD: OFF
The following table describes the labels in this display.
Table 13 aux rate aux0
LABEL DESCRIPTION
DTR Data Terminal Ready: The signal the ZyXEL Device sends to the modem to
DSR Data Set Ready: The signal the modem sends to the ZyXEL Device to indicate the
RTS Request to Send: The signal the ZyXEL Device sends to the modem to have the
CTS Clear to Send: The signal the modem sends to the ZyXEL Device to acknowledge
DCD Data Carrier Detect: The signal the mo de m sen d s to the ZyXEL Device when the
indicate the ZyXEL Device is ready to receive data.
modem is ready to receive data.
modem prepare to receive data.
the ZyXEL Device and allow the ZyXEL Device to transmit data.
modem has a connection with the remote device.
40
DSL & IAD CLI Reference Guide
CHAPTER 6
Bandwidth Management
Use these commands to configure band width management (BWM) settings on the ZyXEL
Device.
6.1 Command Summary
The following table describes the values required for many commands. Other values are
discussed with the corresponding commands.
Table 14 Bandwidth Management Command Input Values
LABEL DESCRIPTION
interface The bandwidth management interface name includes lan, wan, dmz, and wlan.
The interfaces to which you can apply bandwidth management vary by ZyXEL
Device model.
class-name This is a class name. Enter a descriptive name of up to 20 alphanumeric
characters, including spaces.
class-number This is a class number. Each class for each interface has an unique number. The
number format is "xx.xx.xx.xx ... xx" and the range of xx is from 01 to 98. Each
".xx” is a subclass. And the length of "xx.xx.xx.xx ..." is the depth of this class.
Different model supports different class depth.
The following section lists the commands for this feature.
Table 15 Bandwidth Management Commands
COMMAND DESCRIPTION
bm class <interface> <add|mod>
<class-number> <bandwidth
<bandwidth>> [name <class-name>]
[priority <priority>] [borrow
<on|off>]
bm class <interface> del <class-
number>
bm config [load|save|clear] Loads, saves, clears BWM configuration from/to the permanent
DSL & IAD CLI Reference Guide
Adds or modifies a class for the specified interface with the specified
bandwidth. Y ou can also configure the name, priority , and whether or
not the class can borrow bandwidth from its parent class.
add|mod: Add or modifies the class. When you delete a class, it
also deletes its sub-classes.
bandwidth: The unit is bps and its minimum is 30 Kbps. You can
add “K” (or “k”) to specify Kbps or “M” (or “m”) to specify Mbps. If you
do not specify the bandwidth, the default value is 100 Mbps.
class-name: Specify a descriptive name of up to 19 alphanumeric
characters.
priority: Sets the class priority ranging from 0 (the lowest) to 7
(the highest).
borrow <on|off>: Enables or disables bandwidth borrowing.
Removes the specified class from the specified interface. When you
delete a class, it also deletes its sub-classes.
memory.
41
Chapter 6 Bandwidth Management
Table 15 Bandwidth Management Commands (continued)
COMMAND DESCRIPTION
bm debug
[config|config_action|flow|classi
fier|statistics|web]
bm defaultClassBw <bandwidth> Sets the default class bandwidth in the Media Bandwidth
bm filter <interface>
<disable|enable> <class-number>
bm filter <interface> add <class-
number> [service <ftp|sip|h323>]
<dest-ip-address> [mask dest-
mask] <dest-port> <src-ipaddress> [mask src-mask] <srcport> <protocol>
bm filter <interface> del <classnumber>
bm interface <interface>
<enable|disable> [auto <on|off>]
[bandwidth <bandwidth>] [prr|wrr]
[efficient]
bm monitor <interface> [class-
number]
bm moveFilter <interface> <from-
class-number> <to-class-number>
bm show <class|filter|statistics>
<interface> [class-number]
bm show interface <interface> Displays the general bandwidth management settings for the
bm threshold <high|low>
[threshold]
Turns the bandwidth management debug features on or off.
config: Displays debug messages when entering bm commands.
config_action: Displays special configuration messages, such
as dynamic filters.
flow: Displays the BWM function flow.
classifier: Displays the classification matching results, including
filter and packet content.
statistics: Displays the data transferred thro ug h BWM.
web: Displays debug message when configuring BWM through the
web configurator.
Management wizard.
bandwidth: The unit is kbps and the range is 0~65535.
Disables or enables a filter for class # in the specified interface.
Adds a filter for class # in the specified interface. The filter contains
destination address (netmask), destination port, source address
(netmask), source port and protocol. Use 0 for items that you do not
want the filter to include.
protocol: Enter the number of the protocol type (the protocol field
in the IP header). For example 1 for ICMP, 6 for TCP, and 17 for
UDP.
Deletes a filter for class # in the specified interface.
Enables or disables BWM for traffic going out of the specified
interface.
auto <on|off>: Enables or disables automatic classification of
traffic types.
bandwidth: The unit is bps and its minimum is 30 Kbps. You can
add “K” (or “k”) to specify Kbps or “M” (or “m”) to specify Mbps. If you
do not specify the bandwidth, the default value is 100 Mbps.
prr|wrr: Sets the queuing mechanism to fairness-based (WRR) or
priority-based (PRR).
efficient: Enables or disables maximum bandwidth usage.
Displays the bandwidth usage of the specified interface or its class.
The first time you use the command turns it on; the second time
turns it off, and so on.
Changes the BWM filter order.
Displays bandwidth management class settings, filter settings, or
statistics for the specified interface. You can also specify the class.
specified interface.
Configures the Automatic Traffic Classifier (ATC) high and low
packet size thresholds (in bytes). Packets smaller than the high
priority threshold get high priority. Packets larger than the low priority
threshold get low priority. The rest get medium priority .
42
DSL & IAD CLI Reference Guide
Chapter 6 Bandwidth Management
6.2 Command Examples
This example configures BWM at the interface level. It does the following.
1 Turns on BWM on the WLAN interface.
2 Enables automatic traffic classification.
3 Sets the interface’s bandwidth limit to 25 Mbps.
4 Enables maximum bandwidth usage.
5 Sets the queuing mechanism to fairness-based (WRR).
6 Displays the WLAN interface’s BWM settings.
ras> bm interface wlan enable auto on bandwidth 25m wrr efficient
BM Interface setting done.
ras> bm show interface wlan
===============================================================================
Interface : wlan Automatic Traffic Classify: Enable
[ Fairness-Based : Maximize BW Usage ]
bandwidth = 25M (bps)
allocated bandwidth = 0 (bps)
MTU = 1500 (byte)
===============================================================================
This example adds one WLAN class using the following settings (and then displays it).
• Class number: 1
• Class name: WLAN-class1
• Bandwidth: 5 Mbps
• Priority: 7
• Bandwidth borrowing: Enabled
ras> bm class wlan add 1 name WLAN-class1 bandwidth 5m priority 7 borrow on
Class setting is done.
ras> bm show class wlan 1
===============================================================================
Class: 1 Name: WLAN-class1
depth: 1 priority: 7 filter setting: No
queue: 0/30
borrow class: 0
parent class: 0 (Root Class)
total bandwidth: 5M (bps)
allocated bandwidth: 0 (bps)
===============================================================================
This example adds a filter on the WLAN class using the following settings.
• Class number: 1
•Service: FTP
• Destination address: 172.16.1.208
DSL & IAD CLI Reference Guide
43
Chapter 6 Bandwidth Management
• Source port: Any
• Source address: Any
• Destination address: Any
• Destination port: Any
•Protocol: Any.
ras> bm filter wlan add 1 service ftp 172.16.1.208 0 0 0 0 0
Filter setting is done.
ras> bm show filter wlan 1
===============================================================================
Class 1 Class Note: WLAN-class1
Filter Enabled: Yes
Destination(A : P): (172.16.1.208 : 0)
Destination Netmask: 255.255.255.255
Source(A : P): (0.0.0.0 : 0)
Source Netmask: 0.0.0.0
Protocol: 0
Special for Service: FTP
===============================================================================
This example monitors the runtime situation for all WAN classes.
Each interface has one root class (0) and one default class (99). In this example, you can see
only one user-defined class (1). The root class (0) displays total traffic amount for the WLAN
interface. Y ou can see the current bandwidth usage matching the class 1 rule is 0 b. The default
class (99) includes the bandwidth usage for traffic that doesn't match any user-defined class
rules. 97 and 98 are classes for automatically classified traffic.
ras> bm monitor wlan
ras>
wlan - 0: 14Kb 1: 0b 97: 6Kb 98: 8Kb
99: 0b
wlan - 0: 3Kb 1: 0b 97: 3Kb 98: 0b
99: 448b
wlan - 0: 3Kb 1: 0b 97: 3Kb 98: 0b
99: 0b
wlan - 0: 2Kb 1: 0b 97: 2Kb 98: 0b
99: 448bbm monitor wlan
ras>
44
DSL & IAD CLI Reference Guide
CHAPTER 7
Bridge Commands
Use these commands to configure bridge settings on your device.
7.1 Command Summary
The following table describes the values required for many bridge commands. Other values
are discussed with the corresponding commands.
Table 16 Bridge Command Input Values
LABEL DESCRIPTION
entry# This identifies a bridge route (1 -4).
bridge_group# This identifies a bridge group number (1~31).
The following section lists the bridge commands..
Table 17 Bridge Commands
COMMAND DESCRIPTION
bridge cnt clear <entry#> Resets the packet statistics counter for the specified bridge.
bridge cnt disp <entry#> Displays the packet statistics table for the specified bridge.
bridge stat active <on|off> Enables or disables the bridge specified with the index command. More
than one bridge can be active.
bridge stat clear Resets the bridge statistics counter.
bridge stat display Displays statistics on a specified bridge route.
If “please use index first: ip route addrom index
[index#]” appears, use the index command in this table to specify a
bridge.
bridge stat freememory Frees the current working buffer. After using this command you can then
select a bridge route to display or edit.
bridge stat index <entry#> Specifies a bridge route (1-4) to display or edit. Use freememory before
specifying a bridge route different from the current one.
bridge stat name <string> Sets a name for the bridge specified with the index command (10
characters).
DSL & IAD CLI Reference Guide
45
Chapter 7 Bridge Commands
Table 17 Bridge Commands (continued)
COMMAND DESCRIPTION
bridge stat set [macaddress][gateway-ip]
[gateway-node]
bridge stat save Saves the changes to the bridge’s configuration.
Sets a route for the the bridge specified with the index command.
[mac-address]: The MAC address of the final destination.
[gateway-ip]: The IP address of the gateway. The gateway is both an
immediate neighbor of your ZyXEL device and also forwards the packet to
its destination.
• On the LAN, the gateway must be a router on the same segment as your
ZyXEL device.
• On the WAN, the gateway must be the IP address of one of the remote
nodes.
[gateway-node]: The index number of the gateway for this static route.
Use wan node commands to find the index number of a node.
7.2 Command Examples
This example shows how to set up a bridge and save it.
1 First, use freememory to clear the working buffer.
2 Then specify which bridge to configure by selecting its index.
3 Set the name of the bridge.
4 Set the MAC address, IP address and number of the node.
5 Activate the bridge.
6 Display the new bridge configuration for checking.
7 Save your changes.
ras> bridge stat freememory
ras> bridge stat index 1
ras> bridge stat name MyISP
Bridge StaticRoute Name= MyISP
ras> bridge stat set 00:13:49:34:56:78 172.23.34.202 1
ras> bridge stat active on
ras> bridge stat display
Route:#1
Route name = MyISP
active = on
Ether Address = 00:13:49:34:56:78
IP address = 172.23.34.202
Gateway node = 1
ras> bridge stat save
ip policyrouting set configurations save ok
The following table describes the fields displayed using the display command in the
example above.
Table 18 bridge stat display
LABEL DESCRIPTION
Route The index number of the static route.
Route name A descriptive name for the bridge route. Use a string of up to 10 ASCII characters.
46
DSL & IAD CLI Reference Guide
Chapter 7 Bridge Commands
Table 18 bridge stat display
LABEL DESCRIPTION
active Thi s sho ws whether the bridge is active or not. It is either on or off. More than one
bridge may be active at one time.
Ether Address This refers to the MAC address of the final destination of the bridge static route.
IP address This is the IP address of the gateway. See the bridge stat set command
description for an explanation of gateways.
Gateway node The index number of the remote node. The remote node is the end point of a
bridge, for example, your ISP. Use wan node commands to find a list of available
bridges.
DSL & IAD CLI Reference Guide
47
Chapter 7 Bridge Commands
48
DSL & IAD CLI Reference Guide
CHAPTER 8
Certificate Commands
Use these commands to configure certificate s.
8.1 Command Summary
The following table describes the values required for many certificates commands.
Other values are discussed with the corresponding commands.
Table 19 certificates Command Input Values
LABEL DESCRIPTION
<addr[:port]> Specifies the server address (required) and port (optional). The format is
auth-key Specifies the certificate’s key for user authentication. If the key contains
ca-addr The IP address or domain name of the CA (Certification Authority) server.
ca-cert The name of the CA certificate.
key-length The length of the key to use in creating a certificate or certificate request. Valid
[login:password] The login name and password for the directory server, if required. The format is
name, old-name,
new-name
server-name A descriptive name for a directory server. Use up to 31 ASCII characters
subject A certificate’s subject name and alternative name. Both are required.
timeout The verification timeout value in seconds (optional).
"server-address[:port]".
spaces, put it in quotes. To leave it blank, type "".
options are 512, 768, 1024, 1536 and 2048 bits.
"login:password".
The identifying name of a certificate or certification request. Use up to 31
characters to identify a certificate. You may use any character (not including
spaces).
<old-name> specifies the name of the certificate to be renamed.
<new-name> specifies the new name for the certificate.
(spaces are not permitted).
The format is "subject-name-dn;{ip ,dns,email}=value".
Example 1: "CN=ZyWALL,OU=CPE SW2,O=ZyXEL,C=TW;ip=172.21.177.79"
Example 2: "CN=ZyWALL,O=ZyXEL,C=TW;dns=www.zyxel.com"
Example 3: "CN=ZyWALL,O=ZyXEL,C=TW;email=dummy@zyxel.com.tw"
If the name contains spaces, put it in quotes.
The following section lists the certificates commands.
DSL & IAD CLI Reference Guide
49
Chapter 8 Certificate Commands
Table 20 certificates Commands
COMMAND DESCRIPTION
certificates ca_trusted
crl_issuer <name> [on|off]
certificates ca_trusted delete
<name>
certificates ca_trusted export
<name>
certificates ca_trusted import
<name>
certificates ca_trusted list Displays all trusted CA certificate names and their basic information.
certificates ca_trusted rename
<old-name><new-name>
certificates ca_trusted verify
<name>[timeout]
certificates ca_trusted view
<name>
certificates dir_server add
<server_name> <addr[:port]>
[login:password]
certificates dir_server delete
<server-name>
certificates dir_server edit
<server-name> <addr[:port]>
[login:password]
certificates dir_server list Displays all directory server entry names and their basic information.
certificates dir_server rename
<old-server-name><new-server-
name>
certificates dir_server view
<server-name>
certificates my_cert create
cmp_enroll <name><ca-addr>
<ca-cert><auth-key><subject>
[key-length]
certificates my_cert create
request <name><subject>[key-
length]
certificates my_cert create
scep_enroll <name><ca-addr>
<ca-cert><ra-sign><ra-encr>
<auth-key><subject>[key-
length]
[on|off] specifies whether or not the specified CA issues CRL. If [on|off]
is not specified, the current crl_issuer status of the CA displays.
Removes the specified trusted CA certificate.
Exports the specified PEM-encoded certificate to your CLI session’s
window for you to copy and paste.
Imports the specified PEM-encoded CA certificate from your CLI
session. After you enter the command, copy and paste the PEMencoded certificate into your CLI session window. With some terminal
emulation software you may need to move your mouse around to get
the transfer going.
Renames the specified trusted CA certificate.
Has the ZyXEL Device verify the certification path of the specified
trusted CA certificate.
Displays details about the specified trusted CA certificate.
Adds a new directory server entry.
Removes the specified directory server entry.
Edits the specified directory server entry.
Renames the specified directory server entry.
<old-server-name> specifies the name of the directory server entry
to be renamed.
<new-server-name> specifies the new name for the directory server
entry.
Displays details about the specified directory server entry.
Creates a certificate request and enroll for a certificate immediately
online using CMP protocol.
Creates a certificate request and saves it on the ZyXEL Device for later
manual enrollment.
Creates a certificate request and enrolls for a certificate immediately
online using SCEP protocol.
<ra-sign> specifies the name of the RA (Registration Authority)
signing certificate. If it is not required, type ““ to leave it blank.
<ra-encr> specifies the name of the RA encryption certificate. If it is
not required, type ““ to leave it blank.
50
DSL & IAD CLI Reference Guide
Chapter 8 Certificate Commands
Table 20 certificates Commands (continued)
COMMAND DESCRIPTION
certificates my_cert create
self_signed <name><subject>
<key-length>
certificates my_cert delete
<name>
certificates my_cert
def_self_signed [name]
certificates my_cert export
<name>
certificates my_cert import
[name]
certificates my_cert list Displays all my certificate names and basic information.
certificates my_cert rename
<old-name><new-name>
certificates my_cert
replace_factory
certificates my_cert verify
<name>[timeout]
certificates my_cert view
<name>
certificates remote_trusted
delete <name>
certificates remote_trusted
export <name>
certificates remote_trusted
import <name>
certificates remote_trusted
list
certificates remote_trusted
rename <old-name><new-name>
certificates remote_trusted
verify <name>[timeout]
certificates remote_trusted
view <name>
Creates a self-signed local host certificate.
Removes the specified local host certificate.
Sets the specified self-signed certificate as the default self-signed
certificate. If you do not specify a name, the name of the current selfsigned certificate displays.
Exports the PEM-encoded certificate to your CLI session window for
you to copy and paste.
Imports the PEM-encoded certificate from your CLI session. A
corresponding certification request must already exist on the ZyWALL.
The certification request is automatically deleted after the importation.
The name is optional, if you do not specify one, the certificate adopts
the name of the certification request. After you enter the command,
copy and paste the PEM-encoded certificate into your CLI session
window. With some terminal emulation software you may need to move
your mouse around to get the transfer going.
Renames the specified my certificate.
Creates a certificate using your device MAC address that is specific to
this device. The factory default certificate is a common default
certificate for all ZyXEL Device models.
Has the ZyXEL Device verify the certification path of the specified local
host certificate.
Displays information about the specified local host certificate.
Removes the specified trusted remote host certificate.
Exports the PEM-encoded certificate to your CLI session’s window for
you to copy and paste.
Imports the specified PEM-encoded remote host certificate from your
CLI session. After you enter the command, copy and paste the PEMencoded certificate into your CLI session window. With some terminal
emulation software you may need to move your mouse around to get
the transfer going.
Displays all trusted remote host certificate names and their basic
information.
Renames the specified trusted remote host certificate.
Has the ZyXEL Device verify the certification path of the specified
trusted remote host certificate.
Displays information about the specified trusted remote host certificate.
DSL & IAD CLI Reference Guide
51
Chapter 8 Certificate Commands
8.2 Default Values
The following table shows a list of default values.
Table 21 certificates Default Values
VARIABLE DEFAULT VALUE
port 389
timeout 20 seconds
key-length 1024
8.3 Command Examples
This example creates and displays a self signed certificate named “test” with a subject
alternative common name of “cert-test,” organization of “my-company”, country of “TW”,
and IP 172.16.1.203. It uses a 512 bit key and is valid for 5 years.
ras> certificates my_cert create self_signed test "CN=cert-test,O=mycompany,C=TW;ip=172.16.1.203" 512 5
The self-signed certificate has been successfully generated.
ras> certificates my_cert list
PKI Storage Space in Use: 2%
[ Certificate Name ] Type [ Subject Name ] [ Issuer Name ] From [To]
auto_generated_self_signed_cert *SELF CN=ZyWALL 70 ... CN=ZyWALL 70... 2000 2030
test SELF CN=cert-test,... CN=cert-test... 2007 2012
-------------------------------------------------------------------------------Total number of certificates: 2
Legends: NYV - Not Yet Valid, EXPD - Expired, EXPG - Expiring, CERT Certificate, REQ - Certification Request, SELF - Self-signed Certificate, *SELF
- Default Self-signed Certificate
52
This example displays the certificate that the ZyXEL Devi ce is using as the default self-signed
certificate. Then it has the ZyXEL Device use the self signed certificate named “test” as the
default self-signed certificate.
ras> certificates my_cert def_self_signed
The default self-signed certificate: auto_generated_self_signed_cert
ras> certificates my_cert def_self_signed test
Would you like to make "test" as the default self-signed certificate? (y/n):y
ras> certificates my_cert def_self_signed
The default self-signed certificate: test
DSL & IAD CLI Reference Guide
Chapter 8 Certificate Commands
This example exports the self signed certificate named “test”. After the certificate displays on
the screen, copy and paste it into a text editor (like Notepad) and save it as a .crt or .cer file.
ras> certificates my_cert export test
-----BEGIN CERTIFICATE----MIIBlzCCAUGgAwIBAgIEOlptnzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJU
VzETMBEGA1UEChMKbXktY29tcGFueTESMBAGA1UEAxMJY2VydC10ZXN0MB4XDTAx
MDEwODAxNDcxMVoXDTA2MDEwOTAxNDcxMVowNjELMAkGA1UEBhMCVFcxEzARBgNV
BAoTCm15LWNvbXBhbnkxEjAQBgNVBAMTCWNlcnQtdGVzdDBcMA0GCSqGSIb3DQEB
AQUAA0sAMEgCQQDmnKh6ZZ5xaPukE4+djC6bu0Uyjf5aQ/QysD+Udv8xF0L/DpT1
c3xnu8hkp/RCFS3/fK6ALiLsoMCOUmqg5bdDAgMBAAGjNzA1MA4GA1UdDwEBAAQE
AwICpDAPBgNVHREECDAGhwSsFyXLMBIGA1UdEwEBAAQIMAYBAf8CAQEwDQYJKoZI
hvcNAQEFBQADQQC9hq27VCDTu6L2JsDgU8jXwYghDDKXzPR5PZ4/oryX5PFILrtr
rNLh2eTCExnyyEggaRhJ0B63Ucam7hG4k5xW
-----END CERTIFICATE-----
This example imports a VeriSign certificate as a trusted CA. The CA certificate has to be
PEM-encoded. Refer to Section 8.3.1 on page 53 for how to save a certificate in PEM-encoded
format.
ras> certificates ca_trusted import VeriSign
Please paste the PEM-encoded certificate onto the screen.
Press Ctrl+D when finished or Ctrl+C to cancel.
Note: 9600 bps console port speed guarantees minimum transmission error
rate.
-----END CERTIFICATE-----rTJXwT4OPjr0l91X817/OWOgHz8UA==ZHuO3ABc
8.3.1 Saving Certificates as PEM-encoded Format
Do the following to save a certificate in PEM-encoded format.
1 In Windows Explorer, locate and double-click the (non PEM-encoded) certificate file.
DSL & IAD CLI Reference Guide
53
Chapter 8 Certificate Commands
2 Click Details and Copy to File.
3 Click Next in the welcome screen. Select Base-64 encoded X.509 (.CER).
54
DSL & IAD CLI Reference Guide
4 Type a file name (or browse for one).
5 Click Finish.
Chapter 8 Certificate Commands
6 Open the newly created file in a text editor (like Notepad) to be able to copy and paste
the certificate into your CLI session.
DSL & IAD CLI Reference Guide
55
Chapter 8 Certificate Commands
56
DSL & IAD CLI Reference Guide
CHAPTER 9
CNM Agent Commands
Use these commands to configure CNM agent settings on the ZyXEL Device.
" At the time of writing, only P-662 series has the commands described in this
chapter.
9.1 Command Summary
The following section lists the commands for this feature.
Table 22 CNM Commands
COMMAND DESCRIPTION
cnm active [0:disable|1:enable] Enables or disables the CNM service on the ZyXEL
Device. After enabled, the ZyXEL Device communicates
with the CNM server through the ZyXEL Device’s WAN.
cnm sgid [id] Displays the unique ID received from the CNM server
after the ZyXEL Device registered suceessfully.
cnm managerIp Displays or sets the CNM server's IP address.
cnm debug [0:disable|1:enable] Controls whether the debugging information is displayed
on the console. You must use 115200 bps for the baud
rate to display the debugging message.
cnm reset Resets the CNM service to the initial status on the ZyXEL
Device. The ZyXEL Device will register itself to the CNM
server again if the service is enabled.
cnm encrymode
[0:none|1:des|2:3des]
cnm encrykey [key] Displays or sets the encryption key.
cnm keepalive <10-655> Sets how often (in seconds) the ZyXEL Device sends a
Displays or sets the encryption mode.
The encryption key is 8 characters when the encryption
mode is set to “DES”.
The encryption key is 24 characters when the encryption
mode is set to “3DES”.
keepalive packet to inform the CNM server of its
existence.
DSL & IAD CLI Reference Guide
57
Chapter 9 CNM Agent Commands
Table 22 CNM Commands (continued)
COMMAND DESCRIPTION
cnm version Displays the CNM agent version on the ZyWALL.
cnm regiserTime [30-2147483] Sets how often in seconds the ZyXEL Device registers
9.2 Command Examples
This example displays the CNM agent version on the ZyXEL Device.
ras> cnm version
cnm version: 2.1.6(XJ.0)base
This example configures the CNM settings and activates the service on the ZyXEL Device
using the following settings.
itself to the CNM server. The default is 180 seconds.
Configure this to prevent multiple ZyXEL Devices from
registering at the same time and causing heavy system
loading on the CNM server.
• CNM server IP address: 10.1.1.252
• Encryption mode: DES
• Encryption key: 12345678
• How often to send a keepalive packet to the CNM server: every 90 seconds
ras> cnm managerIp 10.1.1.252
managerIp 10.1.1.252
ras> cnm encrymode 1
cnm encrymode 1
ras> cnm encrykey 12345678
encrykey 12345678
ras> cnm keepalive 300
cnm keepalive 300
ras> cnm active 1
cnm active 1
Last Register Time: 0-0-0 0:0:0
58
DSL & IAD CLI Reference Guide
Chapter 9 CNM Agent Commands
This example displays the CNM debug messages. It's useful for monitoring register or
keepalive packets the ZyXEL Device sends and receives to and from the CNM server.
ras> cnm debug 1
cnm debug 1 <0:Disable 1:Enable> CNM debug messges can only be printed at 115200
baud rate.
ras>
agentIpAddr: 10.1.1.252
CNM protocol version = 1
sendSgmpRegisterRequest sessionID = [0]
sgmpAgentRx iface_p=b04088 cnt=1
sgmpRxEventProcess opType 1
procAgentRegister
SessionID is modified by Vantage to [0]
received SGMP_T_REGISTER:SGMP_C_RESPONSE
Error tUnit=4096
sendSgmpRegisterAck ackCode=9
procAgentRetrieve event SGMP_EVENT_REGISTER_RESP
sendSgmpRetrieveStoreRequest opType=2
sgmpd state SGMP_STATE_REGISTERING
sgmpAgentRx iface_p=b04088 cnt=1
sgmpRxEventProcess opType 2
procAgentRetrieve, agentState = 1
SessionID is modified by Vantage to [0]
received SGMP_T_RETRIEVE:SGMP_C_RESPONSE
sendSgmpRetrieveStoreAck opType=2 ackCode=9
procAgentRetrieve event SGMP_EVENT_RETRIEVE_RESP
sgmpd state SGMP_STATE_RETRIEVE_INIT
event: SGMP_EVENT_RETRIEVE_SUCCESS
sendRetrieveStoreSucc opType=2 opCode=3
sendSgmpRegisterSuccess
sgmpd state SGMP_STATE_ACTIVE
No Alarms Exist!
sgmpAgentRx iface_p=b04088 cnt=1
sgmpRxEventProcess opType 9
SessionID is modified by Vantage to [478043139]
tUint = 4110, Amount_Item = 1, nUnit = 1
procInquireData FORWARD COMPATIBILITY
Device (1b55) unsupport CNM Forward Compatibility!!
Fail to send Forward Comp Information to CNM.
call sendSgmpInquireSuccess
sendSgmpInquireSuccess opType=9 opCode=4 sessionID =[1909254747]
Send SGMP KA Trap IP=10.1.1.252, life=0, interval=90 (secs)
No Alarms Exist!
Send SGMP KA Trap IP=10.1.1.252, life=90, interval=90 (secs)
No Alarms Exist!
DSL & IAD CLI Reference Guide
59
Chapter 9 CNM Agent Commands
60
DSL & IAD CLI Reference Guide
CHAPTER 10
VoIP DECT Commands
Use these commands to configure DECT (Digitally Enhanced Cordless Telecommunications)
settings on the ZyXEL Device.
These commands are only available on ZyXEL Devices which have a DECT cordless phone
base station.
10.1 Command Summary
The following section lists the commands for this feature.
Table 23 dect Command Summary
COMMAND DESCRIPTION
voice config dect index <index> Loads the DECT settings for configuration.
voice config dect bspassword
<index> <base-station-password>
voice config dect save <index> Saves the DECT configuration on the ZyXEL Device.
voice config dect display <index> Shows the base station password.
voice dect page Pages all handset registered with the base station on the ZyXEL
voice dect reset Resets the base station and initiates it.
voice dect handsetlist Displays the list of registered handsets.
voice dect version Displays the base station firmware version.
voice dect upgradefw Upgrades the base station firmware via a console. The DECT
voice dect subscript Enables DECT subscription to allow DECT phones to register with
voice dect restoredectrom Resets the DECT module to the factory defaults.
voice dect fwupgrade Upgrades the base station firmware via a console. The DECT
voice dect clearhandset Removes the list of registered handsets.
voice dect fwversion Displays the base station firmware version.
Sets the base station password. This is the password that DECT
phones must enter when registering with the base station.
base-station-password: 4 digit number, for example “0987”.
index: 1
Device.
upgrade should only be performed by a service technician.
the base station.
upgrade should only be performed by a service technician.
DSL & IAD CLI Reference Guide
61
Chapter 10 VoIP DECT Commands
10.2 Command Examples
This example sets the base station password on the ZyXEL Device to be 1155.
ras> voice config dect index 1
ras> voice config dect bspassword 1 1155
ras> voice config dect save 1
62
DSL & IAD CLI Reference Guide
CHAPTER 11
Ethernet Commands
Use these commands to configure the settings of Ethernet ports on ZyXEL Device.
11.1 Command Summary
The following table describes the values required for many commands. Other values are
discussed with the corresponding commands.
Table 24 Ethernet Command Input Values
LABEL DESCRIPTION
ch-name This is a channel name, for example in a DSL product with WLAN and DMZ, the
LAN is enet0, the WLAN is enet1 and the DMZ is enet2. The channel varies
by your ZyXEL Device model.
The following section lists the commands for this feature. Not all commands are available on
all models.
Table 25 Ethernet Commands
COMMAND DESCRIPTION
ether bridge Displays whether or not bridge mode is enabled on the
ether config Displays the Ethernet configuration.
ether driver cnt disp <ch-name> Displays the specified interface’s Ethernet statistics.
ether driver status <ch-name> Displays the specified interface information, including
ether driver config
[0|1=auto|normal] [0|1=10|100]
[0|1=HD|FD] <ch-name>
ether driver qroute Displays the current quick route setting.
ether driver qroute
[0:Off|1:ISR|2:Task]
ether edit load <ether-no> Loads the Ethernet configuration for the specified
ZyXEL Device.
the channel ID number and MAC address.
Sets an interface’s connection speed and duplex mode.
This command is for a ZyXEL Device with one Ethernet
LAN port only.
Disables or enables quick routing in ISR (Interruptrelated System Register) mode or task mode to speed
up routing.
In ISR mode, the ZyXEL Device generates an interrupt
signal when receiving a packet. In task mode, the ZyXEL
Device creates a task to handle the received packets.
By default, quick route is enabled in task mode in the
ZyXEL Device.
This command is configurable only on system reboot.
interface.
ether-no: 1:LAN, 2:WAN, 3:DMZ, 4: WLAN
DSL & IAD CLI Reference Guide
63
Chapter 11 Ethernet Commands
Table 25 Ethernet Commands (continued)
COMMAND DESCRIPTION
ether edit mtu <value> Sets the Ethernet Maximum Transmission Unit (MTU)
ether edit accessblock
<0:disable|1:enable>
ether edit save Saves the Ethernet configuration.
ether portStatus Displays whether the port is connected and the speed of
ether switch cnt
<all|clear|0|1|2|3|4|5>
ether switch igmpsnp disable Deactivates IGMP snooping on the ZyXEL Device.
ether switch igmpsnp enable Activates IGMP snooping on the ZyXEL Device.
ether switch igmpsnp status Displays whether or not IGMP snooping is enabled on
ether switch speedDuplex <port-
id> [a|m =auto|manual] [10|100]
[h|f =half|full-duplex]
ether switch status Displays the link status, speed and duplex mode of each
ether version Displays the Ethernet driver version.
size for the specified interface.
Allows or disallows packets through the specified
interface.
the connection.
Displays or removes the Ethernet port’s packet statistics.
the ZyXEL Device.
Sets an Ethernet port’s connection speed and duplex
mode. This command is for a ZyXEL Device with a fourport switch only.
port-id: all|1|2|3|4
Ethernet port.
11.2 Command Examples
This example changes the LAN speed of a ZyXEL Device with one Ethernet LAN port to 10
Mbps and full duplex.
ras> ether driver config 1 0 1 enet0
This example set the speed of LAN port 3 in the ZyXEL Device with a four-port switch to 10
Mbps and full duplex. This also displays the link status, speed and duplex mode of each
Ethernet port.
ras> ether switch speedDuplex 3 m 10 f
Done
ras> ether switch status
Port# Link Speed Duplex
1 - - 2 - - 3 Y 10 Full
4 Y 100 Full
ras>
64
DSL & IAD CLI Reference Guide
This example loads the Ethernet configuration for the LAN, sets the MTU size to 1500 bytes,
allows packets transmitting through the LAN and saves the changes.
ras> ether edit load 1
ras> ether edit mtu 1500
ras> ether edit accessblock 0
ras> ether edit save
ras>
Chapter 11 Ethernet Commands
DSL & IAD CLI Reference Guide
65
Chapter 11 Ethernet Commands
66
DSL & IAD CLI Reference Guide
CHAPTER 12
Firewall Commands
Use these commands to configure firewall settings on the ZyXEL Device.
12.1 Command Summary
The following table describes input values for some of the firewall commands. Other
values are discussed with the corresponding commands.
Table 26 Firewall Command Input Values
LABEL DESCRIPTION
set-number The number of a set of firewall rules. The firewall rules are grouped in sets by
rule-number The number of a specific firewall rule.
from A traffic source (where the traffic enters the ZyXEL Device). Use one of the
to A traffic destination (where the traffic leaves the ZyXEL Device). Use one of the
packet direction. Refer to Table 27 on page 67 for which set number to use for
each firewall direction.
following.
lan/wan/dmz
following.
lan/wan/dmz
The following section lists the firewall commands.
Table 27 Firewall Set Numbers
FIREWALL DIRECTION SET-NUMBER
LAN to WAN 1
WAN to LAN 2
DMZ to LAN 3
DMZ to WAN 4
WAN to DMZ 5
LAN to DMZ 6
LAN to LAN 7
WAN to WAN 8
DMZ to DMZ 9
DSL & IAD CLI Reference Guide
67
Chapter 12 Firewall Commands
Table 28 Firewall Commands
COMMAND DESCRIPTION
sys firewall acl disp [set-number]
[rule-number]
sys firewall active <yes|no> Enab les or disables the firewall.
sys firewall cnt disp Displays the firewall log type and count.
sys firewall cnt clear Clears the firewall log count.
sys firewall update Update the firewall configuration.
sys firewall dos smtp Enables or disables the SMTP Denial of Service (DoS)
sys firewall dos display Displays the SMTP DoS defender setting.
sys firewall dos ignore
<lan|wan|dmz|wlan> [on|off]
sys firewall ignore dos
<lan|wan|dmz|wlan> [on|off]
sys firewall ignore triangle Sets if the firewall ignores triangle route packets on the LAN or
sys firewall schedule load <set-
number> <rule-number>
sys firewall schedule display Displays the firewall schedule.
sys firewall schedule save Saves and applies the firewall schedule.
sys firewall schedule week monday
<on|off>
sys firewall schedule week tuesday
<on|off>
sys firewall schedule week wednesday
<on|off>
sys firewall schedule week thursday
<on|off>
sys firewall schedule week friday
<on|off>
sys firewall schedule week saturday
<on|off>
sys firewall schedule week sunday
<on|off>
sys firewall schedule week allweek
<on|off>
sys firewall schedule timeOfDay
<always|hh:mm <hh:mm>>
Displays all of the firewall rules, rules for a specific direction of
packet travel, or a a specific rule.
defender.
Sets the firewall to ignore DoS attacks on the specified
interface.
Sets the firewall to ignore DoS attacks on the specified
interface. Same function as the previous command.
WAN.
Loads the firewall schedule by rule.
Turns the firewall schedule on or off for Mondays.
Turns the firewall schedule on or off for Tuesdays.
Turns the firewall schedule on or off for Wednesdays.
Turns the firewall schedule on or off for Thursdays.
Turns the firewall schedule on or off for Fridays.
Turns the firewall schedule on or off for Saturdays.
Turns the firewall schedule on or off for Sundays.
Turns the firewall schedule on or off for all week.
Sets what time the firewall schedule applies to.
68
DSL & IAD CLI Reference Guide
12.2 Command Examples
This example loads a firewall schedule for LAN to WAN firewall rule 1 and sets the schedule
to apply the rule on all days of the week except Saturday and saves the schedule.
ras> sys firewall schedule load 2 1
Schedule Active(0=no, 1=yes): 0
ras> sys firewall schedule week monday off
Sun: 1, Mon: 0, Tue: 1, Wed: 1, Thu: 1, Fri: 1, Sat: 1.
Schedule Enable All Day On.
ras> sys firewall schedule save
Save schedule successful.
ras> sys firewall acl disp 2 1
ACL Runtime Data for ACL Set Number: 2
Number of Rules: 2
ACL default action (0=Drop, 1=Permit, 2=Reject): 0
ICMP Idle Timeout: 0
UDP Idle Timeout: 0
TCP SYN Wait Timeout: 0
TCP FIN Wait Timeout: 0
TCP Idle Timeout: 0
DNS Idle Timeout: 0
Runtime Rule Number: 1
Name: W2L_Rule_1 Active (0=no, 1=yes): 0
Schedule (0=no, 1=yes): 1
Sun: 1, Mon: 0, Tue: 1, Wed: 1, Thu: 1, Fri: 1, Sat: 1.
Schedule Enable All Day On.
Action (0=block, 1=permit, 2=reject): 1
Log (0=disable, 1=enable, 2=not-m, 3=both): 0
Alert (0=no, 1=yes): 0
Protocol: 0
Source IP Any: 1
Source IP Number of Single: 0
Source IP Number of Range: 0
Source IP Number of Subnet: 0
Dest IP Any: 1
Dest IP Number of Single: 0
Dest IP Number of Range: 0
Dest IP Number of Subnet: 0
TCP Source Port Any: 1
TCP Source Port Number of Single: 0
TCP Source Port Number of Range: 0
UDP Source Port Any: 1
UDP Source Port Number of Single: 0
UDP Source Port Number of Range: 0
TCP Dest Port Any: 0
TCP Dest Port Number of Single: 0
TCP Dest Port Number of Range: 0
UDP Dest Port Any: 0
UDP Dest Port Number of Single: 1
UDP Dest Port Number of Range: 0
Dest Port Single Port[1]: 68
ICMP Custom Service Number with only Type defined: 0
ICMP Custom Service Number with both Type and Code defined: 0
Number of User Defined IP Protocol: 0
------------------------
Chapter 12 Firewall Commands
DSL & IAD CLI Reference Guide
69
Chapter 12 Firewall Commands
70
DSL & IAD CLI Reference Guide
CHAPTER 13
IP Commands
Use these commands to configure IP settings on the ZyXEL Device.
13.1 Command Summary
The following table describes input values for some of the ip commands. Other values are
discussed with the corresponding commands.
Table 29 IP Command Input Values
LABEL DESCRIPTION
ip An IP address in dotted decimal notation. For example, 192.168.1.3.
port A protocol’s port number.
interface An interface on the ZyXEL Device. enif refers to an Ethernet interface.
enif0: LAN
enif1: WAN
enif2: DMZ
wanif0: PPPoE or PPPoA
For some commands you can also add a colon and a 0 or 1 to specify an IP alias.
This is only for the LAN and DMZ WLAN interfaces. For example, enif0:0
specifies LAN IP alias 1 and enif0:1 specifies LAN IP alias 2.
hostname A domain name.
mask-bits The number of bits in an address’s subnet mask. To find the bit number, convert
num The number of system report records to display. For example, if you specify 10,
the subnet mask to binary and add all of the 1’s together. Take “255.255.255.0” for
example. 255 converts to eight 1’s in binary. There are three 255’s, so add three
eights together and you get the bit number (24).
the top 10 report entries display.
The following section lists the IP commands.
Table 30 IP Commands
COMMAND DESCRIPTION
ip arp status [interface] Displays an interface’s ARP table.
ip des test Performs the DES/3DES hardware chip testing and
ip des reset Resets the DES/3DES hardware chip.
ip dhcp <interface> client
release
ip dhcp <interface> client
renew
DSL & IAD CLI Reference Guide
displays the result.
Releases the specified interface’s DHCP IP address. The
interface must be a DHCP client to use this command.
Renews the specified interface’s DHCP IP address. The
interface must be a DHCP client to use this command.
71
Chapter 13 IP Commands
Table 30 IP Commands (continued)
COMMAND DESCRIPTION
ip dhcp <interface> mode
<server|relay|none|client>
ip dhcp <interface> relay
server <ip>
ip dhcp <interface> reset Resets the DHCP table.
ip dhcp <interface> server
probecount <num>
ip dhcp <interface> server
dnsserver <ip-address1> [ip-
address2] [ip-address3]
ip dhcp <interface> server
winsserver <wins-ip1> [wins-
ip2]
ip dhcp <interface> server
gateway <gateway-ip>
ip dhcp <interface> server
hostname <hostname>
ip dhcp <interface> server
initialize
ip dhcp <interface> server
leasetime <period>
ip dhcp <interface> server
netmask <subnet-mask>
ip dhcp <interface> server pool
<start-ip> <size>
ip dhcp <interface> server
renewaltime <period>
ip dhcp <interface> server
rebindtime <period>
ip dhcp <interface> server
reset
ip dhcp <interface> server
server <server-ip>
ip dhcp <interface> status Displays the detailed DHCP status of the specified
ip dhcp <interface> static
delete <index|all>
ip dhcp <interface> static
display
ip dhcp <interface> static
update <index> <mac-address>
<ip-address>
Sets the DHCP mode.
Sets the DHCP relay server's IP address.
Sets the DHCP probe counter.
Sets the DHCP DNS server IP address.
Sets the DHCP WINS server IP address.
Sets the DHCP gateway IP address.
Sets the DHCP server name.
Fills in DHCP parameters and initializes (for PWC
purposes)
Sets the DHCP leasetime.
Sets the DHCP netmask
Sets the DHCP IP pool size.
Sets the DHCP renew time.
Sets the DHCP rebind time.
Resets the DHCP table.
Sets the DHCP relay server's IP address. Use this
command only when you configure the DHCP mode as
relay.
interface.
Deletes the static DHCP entries.
Displays static DHCP mac table
Adds a static DHCP entry. The IP should be available in
the DHCP pool.
mac-address: This is a 12-digit hexadecimal number
separated by colons or dashes. For example,
00:13:49:00:00:0A or 00-13-49-00-00-0A.
72
DSL & IAD CLI Reference Guide
Chapter 13 IP Commands
Table 30 IP Commands (continued)
COMMAND DESCRIPTION
ip dns query address <ipaddress> [timeout]
ip dns query debug [level] Enables or disables DNS debug. 0 disables this function
ip dns query name <hostname>
[timeout]
ip dns query table Displays DNS query table.
ip dns server <primary>
[secondary] [third]
ip dns stats clear Clears DNS statistics.
ip dns stats disp Displays DNS statistics.
ip dns table Displays DNS request table.
ip httpd debug [on|off] Displays or sets the web configurator debug flag.
ip icmp status Displays the ICMP statistics counter.
ip icmp discovery <interface>
[on|off]
ip icmp sourcequench Displays whether the ignore Source Quench feature is
ip ifconfig [interface] Displays all or the specified network interface settings.
ip ifconfig <interface> <ip-
address[/<mask-bits>]>
[broadcast <address>] [mtu
<value>] [dynamic]
ip igmp debug
[0:off|1:normal|2:detailed]
ip igmp forwardall [on|off] Activates or deactivates IGMP forwarding to all interfaces.
ip igmp querier [on|off] Turns the IGMP stop query flag on or off.
ip igmp iface <interface>
grouptm <260-2147483647>
ip igmp iface <interface>
interval <125-2147483647>
ip igmp iface <interface> join
<group-address>
ip igmp iface <interface>
leave <group-address>
ip igmp iface <interface>
query
ip igmp iface <interface>
rsptime [100-255]
ip igmp iface <interface>
start
ip igmp iface <interface> stop Turns off IGMP on the specified interface.
Displays the domain name of an IP address.
timeout: 0~255 seconds. This is the maximum number
of seconds to wait for a response.
while other values enable it.
Displays the IP address of a domain name.
timeout: 0~255 seconds. This is the maximum number
of seconds to wait for a response.
Sets DNS server.
Turns ICMP discovery (ICMP type 10, RFC 1256) off or on
for the specified interface.
enabled or not.
Configures a network interface.
mtu <value>: Sets the Maximum Transmission Unit.
dynamic: Sets the interface to get an IP address via
DHCP.
Sets the IGMP (Internet Group Management Protocol)
debug level.
Sets the IGMP group timeout (in seconds) for the specified
interface.
Sets the IGMP query interval (in seconds) for the specified
interface.
Adds the specified interface to the specified IGMP group.
Removes the specified interface from the specified IGMP
group.
Sends an IGMP query on the specified interface.
Sets the IGMP response time in tenths (1/10) of a second.
Turns on IGMP on the specified interface.
DSL & IAD CLI Reference Guide
73
Chapter 13 IP Commands
Table 30 IP Commands (continued)
COMMAND DESCRIPTION
ip igmp iface <interface> ttl
<0-2147483647>
ip igmp iface <interface>
v1compat [on|off]
ip igmp proxy [0|1] Set 1 to send the IGMP leave message immediately while
ip igmp robustness [22147483647]
ip igmp status Displays the IGMP status.
ip mcastChan
[0:both|1:LAN|2:WLAN]
ip ping <address> Pings a remote host IP address or domain name.
ip policyrouting set index
<set-number> <rule-number>
ip policyrouting set name
<name>
ip policyrouting set active
<yes|no>
ip policyrouting set criteria
protocol <0:don’t
care|1:ICMP|6:TCP|17:UDP>
ip policyrouting set criteria
serviceType <0:don’t
care|1:normal|2:min delay|3:
max thruput|4:max
reliable|5:min cost>
ip policyrouting set criteria
precedence <0-7|8:don’t care>
ip policyrouting set criteria
packetlength <length>
ip policyrouting set criteria
lencomp <1:equal|2:not
equal|3:less|4:greater|5:less
or equal|6:greater or equal>
ip policyrouting set criteria
srcip <start-ip> <end-ip>
ip policyrouting set criteria
srcport <start-port> <end-
port>
ip policyrouting set criteria
destip <start-ip> <end-ip>
Sets the IGMP Time To Live thresh old.
Turns IGMP version 1 compatibility on or off for the
specified interface.
set 0 to wait a time interval (260 seconds) before sending
the leave message.
Sets the IGMP robustness variable.
Displays or controls whether the ZyXEL Device sends the
multicast packets to th e LAN or WLAN or both.
Loads or allocates a working buffer to editing a policy route
rule. Y ou must apply this command first before you begin to
configure the IP policy route rules.
set-number: 1-12
rule-number: 1-6
Sets the name of IP policy route set.
Enables or disables the IP policy route rule.
Sets the IP policy route protocol ID.
This sets the Type of Service (TOS) values to prioritize the
incoming network traffic. The values include normal
service, minimize delay, maximize throughput, maximize
reliability, or minimize cost.
Sets the IP policy route precedence.
Sets the IP policy route packet length.
Sets the IP policy route criteria for the specified packet
length above.
Sets the IP policy route source IP address
Sets the IP policy route source ports.
Sets the IP policy route destination IP addresses.
74
DSL & IAD CLI Reference Guide
Chapter 13 IP Commands
Table 30 IP Commands (continued)
COMMAND DESCRIPTION
ip policyrouting set criteria
destport <start-port> <end-
port>
ip policyrouting set action
actmatch
ip policyrouting set action
actnomatch
ip policyrouting set action
gatewaytype <1:WAN-remote-node
|0:gateway-address>
ip policyrouting set action
gatewayaddr <ip-address>
ip policyrouting set action
gatewaynode <1-8>
ip policyrouting set action
servicetype <0:don’t care|1:
normal|2:min delay|3: max
thruput|4:max reliable|5:min
cost>
ip policyrouting set action
precedence <0~7|8:no change>
ip policyrouting set action
log <yes|no>
ip policyrouting set display
<set-number> <rule-number>
ip policyrouting set save Saves the IP policy route rule setting from working buffer to
ip policyrouting set
freememory
ip policyrouting set clear
<set-number> [rule-number]
ip policyrouting clear Clears the IP policy route count.
ip policyrouting disp Displays the IP policy route count.
ip policyrouting switch
[on|off]
ip rip accept <gateway> Drops an entry from the RIP (Routing Information Protocol)
ip rip activate Enables RIP.
ip rip merge [on|off] Sets RIP merge flag.
ip rip refuse <gateway> Adds an entry to the RIP refuse list.
ip rip request <address>
[port]
ip rip reverse [on|off] RIP Poisoned Reverse.
ip rip status Displays RIP statistic counters.
ip rip trace [number] Enables the RIP trace flag for debugging.
Sets the IP policy route destination ports.
Sets the criteria if a packet does not match the IP policy
route rule for further action.
Sets the criteria if a packet matches the IP policy route rule
for further action.
Sets IP policy route gateway type.
Sets the action the ZyXEL Device forwards the packet by
the specified IP address.
Sets the action the ZyXEL Device forwards the packet by
the specified ZyXEL Device's WAN remote node.
Sets the action to change the service type or not.
Sets the action to change the precedence or not.
Sets the action to enable logging or not.
Displays the specified IP routing policy rule setting.
non-volatine memory.
Clears the IP policy route settings in the working buffer.
Deletes a IP policy route set or rule settings in the nonvolatile memory.
Switchs on or off the IP policy route count.
refusing list.
Sends RIP request to some address and port.
DSL & IAD CLI Reference Guide
75
Chapter 13 IP Commands
Table 30 IP Commands (continued)
COMMAND DESCRIPTION
ip rip mode <interface> in
[mode]
ip rip mode <interface> out
[mode]
ip rip dialin_user
<show|in|out|both|none>
ip route add <dest-
ip|default>[/<mask-bits>]
<gateway-ip> <metric>
ip route addiface <dest-ip>[/
<mask-bits>] <interface>
[metric]
ip route addprivate <dest-
ip|default>[/mask-bits]
<gateway-ip> [metric]
ip route addrom index <index> Adds a static route.
ip route addrom name <name> Sets the name for a static route.
ip route addrom set <dest-
ip>[/<mask-bits>] <gateway-ip>
<metric>
ip route addrom active
[on|off]
ip route addrom private
[yes|no]
ip route addrom save Saves the static route configuration.
ip route addrom clear [index] Deletes the static route.
ip route addrom freememory Clears working buffer.
ip route addrom display Displays all static routes.
ip route drop <ip-address>[/
mask-bits]
ip route status [interface] Displays the routing table.
ip smtp server [address] Sets the smtp server address.
Sets the RIP direction to in for the specified interface.
[mode]: This is a number.
0: None. Don't follow any RIP standards.
1: RIP-1 only. Only follows RIP version 1 standard.
2: RIP-2 only. Only follows RIP version 1 standard.
3: Both. Follows both RIP version 1 and version 2
standards.
Sets the RIP direction to out for the specified interface.
[mode]: This is a number.
0: None. Don't follow any RIP standards.
1: RIP-1 only. Only follows RIP version 1 standard.
2: RIP-1-compatible RIP-2. Follows both RIP version 1 and
version 2 standards.
3: RIP-2 only. Only follows RIP version 1 standard.
Displays or sets the RIP direction.
• When set to both or out, the ZyXEL Device will
broadcast its routing table periodically.
• When set to both or in, it will incorporate the RIP
information that it receives.
• When set to none, the ZyXEL Device doesn't send any
RIP packets out and it also ignores any RIP packets
received.
Adds a route. The route is runtime only (it is not kept in
permanent memory).
Adds an entry to the routing table for the specified
interface.
Adds a private route.
Sets the static route settings.
Activates or deactivates the static route.
Sets this route as private.
Drops a route.
76
DSL & IAD CLI Reference Guide
Chapter 13 IP Commands
Table 30 IP Commands (continued)
COMMAND DESCRIPTION
ip smtp destmail [address] Sets the destination mail address.
ip smtp srcmail [address] Sets the source mail address.
ip smtp sendmail Sends a mail.
ip smtp addrlist Lists the smtp server, destination and return addresses.
ip smtp addrreset Resets the smtp server, destination and return addresses.
ip status Displays IP statistics counters.
ip tcp status Displays the TCP statistics counters.
ip telnet <host-address>
[port]
ip tftp support Displays whether the ZyXEL Device supports TFTP.
ip tftp stats Displays TFTP statistics coutners.
ip traceroute <host> [ttl]
[wait] [queries]
ip tredir active <on|off> Enables or disables traffic redirect.
ip tredir checktime <period> Sets the number of seconds (0-255) ZyXEL Device waits
ip tredir disp Displays the traffic redirect configuration.
ip tredir failcount <count> Sets the number of times that ZyXEL Device can ping the
ip tredir partner <ip-address> Sets the traffic redirect backup gateway IP address.
ip tredir save Saves traffic redirect configuration.
ip tredir target <ip-address> Sets the IP address that ZyXEL Device uses to test WAN
ip tredir timeout <timeout> Sets the maximum number of seconds (0-255) ZyXEL
ip udp status Displays UDP status.
ip urlfilter customize
actionFlags act(1-7)<enable/
disable>
ip urlfilter customize add
[string]
[trust|untrust|keyword]
ip urlfilter customize delete
[string]
[trust|untrust|keyword]
ip urlfilter customize display Displays settings for the URL filter.
ip urlfilter customize
logFlags type<1-3>
<enable|disable>
Creates a Telnet connection to the specified host.
Sends ICMP packets to trace the route of a remote host.
ttl: Time to live in seconds (0-255).
wait: Timeout in seconds (0-255).
queries: The number of ICMP packets to use (1-5).
between attempts to connect to the target.
target without a response before forwarding traffic to the
backup gateway.
accessibility.
Device waits for a response from the target.
Sets and displays the action flags.
Adds the trusted, untrusted, or a keyword block with the url
string for filtering.
Deletes the trusted, untrusted, or a keyword block with the
url string for filtering.
Sets and displays the logging flags.
type1: for websites do not match either custom blocked or
custom forwarded websites.
type2: for custom blocked websites.
type3: for custom forwarded websites.
DSL & IAD CLI Reference Guide
77
Chapter 13 IP Commands
Table 30 IP Commands (continued)
COMMAND DESCRIPTION
ip urlfilter customize reset Clears all customized filtering settings.
ip urlfilter exemptZone
actionFlags type <1-3>
<enable|disable>
ip urlfilter exemptZone add
<ip1> <ip2>
ip urlfilter exemptZone delete
<ip1> <ip2>
ip urlfilter exemptZone
display
ip urlfilter exemptZone reset
[type <1-3>][enable|disable]
ip urlfilter general enable
<on|off>
ip urlfilter general display Displays all content filering settings.
ip urlfilter general exemptZone
display
ip urlfilter general exemptZone
actionFlags type<1-3>
<enable|disable>
ip urlfilter general exemptZone
add <ip1> <ip2>
ip urlfilter general exemptZone
delete <ip1> <ip2>
ip urlfilter general exemptZone
reset
ip urlfilter general reset Clears the content filtering settings.
ip urlfilter general
webFeature <block|nonblock>
<activex|java|cookie|webproxy>
ip urlfilter general timeOfDay
[always|from-time to-time]
ip urlfilter general
blockingText <text>
ip urlfilter webControl enable Enables content access control (CAC).
ip urlfilter webControl display Displays the CAC settings.
ip urlfilter webControl
logAndBlock [log|block|both]
ip urlfilter webControl
category <block|forward> <155|all>
ip urlfilter webControl
serverList display
ip urlfilter webControl
serverList refresh
Sets the exempt zone action flags.
Adds a range of IP addresses for which URL filtering is not
conducted.
Deletes the specified range of IP addresses for which URL
filtering is not conducted.
Displays the range of IP addresses for which url filtering is
not conducted.
Resets the exempt zone action fla g s .
Enables or disables content filtering.
Displays the content filtering trusted zone settings.
Sets the exempt zone action flags.
Adds a trusted user IP range.
Deletes a trusted user IP range.
Clears all content filtering trusted zone settings.
Blocks or forwards the specified web features including
ActiveX, JAVA, cookies, or web proxy.
Sets the content filtering blocking schedule.
from-time,to-time: Enter the format as "hh:mm".
Specifies a key word in a web site address you wish to
block access.
Enables the action of logging, block or both for matched
web site.
Blocks or forwards the specified or all web categories. The
command lists you all blocked web categories then. Refer
to Table 31 on page 79 for the categories.
Displays available CAC server list and their round trip time.
You have to get the Internet access to use this command.
Refreshs and adds the active CAC servers in the list.
78
DSL & IAD CLI Reference Guide
Table 30 IP Commands (continued)
COMMAND DESCRIPTION
ip urlfilter webControl
queryURL <url>
<server|localcache>
ip urlfilter webControl cache
display
ip urlfilter webControl cache
delete [entry-number|All]
ip urlfilter webControl
blockonerror <block|log>
<on|off>
ip urlfilter webControl
unratedwebsite <block|log>
<on|off>
ip urlfilter webControl
waitingTime [second]
ip urlfilter webControl
reginfo display
ip urlfilter webControl reginfo
licenseid <id>
ip urlfilter webControl zssw Sets the CAC server's URL.
Checks with the CAC server or the ZyXEL Device's cache
whether the specified URL is blocked or not.
Displays the ZyXEL Device's cache entries.
Deletes one or all ZyXEL Device's cache entries.
Blocks or logs the websites when the CAC server is
unavailable.
Blocks or logs unrated websites.
Sets the waiting time in seconds before the CAC server
responses.
Displays the CAC license key.
Registers the CAC service with the specified license key
from the iCard and then displays the result.
Chapter 13 IP Commands
13.1.1 Content Filtering Categories
The following section lists the relationship between countries and country codes defined in the
ZyXEL Device.
Table 31 Content Filtering Categories
TYPE
NUMBER
type 1 Adult/Mature Content type2 8 Web Communications
type 2 Pornography type29 Job Search/Careers
type 3 Sex Education type30 News/Media
type 4 Intimate Apparel/Swimsuit type31 Personals/Dating
type 5 Nudity type32 Reference
type 6 Alcohol/Tobacco type33 Chat/Instant Messaging
type 7 Illegal/Questionable type34 Email
type 8 Gambling type35 Newsgroups
type 9 Violence/Hate/Racism type36 Religion
type10 Weapons type37 Shopping
type11 Abortion type38 Auctions
type12 Arts/Entertainment type39 Real Estate
type13 Business/Economy type40 Society/Lifestyle
type14 Cult/Occult type41 Gay/Lesbian
type15 Illegal Drugs type42 Restaurants/Dining/Food
CATEGORY NAME
TYPE
NUMBER
CATEGORY NAME
DSL & IAD CLI Reference Guide
79
Chapter 13 IP Commands
Table 31 Content Filtering Categories
TYPE
NUMBER
type16 Education type43 Sports/Recreation/Hobbies
type17 Cultural Institutions type44 Travel
type18 Financial Services type45 Vehicles
type19 Brokerage/Trading type46 Humor/Jokes
type20 Games type47 Streaming Media/MP3
type21 Government/Legal type48 Software Downloads
type22 Military type49 Pay to Surf
type23 Political/Activist Groups type50 For Kids
type24 Health type51 Web Advertisements
type25 Computers/Internet type52 Web Hosting
type26 Hacking/Proxy Avoidance type53 Unrated
type27 Search Engines/Portals
CATEGORY NAME
13.1.2 IP Command Examples
TYPE
NUMBER
CATEGORY NAME
The following example shows the ZyXEL Device’s ARP table.
ras> ip arp status
received 11 badtype 0 bogus addr 0 reqst in 3 replies 2 reqst
out 11
cache hit 241 (85%), cache miss 42 (14%)
IP-addr Type Time Addr stat iface
210.200.128.6 None 0 [proxy] 25 NULL
192.168.1.33 10 Mb Ethernet 300 00:0f:fe:0a:2d:3b 41
enif0
192.168.1.255 10 Mb Ethernet 0 ff:ff:ff:ff:ff:ff 43 NULL
192.168.2.33 10 Mb Ethernet 290 00:19:cb:00:00:12 41
enif0:0
192.168.2.255 10 Mb Ethernet 0 ff:ff:ff:ff:ff:ff 43 NULL
192.168.3.255 10 Mb Ethernet 0 ff:ff:ff:ff:ff:ff 43 NULL
num of arp entries= 6
The following example shows LAN’s ARP information.
ras> ip arp status enif0
received 27 badtype 0 bogus addr 0 reqst in 14 replies 1 reqst
out 61
cache hit 2669 (83%), cache miss 511 (16%)
IP-addr Type Time Addr stat iface
192.168.1.33 10 Mb Ethernet 300 00:0f:fe:0a:2d:3b 41
enif0
num of arp entries= 1
80
DSL & IAD CLI Reference Guide
Chapter 13 IP Commands
The following example shows LAN IP alias 1’s ARP information.
ras> ip arp status enif0:0
received 11 badtype 0 bogus addr 0 reqst in 3 replies 2 reqst
out 11
cache hit 363 (89%), cache miss 42 (10%)
IP-addr Type Time Addr stat iface
192.168.2.33 10 Mb Ethernet 300 00:19:cb:00:00:12 41
enif0:0
num of arp entries= 1
The following commands configure the ZyXEL Device LAN's DHCP setting.
ras> ip dhcp enif0 mode server
ras> ip dhcp enif0 server dnsserver 168.95.1.1
ras> ip dhcp enif0 server winsserver 10.1.1.250
ras> ip dhcp enif0 server leasetime 655200
ras> ip dhcp enif0 server hostname TW-Server1
ras> ip dhcp enif0 server pool 192.168.1.33 2
ras> ip dhcp enif0 status
DHCP on iface enif0 is server
Start assigned IP address: 192.168.1.33/24
Number of IP addresses reserved: 2
Hostname prefix: TW-Server1
DNS server: 168.95.1.1 0.0.0.0
WINS server: 10.1.1.250 0.0.0.0
Domain Name :
Default gateway: 192.168.1.1
Lease time: 655200 seconds
Renewal time: 129600 seconds
Rebind time: 226800 seconds
Probing count: 100
slot state timer type hardware address hostname
0 UNCERTAIN 0 0 00
1 UNCERTAIN 0 0 00
Status:
Packet InCount: 0, OutCount: 0, DiscardCount: 0
The following command has the ZyXEL Device ping IP address 172.16.1.202 five times.
ras> ip pingext 172.16.1.202 -n 5
Resolving 172.16.1.202... 172.16.1.202
sent rcvd size rtt avg max min
1 1 36 0 0 0 0
2 2 36 0 0 0 0
3 3 36 0 0 0 0
4 4 36 0 0 0 0
5 5 36 0 0 0 0
Extended Ping From device to 172.16.1.202:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate Round Trip Times in milli-seconds:
RTT: Average = 0ms, Maximum = 0ms, Minimum = 0ms
DSL & IAD CLI Reference Guide
81
Chapter 13 IP Commands
The following example configures the DNS server settings the ZyXEL Device assigns to LAN
DHCP clients. In this case the first DNS server is the one assigned by ISP 1. The second DNS
server is at IP address 192.168.1.5. No third DNS server is assigned.
ras> ip dns lan edit 0 0 1 1
ras> ip dns lan edit 1 1 192.168.1.5
ras> ip dns lan edit 2 3
ras> ip dns lan display
Router assigned DNS servers to host
===================================
First DNS server is from WAN_1, DNS server index 1
Second DNS server is user defined: 192.168.1.5
Third DNS server is none
This example does the following.
1 Inserts a new DNS address record named example for www.my-company.com.example
for the WAN 1 interface.
2 Inserts a new DNS address record named example for a private DNS server for
www.my-company-1.com.example.
3 Displays the system DNS server settings.
ras> ip dns system inserta -1 www.my-company.com.example 0 0 1
ras> ip dns system insertns -1 www.mycompany-2.com.example 2 10.0.0.5
ras> ip dns system display
System DNS HA and Proxy Service Configuration
=============================================
Rule Summary: A Record
001 | record type=A Record, ISP=WAN_1
| FQDN =www.my-company.com.example
Rule Summary: NS Record
001 | record type=NS Record, DNS server=10.0.0.5(private)
| Domain Name=www.mycompany-2.com.example
The following example sets the WAN 1 interface to use IP address 172.16.1.203 and subnet
mask 255.255.0.0.
ras> ip ifconfig enif1 172.16.1.203/16
enif1: mtu 1500 mss 1460
inet 172.16.1.203, netmask 0xffff0000, broadcast 172.16.255.255
RIP RX:None, TX:None,
[InOctets 197396] [InUnicast 621] [InMulticast 982]
[InDiscards 72] [InErrors 0] [InUnknownProtos 72]
[OutOctets 89305] [OutUnicast 629] [OutMulticast 0]
[OutDiscards 0] [OutErrors 0]
82
DSL & IAD CLI Reference Guide
Chapter 13 IP Commands
The following example displays the IGMP status.
ras> ip igmp status
Group groupLink ifaceLink flags
224.0.0.12 [0102fd80 00c618c0] [0102fdc4 0102fdc4] 0003
224.0.0.9 [0102fd4c 0102fdb4] [0102fd90 0102fd90] 0001
224.0.0.2 [0102fd18 0102fd80] [0102fd5c 0102fd5c] 0001
224.0.0.1 [00c618c0 0102fd4c] [0102fd28 0102fd28] 0001
iface enif0 flags 00000000
query interval 125 sec, max rsp time 100 1/10 sec, group timeout 260 sec,
counter 0, query timer 0 sec, v1 host present timer 0 sec,
ttl threshold 1
multicast group:
------------------snip---------------------iface enif5:1 flags 00000000
query interval 0 sec, max rsp time 0 1/10 sec, group timeout 0 sec,
counter 0, query timer 0 sec, v1 host present timer 0 sec,
ttl threshold 0
multicast group:
The following table describes the labels in this display.
Table 32 ip igmp status
LABEL DESCRIPTION
Group This field displays group multicast IP addresses.
groupLink
ifaceLink
flags
iface This is the ZyXEL Device interface.
flags 00000000
query interval This is the time period between sending IGMP Host Membership Queries.
max rsp time This is the IGMP maximum response time.
group timeout The IGMP group timeout.
counter The IGMP counter.
query timer This is how long a mulicast router waits before deciding there is not another
v1 host present
timer
ttl threshold The IGMP group time to live threshold.
multicast group This field lists any multicast groups to which the interface belongs.
These fields are for debug purposes. Send a screenshot of this screen to customer
support if there are problems with IGMP snooping on the ZyXEL Device.
multicast router that should be the querier.
How long the ZyXEL Device waits to detect the presence of another IGMPv1
router.
DSL & IAD CLI Reference Guide
83
Chapter 13 IP Commands
The following example displays the ICMP status.
ras> ip icmp status
( 1)icmpInMsgs 0 (14)icmpOutMsgs 1628
( 2)icmpInErrors 0 (15)icmpOutErrors 0
( 3)icmpInDestUnreachs 0 (16)icmpOutDestUnreachs 0
( 4)icmpInTimeExcds 0 (17)icmpOutTimeExcds 0
( 5)icmpInParmProbs 0 (18)icmpOutParmProbs 0
( 6)icmpInSrcQuenchs 0 (19)icmpOutSrcQuenchs 0
( 7)icmpInRedirects 0 (20)icmpOutRedirects 0
( 8)icmpInEchos 0 (21)icmpOutEchos 1614
( 9)icmpInEchoReps 0 (22)icmpOutEchoReps 0
(10)icmpInTimestamps 0 (23)icmpOutTimestamps 0
(11)icmpInTimestampReps 0 (24)icmpOutTimestampReps 0
(12)icmpInAddrMasks 0 (25)icmpOutAddrMasks 0
(13)icmpInAddrMaskReps 0 (26)icmpOutAddrMaskReps 0
The following table describes the labels in this display.
Table 33 ip icmp status
LABEL DESCRIPTION
icmpInMsgs The number of ICMP messages received on the interface.
icmpInErrors The number of ICMP messages with an error received on the interface.
icmpInDestUnreachs The number of ICMP Destination Unreachable messages received on the
icmpInTimeExcds The number of ICMP Time Exceeded messages received on the interface.
icmpInParmProbs The number of ICMP Parameter Problem messages received on the
icmpInSrcQuenchs The number of ICMP Source Quench messages received on the interface.
icmpInRedirects The number of ICMP Redirect messages received on the interface.
icmpInEchos The number of ICMP Echo (request) messages received on the interface.
icmpInEchoReps The number of ICMP Echo Reply messages received on the interface.
icmpInTimestamps The number of ICMP Timestamp messages received on the interface.
icmpInTimestampReps The number of ICMP Timestamp Reply messages received on the
icmpInAddrMasks The number of ICMP Address Mask Request messages received on the
icmpInAddrMaskReps The number of ICMP Address Mask Reply messages received on the
icmpOutMsgs The number of ICMP messages rece ived sent through the interface.
icmpOutErrors The number of ICMP messages with an error sent through the interface.
icmpOutDestUnreach The number of ICMP Destination Unreachable messages sent through the
icmpOutTimeExcds The number of ICMP Time Exceeded messages sent through the interface.
icmpOutParmProbs The number of ICMP Parameter Problem messages sent through the
icmpOutSrcQuench The number of ICMP Source Quench messages sent through the
interface.
interface.
interface.
interface.
interface.
interface.
interface.
interface.
84
DSL & IAD CLI Reference Guide
Chapter 13 IP Commands
Table 33 ip icmp status
LABEL DESCRIPTION
icmpOutRedirects The number of ICMP Redirect messages sent through the interface.
icmpOutEchos The number of ICMP Echo (request) messages sent through the interface.
icmpOutEchoReps The number of ICMP Echo Reply messages sent through the interface.
icmpOutTimestamps The number of ICMP Timestamp messages sent through the interface.
icmpOutTimestampReps The number of ICMP Timestamp Reply messages sent through the
interface.
icmpOutAddrMasks The number of ICMP Address Mask Request messages sent through the
interface.
icmpOutAddrMaskReps The number of ICMP Address Mask Reply messages sent through the
interface.
The following example adds a policy route rule on the ZyXEL Device. The ZyXEL Device's
LAN is in the network A (192.168.1.0/24) and its default gateway is 192.168.1.1. However,
network admin would like to forward some computer's HTTP traffic that sends to
192.168.2.252 (in network B) through another router, 192.168.1.250.
We use following settings.
• The IP policy route set and rule numbers: set 1, rule 1
• The IP policy route set's name: Rule-1
• The criteria settings for the policy route rule:
• The Protocol: TCP
• The source IP: 192.168.1.2~192.168.1.254
• The destination IP: 192.168.2.252
• The destination port: 80
• The checking if a packet matches the criterias or not: match
• The action settings for the policy route rule:
• The gateway type: gateway address
• The gateway address: 192.168.1.250
DSL & IAD CLI Reference Guide
85
Chapter 13 IP Commands
• Log: yes
ras> ip policyrouting set index 1 1
ras> ip policyrouting set name Rule-1
IPPR Name= Rule-1
ras> ip policyrouting set criteria protocol 6
the protocol =6
ras> ip policyrouting set criteria srcip 192.168.1.2
192.168.1.254
ras> ip policyrouting set criteria destip 192.168.2.252
ras> ip policyrouting set criteria destport 80
ras> ip policyrouting set active yes
ras> ip policyrouting set action actmatch
Action matched
ras> ip policyrouting set action gatewaytype 0
gateway type: gateway addr
ras> ip policyrouting set action gatewayaddr 192.168.1.250
ras> ip policyrouting set action log yes
ras> ip policyrouting set save
ras>
The following example displays the policy route rule on the ZyXEL Device.
ras> ip policyrouting set display 1 1
Set: 1 Rule: 1
Policy Set Name:Rule-1
Active:yes
IP Protocol :TCP
Type of Service: Don't care
Precedence : 0
Packet length=0
Source:
addr start=:192.168.1.2
end start=:192.168.1.254
port start=0
port end=0
Destination:
addr start=:192.168.2.252
end start=:192.168.2.252
port start=80
port end=80
Action= Matched
Gateway type = Gateway addr
Type of Service: normal
Precedence =0
Gateway addr=192.168.1.252
Gateway node=0
Log= Yes
ras>
86
DSL & IAD CLI Reference Guide
Chapter 13 IP Commands
The following example displays all content filtering categories.
ras> ip urlfilter webControl display
Web Control:
Enable
Log and Access:
Log and Block Access
Actions:
Block when query error: off
Parameters:
the packets max waiting time:10 (sec)
The Categories:
type 1 :Adult/Mature Content
type 2 :Pornography
type 3 :Sex Education
type 4 :Intimate Apparel/Swimsuit
....
The following example blocks or unblock content filtering categories. The command always
displays all the blocked categories.
ras> ip urlfilter webControl category block
Usage: [block/forward][(1-55)/all]
ras> ip urlfilter webControl category block 1
Block Category:
type 1 :Adult/Mature Content
\as> ip urlfilter webControl category block 5
Block Category:
type 1 :Adult/Mature Content
type 5 :Nudity
ras> ip urlfilter webControl category forward 1
Block Category:
type 5 :Nudity
ras>
The following example queries the URL in the CAC server or the content filtering cache on
the ZyXEL Device. The ZyXEL Device responds you the result.
ras> ip urlfilter webControl queryURL
Usage: [url][Server/localCache]
ras> ip urlfilter webControl queryURL www.playboy.com server
The url is blocked
ras> ip urlfilter webControl queryURL www.zyxel.com localcache
The url is forwarded
ras> ip urlfilter webControl queryURL www.openfind.com.tw
localcache
The url is not in local cache
ras>
DSL & IAD CLI Reference Guide
87
Chapter 13 IP Commands
The following example displays the entries in the content filtering cache on the ZyXEL
Device.
ras> ip urlfilter webControl cache display
the total entries:3
idx block port URL
------------------------------------------------1 YES 80 www.espn.com/
2 NO 80 www.myzyxel.com/
3 YES 80 www.zyxel.com
ras>
88
DSL & IAD CLI Reference Guide
CHAPTER 14
IPSec Commands
Use these commands to configure IPSec settings on the ZyXEL Device.
14.1 Command Summary
The following section lists the commands for this feature.
Table 34 IPSec Commands
COMMAND DESCRIPTION
ipsec debug [on|off] Enables or disables the trace for IPSec debugging
information.
ipsec route dmz [on|off] After IPSec processes a packet that will be sent to the
ipsec route lan [on|off] After IPSec processes a packet that will be sent to the
ipsec route wan [on|off] After IPSec processes a packet that will be sent to the
ipsec show_runtime sa Displays active IKE and IPSec SAs.
ipsec show_runtime spd Displays the local and remote network address pairs used
ipsec switch <on|off> Enables or disables all IPSec rules. The setting resets to
ipsec timer chk_my_ip <1~3600> Sets the interval (in seconds) for checking if the ZyXEL
ipsec timer chk_conn <0~255> The ZyXEL Device disconnects a VPN tunnel if there is no
ipsec timer update_peer <0~255> For IPSec rules with a domain name as the local or remote
ipsec timer chk_input <0~255> The ZyXEL Device disconnects any IPSec connection that
ipsec updatePeerIp If you use a domain name as the local or remote gateway
DMZ, this ZyXEL Device controls whether or not the
packets can be forwarded to another IPSec tunnel.
LAN, this ZyXEL Device controls whether or not the
packets can be forwarded to another IPSec tunnel.
WAN, this ZyXEL Device controls whether or not the
packets can be forwarded to another IPSec tunnel.
to differentiate the connected dynamic VPN tunnels.
off after the ZyXEL Device restarts.
Device’s WAN IP address has changed
reply traffic for this number of minutes. 0 disables the
check.
gateway address, this command sets the interval (in
minutes) for resolving the domain name and updating the
rules. 0 disables the updates.
has no inbound traffic for this number of minutes. 0
disables the check (this is the default setting).
address, this command forces the ZyXEL Device to
resolve the domain name and update the IPSec rules right
away.
DSL & IAD CLI Reference Guide
89
Chapter 14 IPSec Commands
Table 34 IPSec Commands (continued)
COMMAND DESCRIPTION
ipsec dial <rule-number> Dials the specified IPSec policy manually.
ipsec display <rule-number> Displays the specified IPSec rule. Use ipsec load to
ipsec load <rule-number> Loads the specified IPSec rule for editing.
ipsec save Saves the IPSec rule settings.
ipsec config netbios active <on|off> Sets whether or not NetBIOS packets are allowed to pass
ipsec config name <name> Sets the rule’s name (up to 32 characters).
ipsec config active <Yes|No> Turns the rule on or off.
ipsec config natTraversal <Yes|No> Turns NAT traversal on or off.
ipsec config keepAlive <Yes|No> Turns keep alive on or off.
ipsec config lcIdType <0:IP|1:DNS |
2:Email>
ipsec config lcIdContent <content> Sets the local ID content with the specified IP address,
ipsec config myIpAddr <ip-address> Sets the local VPN gateway with the specified IP address.
ipsec config peerIdType
<0:IP|1:DNS|2:Email>
ipsec config peerIdContent <content> Sets the peer ID content with the specified IP address,
ipsec config secureGwAddr <ip-
address|domain-name>
ipsec config protocol <1:ICMP
|6:TCP|17:UDP>
ipsec config lcAddrType
<0:single|1:range|2:subnet>
ipsec config lcAddrStart <ip-address> Sets the local network starting IP address.
ipsec config lcAddrEndMask <ip-address> Sets the local network ending IP address for a range or
ipsec config lcPortStart <port> Sets the starting port for local network traffic. Only traffic
ipsec config lcPortEnd <port> Sets the ending port for local network traffic.
ipsec config dynamicLocal <On|Off> Sets the local network IP address range to be dynamic
ipsec config rmAddrType
<0:single|1:range|2:subnet>
ipsec config rmAddrStart <ip-address> Sets the remote network starting IP address.
ipsec config rmAddrEndMask <ip-address> Sets the remote network ending IP address for a range or
ipsec config rmPortStart <port> Sets the starting port for remote network traffic. Only traf fic
ipsec config rmPortEnd <port> Sets the ending port for remote network traffic.
ipsec config dynamicRemote <On|Off> Sets the remote network IP address range to be dynamic
load an IPSec rule before using this command.
through VPN tunnels.
Sets the local ID type.
domain name, or e-mail address. Use up to 31 characters.
Sets the peer ID type.
domain name, or e-mail address. Use up to 31 characters.
Sets the remote gateway address with the specified IP
address or domain name.
Sets the traffic protocol that can trigger the VPN tunnel
and be forwarded through it.
Sets the address type for the local network.
the subnet mask for a subnet.
using the specified ports can go through the VPN tunnel.
(any).
Sets the address type for the remote network.
the subnet mask for a subnet.
using the specified ports can go through the VPN tunnel.
(any).
90
DSL & IAD CLI Reference Guide
Chapter 14 IPSec Commands
Table 34 IPSec Commands (continued)
COMMAND DESCRIPTION
ipsec config dnsServer <ip-address> Sets the DNS server IP address to assign to remote users.
ipsec config antiReplay <Yes|No> Enables or disables the replay detection.
ipsec config keyManage <0:IKE|1:Manual> Sets the rule to use IKE (ISAKMP) or manual key
management.
ipsec config ike negotiationMode <0:Main
| 1:Aggressive>
ipsec config ike authMethod
<0:PreSharedKey|1:RSASignature>
ipsec config ike certificate
<certificate-name>
ipsec config ike preShareKey
<ascii|0xhex>
ipsec config ike p1EncryAlgo
<0:DES|1:3DES|2:AES>
ipsec config ike p1EncryKeyLen
<0:128|1:192|2:256
ipsec config ike p1AuthAlgo
<0:MD5|1:SHA1>
ipsec config ike p1SaLifeTime <seconds> Sets the phase 1 IPSec SA life time.
ipsec config ike p1KeyGroup <0:DH1|1:DH2> Sets the phase 1 IKE SA key group.
ipsec config ike activeProtocol
<0:AH|1:ESP>
ipsec config ike p2EncryAlgo
<0:Null|1:DES|2:3DES|3:AES>
ipsec config ike p2EncryKeyLen
<0:128|1:192|2:256
ipsec config ike p2AuthAlgo
<0:MD5|1:SHA1>
ipsec config ike p2SaLifeTime <seconds> Sets the phase 2 IPSec SA life time.
ipsec config ike encap
<0:Tunnel|1:Transport>
ipsec config ike pfs <0:None|1:DH1|2:DH2> Sets Perfect Forward Secrecy for phase 2.
ipsec config manual activeProtocol
<0:AH|1:ESP>
ipsec config manual ah encap
<0:Tunnel|1:Transport>
ipsec config manual ah spi <decimal> Sets the SPI information when using AH protocol in the
ipsec config manual ah authAlgo
<0:MD5|1:SHA1
ipsec config manual ah authKey <ascii> Sets the authentication key when using AH protocol in the
Sets the negotiation mode.
Sets the authentication method.
Specifies the certificate the ZyXEL Device uses for
authentication.
Sets the pre-shared key.
ascii | 0xhex: Enter characters in ASCII or in
hexadecimal format. The minimum length is 8.
Sets the phase 1 encryption algorithm.
Sets the phase 1 encryption key length.
Sets the phase 1 authentication algorithm.
Sets the active protocol.
Sets the phase 2 encryption algorithm.
Sets the phase 2 encryption key length.
Sets the phase 2 authentication algorithm.
Sets the encapsulation mode.
Sets the protocol the manual key rule uses.
Sets the encapsulation mode when using AH protocol in
the manual rule.
manual rule.
decimal: The maximum length is 9.
Sets the authentication algorithm when using AH protocol
in the manual rule.
manual rule.
DSL & IAD CLI Reference Guide
91
Chapter 14 IPSec Commands
Table 34 IPSec Commands (continued)
COMMAND DESCRIPTION
ipsec config manual esp encap
<0:Tunnel|1:Transport>
ipsec config manual esp spi <decimal> Sets the SPI when using ESP protocol in the manual rule.
ipsec config manual esp encryAlgo
<0:Null|1:DES|2:3DES>
ipsec config manual esp encryKey <ascii> Sets the encryption key when using ESP protocol in the
ipsec config manual esp authAlgo
<0:MD5|1:SHA1
ipsec config manual esp authKey <ascii> Sets the authentication key when using ESP protocol in
ipsec swSkipOverlapIp <on|off> Turn this on to send packets destined for overlapping local
ipsec adjTcpMss <off|auto|<1~1460>> The TCP packets are larger after VPN encryption. Packets
Sets the encapsulation mode when using ESP protocol in
the manual rule.
decimal: The maximum length is 9.
Sets the encryption algorithm when using ESP protocol in
the manual rule.
manual rule.
Sets the authentication algorithm when using ESP
protocol in the manual rule.
the manual rule.
and remote IP addresses to the local network (you can
access the local devices but not the remote devices).
Turn this off to send packet s destined for overlapping local
and remote IP addresses to the remote network (you can
access the remote devices but not the local devices.)
larger than a connection’s MTU (Maximum Transmit Unit)
are fragmented.
auto: Automatically set the Maximum Segment Size
(MSS) of the TCP packets that are to be encrypted by
VPN based on the encapsulation type. Recommended.
1-1460: If fragmentation issues are affecting your
network’s throughput performance, you can manually
specify a smaller MSS (in bytes).
14.2 swSkipOverlapIp
Normally, you do not configure your local VPN policy rule’s IP addresses to overlap with the
remote VPN policy rule’s IP addresses. For example, you usually would not configure both
with 192.168.1.0. However, overlapping local and remote network IP addresses can occur in
the following cases.
1 You configure a dynamic VPN rule for a remote site. (See Figure 1.)
For example, when you configure the ZyXEL Device X, you configure the local network
as 192.168.1.0 and the remote network as any (0.0.0.0). The “any” includes all possible IP
addresses. It will forward traffic from network A to network B even if both the sender (for
example 192.168.1.8) and the receiver (for example 192.168.1.9) are in network A.
92
DSL & IAD CLI Reference Guide
Chapter 14 IPSec Commands
Figure 1 Dynamic VPN Rule l
192.168.1.0
Using the command ipsec swSkipOverlapIp on has ZyXEL Device X check if a
packet’s destination is also at the local network before forwarding the packet. If it is, the
ZyXEL Device sends the traffic to the local network. Setting ipsec
swSkipOverlapIp to off disables the checking for local network IP addresses.
2 You configure an IP alias network that overlaps with the VPN remote network. (See
Figure 2.)
For example, you have an IP alias network M (10.1.2.0/24) in ZyXEL Device X’s LAN.
For the VPN rule, you configure the VPN network as follows.
• Local IP address start: 192.168.1.1, end: 192.168.1.254
• Remote IP address start: 10.1.2.240, end: 10.1.2.254
IP addresses 10.1.2.240 to 10.1.2.254 overlap.
Figure 2 IP Alias
In this case, if you want to send packets from network A to an overlapped IP (ex.
10.1.2.241) that is in the IP alias network M, you have to set the swSkipOverlapIp
command to on.
DSL & IAD CLI Reference Guide
93
Chapter 14 IPSec Commands
14.3 Command Examples
This example adds an IPSec rule as follows.
1 Load IPSec Rule Index: 2
2 Rule Name: VPN-ph1
3 Active
4 Local ID Type: IP
5 Local ID Content: 192.168.1.33
6 My IP Address: 10.1.1.1
7 Local Network Type: Range
8 Local Network Address Start: 192.168.1.33
9 Local Network Address End: 192.168.1.66
10Secure Gateway Address: 10.1.1.2
11 Remote Network Type: Single
12Remote Network Address Start: 172.16.1.3
13Protocol: TCP
14Key Management: IKE
15Negotiation Mode: Main
16Authentication Method: Pre-Shared Key
17Pre-Shared Key: 12345678
18Save
ras> ipsec load 2
ras> ipsec config name VPN-ph1
ras> ipsec config active Yes
ras> ipsec config natTraversal Yes
ras> ipsec config lcIdType IP
ras> ipsec config lcIdContent 192.168.1.33
ras> ipsec config myIpAddr 10.1.1.1
ras> ipsec config lcAddrType 1
ras> ipsec config lcAddrStart 192.168.1.33
ras> ipsec config lcAddrEndMask 192.168.1.66
ras> ipsec config secureGwAddr 10.1.1.2
ras> ipsec config rmAddrType 0
ras> ipsec config rmAddrStart 172.16.1.3
ras> ipsec config protocol 6
ras> ipsec config keyManage 0
ras> ipsec config ike negotiationMode 0
ras> ipsec config ike authMethod 0
ras> ipsec config ike preShareKey 12345678
ras> ipsec save
94
DSL & IAD CLI Reference Guide
CHAPTER 15
LAN Interface Commands
Use these commands to configure LAN interfaces on the ZyXEL Device.
15.1 Command Summary
The following section lists the commands for this feature.
Table 35 LAN Command Summary
COMMAND DESCRIPTION
lan active <yes|no> Enables or disables the LAN interface.
lan clear Clears the working buffer for the specified configuration.
Any unsaved changes are lost.
lan dhcp mode <none|server|relay> Sets the DHCP mode.
lan dhcp relay server <ip> Sets the IP address of the DHCP relay server.
lan dhcp server dnsserver <dns-ip1> [<dns-
ip2>]
lan dhcp server gateway <ip> Sets the IP address of the default gateway assigned to
lan dhcp server leasetime <seconds> Specifies how long a device can use the same IP
lan dhcp server netmask <netmask> Specifies the subnet mask assigned to DHCP clients by
lan dhcp server pool <startip> <numip> Specifies the range of IP address for DHCP clients.
lan dhcp server rebindtime <seconds> Specifies the time interval from address assignment to
lan dhcp server renewaltime <seconds> Specifies the time interval from assigning an address
lan display Displays the configuration details for the LAN interface
lan filter <incoming|outgoing>
<tcpip|generic> [1] [2] [3] [4]
Sets the IP address of the DNS server assigned to
DHCP clients on this interface.
DHCP clients on this interface.
address before it needs to send a new request for an IP
address.
the ZyXEL Device.
startip - first IP address in the IP pool.
numip - number of IP addresses in the IP pool.
the time the client transitions to rebinding state. A client
in rebinding state broadcasts DHCP request messages.
assignment to the time the client transitions to renewing
state. A client in renewing state can try to renew the IP
address lease.
being configured.
Applies the specified filter set to this interface. Filter sets
can be configured via the sys filter set command.
1-4: are the index numbers of filters configured via the
sys filter set command.
DSL & IAD CLI Reference Guide
95
Chapter 15 LAN Interface Commands
Table 35 LAN Command Summary (continued)
COMMAND DESCRIPTION
lan index <interface> Sets the LAN interface for configuration.
interface: type one of the following numbers
• 1 - to select the main LAN interface; in CLI this
interface is displayed as enif0.
• 2 - to select IP Alias #1 interface; in CLI this interface
is displayed as enif0:0.
• 3 - to select IP Alias #2 interface; in CLI this interface
is displayed as enif0:1.
• 4 - to select the DMZ interface; in CLI this interface is
displayed as enif0:2.
lan ipaddr <ip> <mask> Sets the LAN interface's IP address and subnet mask.
lan ippolicy <0-12> Applies the specified IP policy. “0” indicates no policy is
lan multicast <none|igmpv1|igmpv2> Sets the multicast mode.
lan rip <none|in|out|both>
<rip1|rip2b|rip2m>
lan save Saves the LAN interface configuration in the working
applied.
Policies can be configured via the ip policyrouting
set command.
Sets the RIP direction and mode.
buffer to non-volatile memory. The working buffer is a
volatile memory space. The settings in the working buffer
are not applied to the ZyXEL Device until you execute
this command.
96
DSL & IAD CLI Reference Guide
15.2 Command Examples
This example sets the LAN IP address of the ZyXEL Device and specifies DHCP server
settings on the LAN interface.
ras> lan index 1
enif0 is selected
ras> lan ipaddr 172.16.1.254 255.255.255.0
ras> lan dhcp mode server
ras> lan dhcp server gateway 172.16.1.254
ras> lan dhcp server pool 172.16.1.100 32
ras> lan dhcp server netmask 255.255.255.0
ras> lan dhcp server leasetime 3600
ras> lan display
Active: Yes
Interface: enif0
IP Address: 172.16.1.254
Subnet Mask: 255.255.255.0
RIP Direction: None
RIP Version: RIP-2B
Multicast: None
Protocol Filter Set:
Incoming: 0 0 0 0
Outgoing: 0 0 0 0
Device Filter Set:
Incoming: 0 0 0 0
Outgoing: 0 0 0 0
ras> lan save
lan: save ok
Chapter 15 LAN Interface Commands
DSL & IAD CLI Reference Guide
97
Chapter 15 LAN Interface Commands
98
DSL & IAD CLI Reference Guide
CHAPTER 16
MyZyXEL.com Commands
Use these commands to configure user, product, or service registration settings on your
ZyXEL Device. Your ZyXEL Device needs to connect to the registration server (the default is
http://www.MyZyXEL.com).
" Ensure your ZyXEL Device is connected to the Internet and the registration
server before you use the following commands.
16.1 Command Summary
The following section lists the commands for this feature.
Table 36 sys myZyxelCom Commands
COMMAND DESCRIPTION
sys myZyxelCom checkUserName
<username>
sys myZyxelCom register <username>
<password> <email> <countrycode>
sys myZyxelCom trialService
<service>
sys myZyxelCom serviceUpgrade
<licence key>
sys myZyxelCom serviceRefresh Gets up-to-date service status from the
sys myZyxelCom display Displays the ZyXEL Device’s registration
sys myZyxelCom serviceDisplay Displays the service status (including the expiration
Checks whether the specified user name exists or
not in the myZyXEL.com database.
Sends the specified registration information to
myZyXEL.com including user name, password,
email, and country code.
<countrycode>: This is a number that represents
the country you are from. Refer to table Table 37 on
page 100.
Activates the trial services to myZyXEL.com.
<service>:
1: Content Filtering (CF)
Registers a license key to myZyXEL.com.
myZyXEL.com database.
information.
date if the service is already activated).
DSL & IAD CLI Reference Guide
99
Chapter 16 MyZyXEL.com Commands
16.2 Country Codes
The following section lists the relationship between countries and country codes defined in the
ZyXEL Device.
Table 37 Country Codes
COUNTRY NAME COUNTRY CODE
AFGHANISTAN 1
ALBANIA 2
ALGERIA 3
AMERICA 4
ANDORRA 5
ANGOLA 6
ANGUILLA 7
ANTARTICA 8
ANTIGUA_AND_BARBUDA 9
ARGENTINA 10
ARMENIA 11
ARUBA 12
ASCENSION_ISLAND 13
AUSTRALIA 14
AUSTRIA 15
AZERBAIJAN 16
BAHAMAS 17
BAHRAIN 18
BANGLADESH 19
BARBADOS 20
BELARUS 21
BELGIUM 22
BELIZE 23
BENIN 24
BERMUDA 25
BHUTAN 26
BOLIVIA 27
BOSNIA_AND_HERZEGOVINA 28
BOTSWANA 29
BOUVET_ISLAND 30
BRAZIL 31
BRITISH_INDIAN_OCEAN_TERRITORY 32
BRUNEI_DARUSSALAM 33
BULGARIA 34
BURKINA_FASO 35
100
DSL & IAD CLI Reference Guide
Loading...