FutureNet CS-SEIL-510/C 1.75
1 CS-SEIL-510/C 10 1.1................................................ 10 1.2............................................. 10 1.3.................................................. 12 1.4.............................................. 14 1.5 TELNET..................................... 17 1.6 IPv6............................................. 19 2 20 2.1 IP.......................................... 20 2.2 IP.......................................... 20 2.3 unnumbered................................ 21 2.4................................... 21 2.5 TCP MSS.............................. 21 2.6 LAN............................. 22 2.7 MDI/MDI-X.......................................... 22 2.8 LAN MTU................................ 23 2.9 WAN....................... 23 2.10............................................ 23 2.11 IPsec.................................... 24 2.12 VLAN............................................. 24 2.13 PPPoE.......................................... 25 2.14 L2TPv3.................................. 26 3 PPP 28 3.1 PPP............................................ 28 3.2 PPP............................................ 29 3.3 PPP............................................ 30 4 31 4.1 /................................. 31 4.2 IP................................. 31 4.3 IPv6................................ 31 4.4 VMAN TPID.......................... 32 4.5....................................... 32 4.6....................................... 33 4.7....................................... 34 4.8.................................. 34 1
5 MAC 36 5.1 MAC.................................... 36 5.2 MAC.................................... 37 5.3 MAC.................................... 37 6 ARP 38 6.1 ARP........................................... 38 6.2 ARP........................................... 38 6.3 ARP........................................... 38 6.4 NAT Proxy ARP /........................... 38 7 40 7.1......................................... 40 7.2......................................... 41 7.3......................................... 42 7.4 MultiPath.................................. 42 7.5............................................. 43 7.6............................................. 43 7.7......................................... 43 7.8......................................... 44 7.9 RIP /...................................... 44 7.10 RIP /......................... 45 7.11 RIP........................................ 45 7.12 RIPv2 /................................... 45 7.13 RIP /............................. 46 7.14 RIP................................. 46 7.15 RIP.......................................... 47 7.16 OSPF /..................................... 47 7.17 OSPF ID....................................... 47 7.18............................................. 48 7.19............................................. 48 7.20............................................. 49 7.21............................................. 50 7.22............................................. 51 7.23 distance............................. 51 7.24 OSPF................................. 51 7.25............................................. 52 7.26 IPv4 (PIM-SM) /................ 53 7.27 IPv4 (PIM-SM).................... 53 7.28 IPv4 (PIM-SM)......... 53 7.29 IPv4 (PIM-SM)......... 54 7.30 IPv6........................................ 54 2
7.31 IPv6........................................ 55 7.32 IPv6........................................ 56 7.33 IPv6 MultiPath................................. 56 7.34......................................... 57 7.35......................................... 57 7.36 RIPng /..................................... 58 7.37 RIPng......................................... 58 7.38 RIPng /........................... 58 7.39 RIPng............................... 59 7.40 RIPng....................................... 59 7.41 RIPng..................................... 60 7.42 IPv6 (PIM-SM) /................ 60 7.43 IPv6 (PIM-SM).................... 60 7.44 IPv6 (PIM-SM)......... 61 7.45 IPv6 (PIM-SM)......... 61 8 62 8.1............................................ 62 8.2............................................ 64 8.3............................................ 64 8.4 /..................................... 65 8.5..................................... 65 8.6 IPv6......................................... 65 8.7 IPv6......................................... 67 8.8 IPv6......................................... 68 8.9 IPv6 /.................................. 68 8.10 IPv6................................... 69 9 NAT 70 9.1 NAT........................................... 70 9.2 NAT........................................... 70 9.3 NAT IP ()..................... 70 9.4 NAT IP ()......................... 71 9.5 NAT IP ()....................... 71 9.6 NAT IP ()......................... 71 9.7 NAT....................................... 72 9.8 NAPT IP ()....................... 72 9.9 NAPT IP............................... 72 9.10 NAPT IP ()......................... 72 9.11 NAPT IP............................... 73 9.12 NAPT......................................... 73 9.13 NAPT.......................................... 73 3
9.14 NAPT........................................ 74 9.15 NAPT /................................... 75 9.16 SIP.................................... 75 9.17 SIP.................................... 75 9.18 NAT................................... 76 9.19 NAT...................................... 76 9.20 NAT......................... 76 9.21 NAT......................................... 77 9.22 Reflection NAT..................................... 77 9.23 Reflection NAT..................................... 77 9.24 UPnP /....................................... 77 9.25 UPnP............................. 78 10 IPsec 79 10.1........................ 79 10.2........................ 80 10.3........................ 80 10.4............................... 80 10.5............................... 83 10.6 IKE........................ 83 10.7 IKE........................ 85 10.8............................ 85 10.9............................... 85 10.10.................................... 86 10.11.................................... 87 10.12.................................... 88 10.13 /.............................. 88 10.14.............................. 88 10.15 IKE.......................................... 89 10.16 IKE......................................... 89 10.17 IKE....................................... 90 10.18 IKE Peer........................................... 90 10.19 IKE Peer........................................... 92 10.20 IKE Peer........................................... 93 10.21 IKE....................................... 93 10.22 IKE....................................... 94 10.23 IKE....................................... 94 10.24 IKE........................................ 94 10.25 IKE........................................ 94 10.26 IKE........................................ 95 11 L2TPv3 96 4
11.1 L2TPv3 hostname........................................ 96 11.2 L2TPv3 Router-ID........................................ 96 11.3 L2TPv3..................................... 96 11.4 L2TPv3..................................... 97 11.5 L2TPv3..................................... 97 12 / 99 12.1 CBQ................................... 99 12.2 CBQ...................................... 99 12.3 CBQ...................................... 100 12.4 CBQ...................................... 101 12.5 CBQ............................... 101 12.6 CBQ............................... 103 12.7 CBQ............................... 104 12.8 CBQ /........................... 104 12.9 CBQ........................... 104 13 SNMP 106 13.1 SNMP /............................... 106 13.2 SNMP community...................................... 106 13.3 SNMP sysname........................................ 106 13.4 SNMP location........................................ 106 13.5 SNMP contact........................................ 107 13.6 SNMP......................................... 107 13.7 SNMP trap /.................................. 107 13.8 SNMP trap.................................. 108 13.9 SNMP trap.................................. 108 13.10 SNMP trap................................. 109 13.11...................................... 109 13.12...................................... 109 14 110 14.1 /............................. 110 14.2 /............................. 110 14.3................... 110 14.4 /.................................. 111 14.5................................ 111 14.6................................ 111 14.7.................................. 112 14.8.............................. 112 14.9............................ 112 14.10 /............................. 112 5
15 VRRP 114 15.1 VRRP...................................... 114 15.2 VRRP...................................... 114 15.3 VRID............................................. 115 15.4 VRID............................................. 116 16 DHCP 117 16.1 DHCP /..................................... 117 16.2 DHCP...................................... 117 16.3 DHCP /................... 117 16.4 DHCP IP................................ 118 16.5 DHCP IP.......................... 118 16.6 DHCP DNS........................... 119 16.7 DHCP DNS........................... 119 16.8 DHCP................................. 119 16.9 DHCP.............................. 120 16.10 DHCP NTP........................... 120 16.11 DHCP NTP........................... 120 16.12 DHCP WINS.......................... 121 16.13 DHCP WINS.......................... 121 16.14 DHCP WINS........................... 121 16.15 DHCP DHCP............... 122 16.16 DHCP DHCP............... 122 17 DHCPv6 124 17.1 DHCPv6................................. 124 17.2 DHCPv6.................... 124 17.3 Rapid Commit............................... 124 17.4 Reconfigure Accept............................ 124 17.5 Prefix Delegation........................... 125 17.6 SLA ID.................................. 125 18 DNS 126 18.1 DNS /.................................... 126 18.2 DNS.................................. 126 18.3 DNS.................................. 126 18.4 IPv4-IPv6......................................... 127 19 128 19.1........................................... 128 19.2 /....................... 128 19.3............................. 128 6
19.4............................. 129 19.5............................. 130 19.6............................. 130 19.7.................................. 131 19.8.................................. 131 19.9 MTU................................ 131 19.10.............................. 132 19.11............................ 132 19.12......................... 132 19.13............................ 133 19.14...................... 133 19.15........................ 133 20 135 20.1............................... 135 20.2............................... 135 20.3................................. 135 20.4................................. 136 20.5..................................... 136 20.6................................... 136 21 137 21.1 ICMP.............................. 137 21.2................................ 137 21.3 IPv6............................. 137 21.4 ICMP............................. 138 21.5 IPv6 ICMP.......................... 138 21.6 LinkDown IPv4 connected route....................... 138 21.7 LinkDown IPv6 connected route....................... 139 21.8 urpf......................................... 139 21.9 IPv6 urpf...................................... 140 22 141 22.1..................................... 141 22.2............................................ 141 22.3............................ 141 22.4............................ 142 22.5......................................... 142 22.6 NTP /...................................... 142 22.7 NTP.......................................... 143 22.8 NTP peer........................................... 143 22.9....................................... 143 7
22.10........................................ 144 22.11 DNS /...................................... 144 22.12 DNS..................................... 145 22.13 DNS..................................... 145 22.14.......................................... 145 22.15......................................... 146 22.16 Web /.................................... 146 22.17 TELNET /............................. 146 22.18 Secure Shell /.................................. 147 22.19 Secure Shell hostkey.................................... 147 22.20 Secure Shell................................. 148 22.21 Secure Shell................................. 148 23 149 23.1.................................. 149 23.2......................................... 149 23.3.............................................. 149 23.4............................................. 150 23.5.................................. 150 23.6....................................... 150 23.7........................................ 151 23.8............................................... 152 23.9................................................ 153 23.10........................................ 153 23.11 IPL.............................................. 154 23.12................................................. 154 23.13.............................................. 154 23.14 PPPoE............................................ 155 23.15 ARP...................................... 155 23.16 NDP...................................... 155 23.17..................................... 155 23.18 NAT....................................... 156 23.19............................................. 156 23.20........................................ 156 23.21.......................................... 156 23.22 IPv6........................................ 157 23.23 IKE........................... 157 23.24 IPsec........................... 157 23.25 IPsec................................ 157 23.26 L2TP....................................... 158 23.27 L2TP...................................... 158 8
23.28.............................. 158 23.29........................................ 158 23.30 IPv6..................................... 159 23.31 TELNET............................................. 159 24 160 24.1............................................ 160 24.2............................................... 160 24.3........................................ 160 24.4............................................. 160 24.5........................................ 162 24.6......................................... 162 24.7......................................... 162 24.8................................. 163 24.9............................................ 163 25 factory config 165 A 173 9
1 CS-SEIL-510/C 1.1 CS-SEIL-510/C TELNET SecureShell 1.2 // CS-SEIL-510/C CS-SEIL-510/C // 1: PPP ARP MAC ARP NAT IPsec CS-SEIL-510/C IP WAN PPP LAN LAN ARP Ethernet MAC LAN ARP NAT/NAPT VPN IPsec/IKE 10
L2TPv3 / SNMP VRRP DHCP DHCPv6 DNS L2TPv3 CBQ CS-SEIL-510/C DHCP DHCPv6 Prefix Delegation DNS IPv6 IPv6 IPv4 CS-SEIL-510/C CS-SEIL-510/C CS-SEIL-510/C CS-SEIL-510/C 11
1.3 / 2: / 3: keyword text <parameter> [text] [] [A B] A B {A B} A B... {}, [] 12
4: ) <filter name> (1-16, [a-za-z0-9 ]) 1 16 ( ) 0 () [ ] - ( - - ) [ ] 10 012..9 16 012..9abc..f 0x 16 10 13
1.4 5: interface IPaddress/prefixlen, IPaddress CS-SEIL-510/C Ether lan tunnel VLAN vlan PPPoE pppoe IP 10 /prefixlen /32 interface IP [/8 /16 /24] 6 IP IP - IPv6 IPv6 RFC2373 /64 ID ID % 192.168.1.0/24 192.168.0.1 192.168.0.1-192.168.255.255 fec0::8001:2e0:4fff:fe20:829f fe80::2e0:4fff:fe20:829f%lan0 14
hostname, URL protocol port top, bottom, above, below URL URL FTP HTTP TCP ICMP tcp icmp 0 255 TCP UDP 0 65535-23, 80, 137-139 top bottom above below 15
6: prefixlen netmask /32 255.255.255.255 /31 255.255.255.254 /30 255.255.255.252 /29 255.255.255.248 /28 255.255.255.240 /27 255.255.255.224 /26 255.255.255.192 /25 255.255.255.128 /24 255.255.255.0 /23 255.255.254.0 /22 255.255.252.0 /21 255.255.248.0 /20 255.255.240.0 /19 255.255.224.0 /18 255.255.192.0 /17 255.255.128.0 /16 255.255.0.0 /15 255.254.0.0 /14 255.252.0.0 /13 255.248.0.0 /12 255.240.0.0 /11 255.224.0.0 /10 255.192.0.0 /9 255.128.0.0 /8 255.0.0.0 /7 254.0.0.0 /6 252.0.0.0 /5 248.0.0.0 /4 240.0.0.0 /3 224.0.0.0 /2 192.0.0.0 /1 128.0.0.0 16
1.5 TELNET CS-SEIL-510/C LAN TELNET CS-SEIL- 510/C TELNET login: user admin user admin user / administrator admin Password: Login incorrect admin # user > TELNET exit tcsh bash UNIX / 7 CS-SEIL-510/C TELNET Secure Shell 22.18 Secure Shell / Secure Shell CS-SEIL-510/C 17
7: Space BackSpace 1 Ctrl-H, Del BackSpace Ctrl-D? Tab? Enter Ctrl-M, Ctrl-J Enter Ctrl-C Ctrl-F 1 Ctrl-B 1 Ctrl-A Ctrl-E Ctrl-T 1 1 Ctrl-P Ctrl-N Ctrl-Space Ctrl-W Ctrl-K Ctrl-Y Ctrl-U Ctrl-V? () Ctrl-L ( 1 ) ( () ) Y= ( ) () 18
1.6 IPv6 CS-SEIL-510/C IPv6 IPv6 RFC CS-SEIL-510/C 8: IPv4 IPv6 IPv4 IPv6 interface interface ppp ppp bridge bridge arp - ipsec ipsec ike ike cbq cbq syslog syslog load-from load-from ntp ntp save-to save-to update update resolver resolver dns dns translator translator route route6 filter filter6 ping ping6 traceroute traceroute6 snmp - nat - vrrp - dhcp - - dhcp6 - rtadvd 19
2 2.1 IP interface { <lan> <vlan> } { address add } <local IPaddress/prefixlen> interface lan1 { address add } dhcp interface { <pppoe> <tunnel> <ipsec> } { address add } <local IPaddress/prefixlen> remote <remote IPaddress> [ ] <lan> LAN <pppoe> PPPoE pppoe0, pppoe1,... <tunnel> Tunnel tunnel0, tunnel1,... <vlan> VLAN vlan0, vlan1... <ipsec> IPsec (ipsec0, ipsec1,...) <local IPaddress/prefixlen> IP <remote IPaddress> Point to Point IP dhcp DHCP IP CS-SEIL-510/C IP IPv4 IPv6 address IP add IPv4 4 IPv6 8 prefixlen IPv4 IPv6 /64 dhcp lan1 IPsec VLAN PPPoE 2.10 2.11 IPsec 2.12 VLAN 2.13 PPPoE lan0 192.168.0.1/24 2.2 IP interface <interface> delete { all <IPaddress> } [ ] <interface> <IPaddress> IP all IP CS-SEIL-510/C IP 20
IPv6 IPv4 IPv6 2.3 unnumbered interface <interface> unnumbered [ ] <interface> unnumbered unnumbered IPv4 unnumbered lan0 IPv4 PPPoE unnumbered PPP IPCP address option OFF PPP 3.1 PPP LAN VLAN 2.4 interface <interface> description <description> [ ] <interface> <description> (0-64 ) ( 7) 2.5 TCP MSS interface <interface> tcp-mss { <mss> auto off } [ ] <interface> <mss> 32 32767 TCP MSS auto TCP MSS 21
off TCP MSS TCP MSS PPPoE 3.1 PPP IPsec auto 32 32767 2.6 LAN interface { lan0 lan1 } media <media> [ ] <media> 10baseT 10Mbps 10baseT-FDX 10Mbps 100baseTX 100Mbps 100baseTX-FDX 100Mbps auto CS-SEIL-510/C LAN LAN 10baseT,10baseT-FDX 100baseTX,100baseTX-FDX interface IPv4 IPv6 auto 2.7 MDI/MDI-X interface { lan0 lan1 } mdi { auto normal } [ ] mdi auto normal MDI CS-SEIL-510/C LAN LAN 22
interface IPv4 IPv6 auto 2.8 LAN MTU interface { lan0 lan1 } mtu { system-default <mtu size> } [ ] <mtu size> 1280 1500 LAN MTU system-default CS-SEIL-510/C CS-SEIL-510/C LAN MTU mtu 1500 2.9 WAN interface lan1 queue { normal cbq } [ ] normal cbq CBQ Class-Based Queueing WAN CBQ 12 interface IPv4 IPv6 normal 2.10 interface <interface> tunnel <start IPaddress> <end IPaddress> interface <interface> tunnel none interface <interface> mtu <mtu size> [ ] <interface> (tunnel0, tunnel1,...) <start IPaddress> IP <end IPaddress> IP none <mtu size> 1280 8192 MTU system-default CS-SEIL-510/C 23
mtu 1280 2 IPv4, IPv6 none IP 2.11 IPsec interface <interface> tunnel <start IPaddress> <end IPaddress> interface <interface> tunnel none interface <interface> mtu <mtu size> [ ] <interface> IPsec (ipsec0, ipsec1,...) <start IPaddress> IPsec IP <end IPaddress> IPsec IP none IPsec <mtu size> 1280 8192 IPsec MTU system-default CS-SEIL-510/C mtu 1280 2 IPsec IPv4, IPv6 none IP IPsec / 2.12 VLAN 24
interface <interface> tag <tag> [over <lan interface>] interface <interface> tag none interface <interface> mtu <mtu size> [ ] <interface> VLAN <tag> 1 4094 VLAN none VLAN bridge group none <lan interface> VLAN LAN <mtu size> 1280 1500 vlan MTU system-default CS-SEIL-510/C mtu 1500 VLAN lan0,lan1( L2TP I/F) lan1( L2TP I/F) VLAN lan0 VLAN over lan1 over lan0 lan0 over lan0 VLAN lan0 CS-SEIL-510/C VLAN interface IPv4 IPv6 2.13 PPPoE interface <interface> ppp-configuration <ppp name> interface <interface> ppp-configuration none interface <interface> over <lan interface> interface <interface> over none interface <interface> mtu <mtu size> [ ] <interface> pppoe0 pppoe3 PPPoE <ppp name> PPP <lan interface> lan0, lan1 PPPoE LAN none PPPoE <mtu size> 1280 1492 PPPoE MTU system-default CS-SEIL-510/C PPPoE PPP 25
MTU ppp-configuration lan0,lan1 lan1 PPPoE lan1 lan1 PPPoE over lan1 lan0, L2TP I/F L2TP I/F PPPoE interface IPv4 IPv6 over lan1 mtu system-default 2.14 L2TPv3 interface <interface> tunnel <start IPaddress> <end IPaddress> interface <interface> tunnel none interface <interface> l2tp manual local-id <local id> remote-id <remote id> [local-cookie <local cookie> remote-cookie <remote cookie>] interface <interface> l2tp <l2tp name> remote-end-id <remote end id> [ ] <interface> L2TPv3 (l2tp0, l2tp1,...) <start IPaddress> L2TPv3 IP <end IPaddress> L2TPv3 IP none L2TPv3 <local id> 1-4294967295 L2TPv3 Local Session ID <remote id> 1-4294967295 L2TPv3 Remote Session ID <local cookie> 1-4294967295 L2TPv3 Local Cookie <remote cookie> 1-4294967295 L2TPv3 Remote Cookie <l2tp name> L2TPv3 L2TPv3 <remote end id> L2TPv3 Remote End ID(1-16, [?Y=] ) 2 L2TPv3 IPv4 none bridge group none L2TPv3 local-id remote-id 26
local-cookie remote-cookie cookie L2TPv3 l2tp L2TPv3 11 L2TPv3 remote-end-id Remote End ID 16 27
3 PPP 3.1 PPP ppp add <ppp name> [ipcp { enable disable }] [ipv6cp { enable disable }] [keepalive { <time> none }] [ipcp-address { on off }] [ipcp-dns { on off }] [acname <ac name>] [servicename <service name>] [authentication-method { auto pap chap none }] [identifier <userid>] [passphrase <pass phrase>] [tcp-mss { auto <mss> none }] [auto-connect { vrrp always }] [ ] <ppp name> PPP (1-16, ) ipcp enable IPCP disable IPCP ipv6cp enable IPV6CP disable IPV6CP keepalive 1 3600 none ipcp-address on IPCP address option off IPCP address option ipcp-dns on DNS extension off DNS extension <ac name> PPPoE Access Concentrator (0-16 ) <service name> PPPoE (0-16 ) authentication-method auto pap PAP chap CHAP none <userid> ID(0-36 ) <pass phrase> (0-36 ) tcp-mss auto TCP MSS 512 1452 TCP MSS none TCP MSS auto-connect vrrp VRRP ( ) PPPoE VRRP PPPoE 28
always VRRP PP- PoE PPP ppp IPv4 IPv6 PPP 8 PPPoE Unnumbered ipcp-address off Unnumbered Unnumbered 2.3 unnumbered PPPoE VRRP VRRP 15.1 VRRP PPP none keepalive LCP echo 3 echo reply ipcp enable ipv6cp enable keepalive none ipcp-address off ipcp-dns off authentication-method auto tcp-mss auto auto-connect always 3.2 PPP ppp modify <ppp name> [ipcp { enable disable }][ipv6cp { enable disable }] [keepalive { <time> none }] [ipcp-address { on off }] [ipcp-dns { on off }] [acname <ac name>] [servicename <service name>] [authentication-method { auto pap chap none }] [identifier <userid>] [passphrase <pass phrase>] [tcp-mss { auto <mss> none }] [auto-connect { vrrp always }] [ ] PPP ppp IPv4 IPv6 29
3.3 PPP ppp delete <ppp name> ppp delete all [ ] <ppp name> PPP all PPP PPP ppp IPv4 IPv6 30
4 4.1 / bridge { enable disable } [ ] enable disable / RIP RIPng OSPF bridge IPv4 IPv6 disable 4.2 IP bridge ip-bridging { on off } [ ] on IP off IP IP / enable IP off IP ARP CS-SEIL-510/C IP IP ARP on WAN IPv4 gateway WAN disable ip-bridging bridge IPv4 IPv6 on 4.3 IPv6 bridge ipv6-bridging { on off } 31
[ ] on IPv6 off IPv6 IPv6 / enable IPv6 off CS-SEIL-510/C IPv6 disable ipv6-bridging on 4.4 VMAN TPID bridge vman-tpid { none <vman tpid> } [ ] <vman tpid> 0x0001 0xffff none VMAN TPID Ethernet VMAN (Virtual Metropolitan Area Network) TPID (Tag Protocol Identifier) VMAN TPID Ethertype VLAN tag VLAN ID VLAN Priority / none VMAN TPID none 4.5 bridge group add <group name> [stp { on off }] [priority <num>] [max-age <num>] [hello-time <num>] [forward-delay <num>] [aging-time <num>] [ ] <group name> (1-16, [a-za-z0-9 ]) stp on STP stp off STP priority 0 65535 system-default max-age 6 200 ( ) 32
system-default hello-time 1 10 ( ) system-default forward-delay 4 200 ( ) system-default aging-time 0 1000000 MAC ( ) 0 system-default (bridge { enable disable ip-bridging ipv6-bridging }) lan0 lan1 8 none all stp on IEEE 802.1D Spanning-Tree-Protocol BPDU stp on STP stp off priority 32768 hello-time 2 max-age 20 forward-delay 15 aging-time 300 4.6 [ ] bridge group modify <group name> [stp { on off }] [priority <num>] [max-age <num>] [hello-time <num>] [forward-delay <num>] [aging-time <num>] 33
4.7 bridge group delete <group name>... bridge group delete all [ ] <group name> all 4.8 bridge interface <ifname> group <group name> [stp { on off }] [priority <num>] [path-cost <num>] [port-fast { on off }] bridge interface <ifname> [stp { on off }] [priority <num>] [path-cost <num>] [port-fast { on off }] bridge interface <ifname> group none [ ] <ifname> (lan0, vlan0 vlan7, l2tp0 l2tp63) <group name> none stp on STP ( STP ) stp off STP priority 0 255 system-default path-cost 1 65535 system-default port-fast on Forwarding port-fast off Blocking lan0 vlan0 vlan7 l2tp0 l2tp63 34
none vlan0 vlan7 l2tp0 l2tp63 interface bridge VLAN lan0 LAN LAN VLAN VLAN VLAN VLAN VLAN LAN L2TP VLAN VLAN LAN VLAN L2TP L2TP path-cost system-default LAN VLAN 100 (10Mbps), 19 (100Mbps) L2TP 55 stp off priority 32 path-cost ( ) port-fast off 35
5 MAC 5.1 MAC macfilter add <name> [action <action>] src { any <macaddr> <url> interval <time> } [logging <log mode>] [ ] <name> (1-16, [a-za-z0-9 ]) <action> block pass <macaddr> any MAC MAC 1 : 00:e0:4d:ff:00:01 <url> MAC URL <time> URL (XXhXXmXXs, 60s 24h) <log mode> on off Ethernet / MAC MAC lan0 32 MAC URL ftp,http,https URL MAC 1 1MAC URL MAC 512KB URL 20 URL 1 10 10 src any pass/block 1 20 logging off action pass logging off 36
5.2 MAC [ ] macfilter modify <name> [action <action>] [src { any <macaddr> <url> interval <time> }] [logging <log mode>] MAC src any src action show status macfilter (blocked)/ (passed) URL interval URL 5.3 MAC macfilter delete { all <name> [<name>...] } [ ] <name> all MAC all MAC 37
6 ARP 6.1 ARP arp add <IPaddress> <MACaddress> [proxy { on off }] [ ] <IPaddress> IP <MACaddress> IP MAC proxy on ARP off ARP IP MAC ARP 16 IP 0.0.0.0 proxy off 6.2 ARP arp modify <IPaddress> [<MACaddress>] [proxy { on off }] [ ] ARP 6.3 ARP arp delete <IPaddress> arp delete all [ ] <IPaddress> ARP IP all ARP ARP all ARP 6.4 NAT Proxy ARP / arp reply-nat { on off } [ ] on NAT Proxy ARP off NAT Proxy ARP 38
NAT IP IP ARP NAT Proxy ARP / NAT IP nat static add <private IPaddress> <global IPaddress> nat dynamic add global <global IPaddress> nat napt add global <global IPaddress> off 39
7 7.1 route add <dst address/prefixlen> { <gateway address> <interface> dhcp discard } [distance { <distance> system-default }] [metric { <metric> system-default }] [keepalive { on off }] [target { <target> none }] [send-interval { <interval> system-default }] [down-count { <count> system-default }] route add default { <gateway address> <interface> dhcp discard } [distance { <distance> system-default }] [metric { <metric> system-default }] [keepalive { on off }] [target { <target> none }] [send-interval { <interval> system-default }] [down-count { <count> system-default }] [ ] <dst address/prefixlen> IPv4 <gateway address> <interface> dhcp DHCP default route discard discard <distance> 1 255 <metric> 1 15 RIP metric keepalive on static off static <target> <interval> 5 120 ( ) <count> 1 10 system-default CS-SEIL-510/C metric RIP metric distance gateway dhcp dhcp default route 40
interface dhcp dhcp gateway discard MultiPath 512 keepalive Discard PPPoE Unnumbered keepalive 16 route IPv4 default pppoe0 metric 1 distance 1 keepalive off send-interval 30 down-count 3 7.2 [ ] route modify <dst address/prefixlen> [<gateway address> <interface> dhcp discard] [distance { <distance> system-default }] [metric { <metric> system-default }] [keepalive { on off }] [target { <target> none }] [send-interval { <interval> system-default }] [down-count { <count> system-default }] route modify default [<gateway address> <interface> dhcp discard] [distance { <distance> system-default }] [metric { <metric> system-default }] [keepalive { on off }] [target { <target> none }] [send-interval { <interval> system-default }] [down-count { <count> system-default }] metric RIP metric 41
distance MultiPath distance metric route IPv4 7.3 route delete <dst address/prefixlen> route delete default route delete all [ ] <dst address/prefixlen> IPv4 default all MultiPath 7.4 MultiPath route IPv4 7.4 MultiPath route delete <dst address/prefixlen> { <gateway address> <interface> discard } route delete <dst address/prefixlen> all route delete default { <gateway address> <interface> discard } route delete default all [ ] <dst address/prefixlen> IPv4 default <gateway address> IPv4 <interface> discard discard all MultiPath route IPv4 42
7.5 route dynamic auth-key add <key-name> type plain-text password <password> route dynamic auth-key add <key-name> type md5 keyid <keyid> password <password> [ ] <key-name> (1-16, [!#] ) <password> (1-16, [!#] ) <keyid> 1 255 MD5 ID 64 plain-text OSPF 8 route IPv4 7.6 route dynamic auth-key delete <key-name> route dynamic auth-key delete all route IPv4 7.7 route dynamic route-filter add <filter-name> [network <IPaddress>[/<prefixlen>] [prefix <prefixlen-prefixlen>] [exact-match]] [interface <ifname>] [metric <number>] { pass block } [set-metric <number>] [set-metric-type <number>] [ ] <filter-name> (1-16, [!#] ) network prefix prefixlen exact-match prefixlen interface 43
metric block pass set-metric set-metric-type metric metric metric-type metric OSPF set-metric-type RIP metric set-metric-type 512 route IPv4 IPv6 set-metric-type 2 (type 2) 7.8 route dynamic route-filter delete <filter-name> route dynamic route-filter delete all route IPv4 7.9 RIP / route dynamic rip { enable disable } [ ] enable RIP disable RIP RIP / bridge disable route IPv4 disable 44
7.10 RIP / route dynamic rip interface <interface> { enable disable supply-only listen-only } [ ] <interface> enable disable supply-only listen-only RIP / route IPv4 disable 7.11 RIP route dynamic rip interface <interface> version { ripv1 ripv2 ripv2-broadcast } [ ] ripv1 RIPv1 ripv2 RIPv2 ripv2-broadcast RIPv2 RIP route IPv4 ripv2 7.12 RIPv2 / route dynamic rip interface <interface> authentication { enable disable } route dynamic rip interface <interface> authentication auth-key { <key-name> none } [ ] enable disable <key-name> 45
none RIPv2 route IPv4 disable 7.13 RIP / route dynamic rip interface <interface> route-filter { in out } <route-filter-name>[,<route-filter-name>...] route dynamic rip interface <interface> route-filter { in out } none [ ] in out <route-filter-name> none RIP route IPv4 network none 7.14 RIP route dynamic rip default-route-originate { enable disable } [ ] enable disable RIP route IPv4 disable 46
7.15 RIP route dynamic rip update-timer { <update-timer> system-default } route dynamic rip expire-timer { <expire-timer> system-default } route dynamic rip garbage-collection-timer { <garbage-collection-timer> system-default } [ ] <update-timer> 5 2147483647 <expire-timer> 5 2147483647 <garbage-collection-timer> 5 2147483647 garbage collection system-default CS-SEIL-510/C RIP route IPv4 update-timer 30 expire-timer 180 garbage-collection-timer 120 7.16 OSPF / route dynamic ospf { disable enable } [ ] enable OSPF disable OSPF OSPF / bridge disable route IPv4 disable 7.17 OSPF ID route dynamic ospf router-id <my-router-id> [ ] <my-router-id> 0.0.0.1 255.255.255.255 CS-SEIL-510/C ID 47
CS-SEIL-510/C ID route IPv4 7.18 route dynamic ospf area add <area-id> [range <IPaddress/prefixlen>] [stub { enable disable } [no-summary { on off }] [default-cost { <cost> system-default }]] [ ] <area-id> 0.0.0.0 255.255.255.255 ID <IPaddress/prefixlen> stub no-summary default-cost <cost> 1 65535 system-default CS-SEIL-510/C 8 0.0.0.0 range route IPv4 default-cost 1 stub disable no-summary off 7.19 route dynamic ospf area delete <area-id> route dynamic ospf area delete all [ ] <area-id> ID all ID route IPv4 48
7.20 route dynamic ospf link add { <peer-router-id> <interface> } area <area-id> [authentication auth-key { <key-name> none }] [cost { <cost> system-default }] [hello-interval { <hello-interval> system-default }] [dead-interval { <dead-interval> system-default }] [retransmit-interval { <retransmit-interval> system-default }] [transmit-delay { <transmit-delay> system-default }] [priority { <priority> system-default }] [passive-interface { on off }] [ ] <peer-router-id> Router-ID <interface> OSPF <area-id> <key-name> (1-16, [!#] ) none <cost> 1 65535 <hello-interval> 1 65535 Hello <dead-interval> 1 65535 <retransmit-interval> 3 65535 LSA <transmit-delay> 1 65535 LS <priority> 0 255 DB/BDR system-default CS-SEIL-510/C <passive-interface> on passive-interface off passive-interface OSPF <area-id> route dynamic ospf area add ID cost priority DR BDR 0 DR BDR route IPv4 cost 1 49
hello-interval 10 dead-interval 40 retransmit-interval 5 transmit-delay 1 priority 1 passive-interface off 7.21 route dynamic ospf link modify { <peer-router-id> <interface> } [authentication auth-key { <key-name> none }] [cost { <cost> system-default }] [hello-interval { <hello-interval> system-default }] [dead-interval { <dead-interval> system-default }] [retransmit-interval { <retransmit-interval> system-default }] [transmit-delay { <transmit-delay> system-default }] [priority { <priority> system-default }] [passive-interface { on off }] [ ] <peer-router-id> Router-ID <interface> <key-name> (1-16, [!#] ) none <cost> 1 65535 <hello-interval> 1 65535 Hello <dead-interval> 1 65535 <retransmit-interval> 3 65535 LSA <transmit-delay> 1 65535 LS <priority> 0 255 DB/BDR system-default CS-SEIL-510/C <passive-interface> on passive-interface off passive-interface OSPF cost priority DR BDR 0 DR BDR route IPv4 50
cost 1 hello-interval 10 dead-interval 40 retransmit-interval 5 transmit-delay 1 priority 1 passive-interface off 7.22 route dynamic ospf link delete { <interface> all } [ ] <interface> OSPF all OSPF route IPv4 7.23 distance route dynamic ospf administrative-distance { external inter-area intra-area } { <number> system-default } [ ] external distance inter-area distance intra-area distance <number> 1 255 distance system-default CS-SEIL-510/C distance route IPv4 external 0 inter-area 0 intra-area 0 7.24 OSPF 51
route dynamic ospf default-route-originate { enable disable } [metric <metric>] [metric-type { 1 2 }] [ ] enable disable <metric> 0 16777214 metric <metric-type> 1 or 2 metric-type OSPF route IPv4 disable metric 10 metric-type 2 7.25 route dynamic redistribute { static-to-rip ospf-to-rip } { enable disable } [metric <metric>] [route-filter <route-filter-name>[,<route-filter-name>...]] route dynamic redistribute connected-to-rip { enable disable } [metric <metric>] route dynamic redistribute { static-to-ospf rip-to-ospf } { enable disable } [metric <metric>] [metric-type <metric-type>] [route-filter <route-filter-name>[,<route-filter-name>...]] route dynamic redistribute connected-to-ospf { enable disable } [metric <metric>] [metric-type <metric-type>] [ ] enable disable <metric> RIP: 1 15 metric OSPF: 0 16777214 metric <metric-type> 1 or 2 metric-type route-filter Connected RIP OSPF RIP OSPF route IPv4 52
static-to-rip disable connected-to-rip enable ospf-to-rip disable static-to-ospf disable connected-to-ospf enable rip-to-ospf disable metric 1 (RIP ) metric 20 (OSPF ) metric-type 2 7.26 IPv4 (PIM-SM) / route dynamic pim-sparse { enable disable } [ ] enable IPv4 disable IPv4 IPv4 PIM-SM/ route IPv4 disable 7.27 IPv4 (PIM-SM) route dynamic pim-sparse interface <interface> { enable disable } [ ] <interface> enable IPv4 disable IPv4 IPv4 PIM-SM route IPv4 512 disable 7.28 IPv4 (PIM-SM) 53
route dynamic pim-sparse static-rp add <group address/prefixlen> <RP address> [priority <priority>] [ ] <group address/prefixlen> multicast group <RP address> <priority> 0 255 BSR route IPv4 8 priority 0 7.29 IPv4 (PIM-SM) route dynamic pim-sparse static-rp delete { <group address/prefixlen> all } [ ] <group address/prefixlen> multicast group all multicast group route IPv4 7.30 IPv6 route6 add <dst IPaddress/prefixlen> { <gateway IPaddress> <interface> discard } [distance { <distance> system-default }] [keepalive { on off }] [target { <target> none }] [send-interval { <interval> system-default }] [down-count { <count> system-default }]] route6 add default { <gateway IPaddress> <interface> discard } [distance { <distance> system-default }] [keepalive { on off }] [target { <target> none }] [send-interval { <interval> system-default }] [down-count { <count> system-default }]] 54
[ ] <dst IPaddress/prefixlen> IPv6 default <gateway IPaddress> IPv6 <interface> discard discard <distance> 1 255 keepalive on : static off : static <target> <interval> 5 120 ( ) <count> 1 10 system-default CS-SEIL-510/C default distance 512 discard MultiPath keepalive PPPoE IPv6 keepalive 16 route6 IPv6 distance 1 keepalive off send-interval 30 down-count 3 7.31 IPv6 route6 modify <dst IPaddress/prefixlen> [<gateway IPaddress> <interface> discard] [distance { <distance> system-default }] [keepalive { on off }] [target { <target> none }] [send-interval { <interval> system-default }] 55
[down-count { <count> system-default }]] route6 modify default [<gateway IPaddress> <interface> discard] [distance { <distance> system-default }] [keepalive { on off }] [target { <target> none }] [send-interval { <interval> system-default }] [down-count { <count> system-default }]] [ ] distance MultiPath distance metric route6 IPv6 7.32 IPv6 route6 delete <dst IPaddress/prefixlen> route6 delete default route6 delete all [ ] <dst IPaddress/prefixlen> IPv6 default all IPv6 MultiPath route6 IPv6 7.33 IPv6 MultiPath route6 delete <dst IPaddress/prefixlen> { <gateway IPaddress> <interface> discard } route6 delete <dst IPaddress/prefixlen> all route6 delete default { <gateway IPaddress> <interface> discard } route6 delete default all [ ] <dst IPaddress/prefixlen> IPv6 56
default <gateway IPaddress> <interface> discard all IPv6 discard IPv6 MultiPath MultiPath route6 IPv6 7.34 route6 dynamic route-filter add <filter-name> [network <IPaddress>[/<prefixlen>] [prefix <prefixlen-prefixlen>] [exact-match]] [metric <number>] { pass block } [set-metric <number>] [ ] <filter-name> (1-16, [!#] ) network prefix prefixlen exact-match prefixlen interface metric metric block pass set-metric metric 512 route6 IPv6 IPv4 set-metric-type 2 (type 2) 7.35 route6 dynamic route-filter delete <filter-name> route6 dynamic route-filter delete all 57
route6 IPv6 7.36 RIPng / route6 dynamic ripng { enable disable } [ ] enable RIPng disable RIPng RIPng / bridge disable route6 IPv6 disable 7.37 RIPng route6 dynamic ripng interface <interface> { enable disable supply-only listen-only } [ ] <interface> enable disable supply-only listen-only RIPng route6 IPv6 disable 7.38 RIPng / route6 dynamic ripng interface <interface> route-filter { in out } <route-filter-name>[,<route-filter-name>...] route6 dynamic ripng interface <interface> route-filter { in out } none 58
[ ] in out <route-filter-name> none RIPng route6 IPv6 network none 7.39 RIPng route6 dynamic ripng default-route-originate { enable disable } [ ] enable disable RIPng route6 IPv6 disable 7.40 RIPng route6 dynamic ripng interface <interface> aggregate add <prefix/prefixlen> metric <metric> route6 dynamic ripng interface <interface> aggregate delete <prefix/prefixlen> [ ] <interface> <prefix/prefixlen> <metric> 1 15 metric route6 IPv6 59
metric 1 7.41 RIPng route6 dynamic redistribute static-to-ripng { enable disable } [metric <metric>] route6 dynamic redistribute connected-to-ripng { enable disable } [metric <metric>] [ ] enable disable <metric> 1 15 metric Connected RIPng route6 IPv6 static-to-ripng disable connected-to-ripng enable metric 1 7.42 IPv6 (PIM-SM) / route6 dynamic pim-sparse { enable disable } [ ] enable IPv6 disable IPv6 IPv6 PIM-SM/ route6 IPv6 disable 7.43 IPv6 (PIM-SM) route6 dynamic pim-sparse interface <interface> { enable disable } [ ] <interface> enable IPv6 disable IPv6 60
IPv6 PIM-SM route6 IPv6 512 disable 7.44 IPv6 (PIM-SM) route6 dynamic pim-sparse static-rp add <group address/prefixlen> <RP address> [priority <priority>] [ ] <group address/prefixlen> multicast group <RP address> <priority> 0 255 BSR route6 IPv6 8 priority 0 7.45 IPv6 (PIM-SM) route6 dynamic pim-sparse static-rp delete { <group address/prefixlen>/all } [ ] <group address/prefixlen> multicast group all multicast group route6 IPv6 61
8 8.1 filter add <filter name> action <action> interface <interface> direction <direct mode> [protocol <protocol>] [icmp-type <icmp type>] [application <protocol application>] [src <src IPaddress/prefixlen>] [srcport <src port range>] [dst <dst IPaddress/prefixlen>] [dstport <dst port range>] [state <state>] [state-ttl <ttl>] [logging <log mode>] [<priority>[<base name>]] [enable disable] [ ] <filter name> (1-16, [a-za-z0-9 ]) <action> block pass forward <address> address PolicyRouting <interface> <direct mode> in out in/out <protocol> ip IP tcp TCP tcp-synonly TCP tcp-established TCP udp UDP tcpudp TCP UDP icmp ICMP ipv6-icmp ICMPv6 igmp IGMP ah AH esp ESP 0 255 <icmp type> 0 255 ICMP 62
any <protocol application> winny Winny (v2) any <src IPaddress/prefixlen> IP <src port range> 0 65535 <dst IPaddress/prefixlen> IP <dst port range> 0 65535 <state> enable disable <ttl> 5 999999 normal <log mode> on off <priority> top bottom above below <base name> enable disable Policy Routing protocol tcp-synonly action block protocol tcp-established action pass 512 IP IP 0.0.0.0/0 state enable action pass direction out state-ttl normal TTL port 53 15 180 filter IPv4 Policy Routing filter direction out Policy Routing interface application winny Policy Routing protocol icmp icmp-type ICMP 63
protocol any icmp-type any application any src 0.0.0.0/0 srcport 0-65535 dst 0.0.0.0/0 dstport 0-65535 state disable state-ttl normal logging on priority bottom enable 8.2 [ ] filter modify <filter name> [action <action>] [interface <interface>] [direction <direct mode>] [protocol <protocol>] [icmp-type <icmp type>] [application <protocol application>] [src <src IPaddress/prefixlen>] [srcport <src port range>] [dst <dst IPaddress/prefixlen>] [dstport <dst port range>] [state <state>] [state-ttl <ttl>] [logging <log mode>] [enable disable] filter move filter IPv4 8.3 filter delete <filter name>... filter delete all [ ] <filter name> all all 64
filter IPv4 8.4 / filter { enable disable } <filter name>... filter { enable disable } all [ ] <enable> <disable> <filter name> all all / filter IPv4 8.5 filter move <filter name> { top bottom } filter move <filter name> { above below } <base name> [ ] <filter name> <base name> top bottom above below filter IPv4 8.6 IPv6 filter6 add <filter name> action <action> interface <interface> direction <direct mode> [protocol <protocol>] [icmp-type <icmp type>] [src <src IPaddress/prefixlen>] [srcport <src port range>] [dst <dst IPaddress/prefixlen>] [dstport <dst port range>] 65
[state <state>] [state-ttl <ttl>] [logging <log mode>] [<priority>[<base name>]] [enable disable] [ ] <filter name> (1-16, [a-za-z0-9 ]) <action> block pass <interface> <direct mode> in out in/out <protocol> ip IP tcp TCP tcp-synonly TCP tcp-established TCP udp UDP tcpudp TCP UDP icmp ICMP ipv6-icmp ICMPv6 igmp IGMP ah AH esp ESP 0 255 <icmp type> 0 255 ICMP any <src IPaddress/prefixlen> IP <src port range> 0 65535 <dst IPaddress/prefixlen> IP <dst port range> 0 65535 <state> enable disable <ttl> 5 999999 normal <log mode> on off <priority> top 66
<base name> enable disable bottom above below / protocol tcp-synonly action block protocol tcp-established action pass 512 IP IP ::/0 state enable action pass direction out state-ttl normal TTL port 53 15 180 protocol ipv6-icmp icmp-type ICMP filter6 IPv6 protocol any icmp-type any src ::/0 srcport 0-65535 dst ::/0 dstport 0-65535 state disable state-ttl normal logging on priority bottom enable 8.7 IPv6 filter6 modify <filter name> [action <action>] [interface <interface>] [direction <direct mode>] [protocol <protocol>] [icmp-type <icmp type>] [src <src IPaddress/prefixlen>] [srcport <src port range>] 67
[dst <dst IPaddress/prefixlen>] [dstport <dst port range>] [state <state>] [state-ttl <ttl>] [logging <log mode>] [enable disable] [ ] filter6 move filter6 IPv6 8.8 IPv6 filter6 delete <filter name>... filter6 delete all [ ] <filter name> all all filter6 IPv6 8.9 IPv6 / filter6 { enable disable } <filter name>... filter6 { enable disable } all [ ] enable disable <filter name> all all / filter6 IPv6 68
8.10 IPv6 filter6 move <filter name> { top bottom } filter6 move <filter name> { above below } <base name> [ ] <filter name> <base name> top bottom above below filter6 IPv6 69
9 NAT 9.1 NAT nat static add <private IPaddress> <global IPaddress> [interface <interface-name>] [ ] <private IPaddress> NAT IP () <global IPaddress> IP IP () <interface-name> NAT IP IP NAT 256 interface lan1 9.2 NAT nat static delete <private IPaddress> <global IPaddress> interface <interface-name> nat static delete all [ ] <private IPaddress> NAT IP <global IPaddress> IP IP <interface-name> NAT all NAT NAT all NAT 9.3 NAT IP () nat dynamic add private <private IPaddress> [interface <interface-name>] [ ] <private IPaddress> NAT IP ( ) <interface-name> NAT 70
NAT IP nat dynamic add global NAT 8 interface lan1 9.4 NAT IP () nat dynamic add global <global IPaddress> [interface <interface-name>] [ ] <global IPaddress> IP IP () <interface-name> NAT NAT IP IP NAT IP NAT 8 interface lan1 9.5 NAT IP () nat dynamic delete private <private IPaddress> interface <interface-name> [ ] <private IPaddress> NAT IP () <interface-name> NAT IP NAT 9.6 NAT IP () nat dynamic delete global <global IPaddress> interface <interface-name> [ ] <global IPaddress> IP IP () <interface-name> NAT IP NAT IP 71
IP 9.7 NAT nat dynamic delete all [ ] all NAT NAT 9.8 NAPT IP () nat napt add private <private IPaddress> [interface <interface-name>] [ ] <private IPaddress > NAPT IP () <interface-name> NAT NAPT IP 8 interface lan1 9.9 NAPT IP nat napt add global <global IPaddress> [interface <interface-name>] [ ] <global IPaddress> NAPT IP IP <interface-name> NAT NAPT IP interface lan1 9.10 NAPT IP () nat napt delete private <private IPaddress> interface <interface-name> nat napt delete private all 72
[ ] <private IPaddress> NAPT IP () <interface-name> NAT all NAPT IP IP NAPT IP 9.11 NAPT IP nat napt delete global <global IPaddress> interface <interface-name> nat napt delete global all [ ] <global IPaddress> NAPT IP IP <interface-name> NAT all NAPT IP IP IP NAPT IP IP 9.12 NAPT nat napt delete all [ ] all NAPT NAPT 9.13 NAPT nat snapt add protocol <protocol> listen <listen port> [interface <interface-name>] forward <forward IPaddress> <forward port> [enable disable] nat snapt add default <forward IPaddress> [interface <interface-name>] [ ] <protocol> tcp TCP udp UDP tcpudp TCP, UDP <listen port> 1 65535 IP IP 73
default NAPT <interface-name> NAT <forward IPaddress> IP <forward port> 1 65535 IP enable disable IP IP default IP 256 nat napt add global interface lan1 9.14 NAPT nat snapt delete protocol <protocol> listen <listen port> interface <interface-name> nat snapt delete all interface <interface-name> nat snapt delete default [ ] <protocol> tcp TCP udp UDP tcpudp TCP, UDP <listen port> 1 65535 IP IP default NAPT <interface-name> NAT all NAPT NAPT <protocol> <listen port> 74
9.15 NAPT / nat snapt { enable disable } protocol <protocol> listen <listen port> [ ] enable disable <protocol> tcp TCP udp UDP tcpudp TCP, UDP <listen port> 1 65535 IP NAPT / 9.16 SIP nat proxy sip add port <port> [protocol <protocol>] [ ] <port> 1 65535 SIP <protocol> tcp TCP udp UDP tcpudp TCP, UDP SIP SIP SIP NAT 4 port 5060 protocol tcpudp 9.17 SIP nat proxy sip delete port <port> [protocol <protocol>] nat proxy sip delete all [ ] <port> 1 65535 SIP <protocol> tcp TCP udp UDP tcpudp TCP, UDP 75
all SIP 9.18 NAT nat timeout <time> [ ] <time> 5 999999 ( ) IP IP IP () 900( ) 9.19 NAT nat timeout dynamic { <time> system-default } [ ] <time> 5 999999 ( ) system-default nat timeout <time> NAT IP IP () nat timeout <time> 9.20 NAT nat timeout protocol <protocol> { <time> system-default } [ ] <protocol> tcp-synonly TCP tcp-established TCP udp UDP icmp ICMP <time> 5 999999 ( ) system-default nat timeout <time> IP IP IP ( ) tcp-synonly: nat timeout <time> 76
tcp-established: nat timeout <time> udp: nat timeout <time> icmp: nat timeout <time> 9.21 NAT nat logging { on off } [ ] on NAT off NAT NAT off 9.22 Reflection NAT nat reflect add interface <interface-name> [ ] <interface-name> Reflection NAT NAT Reflection NAT Reflection NAT 8 NAT NAPT 9.23 Reflection NAT nat reflect delete interface <interface-name> nat reflect delete interface all [ ] <interface-name> Reflection NAT all Reflection NAT NAT, NAPT 9.24 UPnP / 77
nat upnp { on off } [ ] on UPnP off UPnP UPnP / UPnP NAPT Windows Messenger off 9.25 UPnP nat upnp interface <interface> [ ] <interface> LAN PPPoE UPnP NAPT 1 lan1 pppoe0 UPnP NAPT nat upnp interface pppoe0 78
10 IPsec 10.1 ipsec security-association proposal add <SAP name> authentication-algorithm <auth algo>,... encryption-algorithm <enc algo>,... [lifetime-of-time { <time> system-default }] [pfs-group { <pfs-group> none }] [ ] <SAP name> (1-16, [a-za-z0-9 ]) <auth algo> AH <enc algo> ESP <time> IKE IPsec 1 99999999 <pfs-group> Diffie-Hellman system-default CS-SEIL-510/C lifetime-of-time 28800 pfs-group none IKE IPsec IKE 2 8 Diffie-Hellman modp768, modp1024, modp1536 AH hmac-md5, hmac-sha1 ESP 3des, des, blowfish, cast128, aes 32 ipsec IPv4 IPv6 lifetime-of-time d h m d h m 79
10.2 [ ] ipsec security-association proposal modify <SAP name> [authentication-algorithm <auth algo>[,<auth algo>...]] [encryption-algorithm <enc algo>[,<enc algo>...]] [lifetime-of-time { <time> system-default }] [pfs-group { <pfs-group> none }] ipsec IPv4 IPv6 IPsec/IKE IPsec/IKE 10.3 ipsec security-association proposal delete <SAP name>... ipsec security-association proposal delete all [ ] <SAP name> all ipsec IPv4 IPv6 IPsec/IKE IPsec/IKE 10.4 ipsec security-association add <SA name> { { tunnel transport } { <start IPaddress> <end IPaddress> <start Interface> <end IPaddress> dynamic auto } tunnel-interface <ipsec Interface> } [to-auth { none ah <spi> <ah auth algorithm> <auth keyphrase> }] [to-encap { esp <spi> <esp algorithm> <esp keyphrase> esp-auth <spi> <esp algorithm> <esp keyphrase> <auth algorithm> <auth keyphrase> }] 80