Elfiq Operating System (EOS) Quick Command Reference Guide

Version 3.5.0 (September 2011) www.elfiq.com

Module Command Authority group Syntax Description

broker ? Any group ? Help (this menu)
broker help Any group help Help (this menu)
broker saveall EOS_ENABLE saveall Save all module configuration to flash
broker sh conf EOS_READ,EOS_DIAGNOSTIC sh conf Display system wide configuration
broker sh services EOS_READ sh services Display registered services
broker sh tech-support EOS_DIAGNOSTIC sh tech-support Display information for technical support
broker sh ver EOS_READ sh ver Display version

Module Command Authority group Syntax Description

fove ? Any group ? Help (this menu)
fove help Any group help Help (this menu)
fove pause EOS_ENABLE pause Pause services
fove restart EOS_ENABLE restart Restart fove subsystem services
fove resume EOS_ENABLE resume Resume services
fove saveall EOS_ENABLE saveall Save all module configuration to flash
fove set int EOS_ENABLE set int [interface],[critical|mgmt] ... Define network interfaces participating in failover service
fove set local id EOS_ENABLE set local id [id] Change failover L2FO identification number
fove set local port EOS_ENABLE set local port [port] Change failover replication local port
fove set mac dst EOS_ENABLE set mac dst [mac address] Change failover L2FO destination mac {unicast, multicast, broadcast}
fove set mac src EOS_ENABLE set mac src [mac address] Change failover L2FO source mac {unicast, multicast, broadcast}
fove set peer EOS_ENABLE set peer [ip] Change failover peer replication destination address
fove set vip EOS_ENABLE set vip [ip address] [netmask] [broadcast] Define active Virtual IP address (VIP)
fove set vmac group EOS_ENABLE set vmac group [0-3] Set vmac group id
fove sh conf EOS_READ, EOS_DIAGNOSTIC sh conf Display current fove configuration
fove sh peer stats EOS_READ sh peer stats Display peer statistics
fove sh state EOS_READ sh state Display current failover state
fove sh ver EOS_READ sh ver Display version
fove vip EOS_ENABLE vip [enable|disable] Activate/deactivate VIP services
fove wconf EOS_ENABLE wconf Write fove configuration to ram buffer
fove xconf EOS_ENABLE xconf Reload configuration from ram

Module Command Authority group Syntax Description

syst ? Any group ? Help (this menu)
syst ad basegroup EOS_ENABLE ad basegroup [basegroup] Set Active Directory servers basegroup'
syst ad baseuser EOS_ENABLE ad baseuser [baseuser] Set Active Directory servers baseuser'
syst ad disable EOS_ENABLE ad disable Disable Active Directory user authentication
syst ad enable EOS_ENABLE ad enable Enable Active Directory user authentication
syst ad encryption EOS_ENABLE ad encryption [encryption] Set the Active Directory encryption mechanism
syst ad password EOS_ENABLE ad secret [password] Set Active Directory servers bind password'
syst ad port EOS_ENABLE ad port [number] Set Active Directory servers port'

Page 1
syst ad server EOS_ENABLE ad server [ipserver1[,ipserver2]] Set Active Direcory servers address'
syst ad user EOS_ENABLE ad user [username] Set Active Directory servers bind user'
syst auth EOS_ENABLE auth [ldap | ad | local],[ldap | ad | local] Set authentication order
syst check ad server EOS_ENABLE check ad server Check Active Directory server's status
syst check ldap server EOS_ENABLE check ldap server Check LDAP server's status
syst clr ad server EOS_ENABLE clr ad server Clear Active Directory configuration
syst clr auth EOS_ENABLE clr auth Reset authentication order
syst clr dyn int EOS_ENABLE clr dyn int Removeall all dynamic interfaces
syst clr ldap server EOS_ENABLE clr ldap server Clear LDAP configuration
syst clr log event EOS_DIAGNOSTIC clr log event Remove all system events
syst clr ntp EOS_ENABLE clr ntp Clear all ntp configurations
syst clr smtp allow EOS_ENABLE clr smtp allow Remove all message ids from the allow list
syst clr smtp suppress EOS_ENABLE clr smtp suppress Remove all message ids from the suppress list
syst clr user EOS_ENABLE clr user Delete all users
syst clr user key EOS_ENABLE clr user key [username] Delete all DSA keys from user
syst dyn int EOS_ENABLE dyn int [id] [description] [iftype] [vlan id|instance] [interface(s)|hardware model] [options] Create a dynamic interface
syst dyn int usb-cellular apn EOS_ENABLE dyn int usb-cellular apn [id] [apn] Change usb-cellular access point name (apn)
syst dyn int usb-cellular pin EOS_ENABLE dyn int usb-cellular pin [id] [pin] Unlock usb-cellular SIM card (pin)
syst econf EOS_ENABLE econf Edit configuration from ram
syst eosupdate EOS_EOSUPDATE eosupdate Update EOS image
syst flash2ram EOS_ENABLE flash2ram [configuration file] Restore flash configuration file to ram (current)
syst flashls EOS_READ flashls Display all configuration files on flash file system
syst flashrm EOS_ENABLE flashrm [configuration file] Remove a configuration file from flash
syst halt EOS_ENABLE halt Halt system and power off
syst help Any group help Help (this menu)
syst http EOS_ENABLE http [enable|disable] Activate/deactivate http service
syst https EOS_ENABLE http [enable|disable] Activate/deactivate https service
syst ldap basegroup EOS_ENABLE ldap basegroup [basegroup] Set LDAP servers basegroup'
syst ldap baseuser EOS_ENABLE ldap baseuser [baseuser] Set LDAP servers baseuser'
syst ldap disable EOS_ENABLE ldap disable Disable LDAP user authentication
syst ldap enable EOS_ENABLE ldap enable Enable LDAP user authentication
syst ldap encryption EOS_ENABLE ldap encryption [encryption] Set the LDAP encryption mechanism
syst ldap port EOS_ENABLE ldap port [number] Set LDAP servers port'
syst ldap rootdn EOS_ENABLE ldap rootdn [rootdn] Set LDAP servers bind user'
syst ldap secret EOS_ENABLE ldap secret [password] Set LDAP servers bind password'
syst ldap server EOS_ENABLE ldap server [ipserver1[,ipserver2]] Set LDAP servers address'
syst licence EOS_ENABLE licence [licence key] Apply EOS licence
syst log event EOS_DIAGNOSTIC log event [component] [severity] [id] [message] Create a system event
syst logging EOS_DIAGNOSTIC logging [enable|disable|refresh] Enable or disable syslog service
syst logging server EOS_DIAGNOSTIC logging server [ip address] Change destination syslog service
syst net2ram EOS_ENABLE net2ram Restore configuration files from network
syst no dyn int EOS_ENABLE no dyn int [id] Remove a dynamic interface
syst no dyn int usb-cellular pin EOS_ENABLE no dyn int usb-cellular pin [id] Remove usb-cellular SIM card (pin)
syst no smtp allow EOS_ENABLE no smtp allow [message id] Remove a message id from the allow list
syst no smtp suppress EOS_ENABLE no smtp suppress [message id] Remove a message id from the suppress list
syst no snmp user EOS_ENABLE no snmp user Delete snmp user

Page 2
syst no user EOS_ENABLE no user [username] Delete user
syst no user key EOS_ENABLE no user key [username] [host] Delete a DSA key from user
syst ntp EOS_ENABLE ntp [enable|disable] Activate/deactivate ntp client
syst ntp server EOS_ENABLE ntp server [ip address] [refresh interval (hours)] Set server for ntp client
syst passwd Any group passwd Change current user password
syst ram2flash EOS_ENABLE ram2flash [configuration file] Save current configuration to flash file system
syst ram2net EOS_ENABLE ram2net Save configuration files to network
syst reload EOS_RELOAD reload [delay in minutes | cancel] Reload system
syst saveall EOS_ENABLE saveall Save all module configurations to flash
syst set bypass failure action EOS_ENABLE set bypass failure action [failsafe|reload] This command is deprecated
syst set bypass failure action EOS_ENABLE set bypass failure action [failsafe] This command is deprecated
syst set bypass group1 EOS_ENABLE set bypass group1 [enable|disable] Activate/deactivate lan bypass
syst set bypass group2 EOS_ENABLE set bypass group2 [enable|disable] Activate/deactivate lan bypass
syst set bypass group3 EOS_ENABLE set bypass group3 [enable|disable] Activate/deactivate lan bypass
Change system time (24 hr format) and date (in UTC, Coordinated
syst set date EOS_ENABLE set date [yyyy]-[mm]-[dd] [hh]:[mm]:[ss]
Universal Time)
syst set gateway EOS_ENABLE set gateway [ip address|disable] Change system default gateway
syst set hostname EOS_ENABLE set hostname [name] Change system hostname
syst set int EOS_DIAGNOSTIC set int [interface] [auto|down]|[[10|100|1000|10000] [full|half]] Change network interface status, speed and duplex of physical ports
syst set int EOS_DIAGNOSTIC set int [interface] [auto|down]|[[10|100|1000] [full|half]] Change network interface status, speed and duplex of physical ports
syst set lcd EOS_ENABLE set lcd [type id] Change system lcd display type
syst set loadopt EOS_ENABLE set loadopt [vmgmt|vfi|vfixx_optimization] [option] Change vfi options
syst set mgmtip EOS_ENABLE set mgmtip [ip address] [netmask] [broadcast] | [ip address]/[netmask-bits] [gateway] Change system management ip address
syst set timezone EOS_ENABLE set timezone [zone] Adjust time display to specific zone
syst set timezone utc EOS_ENABLE set timezone utc [+|-][hh:mm] Adjust time display to UTC
syst sh ad server EOS_READ sh ad server Display Active Directory configuration
syst sh auth EOS_READ sh auth Display authentication order
syst sh bypass EOS_READ sh bypass Display lan bypass options
syst sh conf EOS_READ, EOS_DIAGNOSTIC sh conf Display system configuration
syst sh cpu EOS_READ sh cpu Display system cpu usage
syst sh dyn int EOS_READ sh dyn int Display dynamic interfaces
syst sh env EOS_READ sh env Display system environmental values
syst sh group EOS_READ, EOS_DIAGNOSTIC sh group Display all groups and users belonging to them
syst sh int EOS_READ sh int [interface] Display status of network interfaces
syst sh int stats EOS_READ sh int stats [interface] Display statistics of network interfaces
syst sh ldap server EOS_READ sh ldap server Display LDAP configuration
syst sh licence EOS_READ, EOS_DIAGNOSTIC sh licence Display EOS licence
syst sh load EOS_READ sh load Display system load 1/5/15
syst sh loadopt EOS_READ sh loadopt Display startup options
syst sh log event EOS_READ sh log event Display event log messages
syst sh ntp EOS_READ sh ntp Display ntp setup
syst sh sessions EOS_READ sh sessions Display remote users
syst sh smtp EOS_READ sh smtp Display smtp setup
syst sh smtp allow EOS_READ sh smtp allow Display smtp allow entries
syst sh smtp suppress EOS_READ sh smtp suppress Display smtp suppress entries
syst sh snmp EOS_READ sh snmp Display basic snmp values
syst sh sys EOS_READ sh sys Display system information

Page 3
syst sh timezone EOS_READ sh timezone [zone] Display all timezones
syst sh uptime EOS_READ sh uptime Display system uptime in hours
syst sh usb cell EOS_READ sh usb cell Display all supported USB cellular devices
syst sh user EOS_READ, EOS_DIAGNOSTIC sh user [username] Display selected or all EOS users
syst sh user key EOS_ENABLE sh user key [username] Display selected or all EOS users DSA key
syst sh ver EOS_READ sh ver Display version
syst smtp EOS_ENABLE smtp [enable|disable] Activate/deactivate smtp MUA service
syst smtp allow EOS_ENABLE smtp allow [message id] Allow a message to be sent via smtp
syst smtp recipient EOS_ENABLE smtp recipient [username@domain.name,...] Set mail recipients for smtp service
syst smtp relay EOS_ENABLE smtp relay [ip address:port,...] Set relay for smtp service
syst smtp sender EOS_ENABLE smtp sender [username@domain.name] Set mail sender for smtp service
syst smtp severity EOS_DIAGNOSTIC smtp severity [1 - 4]\n1 (Alert), 2 (Warning), 3 (Notice), 4 (Info) Set maximum level of severity for smtp service
syst smtp suppress EOS_ENABLE smtp suppress [message id] Prevent a message to be sent via smtp
syst smtp timer EOS_ENABLE smtp timer [timer in seconds] Set timer for smtp service delivery
syst snmp EOS_ENABLE snmp [enable|disable|refresh] Activate/deactivate snmpv2 service
syst snmp acl EOS_ENABLE snmp acl [network]/[netmask-bits] Set IPv4 access-list for snmp service
syst snmp community EOS_ENABLE snmp community [string] Set community string for snmp service
syst snmp notification EOS_ENABLE snmp notification [ip address:port,...] Set notification (Trap v2) recipient for snmp service
syst snmp syscontact EOS_ENABLE snmp syscontact [person to contact] Set system contact for snmp service
syst snmp sysdescr EOS_ENABLE snmp sysdescr [system description] Set system description for snmp service
syst snmp syslocation EOS_ENABLE snmp syslocation [physical location] Set system location for snmp service
syst snmp sysname EOS_ENABLE snmp sysname [system name] Set system name for snmp service
syst snmp user EOS_ENABLE snmp user [username] [md5|sha] [password] [aes] [passphrase] Set the securityName used for authenticated SNMPv3 messages
syst snmpv3 EOS_ENABLE snmpv3 [enable|disable|refresh] Activate/deactivate snmpv3 service
syst user EOS_ENABLE user [username] [eos_read|eos_reload|eos_eosupdate|eos_enable|eos_diagnostic] Add new user
syst user addgroup EOS_ENABLE user addgroup [username] [group1,group2...] Add groups to a user
syst user delgroup EOS_ENABLE user delgroup [username] [group1,group2...] Remove groups from a user
syst user key EOS_ENABLE user key [username] [host] [key] Add a DSA key to user
syst wconf EOS_ENABLE wconf Write system configuration to ram buffer
syst xconf EOS_ENABLE xconf Reload configuration from ram

Module Command Authority group Syntax Description

vfi ? Any group ? Help (this menu)
vfi acl arp EOS_ENABLE acl arp [+][ip] [idx] [+|-][target ip]/[netmask-bits] [+|-][pass|reply] [mac:mac address|fw:ip] [inside|outside] Insert new arp access-list
acl channel in [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:0-0 [+|-][dest ip]/[netmask-bits]:0-0 [+|-][chn:id]|[pass]
vfi acl channel in EOS_ENABLE Insert new channel access-list applied to inside
[iagrp:id]
acl channel out [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:0-0 [+|-][dest ip]/[netmask-bits]:0-0 [+|-
vfi acl channel out EOS_ENABLE Insert new channel access-list applied to outside
][chn:id]|[pass] [iagrp:id]
acl debug in [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:[start port]-[stop port] [+|-][dest ip]/[netmask-bits]:[start
vfi acl debug in EOS_DIAGNOSTIC Insert new debug access-list applied to inside
port]-[stop port] [+|-][debug|pass]
acl debug out [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:[start port]-[stop port] [+|-][dest ip]/[netmask-bits]:[start
vfi acl debug out EOS_DIAGNOSTIC Insert new debug access-list applied to outside
port]-[stop port] [+|-][debug|pass]
acl in [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:[start port]-[stop port] [+|-][dest ip]/[netmask-bits]:[start port]-
vfi acl in EOS_ENABLE Insert new ip filtering access-list applied to inside
[stop port] [+|-][drop|pass] [qos:id,...] [iagrp:id]
acl nat in [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:[start port]-[stop port] [+|-][dest ip]/[netmask-bits]:[start
vfi acl nat in EOS_ENABLE port]-[stop port] [+|-][pass|nat] [poolip:id,...] | [spathgrp:id] [etfa|ltfa|wfa|rwfa|wfa-etfa|rr|opfa|fopfa|mtpx] [qos:id,...] [geotag:id] Insert new nat access-list applied to inside
[iagrp:id] [inactivity timeout]
acl nat out [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:[start port]-[stop port] [+|-][dest ip]/[netmask-bits]:[start
vfi acl nat out EOS_ENABLE Insert new nat access-list applied to outside
port]-[stop port] [+|-][pass|nat] [ndip:ip|ndnet:network/netmask-bits] [ndport:port] [qos:id] [geotag:id] [iagrp:id] [inactivity timeout]

Page 4
 acl nattp in [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:0-0 [+|-][dest ip]/[netmask-bits]:0-0 [+|-][tun:id]|[pass]
vfi acl nattp in EOS_ENABLE Insert new nattp access-list applied to inside
[iagrp:id]
acl out [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:[start port]-[stop port] [+|-][dest ip]/[netmask-bits]:[start port]-
vfi acl out EOS_ENABLE Insert new ip filtering access-list applied to outside
[stop port] [+|-][drop|pass] [iagrp:id]
acl per in [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:0-0 [+|-][dest ip]/[netmask-bits]:0-0 [+|-][pass|persist]
vfi acl per in EOS_ENABLE Insert new persistence access-list applied to inside
[timeout]
acl tag in [+|-][ip|icmp|tcp|udp|...] [idx] [+|-][source ip]/[netmask-bits]:[start port]-[stop port] [+|-][dest ip]/[netmask-bits]:[start
vfi acl tag in EOS_ENABLE Insert new tag access-list applied to inside
port]-[stop port] [+|-][pass|tag] [gmac:id,...] [etfa|ltfa|wfa|rwfa|wfa-etfa|rr|opfa|fopfa] [qos:id,...] [iagrp:id]
vfi arp EOS_ENABLE arp [ip address] [mac address format 00:00:00:00:00:00|auto] [inside|outside] [expiration] Add new arp entry
vfi attach in EOS_ENABLE attach in [interface] Bind a network interface to vfi inside
vfi attach out EOS_ENABLE attach out [interface,...] Bind network interface(s) to vfi outside
vfi channel EOS_ENABLE channel [id] [destination VFI]:[inside|outside] Create a new inter-vfi channel
vfi clr acl arp EOS_ENABLE clr acl arp [ip] Remove all arp ip access-lists
vfi clr acl channel in EOS_ENABLE clr acl channel in [ip|icmp|tcp|udp|all|...] Remove all channel inside ip access-lists
vfi clr acl channel out EOS_ENABLE clr acl channel out [ip|icmp|tcp|udp|all|...] Remove all channel outside ip access-lists
vfi clr acl debug in EOS_DIAGNOSTIC clr acl debug in [ip|icmp|tcp|udp|all|...] Remove all debug inside ip access-lists
vfi clr acl debug out EOS_DIAGNOSTIC clr acl debug out [ip|icmp|tcp|udp|all|...] Remove all debug outside ip access-lists
vfi clr acl in EOS_ENABLE clr acl in [ip|icmp|tcp|udp|all|...] Remove all inside ip filtering access-lists
vfi clr acl nat in EOS_ENABLE clr acl nat in [ip|icmp|tcp|udp|all|...] Remove all nat inside ip access-lists
vfi clr acl nat out EOS_ENABLE clr acl nat out [ip|icmp|tcp|udp|all|...] Remove all nat outside ip access-lists
vfi clr acl nattp in EOS_ENABLE clr acl nattp in [ip|icmp|tcp|udp|all|...] Remove all nattp inside ip access-lists
vfi clr acl out EOS_ENABLE clr acl out [ip|icmp|tcp|udp|all...] Remove all outside ip filtering access-lists
vfi clr acl per in EOS_ENABLE clr acl per in [ip|icmp|tcp|udp|all|...] Remove all persistence inside ip access-lists
vfi clr acl tag in EOS_ENABLE clr acl tag in [ip|icmp|tcp|udp|all|...] Remove all tag inside ip access-lists
vfi clr all EOS_ENABLE clr all Reset configuration to default
vfi clr arp EOS_ENABLE clr arp Remove all arp entries
vfi clr collector stats EOS_READ clr col stats Reset collector statistics
vfi clr dhcp EOS_ENABLE clr dhcp Delete all dhcp entries
vfi clr dnat in EOS_DIAGNOSTIC clr dnat in [source|destination] [network/netmask-bits] [port] [qos:id] [mtpx] Remove all inside dnat entries
vfi clr dnat out EOS_DIAGNOSTIC clr dnat out [source|destination] [network/netmask-bits] Remove all outside dnat entries
vfi clr dtag in EOS_DIAGNOSTIC clr dtag in [source|destination] [network/netmask-bits] Remove all inside dtag entries
vfi clr geotag group EOS_ENABLE clr geotag group Remove all geotag group
vfi clr gmac EOS_ENABLE clr gmac Remove all gmac
vfi clr icv EOS_ENABLE clr icv Remove all icv
vfi clr icv action EOS_ENABLE clr icv action Remove all icv action
vfi clr idns globbing EOS_ENABLE clr idns globbing Remove all idns globbing selection
vfi clr idns interceptor EOS_ENABLE clr idns interceptor Remove all idns interceptors
vfi clr idns interceptor group EOS_ENABLE clr idns interceptor group Remove all idns interceptor groups
vfi clr idns rr EOS_ENABLE clr idns rr Remove all idns resource records
vfi clr inline access EOS_ENABLE clr inline access Remove all inline accesses
vfi clr isv group EOS_ENABLE clr isv group Remove all isv groups
vfi clr log EOS_DIAGNOSTIC clr log Remove all vfi real-time messages
vfi clr masq range EOS_ENABLE clr masq range Delete all masquerading port range
vfi clr persist trigger EOS_ENABLE clr persist trigger Remove all persist triggers
vfi clr poolip EOS_ENABLE clr poolip Delete all ip pools
vfi clr pppox EOS_ENABLE clr pppox Delete all pppox entries
vfi clr preidns EOS_DIAGNOSTIC clr preidns Remove all pre-assigned IDNS entries
vfi clr preip in EOS_DIAGNOSTIC clr preip in [source|destination] [network/netmask-bits] Remove all pre-assigned inside IPV4 entries

Page 5
vfi clr preip out EOS_DIAGNOSTIC clr preip out [source|destination] [network/netmask-bits] Remove all pre-assigned outside IPV4 entries
vfi clr probe EOS_READ clr probe Remove all IPv4 probe statistics
vfi clr protofix EOS_ENABLE clr protofix Remove all protocol fixes
vfi clr qos EOS_ENABLE clr qos Delete all qos entries
vfi clr rnat in EOS_DIAGNOSTIC clr rnat in [source|destination] [network/netmask-bits] [port] [qos:id] [mtpx] Remove all inside rnat entries
vfi clr rnat out EOS_DIAGNOSTIC clr rnat out [source|destination] [network/netmask-bits] Remove all outside rnat entries
vfi clr route ip EOS_ENABLE clr route ip Remove all ip routes
vfi clr rtag out EOS_DIAGNOSTIC clr rtag out [source|destination] [network/netmask-bits] Remove all outside rtag entries
vfi clr sessions EOS_ENABLE clr sessions [source|destination] [network/netmask-bits] [port:1-65535] [qos:id] [mtpx] Delete sessions
vfi clr shun EOS_ENABLE clr shun Remove all IPv4 shunning rules
vfi clr spath EOS_ENABLE clr spath Remove all site paths
vfi clr spath group EOS_ENABLE clr spath group Remove all site path groups
vfi clr tap EOS_ENABLE clr tap Deactivate network tapping (monitoring)
debug
vfi debug EOS_DIAGNOSTIC [vfi|gmac|arp|nat|rnat|frag|acl|nattp|shun|timers|poolip|idns|packet_l2|packet_ip|pppox|proc|channel|ftp|sip|tag|rtag|probe|spath| Enable or disable system debugging
dhcp|isv|icv|qos|geo|all] [on|off]
vfi description EOS_ENABLE description [text] Set vfi usage description
vfi detach in EOS_ENABLE detach in Unbind network interface to vfi inside
vfi detach out EOS_ENABLE detach out [interface,...] Unbind all/some network interfaces to vfi outside
vfi dhcp EOS_ENABLE dhcp [id] [interface] Create a new dhcp entry
vfi econf EOS_ENABLE econf Edit configuration from ram
vfi feature EOS_ENABLE feature [feature] [enable|disable] Enable or disable system feature
geolink [id] [dest ip0,dest ip1,...] [geotag:id] [user] [password|auth-key] [enable password|dsa] [description] [update interval
vfi geolink EOS_ENABLE Create a new geolink
(sec)] [tx timeout (msec)]
vfi geotag group EOS_ENABLE geotag group [id] [description] geotag:[id,...]/[id,...]/[id] Add geotag group

gmac [id] [auto|mac address|chn:id|gmac:id] [description] [ip address]/[netmask-bits]|[dhcp:id|pppox:id] [weight] [speed (kb/s)
vfi gmac EOS_ENABLE Create a new gmac
in] [speed (kb/s) out] [layer 2 adj] [poll ip address]:[tcp port],[poll ip address2]:[tcp port2] [% threshold in]/[% threshold out]

vfi gmac alias EOS_ENABLE gmac alias [mac address|id] [alias mac address] Add a mac address alias to a gmac
vfi gmac desc EOS_ENABLE gmac desc [mac address|chn:id|id] [description] Change the description of a gmac
vfi gmac dev EOS_ENABLE gmac dev [mac address|id] [interface] Associate a gmac with an outside interface

vfi gmac disc EOS_DIAGNOSTIC gmac disc [target ip address] [interface] [source ip] Gmac discovery, find mac address associated with a Gmac IP Address

vfi gmac export EOS_ENABLE gmac export [id] [geotag:id,...] [static|dynamic] Allow a gmac to be exportable
vfi gmac mtu EOS_ENABLE gmac mtu [mac address|id] [mtu] [mss|nomss] Change mtu value for a gmac, apply Tcp Mss
vfi gmac net EOS_ENABLE gmac net [mac address|chn:id|id] [network]/[netmask-bits] Add a network to a gmac
vfi gmac probe EOS_ENABLE gmac probe [mac address|chn:id|id] [polling timeout in sec] [polling threshold] Change polling timeout and polling threshold values for a gmac

vfi gmac qos EOS_ENABLE gmac qos [mac address|id] [tc_htb] [speed (kb/s) in]/[speed (kb/s) out],[burstable speed (kb/s) in]/[burstable speed (kb/s) out] Add qos to a gmac

vfi gmac speed EOS_ENABLE gmac speed [mac address|chn:id|id] [speed (kb/s) in] [speed (kb/s) out] Change speed of a gmac

vfi gmac tcpprobe EOS_ENABLE gmac tcpprobe [mac address|chn:id|id] [dynamic] | [ip address] Change tcpprobe of a gmac

vfi gmac tcpprobe dest EOS_DIAGNOSTIC gmac tcpprobe dest [mac address|chn:id|id] [poll ip address]:[tcp port],[poll ip address2]:[tcp port2] Change tcpprobe destinations of a gmac
vfi gmac threshold EOS_DIAGNOSTIC gmac threshold [mac address|chn:id|id] [% threshold in]/[% threshold out] Change traffic threshold values for a gmac
vfi gmac weight EOS_DIAGNOSTIC gmac weight [mac address|chn:id|id] [new weight] Change weight of a gmac
vfi help Any group help Help (this menu)

vfi icv EOS_ENABLE icv [id] [description] [timer.[trigger_on|trigger_off|state_on|state_off]] [mon-fri|weekend|daily|yyyy/mm/dd|dd] [hh:mm] [hh:mm] Create a new icv

vfi icv action EOS_ENABLE icv action [id] [description] [icv:id] [true|false] [action] Create a new icv action
vfi idns globbing EOS_ENABLE idns globbing [level,level,...] Define list of ordered idns globbing

Page 6
vfi idns interceptor EOS_ENABLE idns interceptor [id] [virtual dns ip] [itcgrp:id] [auth resource] [auth ttl] Create an idns interceptor
vfi idns interceptor group EOS_ENABLE idns interceptor group [id] [description] Create an idns interceptor group
idns interceptor group
vfi EOS_ENABLE idns interceptor group export [id] [geotag:id,...] Allow an idns interceptor group to be exportable
export
idns rr [itcgrp:id|virtual dns ip] [resource] [ttl] [algo] [algo options] [rra1,rra2,...] geotaggrp:[id]|geotag:[id,...]/[id,...]/[id]
vfi idns rr EOS_ENABLE Create new idns resource record
isvgrp:[id,...] [multi] [noauth] [persist] [nsn]
vfi inline access EOS_ENABLE inline access [id] [interface] [remote client ip address] [local ip address] [gateway] Insert an inline access service
vfi isv EOS_ENABLE isv [id] [dest ip] [url|alias] [verification string|isv:id] [interval (ms)] [timeout (ms)] [failure threshold] [weight] Create a new isv
vfi isv group EOS_ENABLE isv group [id] isv:[id,...] [description] [group metric selector] Create a new isv group
vfi isv group export EOS_ENABLE isv group export [id] [geotag:id,...] Allow an isv group to be exportable
vfi isv inline EOS_ENABLE isv inline [interface|net] [ip address]/[netmask-bits] [gateway] Set isv inline polling source ip and network
vfi isv update EOS_ENABLE isv update [id] [rtt usec] [failure] [verify] [weight] Change new metrics to an isv
Create a new masquerading port range to use or reserve a port range
vfi masq range EOS_ENABLE masq range [start port]-[stop port],[reserved] [description]
that can not be used for masquerading
vfi nattp EOS_ENABLE nattp [id] [source ip] [destination ip] [mss|nomss] [df|nodf] | [key] Create a new nattp tunnel
vfi nattp protoid EOS_ENABLE nattp protoid [default|idxxx] Change protocol id for nattp tunnel
vfi no acl arp EOS_ENABLE no acl arp [ip] [idx] Remove an arp ip access-list by index
vfi no acl channel in EOS_ENABLE no acl channel in [ip|icmp|tcp|udp|...] [idx] Remove a channel inside ip access-list by index
vfi no acl channel out EOS_ENABLE no acl channel out [ip|icmp|tcp|udp|...] [idx] Remove a channel outside ip access-list by index
vfi no acl debug in EOS_DIAGNOSTIC no acl debug in [ip|icmp|tcp|udp|...] [idx] Remove a debug inside ip access-list by index
vfi no acl debug out EOS_DIAGNOSTIC no acl debug out [ip|icmp|tcp|udp|...] [idx] Remove a debug outside ip access-list by index
vfi no acl in EOS_ENABLE no acl in [ip|icmp|tcp|udp|...] [idx] Remove an inside ip filtering access-list by index
vfi no acl nat in EOS_ENABLE no acl nat in [ip|icmp|tcp|udp|...] [idx] Remove a nat inside ip access-list by index
vfi no acl nat out EOS_ENABLE no acl nat out [ip|icmp|tcp|udp|...] [idx] Remove a nat outside ip access-list by index
vfi no acl nattp in EOS_ENABLE no acl nattp in [ip|icmp|tcp|udp|...] [idx] Remove a nattp inside ip access-list by index
vfi no acl out EOS_ENABLE no acl out [ip|icmp|tcp|udp|...] [idx] Remove an outside ip filtering access-list by index
vfi no acl per in EOS_ENABLE no acl per in [ip|icmp|tcp|udp|...] [idx] Remove a persistence inside ip access-list by index
vfi no acl tag in EOS_ENABLE no acl tag in [ip|icmp|tcp|udp|...] [idx] Remove a tag inside ip access-list by index
vfi no arp EOS_ENABLE no arp [ip address] Remove an arp entry
vfi no channel EOS_ENABLE no channel [id] Delete an inter-vfi channel
vfi no dhcp EOS_ENABLE no dhcp [id] Delete a dhcp entry
vfi no geolink EOS_ENABLE no geolink [id] Remove a geolink
vfi no geotag group EOS_ENABLE no geotag group [id] Remove a geotag group
vfi no gmac EOS_ENABLE no gmac [mac address|chn:id|id] Remove a new gmac
vfi no gmac alias EOS_ENABLE no gmac alias [mac address|id] Remove all mac address aliases from a gmac
vfi no gmac dev EOS_ENABLE no gmac dev [mac address|id] Remove a network device from a gmac
vfi no gmac export EOS_ENABLE no gmac export [id] Disallow a gmac from being exportable
vfi no gmac net EOS_ENABLE no gmac net [mac address|chn:id|id] [network]/[netmask-bits] Remove a network from a gmac
vfi no icv EOS_ENABLE no icv [id] Remove an icv
vfi no icv action EOS_ENABLE no icv action [id] Remove an icv action
vfi no idns interceptor EOS_ENABLE no idns interceptor [id] Remove an idns interceptor
vfi no idns interceptor group EOS_ENABLE no idns interceptor group [id] Remove an idns interceptor group
no idns interceptor group
vfi EOS_ENABLE no idns interceptor group export [id] Disallow an idns interceptor group from being exportable
export
vfi no idns rr EOS_ENABLE no idns rr [itcgrp:id|virtual dns ip] [resource] Remove an idns resource record
vfi no inline access EOS_ENABLE no inline access [id] Remove an inline access
vfi no isv EOS_ENABLE no isv [id] Remove an isv
vfi no isv group EOS_ENABLE no isv group [id] Remove an isv group
vfi no isv group export EOS_ENABLE no isv group export [id] Disallow an isv group from being exportable

Page 7
vfi no isv inline EOS_ENABLE no isv inline [net] [ip address]/[netmask-bits] Unset isv inline polling source ip and network
vfi no masq range EOS_ENABLE no masq range [start port]-[stop port] Delete a masquerading port range
vfi no nattp EOS_ENABLE no nattp [id] Delete an nattp tunnel
vfi no persist trigger EOS_ENABLE no persist trigger [id] Remove a persist trigger
vfi no poolip EOS_ENABLE no poolip [id] Delete an ip pool
vfi no pppox EOS_ENABLE no pppox [id] Delete a pppox entry
vfi no protofix EOS_ENABLE no protofix [protocol] [port] Remove a protocol fix
vfi no qos EOS_ENABLE no qos [id] Delete a qos entry
vfi no route ip EOS_ENABLE no route ip [network/netmask-bits] Remove an ip route
vfi no shun EOS_ENABLE no shun [ip address] Remove an IPv4 shunning rule
vfi no spath EOS_ENABLE no spath [id] Remove a site path
vfi no spath group EOS_ENABLE no spath group [id] Remove a site path group
vfi persist trigger EOS_ENABLE persist trigger [id] [vpn]|[proto]:[dest port] [ttl in seconds] [global] Add a new persist trigger
vfi policy geotag EOS_ENABLE policy geotag [id] [allocate|release|rflow|itraffic|otraffic|resources] [standby|active|established|blocking|geoname] Change traffic or resource state on a remote geotag
vfi poolip EOS_ENABLE poolip [id] [network]/[netmask-bits]|[dhcp:id|pppox:id] [masq] Create a new pool of ip addresses
vfi pppox EOS_ENABLE pppox [id] [interface] [ethernet|cellular] [user] [password] [mtu] Create a new pppox entry
vfi protofix EOS_ENABLE protofix [protocol] [port] Add a protocol fix
qos [id] [dsmark|tc_htb] [reserved speed (kb/s) in]/[reserved speed (kb/s) out],[max speed (kb/s) in]/[max speed (kb/s) out]
vfi qos EOS_ENABLE Create a new qos entry
[gmac:id] [description]
vfi remap idns rr EOS_ENABLE remap idns rr [itcgrp:id|virtual dns ip] [resource] Force remap of rra with gmacs
vfi route ip EOS_ENABLE route ip [network/netmask-bits] [gateway] Insert a static ip route
vfi saveall EOS_ENABLE saveall Save all module configurations to flash
vfi sh acl arp EOS_READ sh acl arp Display all arp ip access-lists
vfi sh acl channel in EOS_READ sh acl channel in Display all channel inside ip access-lists
vfi sh acl channel out EOS_READ sh acl channel out Display all channel outside ip access-lists
vfi sh acl debug in EOS_READ sh acl debug in Display all debug inside ip access-lists
vfi sh acl debug out EOS_READ sh acl debug out Display all debug outside ip access-lists
vfi sh acl in EOS_READ sh acl in Display all inside ip filtering access-lists
vfi sh acl nat in EOS_READ sh acl nat in Display all nat inside ip access-lists
vfi sh acl nat out EOS_READ sh acl nat out Display all nat outside ip access-lists
vfi sh acl nattp in EOS_READ sh acl nattp in Display all inside nattp ip access-lists
vfi sh acl out EOS_READ sh acl out Display all outside ip filtering access-lists
vfi sh acl per in EOS_READ sh acl per in Display all inside pesistence ip access-lists
vfi sh acl tag in EOS_READ sh acl tag in Display all tag inside ip access-lists
vfi sh arp EOS_READ sh arp [auto|gmac|outside|inside|static]|[network/netmask-bits] Display all arp entries
vfi sh channel EOS_READ sh channel Display all inter-vfi channels
vfi sh collector stats EOS_READ sh col stats [vfi|gmac:id|topsess] [start timestamp] [stop timestamp] Display collector statistics
vfi sh conf EOS_READ, EOS_DIAGNOSTIC sh conf Display configuration
vfi sh debug EOS_READ sh debug Display all debug options
vfi sh description EOS_READ sh description Display the vfi description
vfi sh dhcp EOS_READ sh dhcp Display all dhcp entries
vfi sh diag EOS_READ sh diag Display vfi diagnostics and resource usage
vfi sh dnat in EOS_DIAGNOSTIC, EOS_READ sh dnat in [source|destination] [network/netmask-bits] [port] [qos:id] [mtpx] Display all inside dnat entries
vfi sh dnat out EOS_DIAGNOSTIC, EOS_READ sh dnat out [source|destination] [network/netmask-bits] Display all outside dnat entries
vfi sh dtag in EOS_READ sh dtag in [source|destination] [network/netmask-bits] Display all inside dtag entries
vfi sh feature EOS_READ sh feature Display all features status
vfi sh geolink EOS_READ sh geolink Display a geolink or all

Page 8
vfi sh geotag EOS_READ sh geotag Display all remote geotags
vfi sh geotag group EOS_READ sh geotag group [id] Display all geotag group
vfi sh gmac EOS_READ sh gmac [id] Display gmac details
vfi sh gmac brief EOS_READ sh gmac brief [id] Display gmac details
vfi sh gmac history EOS_READ sh gmac history Display history of all gmacs
vfi sh gmac summary EOS_READ sh gmac summary [id] Display all gmacs in a summarized mode
vfi sh icv EOS_READ sh icv [id] Display an icv or all
vfi sh icv action EOS_READ sh icv action [id] Display an icv action or all
vfi sh icv activation group EOS_READ sh icv activation group [id] Display an icv action group or all
vfi sh idns globbing EOS_READ sh idns globbing Display idns globbing selection
vfi sh idns interceptor EOS_READ sh idns interceptor Display idns interceptors
vfi sh idns interceptor group EOS_READ sh idns interceptor group [id] Display idns interceptor groups
vfi sh idns rr EOS_READ sh idns rr Display all idns resource records
vfi sh inline access EOS_READ sh inline access Display inline accesses
vfi sh inside EOS_READ sh inside Display vfi inside interface
vfi sh isv EOS_READ sh isv [id] Display an isv or all
vfi sh isv group EOS_READ sh isv group [id] Display an isv group or all
vfi sh isv inline EOS_READ sh isv inline Display isv inline polling source ip and network
vfi sh isv summary EOS_READ sh isv summary Display all isvs in a summarized mode
vfi sh log EOS_READ sh log Display vfi real-time messages
vfi sh masq range EOS_READ sh masq range Display all masquerading port range
vfi sh nattp EOS_READ sh nattp Display all nattp tunnels
vfi sh outside EOS_READ sh outside Display vfi outside interfaces
vfi sh persist trigger EOS_READ sh persist trigger Display all persist triggers
vfi sh poolip EOS_READ sh poolip Display all ip pools
vfi sh pppox EOS_READ sh pppox Display all pppox entries
vfi sh preidns EOS_READ sh preidns [source|destination] [network/netmask-bits] Display all pre-assigned IDNS entries
vfi sh preip in EOS_READ sh preip in [source|destination] [network/netmask-bits] Display all pre-assigned inside IPV4 entries
vfi sh preip out EOS_READ sh preip out [source|destination] [network/netmask-bits] Display all pre-assigned outside IPV4 entries
vfi sh probe EOS_READ sh probe [report] [number of sessions] Display all IPv4 probe session statistics
vfi sh probe port EOS_READ sh probe port [report] [number of ports/applications] Display all IPv4 cumulative probe port statistics
vfi sh probe proto EOS_READ sh probe proto [report] [number of proto] Display all IPv4 cumulative probe protocol statistics
vfi sh protofix EOS_READ sh protofix Display all protocol fixes
vfi sh qos EOS_READ sh qos Display all qos entries
vfi sh rnat in EOS_DIAGNOSTIC, EOS_READ sh rnat in [source|destination] [network/netmask-bits] [port] [qos:id] [mtpx] Display all inside rnat entries
vfi sh rnat out EOS_DIAGNOSTIC, EOS_READ sh rnat out [source|destination] [network/netmask-bits] Display all outside rnat entries
vfi sh route ip EOS_READ sh route ip [network/netmask-bits] Display selected ip routes
vfi sh rtag out EOS_READ sh rtag out [source|destination] [network/netmask-bits] Display all outside rtag entries
vfi sh sessions EOS_READ sh sessions [source|destination] [network/netmask-bits] [port:1-65535] [qos:id] [mtpx] Display live sessions
vfi sh sessions brief EOS_READ sh sessions [source|destination] [network/netmask-bits] [port:1-65535] [qos:id] [mtpx] Display live sessions
vfi sh shun EOS_READ sh shun Display all IPv4 shunning rules
vfi sh spath EOS_READ sh spath [id] Display site path details
vfi sh spath group EOS_READ, EOS_DIAGNOSTIC sh spath group [id] Display site path groups
vfi sh spath group brief EOS_READ sh spath group brief [id] Display site path groups
vfi sh spath summary EOS_READ sh spath summary Display all site paths in a summarized mode
vfi sh status EOS_READ sh status Display vfi status

Page 9
vfi sh tap EOS_READ sh tap Display network tapping (monitoring)
vfi sh ver EOS_READ sh ver Display version
vfi sh vfi stats EOS_READ sh vfi stats Display vfi cumulative sessions and packet statistics
vfi sh vmac group EOS_ENABLE sh vmac group Display vmac group
vfi shun EOS_ENABLE shun [ip address] [ttl in seconds] Add a new IPv4 shunning rule
vfi spath EOS_ENABLE spath [id] [spathgrp:id] [gmac:id] [source ip]|[dhcp:id|pppox:id] [destination ip]|[dynamic] [description] [weight] Add a new site path
vfi spath group EOS_ENABLE spath group [id] [wfa|rwfa|bsfa|rtfa|mtpx] [dataenc|nodataenc] [aes128|noenc] [key] Create or change a site path group
vfi spath group calibrate EOS_DIAGNOSTIC spath group calibrate [id] [ebin] [ebout] [rtt] [rtta] [lost] [hop] [hopa] [wei] Change site path group calibration parameters for bsfa
vfi spath group calibrate bsfa EOS_DIAGNOSTIC spath group calibrate bsfa [id] [ebin] [ebout] [rtt] [rtta] [lost] [hop] [hopa] [wei] Change site path group calibration parameters for bsfa
vfi spath group calibrate mtpx EOS_DIAGNOSTIC spath group calibrate mtpx [id] [inclusion threshold] Change site path group calibration parameters for mtpx

vfi spath probe EOS_DIAGNOSTIC spath probe [id] [payload length] [polling interval msec] [polling threshold] [adaptive|timer] [rtt threshold msec] [hop threshold] Set site path probe parameters

vfi spath weight EOS_DIAGNOSTIC spath weight [id] [weight] Change site path weight
vfi state dhcp EOS_DIAGNOSTIC state dhcp [id] [release|init|renew] Change dhcp state
vfi state geolink EOS_DIAGNOSTIC state geolink [id] [enable|disable|resync] Enable or disable a geolink
vfi state gmac EOS_DIAGNOSTIC state gmac [mac address|chn:id|id] [enable|disable|reset|shutdown] Change operational state of a gmac
vfi state isv EOS_DIAGNOSTIC state isv [id] [enable|disable] Change operational state of an isv
vfi state pppox EOS_DIAGNOSTIC state pppox [id] [init] Change pppox state
vfi state spath EOS_DIAGNOSTIC state spath [id] [enable|disable] Change operational state of a site path
vfi stats gmac EOS_DIAGNOSTIC stats gmac [mac address|chn:id|id] [reset] Reset statistics of a gmac
vfi stats qos EOS_DIAGNOSTIC stats qos [id] [reset] Reset qos statistics
vfi stats spath group EOS_READ stats spath group [id] [reset] Reset spath group statistics
vfi stats vfi EOS_READ stats vfi [reset] Reset vfi sessions and packets statistics
vfi tap EOS_ENABLE tap [source interface0],[source interface1] [destination interface] Activate network tapping (monitoring)
vfi vmac group EOS_ENABLE vmac group Change vmac group
vfi wconf EOS_ENABLE wconf Write vfi configuration to ram buffer
vfi xconf EOS_ENABLE xconf Reload configuration from ram
vfi xconf EOS_ENABLE xconf Reload configuration from ram

Page 10