gaia-commands

In Check Point GAiA system, all commands can be viewed using command "show commands". The command need to be executed on clish mode.

Syntax:

show commands

Example:

CheckPoint-GAiA> show commands
add aaa radius-servers priority VALUE host VALUE [ port VALUE ] prompt-secret timeout VALUE
add aaa radius-servers priority VALUE host VALUE [ port VALUE ] secret VALUE timeout VALUE
add aaa tacacs-servers priority VALUE server VALUE key VALUE timeout VALUE
add allowed-client host any-host
add allowed-client host ipv4-address VALUE
add allowed-client host ipv6-address VALUE
add allowed-client network ipv4-address VALUE mask-length VALUE
add allowed-client network ipv6-address VALUE mask-length VALUE
add arp proxy ipv4-address VALUE interface VALUE real-ipv4-address VALUE
add arp proxy ipv4-address VALUE macaddress VALUE real-ipv4-address VALUE
add arp static ipv4-address VALUE macaddress VALUE
add backup ftp ip VALUE path VALUE username VALUE [ password VALUE interactive ]
add backup local [ interactive ]
add backup management username VALUE [ password VALUE interactive ]
add backup scp ip VALUE path VALUE username VALUE [ password VALUE interactive ]
add backup tftp ip VALUE [ interactive ]
add backup-scheduled name VALUE ftp ip VALUE path VALUE username VALUE [ password VALUE ]
add backup-scheduled name VALUE local
add backup-scheduled name VALUE management username VALUE [ password VALUE ]
add backup-scheduled name VALUE scp ip VALUE path VALUE username VALUE [ password VALUE ]
add backup-scheduled name VALUE tftp ip VALUE
add bonding group VALUE interface VALUE
add bridging group VALUE fail-open-interfaces VALUE
add bridging group VALUE interface VALUE
add cloning-group shared-feature VALUE
add command VALUE path VALUE description VALUE
add cron job VALUE command VALUE recurrence daily time VALUE
add cron job VALUE command VALUE recurrence monthly month VALUE days VALUE time VALUE
add cron job VALUE command VALUE recurrence system-startup
add cron job VALUE command VALUE recurrence weekly days VALUE time VALUE
add dhcp client interface VALUE
add dhcp server subnet VALUE exclude-ip-pool start VALUE end VALUE
add dhcp server subnet VALUE include-ip-pool start VALUE end VALUE
add dhcp server subnet VALUE netmask VALUE
add group VALUE gid VALUE
add group VALUE member VALUE
add host name VALUE ipv4-address VALUE
add host name VALUE ipv6-address VALUE
add installer private_url VALUE
add instance VALUE
add interface VALUE 6in4 VALUE remote VALUE ttl VALUE
add interface VALUE alias VALUE
add interface VALUE loopback VALUE
add interface VALUE vlan VALUE
add mcvr vrid VALUE backup-address VALUE vmac-mode default-vmac
add mcvr vrid VALUE backup-address VALUE vmac-mode extended-vmac
add mcvr vrid VALUE backup-address VALUE vmac-mode interface-vmac
add mcvr vrid VALUE backup-address VALUE vmac-mode static-vmac [ static-mac VALUE ]
add mcvr vrid VALUE priority VALUE priority-delta VALUE [ hello-interval VALUE authtype VALUE password VALUE ]
add neighbor-entry ipv6-address VALUE macaddress VALUE interface VALUE
add netflow collector ip VALUE port VALUE [ srcaddr VALUE export-format VALUE enable VALUE ]
add pppoe client id VALUE interface VALUE user-name VALUE password VALUE use-peer-dns VALUE use-peer-as-default-gateway VALUE
add pppoe client id VALUE interface VALUE user-name VALUE password_hash VALUE use-peer-dns VALUE use-peer-as-default-gateway VALUE
add rba role VALUE domain-type VALUE { all-features }
add rba role VALUE domain-type VALUE { readonly-features VALUE readwrite-features VALUE }
add rba role VALUE virtual-system-access VALUE
add rba user VALUE access-mechanisms VALUE
add rba user VALUE roles VALUE
add snapshot VALUE desc VALUE
add snmp custom-trap VALUE oid VALUE operator VALUE threshold VALUE frequency VALUE message VALUE
add snmp interface VALUE
add snmp traps receiver VALUE version v1 community VALUE
add snmp traps receiver VALUE version v2 community VALUE
add snmp traps receiver VALUE version v3
add snmp usm user VALUE security-level authNoPriv auth-pass-phrase VALUE authentication-protocol VALUE
add snmp usm user VALUE security-level authNoPriv auth-pass-phrase VALUE authentication-protocol VALUE
add snmp usm user VALUE security-level authNoPriv auth-pass-phrase-hashed VALUE
add snmp usm user VALUE security-level authPriv auth-pass-phrase VALUE privacy-pass-phrase VALUE privacy-protocol VALUE authentication-protocol VALUE
add snmp usm user VALUE security-level authPriv auth-pass-phrase VALUE privacy-pass-phrase-hashed VALUE privacy-protocol VALUE authentication-protocol VALUE
add snmp usm user VALUE security-level authPriv auth-pass-phrase-hashed VALUE privacy-pass-phrase VALUE privacy-protocol VALUE authentication-protocol VALUE
add snmp usm user VALUE security-level authPriv auth-pass-phrase-hashed VALUE privacy-pass-phrase-hashed VALUE privacy-protocol VALUE authentication-protocol VALUE
add snmp usm user VALUE security-level authPriv privacy-pass-phrase VALUE
add syslog log-remote-address VALUE [ level VALUE ]
add tag name VALUE description VALUE
add upgrade VALUE package file VALUE
add user VALUE uid VALUE homedir VALUE
add virtual-system VALUE
add vpn tunnel VALUE type numbered local VALUE remote VALUE peer VALUE
add vpn tunnel VALUE type unnumbered peer VALUE dev VALUE
backup ftp ip VALUE path VALUE username VALUE [ password VALUE interactive ]
backup local [ interactive ]
backup management username VALUE [ password VALUE interactive ]
backup scp ip VALUE path VALUE username VALUE [ password VALUE interactive ]
backup tftp ip VALUE [ interactive ]
commit
delete aaa radius-servers NAS-IP
delete aaa radius-servers priority VALUE
delete aaa tacacs-servers priority VALUE
delete allowed-client host any-host
delete allowed-client host ipv4-address VALUE
delete allowed-client host ipv6-address VALUE
delete allowed-client network ipv4-address VALUE
delete allowed-client network ipv6-address VALUE
delete arp dynamic all
delete arp proxy ipv4-address VALUE
delete arp static ipv4-address VALUE
delete backup VALUE
delete backup-scheduled VALUE
delete bonding group VALUE force
delete bonding group VALUE interface VALUE
delete bridging group VALUE fail-open-interfaces VALUE
delete bridging group VALUE force
delete bridging group VALUE interface VALUE
delete cloning-group shared-feature VALUE
delete command VALUE
delete cron all
delete cron job VALUE
delete cron mailto
delete dhcp client interface VALUE
delete dhcp server subnet VALUE exclude-ip-pool VALUE
delete dhcp server subnet VALUE include-ip-pool VALUE
delete dns primary
delete dns secondary
delete dns suffix
delete dns tertiary
delete domainname
delete group VALUE member VALUE
delete host name VALUE ipv4
delete host name VALUE ipv6
delete instance VALUE
delete interface VALUE 6in4 VALUE force
delete interface VALUE alias VALUE
delete interface VALUE ipv4-address
delete interface VALUE ipv6-address
delete interface VALUE loopback VALUE
delete interface VALUE vlan VALUE force
delete mcvr old-mc-config
delete neighbor-entry ipv6-address VALUE interface VALUE
delete netflow collector for-ip VALUE for-port VALUE
delete ntp server VALUE
delete pppoe client id VALUE
delete proxy address
delete proxy all
delete proxy port
delete rba role VALUE virtual-system-access VALUE
delete rba role VALUE { readonly-features VALUE readwrite-features VALUE }
delete rba user VALUE access-mechanisms VALUE
delete rba user VALUE roles VALUE
delete snapshot VALUE
delete snmp clear-trap
delete snmp community VALUE
delete snmp contact
delete snmp custom-trap VALUE
delete snmp interface VALUE
delete snmp location
delete snmp traps coldStart-threshold
delete snmp traps polling-frequency
delete snmp traps receiver VALUE
delete snmp traps trap-user
delete snmp usm user VALUE
delete syslog log-remote-address VALUE [ level VALUE ]
delete tag name VALUE
delete upgrade VALUE
delete user VALUE
delete virtual-system VALUE
delete vpn tunnel VALUE
exit
expert
generate web ssl-certificate key-bits VALUE signature-algorithm VALUE
halt
help
history
installer download VALUE
installer install VALUE
installer restore_policy
installer start
installer stop
installer uninstall VALUE
installer upgrade VALUE
join cloning-group remote-ip VALUE
leave cloning-group
load configuration VALUE
lock database override
quit
re-synch cloning-group
reboot
restore backup ftp ip VALUE path VALUE file VALUE username VALUE [ password VALUE interactive ]
restore backup local VALUE [ interactive ]
restore backup management file VALUE username VALUE [ password VALUE interactive ]
restore backup scp ip VALUE path VALUE file VALUE username VALUE [ password VALUE interactive ]
restore backup tftp ip VALUE file VALUE [ interactive ]
revert database date VALUE time VALUE
revert database tag VALUE start
rollback
save clienv
save config
save configuration VALUE
set aaa radius-servers NAS-IP VALUE
set aaa radius-servers default-shell VALUE
set aaa radius-servers priority VALUE host VALUE
set aaa radius-servers priority VALUE new-priority VALUE
set aaa radius-servers priority VALUE port VALUE
set aaa radius-servers priority VALUE prompt-secret
set aaa radius-servers priority VALUE secret VALUE
set aaa radius-servers priority VALUE timeout VALUE
set aaa radius-servers super-user-uid VALUE
set aaa tacacs-servers priority VALUE key VALUE
set aaa tacacs-servers priority VALUE new-priority VALUE
set aaa tacacs-servers priority VALUE server VALUE
set aaa tacacs-servers priority VALUE timeout VALUE
set aaa tacacs-servers state VALUE
set aaa tacacs-servers user-uid VALUE
set aggregate VALUE aspath-truncate VALUE
set aggregate VALUE contributing-protocol VALUE contributing-route VALUE exact on
set aggregate VALUE contributing-protocol VALUE contributing-route VALUE off
set aggregate VALUE contributing-protocol VALUE contributing-route VALUE on
set aggregate VALUE contributing-protocol VALUE contributing-route VALUE refines on
set aggregate VALUE contributing-protocol VALUE off
set aggregate VALUE off
set aggregate VALUE rank VALUE
set aggregate VALUE weight VALUE
set arp announce VALUE
set arp table cache-size VALUE
set arp table validity-timeout VALUE
set as VALUE
set backup restore ftp ip VALUE path VALUE file VALUE username VALUE [ password VALUE interactive ]
set backup restore local VALUE [ interactive ]
set backup restore management file VALUE username VALUE [ password VALUE interactive ]
set backup restore scp ip VALUE path VALUE file VALUE username VALUE [ password VALUE interactive ]
set backup restore tftp ip VALUE file VALUE [ interactive ]
set backup-scheduled name VALUE recurrence daily time VALUE
set backup-scheduled name VALUE recurrence monthly month VALUE days VALUE time VALUE
set backup-scheduled name VALUE recurrence weekly days VALUE time VALUE
set bgp cluster-id VALUE
set bgp communities VALUE
set bgp confederation aspath-loops-permitted VALUE
set bgp confederation identifier VALUE
set bgp confederation member-as VALUE description VALUE
set bgp confederation member-as VALUE interface VALUE off
set bgp confederation member-as VALUE interface VALUE on
set bgp confederation member-as VALUE local-address VALUE off
set bgp confederation member-as VALUE local-address VALUE on
set bgp confederation member-as VALUE med VALUE
set bgp confederation member-as VALUE nexthop-self VALUE
set bgp confederation member-as VALUE off
set bgp confederation member-as VALUE on
set bgp confederation member-as VALUE outdelay VALUE
set bgp confederation member-as VALUE peer VALUE [ comment VALUE ]
set bgp confederation member-as VALUE peer VALUE [ peer-type VALUE ] on
set bgp confederation member-as VALUE peer VALUE accept-routes VALUE
set bgp confederation member-as VALUE peer VALUE authtype md5 secret VALUE
set bgp confederation member-as VALUE peer VALUE authtype none
set bgp confederation member-as VALUE peer VALUE capability default
set bgp confederation member-as VALUE peer VALUE capability ipv4-unicast VALUE
set bgp confederation member-as VALUE peer VALUE capability ipv6-unicast VALUE
set bgp confederation member-as VALUE peer VALUE graceful-restart off
set bgp confederation member-as VALUE peer VALUE graceful-restart on
set bgp confederation member-as VALUE peer VALUE graceful-restart-stalepath-time VALUE default
set bgp confederation member-as VALUE peer VALUE holdtime VALUE
set bgp confederation member-as VALUE peer VALUE ignore-first-ashop VALUE
set bgp confederation member-as VALUE peer VALUE keepalive VALUE
set bgp confederation member-as VALUE peer VALUE local-address VALUE off
set bgp confederation member-as VALUE peer VALUE local-address VALUE on
set bgp confederation member-as VALUE peer VALUE log-state-transitions VALUE
set bgp confederation member-as VALUE peer VALUE log-warnings VALUE
set bgp confederation member-as VALUE peer VALUE no-aggregator-id VALUE
set bgp confederation member-as VALUE peer VALUE off
set bgp confederation member-as VALUE peer VALUE on
set bgp confederation member-as VALUE peer VALUE outgoing-interface VALUE [ peer-type VALUE ] on
set bgp confederation member-as VALUE peer VALUE passive-tcp VALUE
set bgp confederation member-as VALUE peer VALUE route-refresh off
set bgp confederation member-as VALUE peer VALUE route-refresh on
set bgp confederation member-as VALUE peer VALUE send-keepalives VALUE
set bgp confederation member-as VALUE peer VALUE send-route-refresh request all unicast
set bgp confederation member-as VALUE peer VALUE send-route-refresh request ipv4 unicast
set bgp confederation member-as VALUE peer VALUE send-route-refresh request ipv6 unicast
set bgp confederation member-as VALUE peer VALUE send-route-refresh route-update all unicast
set bgp confederation member-as VALUE peer VALUE send-route-refresh route-update ipv4 unicast
set bgp confederation member-as VALUE peer VALUE send-route-refresh route-update ipv6 unicast
set bgp confederation member-as VALUE peer VALUE throttle-count VALUE
set bgp confederation member-as VALUE peer VALUE trace VALUE off
set bgp confederation member-as VALUE peer VALUE trace VALUE on
set bgp confederation member-as VALUE peer VALUE weight VALUE
set bgp confederation member-as VALUE protocol VALUE off
set bgp confederation member-as VALUE protocol VALUE on
set bgp dampening keep-history VALUE
set bgp dampening max-flap VALUE
set bgp dampening off
set bgp dampening on
set bgp dampening reachable-decay VALUE
set bgp dampening reuse-below VALUE
set bgp dampening suppress-above VALUE
set bgp dampening unreachable-decay VALUE
set bgp default-med VALUE
set bgp default-route-gateway VALUE
set bgp ecmp VALUE
set bgp external remote-as VALUE description VALUE
set bgp external remote-as VALUE export-routemap VALUE off
set bgp external remote-as VALUE export-routemap VALUE preference VALUE [ family VALUE ] on
set bgp external remote-as VALUE import-routemap VALUE off
set bgp external remote-as VALUE import-routemap VALUE preference VALUE [ family VALUE ] on
set bgp external remote-as VALUE local-address VALUE off
set bgp external remote-as VALUE local-address VALUE on
set bgp external remote-as VALUE off
set bgp external remote-as VALUE on
set bgp external remote-as VALUE outdelay VALUE
set bgp external remote-as VALUE peer VALUE [ comment VALUE ]
set bgp external remote-as VALUE peer VALUE accept-med VALUE
set bgp external remote-as VALUE peer VALUE accept-routes VALUE
set bgp external remote-as VALUE peer VALUE aspath-prepend-count VALUE
set bgp external remote-as VALUE peer VALUE authtype md5 secret VALUE
set bgp external remote-as VALUE peer VALUE authtype none
set bgp external remote-as VALUE peer VALUE capability default
set bgp external remote-as VALUE peer VALUE capability ipv4-unicast VALUE
set bgp external remote-as VALUE peer VALUE capability ipv6-unicast VALUE
set bgp external remote-as VALUE peer VALUE graceful-restart off
set bgp external remote-as VALUE peer VALUE graceful-restart on
set bgp external remote-as VALUE peer VALUE graceful-restart-stalepath-time VALUE default
set bgp external remote-as VALUE peer VALUE holdtime VALUE
set bgp external remote-as VALUE peer VALUE ignore-first-ashop VALUE
set bgp external remote-as VALUE peer VALUE keepalive VALUE
set bgp external remote-as VALUE peer VALUE local-address VALUE off
set bgp external remote-as VALUE peer VALUE local-address VALUE on
set bgp external remote-as VALUE peer VALUE log-state-transitions VALUE
set bgp external remote-as VALUE peer VALUE log-warnings VALUE
set bgp external remote-as VALUE peer VALUE med-out VALUE
set bgp external remote-as VALUE peer VALUE multihop VALUE
set bgp external remote-as VALUE peer VALUE no-aggregator-id VALUE
set bgp external remote-as VALUE peer VALUE off
set bgp external remote-as VALUE peer VALUE on
set bgp external remote-as VALUE peer VALUE outgoing-interface VALUE on
set bgp external remote-as VALUE peer VALUE passive-tcp VALUE
set bgp external remote-as VALUE peer VALUE ping VALUE off
set bgp external remote-as VALUE peer VALUE removeprivateas VALUE
set bgp external remote-as VALUE peer VALUE route-refresh off
set bgp external remote-as VALUE peer VALUE route-refresh on
set bgp external remote-as VALUE peer VALUE send-keepalives VALUE
set bgp external remote-as VALUE peer VALUE send-route-refresh request all unicast
set bgp external remote-as VALUE peer VALUE send-route-refresh request ipv4 unicast
set bgp external remote-as VALUE peer VALUE send-route-refresh request ipv6 unicast
set bgp external remote-as VALUE peer VALUE send-route-refresh route-update all unicast
set bgp external remote-as VALUE peer VALUE send-route-refresh route-update ipv4 unicast
set bgp external remote-as VALUE peer VALUE send-route-refresh route-update ipv6 unicast
set bgp external remote-as VALUE peer VALUE suppress-default-originate VALUE
set bgp external remote-as VALUE peer VALUE throttle-count VALUE
set bgp external remote-as VALUE peer VALUE trace VALUE off
set bgp external remote-as VALUE peer VALUE trace VALUE on
set bgp external remote-as VALUE peer VALUE ttl VALUE
set bgp graceful-restart restart-time VALUE default
set bgp graceful-restart selection-deferral-time VALUE default
set bgp internal description VALUE
set bgp internal export-routemap VALUE off
set bgp internal export-routemap VALUE preference VALUE [ family VALUE ] on
set bgp internal import-routemap VALUE off
set bgp internal import-routemap VALUE preference VALUE [ family VALUE ] on
set bgp internal interface VALUE off
set bgp internal interface VALUE on
set bgp internal local-address VALUE off
set bgp internal local-address VALUE on
set bgp internal med VALUE
set bgp internal nexthop-self VALUE
set bgp internal off
set bgp internal on
set bgp internal outdelay VALUE
set bgp internal peer VALUE [ comment VALUE ]
set bgp internal peer VALUE [ peer-type VALUE ] on
set bgp internal peer VALUE accept-routes VALUE
set bgp internal peer VALUE authtype md5 secret VALUE
set bgp internal peer VALUE authtype none
set bgp internal peer VALUE capability default
set bgp internal peer VALUE capability ipv4-unicast VALUE
set bgp internal peer VALUE capability ipv6-unicast VALUE
set bgp internal peer VALUE graceful-restart off
set bgp internal peer VALUE graceful-restart on
set bgp internal peer VALUE graceful-restart-stalepath-time VALUE default
set bgp internal peer VALUE holdtime VALUE
set bgp internal peer VALUE ignore-first-ashop VALUE
set bgp internal peer VALUE keepalive VALUE
set bgp internal peer VALUE local-address VALUE off
set bgp internal peer VALUE local-address VALUE on
set bgp internal peer VALUE log-state-transitions VALUE
set bgp internal peer VALUE log-warnings VALUE
set bgp internal peer VALUE no-aggregator-id VALUE
set bgp internal peer VALUE off
set bgp internal peer VALUE outgoing-interface VALUE [ peer-type VALUE ] on
set bgp internal peer VALUE passive-tcp VALUE
set bgp internal peer VALUE ping VALUE off
set bgp internal peer VALUE route-refresh off
set bgp internal peer VALUE route-refresh on
set bgp internal peer VALUE send-keepalives VALUE
set bgp internal peer VALUE send-route-refresh request all unicast
set bgp internal peer VALUE send-route-refresh request ipv4 unicast
set bgp internal peer VALUE send-route-refresh request ipv6 unicast
set bgp internal peer VALUE send-route-refresh route-update all unicast
set bgp internal peer VALUE send-route-refresh route-update ipv4 unicast
set bgp internal peer VALUE send-route-refresh route-update ipv6 unicast
set bgp internal peer VALUE throttle-count VALUE
set bgp internal peer VALUE trace VALUE off
set bgp internal peer VALUE trace VALUE on
set bgp internal peer VALUE weight VALUE
set bgp internal protocol VALUE off
set bgp internal protocol VALUE on
set bgp ping count VALUE
set bgp ping interval VALUE
set bgp routing-domain aspath-loops-permitted VALUE
set bgp routing-domain identifier VALUE
set bgp synchronization VALUE
set bonding group VALUE { primary VALUE mii-interval VALUE up-delay VALUE down-delay VALUE mode VALUE lacp-rate VALUE }
set bonding group VALUE { primary VALUE mii-interval VALUE up-delay VALUE down-delay VALUE mode VALUE xmit-hash-policy VALUE }
set bootp interface VALUE maxhopcount VALUE
set bootp interface VALUE off
set bootp interface VALUE on
set bootp interface VALUE primary VALUE wait-time VALUE on
set bootp interface VALUE relay-to VALUE off
set bootp interface VALUE relay-to VALUE on
set clienv config-lock VALUE
set clienv debug VALUE
set clienv echo-cmd VALUE
set clienv on-failure VALUE
set clienv output VALUE
set clienv prompt VALUE
set clienv rows VALUE
set clienv syntax-check VALUE
set cloning-group local-ip VALUE
set cloning-group mode VALUE
set cloning-group name VALUE
set cloning-group password
set cloning-group state VALUE
set config-lock off
set config-lock on [ timeout VALUE override ]
set core-dump disable
set core-dump enable
set core-dump per_process VALUE
set core-dump total VALUE
set cron job VALUE command VALUE
set cron job VALUE recurrence daily time VALUE
set cron job VALUE recurrence monthly month VALUE days VALUE time VALUE
set cron job VALUE recurrence system-startup
set cron job VALUE recurrence weekly days VALUE time VALUE
set cron mailto VALUE
set date VALUE
set dhcp client hostname VALUE
set dhcp client interface VALUE leasetime VALUE
set dhcp client interface VALUE reboot VALUE
set dhcp client interface VALUE retry VALUE
set dhcp client interface VALUE timeout VALUE
set dhcp server disable
set dhcp server enable
set dhcp server subnet VALUE default-gateway VALUE
set dhcp server subnet VALUE default-lease VALUE
set dhcp server subnet VALUE disable
set dhcp server subnet VALUE dns VALUE
set dhcp server subnet VALUE domain VALUE
set dhcp server subnet VALUE enable
set dhcp server subnet VALUE exclude-ip-pool VALUE disable
set dhcp server subnet VALUE exclude-ip-pool VALUE enable
set dhcp server subnet VALUE include-ip-pool VALUE disable
set dhcp server subnet VALUE include-ip-pool VALUE enable
set dhcp server subnet VALUE max-lease VALUE
set dns primary VALUE
set dns secondary VALUE
set dns suffix VALUE
set dns tertiary VALUE
set domainname VALUE
set edition VALUE
set expert-password
set expert-password-hash VALUE
set fcd revert VALUE
set format date dd-mmm-yyyy
set format date dd/mm/yyyy
set format date mm/dd/yyyy
set format date yyyy/mm/dd
set format netmask dotted
set format netmask length
set format time 12-hour
set format time 24-hour
set group VALUE gid VALUE
set host name VALUE ipv4-address VALUE
set host name VALUE ipv6-address VALUE
set hostname VALUE
set igmp interface VALUE last-member-query-interval VALUE
set igmp interface VALUE local-group VALUE off
set igmp interface VALUE local-group VALUE on
set igmp interface VALUE loss-robustness VALUE
set igmp interface VALUE off
set igmp interface VALUE query-interval VALUE
set igmp interface VALUE query-response-interval VALUE
set igmp interface VALUE router-alert VALUE
set igmp interface VALUE static-group VALUE off
set igmp interface VALUE static-group VALUE on
set igmp interface VALUE version VALUE
set inactivity-timeout VALUE
set installer deployment-mail-notification VALUE available_packages false
set installer deployment-mail-notification VALUE available_packages true
set installer deployment-mail-notification VALUE download_status false
set installer deployment-mail-notification VALUE download_status true
set installer deployment-mail-notification VALUE install_status false
set installer deployment-mail-notification VALUE install_status true
set installer download_mode automatic
set installer download_mode manual
set installer download_mode schedule daily VALUE
set installer download_mode schedule monthly VALUE
set installer download_mode schedule singular VALUE
set installer download_mode schedule weekly Friday VALUE
set installer download_mode schedule weekly Monday VALUE
set installer download_mode schedule weekly Saturday VALUE
set installer download_mode schedule weekly Sunday VALUE
set installer download_mode schedule weekly Thursday VALUE
set installer download_mode schedule weekly Tuesday VALUE
set installer download_mode schedule weekly Wednesday VALUE
set installer install_mode automatic
set installer install_mode manual
set installer install_mode schedule daily VALUE
set installer install_mode schedule monthly VALUE
set installer install_mode schedule singular VALUE
set installer install_mode schedule weekly Friday VALUE
set installer install_mode schedule weekly Monday VALUE
set installer install_mode schedule weekly Saturday VALUE
set installer install_mode schedule weekly Sunday VALUE
set installer install_mode schedule weekly Thursday VALUE
set installer install_mode schedule weekly Tuesday VALUE
set installer install_mode schedule weekly Wednesday VALUE
set instance VALUE aggregate VALUE aspath-truncate VALUE
set instance VALUE aggregate VALUE contributing-protocol VALUE contributing-route VALUE exact on
set instance VALUE aggregate VALUE contributing-protocol VALUE contributing-route VALUE off
set instance VALUE aggregate VALUE contributing-protocol VALUE contributing-route VALUE on
set instance VALUE aggregate VALUE contributing-protocol VALUE contributing-route VALUE refines on
set instance VALUE aggregate VALUE contributing-protocol VALUE off
set instance VALUE aggregate VALUE off
set instance VALUE aggregate VALUE rank VALUE
set instance VALUE aggregate VALUE weight VALUE
set instance VALUE ipv6 aggregate VALUE contributing-protocol VALUE contributing-route VALUE off
set instance VALUE ipv6 aggregate VALUE contributing-protocol VALUE contributing-route VALUE on
set instance VALUE ipv6 aggregate VALUE contributing-protocol VALUE off
set instance VALUE ipv6 aggregate VALUE off
set instance VALUE ipv6 ospf3 area VALUE off
set instance VALUE ipv6 ospf3 area VALUE on
set instance VALUE ipv6 ospf3 area VALUE range VALUE off
set instance VALUE ipv6 ospf3 area VALUE range VALUE on
set instance VALUE ipv6 ospf3 area VALUE range VALUE restrict VALUE
set instance VALUE ipv6 ospf3 area VALUE stub default-cost VALUE
set instance VALUE ipv6 ospf3 area VALUE stub off
set instance VALUE ipv6 ospf3 area VALUE stub on
set instance VALUE ipv6 ospf3 area VALUE stub summary off
set instance VALUE ipv6 ospf3 area VALUE stub summary on
set instance VALUE ipv6 ospf3 area VALUE stub-network VALUE off
set instance VALUE ipv6 ospf3 area VALUE stub-network VALUE on
set instance VALUE ipv6 ospf3 area VALUE stub-network VALUE stub-network-cost VALUE
set instance VALUE ipv6 ospf3 default-ase-cost VALUE
set instance VALUE ipv6 ospf3 default-ase-type VALUE
set instance VALUE ipv6 ospf3 export-routemap VALUE off
set instance VALUE ipv6 ospf3 export-routemap VALUE preference VALUE on
set instance VALUE ipv6 ospf3 import-routemap VALUE off
set instance VALUE ipv6 ospf3 import-routemap VALUE preference VALUE on
set instance VALUE ipv6 ospf3 interface VALUE area VALUE off
set instance VALUE ipv6 ospf3 interface VALUE area VALUE on
set instance VALUE ipv6 ospf3 interface VALUE cost VALUE
set instance VALUE ipv6 ospf3 interface VALUE dead-interval VALUE
set instance VALUE ipv6 ospf3 interface VALUE hello-interval VALUE
set instance VALUE ipv6 ospf3 interface VALUE passive VALUE
set instance VALUE ipv6 ospf3 interface VALUE priority VALUE
set instance VALUE ipv6 ospf3 interface VALUE retransmit-interval VALUE
set instance VALUE ipv6 ospf3 spf-delay VALUE
set instance VALUE ipv6 ospf3 spf-holdtime VALUE
set instance VALUE ipv6 rdisc6 interface VALUE address VALUE autonomous VALUE
set instance VALUE ipv6 rdisc6 interface VALUE address VALUE on-link VALUE
set instance VALUE ipv6 rdisc6 interface VALUE address VALUE prefix-pref-lifetime VALUE
set instance VALUE ipv6 rdisc6 interface VALUE address VALUE prefix-valid-lifetime VALUE
set instance VALUE ipv6 rdisc6 interface VALUE dnshost VALUE dnshost-lifetime VALUE
set instance VALUE ipv6 rdisc6 interface VALUE dnshost VALUE off
set instance VALUE ipv6 rdisc6 interface VALUE dnshost VALUE on
set instance VALUE ipv6 rdisc6 interface VALUE dnsserver VALUE dnsserver-lifetime VALUE
set instance VALUE ipv6 rdisc6 interface VALUE dnsserver VALUE off
set instance VALUE ipv6 rdisc6 interface VALUE dnsserver VALUE on
set instance VALUE ipv6 rdisc6 interface VALUE hop-limit VALUE
set instance VALUE ipv6 rdisc6 interface VALUE managed-config VALUE
set instance VALUE ipv6 rdisc6 interface VALUE max-adv-interval VALUE
set instance VALUE ipv6 rdisc6 interface VALUE min-adv-interval VALUE
set instance VALUE ipv6 rdisc6 interface VALUE off
set instance VALUE ipv6 rdisc6 interface VALUE on
set instance VALUE ipv6 rdisc6 interface VALUE other-config VALUE
set instance VALUE ipv6 rdisc6 interface VALUE reachable-time VALUE
set instance VALUE ipv6 rdisc6 interface VALUE retransmit-timer VALUE
set instance VALUE ipv6 rdisc6 interface VALUE router-lifetime VALUE
set instance VALUE ipv6 rdisc6 interface VALUE send-mtu VALUE
set instance VALUE ipv6 static-route VALUE comment VALUE
set instance VALUE ipv6 static-route VALUE nexthop blackhole
set instance VALUE ipv6 static-route VALUE nexthop gateway VALUE [ priority VALUE ] on
set instance VALUE ipv6 static-route VALUE nexthop gateway VALUE interface VALUE [ priority VALUE ] on
set instance VALUE ipv6 static-route VALUE nexthop gateway VALUE interface VALUE off
set instance VALUE ipv6 static-route VALUE nexthop gateway VALUE off
set instance VALUE ipv6 static-route VALUE nexthop reject
set instance VALUE ipv6 static-route VALUE off
set instance VALUE ipv6 static-route VALUE ping6 off
set instance VALUE ipv6 static-route VALUE ping6 on
set instance VALUE kernel-routes VALUE
set instance VALUE max-path-splits VALUE
set instance VALUE ospf area VALUE nssa default-cost VALUE
set instance VALUE ospf area VALUE nssa default-metric-type VALUE
set instance VALUE ospf area VALUE nssa import-summary-routes off
set instance VALUE ospf area VALUE nssa import-summary-routes on
set instance VALUE ospf area VALUE nssa off
set instance VALUE ospf area VALUE nssa on
set instance VALUE ospf area VALUE nssa range VALUE off
set instance VALUE ospf area VALUE nssa range VALUE on
set instance VALUE ospf area VALUE nssa range VALUE restrict VALUE off
set instance VALUE ospf area VALUE nssa range VALUE restrict VALUE on
set instance VALUE ospf area VALUE nssa redistribution off
set instance VALUE ospf area VALUE nssa redistribution on
set instance VALUE ospf area VALUE nssa translator-role VALUE
set instance VALUE ospf area VALUE nssa translator-stability-interval VALUE
set instance VALUE ospf area VALUE off
set instance VALUE ospf area VALUE on
set instance VALUE ospf area VALUE range VALUE off
set instance VALUE ospf area VALUE range VALUE on
set instance VALUE ospf area VALUE range VALUE restrict VALUE off
set instance VALUE ospf area VALUE range VALUE restrict VALUE on
set instance VALUE ospf area VALUE stub default-cost VALUE
set instance VALUE ospf area VALUE stub off
set instance VALUE ospf area VALUE stub on
set instance VALUE ospf area VALUE stub summary off
set instance VALUE ospf area VALUE stub summary on
set instance VALUE ospf area VALUE stub-network VALUE off
set instance VALUE ospf area VALUE stub-network VALUE on
set instance VALUE ospf area VALUE stub-network VALUE stub-network-cost VALUE
set instance VALUE ospf area VALUE virtual-link VALUE transit-area VALUE authtype md5 key VALUE off
set instance VALUE ospf area VALUE virtual-link VALUE transit-area VALUE authtype md5 key VALUE secret VALUE
set instance VALUE ospf area VALUE virtual-link VALUE transit-area VALUE authtype none
set instance VALUE ospf area VALUE virtual-link VALUE transit-area VALUE authtype simple VALUE
set instance VALUE ospf area VALUE virtual-link VALUE transit-area VALUE dead-interval VALUE
set instance VALUE ospf area VALUE virtual-link VALUE transit-area VALUE hello-interval VALUE
set instance VALUE ospf area VALUE virtual-link VALUE transit-area VALUE off
set instance VALUE ospf area VALUE virtual-link VALUE transit-area VALUE on
set instance VALUE ospf area VALUE virtual-link VALUE transit-area VALUE retransmit-interval VALUE
set instance VALUE ospf default-ase-cost VALUE
set instance VALUE ospf default-ase-type VALUE
set instance VALUE ospf export-routemap VALUE off
set instance VALUE ospf export-routemap VALUE preference VALUE on
set instance VALUE ospf graceful-restart grace-period VALUE
set instance VALUE ospf graceful-restart off
set instance VALUE ospf graceful-restart on
set instance VALUE ospf graceful-restart-helper off
set instance VALUE ospf graceful-restart-helper on
set instance VALUE ospf import-routemap VALUE off
set instance VALUE ospf import-routemap VALUE preference VALUE on
set instance VALUE ospf interface VALUE area VALUE off
set instance VALUE ospf interface VALUE area VALUE on
set instance VALUE ospf interface VALUE authtype md5 key VALUE off
set instance VALUE ospf interface VALUE authtype md5 key VALUE secret VALUE
set instance VALUE ospf interface VALUE authtype none
set instance VALUE ospf interface VALUE authtype simple VALUE
set instance VALUE ospf interface VALUE cost VALUE
set instance VALUE ospf interface VALUE dead-interval VALUE
set instance VALUE ospf interface VALUE hello-interval VALUE
set instance VALUE ospf interface VALUE passive VALUE off
set instance VALUE ospf interface VALUE passive VALUE on
set instance VALUE ospf interface VALUE priority VALUE
set instance VALUE ospf interface VALUE retransmit-interval VALUE
set instance VALUE ospf interface VALUE subtract-authlen VALUE
set instance VALUE ospf interface VALUE virtual-address off
set instance VALUE ospf interface VALUE virtual-address on
set instance VALUE ospf rfc1583-compatibility VALUE off
set instance VALUE ospf rfc1583-compatibility VALUE on
set instance VALUE ospf spf-delay VALUE
set instance VALUE ospf spf-holdtime VALUE
set instance VALUE protocol-rank protocol VALUE rank VALUE
set instance VALUE routemap VALUE id VALUE action aspath-prepend-count VALUE
set instance VALUE routemap VALUE id VALUE action community VALUE as VALUE off
set instance VALUE routemap VALUE id VALUE action community VALUE as VALUE on
set instance VALUE routemap VALUE id VALUE action community VALUE off
set instance VALUE routemap VALUE id VALUE action community VALUE on
set instance VALUE routemap VALUE id VALUE action localpref VALUE
set instance VALUE routemap VALUE id VALUE action metric add VALUE
set instance VALUE routemap VALUE id VALUE action metric igp add VALUE
set instance VALUE routemap VALUE id VALUE action metric igp subtract VALUE
set instance VALUE routemap VALUE id VALUE action metric subtract VALUE
set instance VALUE routemap VALUE id VALUE action metric value VALUE
set instance VALUE routemap VALUE id VALUE action nexthop ip VALUE
set instance VALUE routemap VALUE id VALUE action nexthop ipv6 VALUE
set instance VALUE routemap VALUE id VALUE action ospfautomatictag VALUE
set instance VALUE routemap VALUE id VALUE action ospfmanualtag VALUE
set instance VALUE routemap VALUE id VALUE action precedence VALUE
set instance VALUE routemap VALUE id VALUE action preference VALUE
set instance VALUE routemap VALUE id VALUE action remove aspath-prepend-count
set instance VALUE routemap VALUE id VALUE action remove community
set instance VALUE routemap VALUE id VALUE action remove localpref
set instance VALUE routemap VALUE id VALUE action remove metric
set instance VALUE routemap VALUE id VALUE action remove nexthop ip
set instance VALUE routemap VALUE id VALUE action remove nexthop ipv6
set instance VALUE routemap VALUE id VALUE action remove ospfautomatictag
set instance VALUE routemap VALUE id VALUE action remove ospfmanualtag
set instance VALUE routemap VALUE id VALUE action remove precedence
set instance VALUE routemap VALUE id VALUE action remove preference
set instance VALUE routemap VALUE id VALUE action remove riptag
set instance VALUE routemap VALUE id VALUE action remove route-type
set instance VALUE routemap VALUE id VALUE action riptag VALUE
set instance VALUE routemap VALUE id VALUE action route-type VALUE
set instance VALUE routemap VALUE id VALUE allow
set instance VALUE routemap VALUE id VALUE inactive
set instance VALUE routemap VALUE id VALUE match as VALUE off
set instance VALUE routemap VALUE id VALUE match as VALUE on
set instance VALUE routemap VALUE id VALUE match aspath-regex VALUE origin VALUE
set instance VALUE routemap VALUE id VALUE match community VALUE as VALUE off
set instance VALUE routemap VALUE id VALUE match community VALUE as VALUE on
set instance VALUE routemap VALUE id VALUE match community VALUE off
set instance VALUE routemap VALUE id VALUE match community VALUE on
set instance VALUE routemap VALUE id VALUE match community-regex VALUE
set instance VALUE routemap VALUE id VALUE match ifaddress VALUE off
set instance VALUE routemap VALUE id VALUE match ifaddress VALUE on
set instance VALUE routemap VALUE id VALUE match interface VALUE off
set instance VALUE routemap VALUE id VALUE match interface VALUE on
set instance VALUE routemap VALUE id VALUE match metric value VALUE
set instance VALUE routemap VALUE id VALUE match neighbor VALUE off
set instance VALUE routemap VALUE id VALUE match neighbor VALUE on
set instance VALUE routemap VALUE id VALUE match network VALUE all [ restrict VALUE ]
set instance VALUE routemap VALUE id VALUE match network VALUE between VALUE and VALUE [ restrict VALUE ]
set instance VALUE routemap VALUE id VALUE match network VALUE exact [ restrict VALUE ]
set instance VALUE routemap VALUE id VALUE match network VALUE off
set instance VALUE routemap VALUE id VALUE match network VALUE refines [ restrict VALUE ]
set instance VALUE routemap VALUE id VALUE match nexthop VALUE off
set instance VALUE routemap VALUE id VALUE match nexthop VALUE on
set instance VALUE routemap VALUE id VALUE match protocol VALUE
set instance VALUE routemap VALUE id VALUE match remove as
set instance VALUE routemap VALUE id VALUE match remove aspath-regex
set instance VALUE routemap VALUE id VALUE match remove community
set instance VALUE routemap VALUE id VALUE match remove community-regex
set instance VALUE routemap VALUE id VALUE match remove ifaddress
set instance VALUE routemap VALUE id VALUE match remove interface
set instance VALUE routemap VALUE id VALUE match remove metric
set instance VALUE routemap VALUE id VALUE match remove neighbor
set instance VALUE routemap VALUE id VALUE match remove network
set instance VALUE routemap VALUE id VALUE match remove nexthop
set instance VALUE routemap VALUE id VALUE match remove protocol
set instance VALUE routemap VALUE id VALUE match remove route-type
set instance VALUE routemap VALUE id VALUE match remove tag
set instance VALUE routemap VALUE id VALUE match route-type VALUE off
set instance VALUE routemap VALUE id VALUE match route-type VALUE on
set instance VALUE routemap VALUE id VALUE match tag VALUE off
set instance VALUE routemap VALUE id VALUE match tag VALUE on
set instance VALUE routemap VALUE id VALUE off
set instance VALUE routemap VALUE id VALUE on
set instance VALUE routemap VALUE id VALUE restrict
set instance VALUE router-id VALUE
set instance VALUE static-route VALUE comment VALUE
set instance VALUE static-route VALUE nexthop blackhole
set instance VALUE static-route VALUE nexthop gateway address VALUE [ priority VALUE ] on
set instance VALUE static-route VALUE nexthop gateway address VALUE off
set instance VALUE static-route VALUE nexthop gateway logical VALUE [ priority VALUE ] on
set instance VALUE static-route VALUE nexthop gateway logical VALUE off
set instance VALUE static-route VALUE nexthop reject
set instance VALUE static-route VALUE off
set instance VALUE static-route VALUE ping off
set instance VALUE static-route VALUE ping on
set instance VALUE static-route VALUE rank VALUE
set instance VALUE static-route VALUE scopelocal off
set instance VALUE static-route VALUE scopelocal on
set instance VALUE trace bootp VALUE off
set instance VALUE trace bootp VALUE on
set instance VALUE trace ospf VALUE off
set instance VALUE trace ospf VALUE on
set instance VALUE trace ospf3 VALUE off
set instance VALUE trace vrrp6 VALUE off
set instance VALUE trace vrrp6 VALUE on
set instance VALUE tracefile maxnum VALUE
set instance VALUE tracefile size VALUE
set interface VALUE ipv4-address VALUE mask-length VALUE
set interface VALUE ipv4-address VALUE subnet-mask VALUE
set interface VALUE ipv6-address VALUE mask-length VALUE
set interface VALUE monitor-mode VALUE
set interface VALUE rx-ringsize VALUE
set interface VALUE tx-ringsize VALUE
set interface VALUE { comments VALUE mac-addr VALUE mtu VALUE state VALUE link-speed VALUE auto-negotiation VALUE }
set interface VALUE { ipv6-autoconfig VALUE }
set iphelper forward-nonlocal off
set iphelper forward-nonlocal on
set iphelper interface VALUE off
set iphelper interface VALUE udp-port VALUE off
set iphelper interface VALUE udp-port VALUE relay-to VALUE off
set iphelper interface VALUE udp-port VALUE relay-to VALUE on
set ipv6-state off
set ipv6-state on
set kernel-routes VALUE
set lcd access none
set lcd access restricted password VALUE
set lcd access unrestricted
set lcd backlight timeout VALUE
set lcd screensaver mode VALUE
set lcd screensaver timeout VALUE
set mail-notification server VALUE
set mail-notification username VALUE
set management interface VALUE
set max-path-splits VALUE
set mcvr vrid VALUE authtype VALUE password VALUE
set mcvr vrid VALUE backup-address VALUE vmac-mode default-vmac
set mcvr vrid VALUE backup-address VALUE vmac-mode extended-vmac
set mcvr vrid VALUE backup-address VALUE vmac-mode interface-vmac
set mcvr vrid VALUE backup-address VALUE vmac-mode static-vmac [ static-mac VALUE ]
set mcvr vrid VALUE hello-interval VALUE
set mcvr vrid VALUE monitor-vrrp VALUE
set mcvr vrid VALUE preempt-mode VALUE
set mcvr vrid VALUE priority VALUE
set message banner VALUE [ line msgvalue VALUE ]
set message banner VALUE [ msgvalue VALUE ]
set message caption VALUE
set message motd VALUE [ line msgvalue VALUE ]
set message motd VALUE [ msgvalue VALUE ]
set neighbor duplicate-detection retry VALUE
set neighbor duplicate-detection state VALUE
set neighbor multicast-limit VALUE
set neighbor queue-limit VALUE
set neighbor unicast-limit VALUE
set net-access telnet VALUE
set netflow collector for-ip VALUE for-port VALUE { ip VALUE port VALUE export-format VALUE srcaddr VALUE enable VALUE }
set netflow collector for-ip VALUE { ip VALUE port VALUE export-format VALUE srcaddr VALUE enable VALUE }
set netflow collector { ip VALUE port VALUE export-format VALUE srcaddr VALUE enable VALUE }
set ntp active VALUE
set ntp server primary VALUE version VALUE
set ntp server secondary VALUE version VALUE
set ospf area VALUE nssa default-cost VALUE
set ospf area VALUE nssa default-metric-type VALUE
set ospf area VALUE nssa import-summary-routes off
set ospf area VALUE nssa import-summary-routes on
set ospf area VALUE nssa off
set ospf area VALUE nssa on
set ospf area VALUE nssa range VALUE off
set ospf area VALUE nssa range VALUE on
set ospf area VALUE nssa range VALUE restrict VALUE off
set ospf area VALUE nssa range VALUE restrict VALUE on
set ospf area VALUE nssa redistribution off
set ospf area VALUE nssa redistribution on
set ospf area VALUE nssa translator-role VALUE
set ospf area VALUE nssa translator-stability-interval VALUE
set ospf area VALUE off
set ospf area VALUE on
set ospf area VALUE range VALUE off
set ospf area VALUE range VALUE on
set ospf area VALUE range VALUE restrict VALUE off
set ospf area VALUE range VALUE restrict VALUE on
set ospf area VALUE stub default-cost VALUE
set ospf area VALUE stub off
set ospf area VALUE stub on
set ospf area VALUE stub summary off
set ospf area VALUE stub summary on
set ospf area VALUE stub-network VALUE off
set ospf area VALUE stub-network VALUE on
set ospf area VALUE stub-network VALUE stub-network-cost VALUE
set ospf area VALUE virtual-link VALUE transit-area VALUE authtype md5 key VALUE off
set ospf area VALUE virtual-link VALUE transit-area VALUE authtype md5 key VALUE secret VALUE
set ospf area VALUE virtual-link VALUE transit-area VALUE authtype none
set ospf area VALUE virtual-link VALUE transit-area VALUE authtype simple VALUE
set ospf area VALUE virtual-link VALUE transit-area VALUE dead-interval VALUE
set ospf area VALUE virtual-link VALUE transit-area VALUE hello-interval VALUE
set ospf area VALUE virtual-link VALUE transit-area VALUE off
set ospf area VALUE virtual-link VALUE transit-area VALUE on
set ospf area VALUE virtual-link VALUE transit-area VALUE retransmit-interval VALUE
set ospf default-ase-cost VALUE
set ospf default-ase-type VALUE
set ospf export-routemap VALUE off
set ospf export-routemap VALUE preference VALUE on
set ospf graceful-restart grace-period VALUE
set ospf graceful-restart off
set ospf graceful-restart on
set ospf graceful-restart-helper VALUE off
set ospf graceful-restart-helper VALUE on
set ospf import-routemap VALUE off
set ospf import-routemap VALUE preference VALUE on
set ospf interface VALUE area VALUE off
set ospf interface VALUE area VALUE on
set ospf interface VALUE authtype md5 key VALUE off
set ospf interface VALUE authtype md5 key VALUE secret VALUE
set ospf interface VALUE authtype none
set ospf interface VALUE authtype simple VALUE
set ospf interface VALUE cost VALUE
set ospf interface VALUE dead-interval VALUE
set ospf interface VALUE hello-interval VALUE
set ospf interface VALUE passive VALUE off
set ospf interface VALUE passive VALUE on
set ospf interface VALUE priority VALUE
set ospf interface VALUE retransmit-interval VALUE
set ospf interface VALUE subtract-authlen VALUE
set ospf interface VALUE virtual-address VALUE off
set ospf interface VALUE virtual-address VALUE on
set ospf rfc1583-compatibility VALUE off
set ospf rfc1583-compatibility VALUE on
set ospf spf-delay VALUE
set ospf spf-holdtime VALUE
set password-controls complexity VALUE
set password-controls deny-on-fail allow-after VALUE
set password-controls deny-on-fail enable VALUE
set password-controls deny-on-fail failures-allowed VALUE
set password-controls deny-on-nonuse allowed-days VALUE
set password-controls deny-on-nonuse enable VALUE
set password-controls expiration-lockout-days VALUE
set password-controls expiration-warning-days VALUE
set password-controls force-change-when VALUE
set password-controls history-checking VALUE
set password-controls history-length VALUE
set password-controls min-password-length VALUE
set password-controls palindrome-check VALUE
set password-controls password-expiration VALUE
set pbr rule priority VALUE action prohibit
set pbr rule priority VALUE action unreachable
set pbr rule priority VALUE match { from VALUE to VALUE interface VALUE }
set pbr rule priority VALUE match { port VALUE }
set pbr rule priority VALUE match { protocol VALUE }
set pbr rule priority VALUE off
set pbr table VALUE off
set pbr table VALUE static-route VALUE nexthop blackhole
set pbr table VALUE static-route VALUE nexthop gateway address VALUE off
set pbr table VALUE static-route VALUE nexthop gateway address VALUE on
set pbr table VALUE static-route VALUE nexthop gateway address VALUE priority VALUE
set pbr table VALUE static-route VALUE nexthop gateway logical VALUE off
set pbr table VALUE static-route VALUE nexthop gateway logical VALUE on
set pbr table VALUE static-route VALUE nexthop gateway logical VALUE priority VALUE
set pbr table VALUE static-route VALUE nexthop reject
set pbr table VALUE static-route VALUE off
set pim assert-interval VALUE
set pim assert-limit VALUE
set pim assert-rank protocol VALUE rank VALUE
set pim bootstrap-candidate local-address VALUE
set pim bootstrap-candidate off
set pim bootstrap-candidate on
set pim bootstrap-candidate priority VALUE
set pim candidate-rp advertise-interval VALUE
set pim candidate-rp local-address VALUE
set pim candidate-rp multicast-group VALUE off
set pim candidate-rp multicast-group VALUE on
set pim candidate-rp off
set pim candidate-rp on
set pim candidate-rp priority VALUE
set pim data-interval VALUE
set pim hello-interval VALUE
set pim interface VALUE dr-priority VALUE
set pim interface VALUE local-address VALUE
set pim interface VALUE off
set pim interface VALUE on
set pim interface VALUE virtual-address off
set pim interface VALUE virtual-address on
set pim jp-delay-interval VALUE
set pim jp-interval VALUE
set pim jp-suppress-interval VALUE
set pim mode dense
set pim mode sparse
set pim mode ssm
set pim register-suppress-interval VALUE
set pim spt-threshold multicast VALUE threshold VALUE off
set pim spt-threshold multicast VALUE threshold VALUE on
set pim state-refresh off
set pim state-refresh on
set pim state-refresh-interval VALUE
set pim state-refresh-ttl VALUE
set pim static-rp off
set pim static-rp rp-address VALUE multicast-group VALUE off
set pim static-rp rp-address VALUE multicast-group VALUE on
set pim static-rp rp-address VALUE off
set pim static-rp rp-address VALUE on
set ping count VALUE
set ping interval VALUE
set pppoe client id VALUE fake-peer-address VALUE
set pppoe client id VALUE interface VALUE
set pppoe client id VALUE password VALUE
set pppoe client id VALUE use-fake-peer-address VALUE
set pppoe client id VALUE use-peer-as-default-gateway VALUE
set pppoe client id VALUE use-peer-dns VALUE
set pppoe client id VALUE user-name VALUE
set protocol-rank protocol VALUE rank VALUE
set proxy address VALUE port VALUE
set rdisc interface VALUE adv-lifetime VALUE
set rdisc interface VALUE advertise VALUE off
set rdisc interface VALUE advertise VALUE on
set rdisc interface VALUE advertise VALUE preference VALUE
set rdisc interface VALUE max-adv-interval VALUE
set rdisc interface VALUE min-adv-interval VALUE
set rdisc interface VALUE off
set rdisc interface VALUE on
set rip auto-summary VALUE
set rip expire-interval VALUE
set rip export-routemap VALUE off
set rip export-routemap VALUE preference VALUE on
set rip import-routemap VALUE off
set rip import-routemap VALUE preference VALUE on
set rip interface VALUE [ version VALUE ] on
set rip interface VALUE accept-updates VALUE
set rip interface VALUE authtype md5 secret VALUE [ cisco-compatibility VALUE ]
set rip interface VALUE authtype none
set rip interface VALUE authtype simple VALUE
set rip interface VALUE metric VALUE
set rip interface VALUE off
set rip interface VALUE send-updates VALUE
set rip interface VALUE transport VALUE
set rip interface VALUE virtual-address VALUE
set rip update-interval VALUE
set routedsyslog maxnum VALUE
set routedsyslog off
set routedsyslog on
set routedsyslog size VALUE
set routemap VALUE id VALUE action aspath-prepend-count VALUE
set routemap VALUE id VALUE action community VALUE as VALUE off
set routemap VALUE id VALUE action community VALUE as VALUE on
set routemap VALUE id VALUE action community VALUE off
set routemap VALUE id VALUE action community VALUE on
set routemap VALUE id VALUE action localpref VALUE
set routemap VALUE id VALUE action metric add VALUE
set routemap VALUE id VALUE action metric igp add VALUE
set routemap VALUE id VALUE action metric igp subtract VALUE
set routemap VALUE id VALUE action metric subtract VALUE
set routemap VALUE id VALUE action metric value VALUE
set routemap VALUE id VALUE action nexthop ip VALUE
set routemap VALUE id VALUE action nexthop ipv6 VALUE
set routemap VALUE id VALUE action ospfautomatictag VALUE
set routemap VALUE id VALUE action ospfmanualtag VALUE
set routemap VALUE id VALUE action precedence VALUE
set routemap VALUE id VALUE action preference VALUE
set routemap VALUE id VALUE action remove aspath-prepend-count
set routemap VALUE id VALUE action remove community
set routemap VALUE id VALUE action remove localpref
set routemap VALUE id VALUE action remove metric
set routemap VALUE id VALUE action remove nexthop ip
set routemap VALUE id VALUE action remove nexthop ipv6
set routemap VALUE id VALUE action remove ospfautomatictag
set routemap VALUE id VALUE action remove ospfmanualtag
set routemap VALUE id VALUE action remove precedence
set routemap VALUE id VALUE action remove preference
set routemap VALUE id VALUE action remove riptag
set routemap VALUE id VALUE action remove route-type
set routemap VALUE id VALUE action riptag VALUE
set routemap VALUE id VALUE action route-type VALUE
set routemap VALUE id VALUE allow
set routemap VALUE id VALUE inactive
set routemap VALUE id VALUE match as VALUE off
set routemap VALUE id VALUE match as VALUE on
set routemap VALUE id VALUE match aspath-regex VALUE origin VALUE
set routemap VALUE id VALUE match community VALUE as VALUE off
set routemap VALUE id VALUE match community VALUE as VALUE on
set routemap VALUE id VALUE match community VALUE off
set routemap VALUE id VALUE match community VALUE on
set routemap VALUE id VALUE match community-regex VALUE
set routemap VALUE id VALUE match ifaddress VALUE off
set routemap VALUE id VALUE match ifaddress VALUE on
set routemap VALUE id VALUE match interface VALUE off
set routemap VALUE id VALUE match interface VALUE on
set routemap VALUE id VALUE match metric value VALUE
set routemap VALUE id VALUE match neighbor VALUE off
set routemap VALUE id VALUE match neighbor VALUE on
set routemap VALUE id VALUE match network VALUE all [ restrict VALUE ]
set routemap VALUE id VALUE match network VALUE between VALUE and VALUE [ restrict VALUE ]
set routemap VALUE id VALUE match network VALUE exact [ restrict VALUE ]
set routemap VALUE id VALUE match network VALUE off
set routemap VALUE id VALUE match network VALUE refines [ restrict VALUE ]
set routemap VALUE id VALUE match nexthop VALUE off
set routemap VALUE id VALUE match nexthop VALUE on
set routemap VALUE id VALUE match protocol VALUE
set routemap VALUE id VALUE match remove as
set routemap VALUE id VALUE match remove aspath-regex
set routemap VALUE id VALUE match remove community
set routemap VALUE id VALUE match remove community-regex
set routemap VALUE id VALUE match remove ifaddress
set routemap VALUE id VALUE match remove interface
set routemap VALUE id VALUE match remove metric
set routemap VALUE id VALUE match remove neighbor
set routemap VALUE id VALUE match remove network
set routemap VALUE id VALUE match remove nexthop
set routemap VALUE id VALUE match remove protocol
set routemap VALUE id VALUE match remove route-type
set routemap VALUE id VALUE match remove tag
set routemap VALUE id VALUE match route-type VALUE off
set routemap VALUE id VALUE match route-type VALUE on
set routemap VALUE id VALUE match tag VALUE off
set routemap VALUE id VALUE match tag VALUE on
set routemap VALUE id VALUE off
set routemap VALUE id VALUE on
set routemap VALUE id VALUE restrict
set router-id VALUE
set router-options auto-restore-iface-routes VALUE
set router-options pnote-reporting off
set router-options pnote-reporting on
set router-options pnote-reporting timeout VALUE
set selfpasswd
set selfpasswd oldpass VALUE passwd VALUE
set snapshot export VALUE path VALUE name VALUE
set snapshot import VALUE path VALUE name VALUE
set snapshot revert VALUE
set snmp agent VALUE
set snmp agent-version VALUE
set snmp clear-trap interval VALUE retries VALUE
set snmp community VALUE read-only
set snmp community VALUE read-write
set snmp contact VALUE
set snmp custom-trap VALUE frequency VALUE
set snmp custom-trap VALUE message VALUE
set snmp custom-trap VALUE oid VALUE
set snmp custom-trap VALUE operator VALUE
set snmp custom-trap VALUE threshold VALUE
set snmp location VALUE
set snmp mode VALUE
set snmp traps coldStart-threshold VALUE
set snmp traps polling-frequency VALUE
set snmp traps receiver VALUE version v1 community VALUE
set snmp traps receiver VALUE version v1 community VALUE
set snmp traps receiver VALUE version v2 community VALUE
set snmp traps receiver VALUE version v2 community VALUE
set snmp traps receiver VALUE version v3
set snmp traps receiver VALUE version v3
set snmp traps trap VALUE disable
set snmp traps trap VALUE enable
set snmp traps trap-user VALUE
set snmp usm user VALUE security-level authNoPriv auth-pass-phrase VALUE authentication-protocol VALUE
set snmp usm user VALUE security-level authNoPriv auth-pass-phrase VALUE authentication-protocol VALUE
set snmp usm user VALUE security-level authPriv auth-pass-phrase VALUE privacy-pass-phrase VALUE privacy-protocol VALUE authentication-protocol VALUE
set snmp usm user VALUE security-level authPriv auth-pass-phrase VALUE privacy-pass-phrase-hashed privacy-protocol VALUE authentication-protocol VALUE
set snmp usm user VALUE security-level authPriv privacy-pass-phrase VALUE
set snmp usm user VALUE security-level authPriv privacy-pass-phrase VALUE auth-pass-phrase VALUE
set snmp usm user VALUE usm-read-only
set snmp usm user VALUE usm-read-write
set static-mroute VALUE nexthop gateway address VALUE [ priority VALUE ] on
set static-mroute VALUE nexthop gateway address VALUE off
set static-mroute VALUE off
set static-route VALUE comment VALUE
set static-route VALUE nexthop blackhole
set static-route VALUE nexthop gateway address VALUE [ priority VALUE ] on
set static-route VALUE nexthop gateway address VALUE off
set static-route VALUE nexthop gateway address VALUE on
set static-route VALUE nexthop gateway logical VALUE [ priority VALUE ] on
set static-route VALUE nexthop gateway logical VALUE off
set static-route VALUE nexthop reject
set static-route VALUE off
set static-route VALUE ping off
set static-route VALUE ping on
set static-route VALUE rank VALUE
set static-route VALUE scopelocal off
set static-route VALUE scopelocal on
set syslog auditlog VALUE
set syslog cplogs off
set syslog cplogs on
set syslog filename VALUE
set syslog log-remote-address VALUE [ level VALUE ]
set syslog mgmtauditlogs off
set syslog mgmtauditlogs on
set time VALUE
set timezone VALUE / VALUE
set trace bgp VALUE off
set trace bgp VALUE on
set trace bootp VALUE off
set trace bootp VALUE on
set trace cluster VALUE off
set trace cluster VALUE on
set trace global VALUE off
set trace global VALUE on
set trace icmp VALUE off
set trace icmp VALUE on
set trace igmp VALUE off
set trace igmp VALUE on
set trace iphelper VALUE off
set trace iphelper VALUE on
set trace kernel VALUE off
set trace kernel VALUE on
set trace mfc VALUE off
set trace mfc VALUE on
set trace ospf VALUE off
set trace ospf VALUE on
set trace ospf3 VALUE off
set trace ospf3 VALUE on
set trace pbr VALUE off
set trace pbr VALUE on
set trace pim VALUE off
set trace pim VALUE on
set trace rip VALUE off
set trace rip VALUE on
set trace router-discovery VALUE off
set trace router-discovery VALUE on
set trace router-discovery6 VALUE off
set trace router-discovery6 VALUE on
set trace vrrp VALUE off
set trace vrrp VALUE on
set trace vrrp6 VALUE off
set trace vrrp6 VALUE on
set tracefile maxnum VALUE
set tracefile size VALUE
set user VALUE force-password-change VALUE
set user VALUE lock-out off
set user VALUE newpass VALUE
set user VALUE password
set user VALUE password-hash VALUE
set user VALUE { realname VALUE uid VALUE gid VALUE homedir VALUE shell VALUE }
set virtual-system VALUE
set volume VALUE size VALUE
set vrrp accept-connections off
set vrrp accept-connections on
set vrrp coldstart-delay VALUE
set vrrp disable-all-virtual-routers off
set vrrp disable-all-virtual-routers on
set vrrp interface VALUE authtype none
set vrrp interface VALUE authtype simple VALUE
set vrrp interface VALUE monitored-circuit vrid VALUE auto-deactivation VALUE
set vrrp interface VALUE monitored-circuit vrid VALUE backup-address VALUE off
set vrrp interface VALUE monitored-circuit vrid VALUE backup-address VALUE on
set vrrp interface VALUE monitored-circuit vrid VALUE hello-interval VALUE
set vrrp interface VALUE monitored-circuit vrid VALUE monitor-vrrp VALUE
set vrrp interface VALUE monitored-circuit vrid VALUE monitored-interface VALUE off
set vrrp interface VALUE monitored-circuit vrid VALUE monitored-interface VALUE on
set vrrp interface VALUE monitored-circuit vrid VALUE monitored-interface VALUE priority-delta VALUE
set vrrp interface VALUE monitored-circuit vrid VALUE off
set vrrp interface VALUE monitored-circuit vrid VALUE on
set vrrp interface VALUE monitored-circuit vrid VALUE preempt-mode VALUE
set vrrp interface VALUE monitored-circuit vrid VALUE priority VALUE
set vrrp interface VALUE monitored-circuit vrid VALUE vmac-mode default-vmac
set vrrp interface VALUE monitored-circuit vrid VALUE vmac-mode extended-vmac
set vrrp interface VALUE monitored-circuit vrid VALUE vmac-mode interface-vmac
set vrrp interface VALUE monitored-circuit vrid VALUE vmac-mode static-vmac VALUE
set vrrp interface VALUE off
set vrrp interface VALUE virtual-router backup-vrid VALUE backup-address VALUE off
set vrrp interface VALUE virtual-router backup-vrid VALUE backup-address VALUE on
set vrrp interface VALUE virtual-router backup-vrid VALUE hello-interval VALUE
set vrrp interface VALUE virtual-router backup-vrid VALUE monitor-vrrp VALUE
set vrrp interface VALUE virtual-router backup-vrid VALUE off
set vrrp interface VALUE virtual-router backup-vrid VALUE preempt-mode VALUE
set vrrp interface VALUE virtual-router backup-vrid VALUE priority VALUE
set vrrp interface VALUE virtual-router backup-vrid VALUE vmac-mode default-vmac
set vrrp interface VALUE virtual-router backup-vrid VALUE vmac-mode extended-vmac
set vrrp interface VALUE virtual-router backup-vrid VALUE vmac-mode interface-vmac
set vrrp interface VALUE virtual-router backup-vrid VALUE vmac-mode static-vmac VALUE
set vrrp interface VALUE virtual-router vrid VALUE hello-interval VALUE
set vrrp interface VALUE virtual-router vrid VALUE off
set vrrp interface VALUE virtual-router vrid VALUE on
set vrrp interface VALUE virtual-router vrid VALUE vmac-mode default-vmac
set vrrp interface VALUE virtual-router vrid VALUE vmac-mode extended-vmac
set vrrp interface VALUE virtual-router vrid VALUE vmac-mode interface-vmac
set vrrp interface VALUE virtual-router vrid VALUE vmac-mode static-vmac VALUE
set vrrp interface-delay VALUE
set vrrp monitor-firewall off
set vrrp monitor-firewall on
set vsx off
set vsx on
set web daemon-enable VALUE
set web session-timeout VALUE
set web ssl-port VALUE
set web ssl3-enabled VALUE
set web table-refresh-rate VALUE
show aaa radius-servers NAS-IP
show aaa radius-servers default-shell
show aaa radius-servers list
show aaa radius-servers priority VALUE host
show aaa radius-servers priority VALUE port
show aaa radius-servers priority VALUE timeout
show aaa radius-servers super-user-uid
show aaa tacacs-servers list
show aaa tacacs-servers priority VALUE server
show aaa tacacs-servers priority VALUE timeout
show aaa tacacs-servers state
show aaa tacacs-servers user-uid
show allowed-client all
show arp announce
show arp dynamic all
show arp proxy all
show arp proxy ipv4-address VALUE
show arp static all
show arp table cache-size
show arp table validity-timeout
show as
show asset VALUE
show backup last-successful
show backup logs
show backup status
show backup-scheduled VALUE
show backups
show bgp
show bgp errors
show bgp groups
show bgp memory
show bgp paths
show bgp peer VALUE advertise
show bgp peer VALUE detailed
show bgp peer VALUE received
show bgp peers
show bgp peers detailed
show bgp peers established
show bgp routemap
show bgp stats
show bgp summary
show bonding group VALUE xmit-hash-policy
show bonding group VALUE { primary mii-interval up-delay down-delay interfaces }
show bonding group VALUE { primary mii-interval up-delay down-delay mode } lacp-rate
show bonding groups
show bootp interface VALUE
show bootp interfaces
show bootp stats
show bootp stats receive
show bootp stats reply
show bootp stats request
show bridging group VALUE fail-open-mode
show bridging group VALUE { interfaces }
show bridging groups
show clienv all
show clienv config-lock
show clienv debug
show clienv echo-cmd
show clienv on-failure
show clienv output
show clienv prompt
show clienv rows
show clienv syntax-check
show clock
show cloning-group local-ip
show cloning-group members
show cloning-group mode
show cloning-group name
show cloning-group shared-feature
show cloning-group state
show cloning-group status
show command VALUE
show commands [ op VALUE feature VALUE ]
show config-lock
show config-state
show configuration aaa
show configuration aggregate
show configuration allowed-client
show configuration arp proxy
show configuration arp static
show configuration as
show configuration backup-scheduled
show configuration bgp
show configuration bonding
show configuration bootp
show configuration bridging
show configuration clienv
show configuration command
show configuration core-dump
show configuration cron
show configuration dhcp-client
show configuration dhcp-server
show configuration dns
show configuration domainname
show configuration edition
show configuration expert-password
show configuration format
show configuration group
show configuration host
show configuration hostname
show configuration igmp
show configuration interface
show configuration iphelper
show configuration ipv6 ospf3
show configuration ipv6 rdisc6
show configuration ipv6 static-route
show configuration ipv6 vrrp6
show configuration ipv6-state
show configuration kernel-routes
show configuration lcd
show configuration mail-notification
show configuration management
show configuration max-path-splits
show configuration mcvr
show configuration message
show configuration neighbor
show configuration net-access
show configuration netflow
show configuration ntp
show configuration ospf
show configuration password-controls
show configuration pbr
show configuration pim
show configuration ping
show configuration pppoe
show configuration protocol-rank
show configuration proxy
show configuration rba
show configuration rdisc
show configuration rip
show configuration routedsyslog
show configuration routemaps
show configuration router-id
show configuration router-options
show configuration snmp
show configuration static-mroute
show configuration static-route
show configuration syslog
show configuration timezone
show configuration trace
show configuration tracefile
show configuration user
show configuration vpnt
show configuration vrrp
show configuration web
show core-dump per_process
show core-dump status
show core-dump total
show cron job VALUE command
show cron job VALUE recurrence
show cron jobs
show cron mailto
show date
show dhcp client interface VALUE
show dhcp client interfaces
show dhcp server all
show dhcp server status
show dhcp server subnet VALUE ip-pools
show dhcp server subnets
show dns primary
show dns secondary
show dns suffix
show dns tertiary
show domainname
show extended commands
show fcd VALUE all
show format all
show format date
show format netmask
show format time
show group VALUE
show groups
show host name VALUE ipv4
show host name VALUE ipv6
show host names ipv4
show host names ipv6
show hostname
show igmp
show igmp groups interface VALUE
show igmp groups interface VALUE local
show igmp groups interface VALUE static
show igmp groups local
show igmp groups static
show igmp if-stat VALUE
show igmp if-stats
show igmp interface VALUE
show igmp interfaces
show igmp stats
show igmp stats error
show igmp stats receive
show igmp stats transmit
show igmp summary
show inactivity-timeout
show installer available_local_packages
show installer available_packages
show installer installed_packages
show installer package_status
show interface VALUE 6in4s
show interface VALUE alias VALUE
show interface VALUE aliases
show interface VALUE all
show interface VALUE ipv4-address
show interface VALUE ipv6-address
show interface VALUE ipv6-local-link-address
show interface VALUE loopback VALUE
show interface VALUE loopbacks
show interface VALUE monitor-mode
show interface VALUE protocol-list
show interface VALUE rx-ringsize
show interface VALUE tx-ringsize
show interface VALUE vlans
show interface VALUE { comments mac-addr mtu state speed duplex auto-negotiation type }
show interface VALUE { ipv6-autoconfig }
show interface VALUE { link-state }
show interface VALUE { statistics }
show interfaces all
show iphelper services
show iphelper stats
show ipv6 route
show ipv6 route aggregate
show ipv6 route all
show ipv6 route all aggregate
show ipv6 route all direct
show ipv6 route all kernel
show ipv6 route all ospf3
show ipv6 route all static
show ipv6 route bgp aspath
show ipv6 route bgp communities
show ipv6 route bgp detailed
show ipv6 route bgp metrics
show ipv6 route bgp suppressed
show ipv6 route destination VALUE
show ipv6 route direct
show ipv6 route exact VALUE
show ipv6 route inactive
show ipv6 route inactive aggregate
show ipv6 route inactive direct
show ipv6 route inactive kernel
show ipv6 route inactive ospf3
show ipv6 route inactive static
show ipv6 route kernel
show ipv6 route less-specific VALUE
show ipv6 route more-specific VALUE
show ipv6 route ospf3
show ipv6 route static
show ipv6 route summary
show ipv6-state
show lcd access
show lcd backlight timeout
show lcd screensaver mode
show lcd screensaver timeout
show lom ip-address
show lom version
show mail-notification server
show mail-notification username
show management interface
show mcvr vrid VALUE all
show mcvr vrid VALUE authtype
show mcvr vrid VALUE backup-addresses
show mcvr vrid VALUE hello-interval
show mcvr vrid VALUE priority
show mcvr vrid VALUE priority-delta
show mcvr vrids
show message all [ status ]
show message banner [ status ]
show message caption [ status ]
show message motd [ status ]
show mfc cache
show mfc interface
show mfc orphans
show mfc stats
show mfc summary
show neighbor dynamic-table
show neighbor interface-table
show neighbor parameters
show neighbor static-table
show neighbor table
show net-access telnet
show netflow all
show netflow collector [ enable ]
show netflow collector [ export-format ]
show netflow collector [ ip ]
show netflow collector [ port ]
show netflow collector [ srcaddr ]
show netflow collector for-ip VALUE [ enable ]
show netflow collector for-ip VALUE [ export-format ]
show netflow collector for-ip VALUE [ port ]
show netflow collector for-ip VALUE [ srcaddr ]
show netflow collector for-ip VALUE for-port VALUE [ enable ]
show netflow collector for-ip VALUE for-port VALUE [ export-format ]
show netflow collector for-ip VALUE for-port VALUE [ srcaddr ]
show ntp active
show ntp current
show ntp servers
show ospf
show ospf border-routers
show ospf database [ detailed ]
show ospf database area VALUE [ detailed ]
show ospf database areas [ detailed ]
show ospf database asbr-summary-lsa [ detailed ]
show ospf database checksum
show ospf database database-summary
show ospf database external-lsa [ detailed ]
show ospf database network-lsa [ detailed ]
show ospf database nssa-external-lsa [ detailed ]
show ospf database opaque-lsa [ detailed ]
show ospf database router-lsa [ detailed ]
show ospf database summary-lsa [ detailed ]
show ospf database type VALUE [ detailed ]
show ospf errors
show ospf errors dd
show ospf errors hello
show ospf errors ip
show ospf errors lsack
show ospf errors lsr
show ospf errors lsu
show ospf errors protocol
show ospf events
show ospf interface VALUE [ detailed ]
show ospf interface VALUE stats
show ospf interfaces [ detailed ]
show ospf interfaces stats
show ospf neighbor VALUE [ detailed ]
show ospf neighbors [ detailed ]
show ospf packets
show ospf routemap
show ospf summary
show password-controls all
show password-controls complexity
show password-controls deny-on-fail allow-after
show password-controls deny-on-fail enable
show password-controls deny-on-fail failures-allowed
show password-controls deny-on-nonuse allowed-days
show password-controls deny-on-nonuse enable
show password-controls expiration-lockout-days
show password-controls expiration-warning-days
show password-controls force-change-when
show password-controls history-checking
show password-controls history-length
show password-controls min-password-length
show password-controls palindrome-check
show password-controls password-expiration
show pbr rules
show pbr summary
show pbr tables
show pim
show pim bootstrap
show pim candidate-rp
show pim group-rp-mapping VALUE
show pim interface VALUE
show pim interfaces
show pim joins
show pim memory
show pim neighbor VALUE
show pim neighbors
show pim rps
show pim sparse-mode-stats
show pim stats
show pim summary
show pim timers
show pim virtual-interfaces
show pppoe client id VALUE
show protocol-rank
show proxy address
show proxy port
show rba all
show rba role VALUE
show rba roles
show rba user VALUE
show rba users
show rdisc
show rdisc interface VALUE
show rdisc interfaces
show rdisc stats
show rdisc summary
show restore status
show rip
show rip errors
show rip interface VALUE
show rip interfaces
show rip neighbors
show rip packets
show rip routemap
show rip summary
show route
show route aggregate
show route all
show route all aggregate
show route all bgp
show route all direct
show route all kernel
show route all ospf
show route all rip
show route all static
show route bgp
show route bgp aspath
show route bgp communities
show route bgp detailed
show route bgp metrics
show route bgp suppressed
show route destination VALUE
show route direct
show route exact VALUE
show route inactive
show route inactive aggregate
show route inactive bgp
show route inactive direct
show route inactive kernel
show route inactive ospf
show route inactive rip
show route inactive static
show route kernel
show route less-specific VALUE
show route more-specific VALUE
show route ospf
show route rip
show route static
show route summary
show routed cluster-state detailed
show routed memory
show routed resources
show routed version
show routemap VALUE all
show routemaps
show router-id
show router-options
show router-options
show snapshot VALUE all
show snapshot VALUE date
show snapshot VALUE desc
show snapshot VALUE size
show snapshots
show snmp agent
show snmp agent-version
show snmp clear-trap
show snmp communities
show snmp community VALUE
show snmp contact
show snmp custom-trap VALUE
show snmp custom-traps-list
show snmp interfaces
show snmp location
show snmp mode
show snmp traps coldStart-threshold
show snmp traps enabled-traps
show snmp traps polling-frequency
show snmp traps receiver VALUE
show snmp traps receivers
show snmp traps trap-user
show snmp usm user VALUE
show snmp usm users
show static-mroute
show sysenv all
show sysenv fans
show sysenv ps
show sysenv temp
show sysenv volt
show syslog all
show syslog auditlog
show syslog cplogs
show syslog filename
show syslog log-remote-addresses
show syslog mgmtauditlogs
show tacacs_enable
show tag list
show time
show timezone
show trace lines VALUE
show trace search VALUE lines VALUE
show upgrade packages
show uptime
show user VALUE
show user VALUE force-password-change
show user VALUE gid
show user VALUE homedir
show user VALUE lock-out
show user VALUE realname
show user VALUE shell
show user VALUE uid
show users
show version all
show version os build
show version os edition
show version os kernel
show version product
show virtual-system all
show volume VALUE
show vpn tunnel VALUE
show vpn tunnels
show vrrp
show vrrp interface VALUE
show vrrp interfaces
show vrrp stats
show vrrp summary
show vsx
show web daemon-enable
show web session-timeout
show web ssl-port
show web ssl3-enabled
show web table-refresh-rate
start transaction
tacacs_enable
upgrade cd
upgrade local VALUE
ver
LSMcli
LSMenabler
SnortConvertor
config_system
cp_conf
cpca
cpca_client
cpca_create
cpca_dbutil
cpconfig
cphaprob
cphastart
cphastop
cpinfo
cplic
cpshared_ver
cpstart
cpstat
cpstop
cptop
cpview
cpwd_admin
diag
dtps
etmstart
etmstop
fgate
fips
fw
fwaccel
fwm
ifconfig
ips
lomipset
netstat
patch
ping
ping6
raid_diagnostic
raidconfig
rtm
rtmstart
rtmstop
rtmtopsvc
sim
tecli
top
traceroute
vpn
vsx_util
CheckPoint-GAiA>

 

Check Point - GAiA - How To View All Commands - CLI Reviewed by Admin on 15:48:00 Rating: 5

Popular Posts

• 

  Linux/Unix - Use Specific Network Interface or Source IP Address To Ping A Destination Host
• 

  Check Point - Migrate Utility to Export and Import Security Management Server Database
• 

  Check Point - How To Collect CPinfo - CLI
• 

  Cisco - Router/Switch - Health Check Commands
• 
  

  Check Point - GAiA - How To View Routing Table - CLI

You may also like

• Check Point - GAiA - How To View Configuration - CLI

• Check Point - GAiA - How to View State Of Configuration - CLI

• Check Point - GAiA - View config-lock Exclusive Access Settings - CLI

• Check Point - GAiA - How To View All Commands - CLI

• Check Point - GAiA - How To View Extended Command Path And Description - CLI

CoreXL Administration

CoreXL is a performance-enhancing technology for Security Gateways on multi-core processing platforms. CoreXL enhances Security Gateway performance by enabling the processing cores to concurrently perform multiple tasks.

CoreXL provides almost linear scalability of performance, according to the number of processing cores on a single machine. The increase in performance is achieved without requiring any changes to management or to network topology.

CoreXL joins ClusterXL Load Sharing and SecureXL as part of Check Point's fully complementary family of traffic acceleration technologies.

In a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the Security Gateway process traffic through the same interfaces and apply the same security policy.

Related Topics Supported Platforms and Unsupported Features Default Configuration CoreXL for IPv6 Configuring IPv4 and IPv6 Firewall Instances Performance Tuning Configuring CoreXL Command Line Reference

Supported Platforms and Unsupported Features

CoreXL is supported:

• SecurePlatform
• Gaia
• IPSO
• Crossbeam platforms

Unsupported Features:

CoreXL does not support Check Point Suite with these features:

• Check Point QoS (Quality of Service)
• Route-based VPN
• IPv6 on IPSO
• Overlapping NAT

To enable a non-supported feature in the Check Point Suite, disable CoreXL using cpconfig and reboot the gateway (see Configuring CoreXL).

Default Configuration

When you enable CoreXL, the number of kernel instances is based on the total number of CPU cores.

Number of Cores	Number of Kernel Instances
1	1
2	2
4	3
8	6
12	10
More than 12	Number of cores, minus 2

The default affinity setting for all interfaces is automatic when Performance Pack is installed. See Processing Core Allocation. Traffic from all interfaces is directed to the core running the Secure Network Distributor (SND).

CoreXL for IPv6

R76 supports multiple cores for IPv6 traffic. For each firewall kernel instance that works with IPv4 traffic, there is a corresponding firewall kernel instance that also works with IPv6 traffic. Both instances run on the same core.

To check the status of CoreXL on your Security Gateway, run:
fw6 ctl multik stat.

The fw6 ctl multik stat (multi-kernel statistics) command shows IPv6 information for each kernel instance. The state and processing core number of each instance is displayed, along with:

• The number of connections currently running.
• The peak number of concurrent connections the instance has used since its inception.

Configuring IPv4 and IPv6 Firewall Instances

After IPv6 support is enabled on the gateway, you can configure the gateway's processing cores to run different combinations of IPv4 and IPv6 firewall kernel instances.

• The number of IPv4 instances range from a minimum of two to a number equal to the maximum number of cores on the gateway.
  By default, the number of IPv6 firewall instances is set to two.
• The number of IPv6 instances range from a minimum of two to a number equal to the number of IPv4 instances.
  The number of IPv6 instances cannot exceed the number of IPv4 instances.

To configure the number of IPv6 firewall instances:

1. From a command line on the gateway, run: cpconfig.
   The configuration menu shows.
2. Enter option 8: Configure Check Point CoreXL.

Configure Check Point CoreXL... =============================== CoreXL is currently enabled with 3 firewall instances and 2 IPv6 firewall instances.   (1) Change the number of firewall instances (2) Change the number of IPv6 firewall instances (3) Disable Check Point CoreXL   (4) Exit

The Configuring Check Point CoreXL menu shows how many IPv4 and IPv6 firewall instances are running on the processing cores.

1. Enter option 2: Change the number of IPv6 firewall instances.
   The menu shows how many cores are available on the gateway.
2. Enter the total number of IPv6 firewall instances to run.
   You can only select a number from within the range shown.
3. Reboot the gateway.

Example:

A gateway that has four cores and is running three IPv4 instances of the firewall kernel and two IPv6 instances of the firewall kernel can be represented like this:

Core	Firewall instances	IPv6 Firewall instances
CPU 0
CPU 1	fw4_2
CPU 2	fw4_1	fw6_1
CPU 3	fw4_0	fw6_0
	3 instances of IPv4	2 instances of IPv6

• The minimum allowed number of IPv4 instances is two and the maximum four
• The minimum allowed number of IPv6 instances is two and the maximum is three

To increase the number of IPv6 instances to four, you must first increase the number of IPv4 firewall instances to the maximum of four:

How many firewall instances would you like to enable (2 to 4)[3] ? 4   CoreXL was enabled successfully with 4 firewall instances. Important: This change will take effect after reboot.

The gateway now looks like this:

Core	Firewall instances	IPv6 Firewall instances
CPU 0	fw4_3
CPU 1	fw4_2
CPU 2	fw4_1	fw6_1
CPU 3	fw4_0	fw6_0
	4 instances of IPv4	2 instances of IPv6

Increase the number of IPv6 instances to four:

How many IPv6 firewall instances would you like to enable (2 to 4)[2] ? 4   CoreXL was enabled successfully with 3 IPv6 firewall instances. Important: This change will take effect after reboot.

The gateway now looks like this:

Core	Firewall instances	IPv6 Firewall instances
CPU 0	fw4_3	fw6_3
CPU 1	fw4_2	fw6_2
CPU 2	fw4_1	fw6_1
CPU 3	fw4_0	fw6_0
	4 instances of IPv4	4 instances of IPv6

Performance Tuning

The following sections are relevant only for SecurePlatform.

Processing Core Allocation

The CoreXL software architecture includes the Secure Network Distributor (SND). The SND is responsible for:

• Processing incoming traffic from the network interfaces
• Securely accelerating authorized packets (if Performance Pack is running)
• Distributing non-accelerated packets among kernel instances.

Traffic entering network interface cards (NICs) is directed to a processing core running the SND. The association of a particular interface with a processing core is called the interface's affinity with that core. This affinity causes the interface's traffic to be directed to that core and the SND to run on that core. Setting a kernel instance or a process to run on a particular core is called the instance's or process's affinity with that core.

The default affinity setting for all interfaces is Automatic. Automatic affinity means that if Performance Pack is running, the affinity for each interface is automatically reset every 60 seconds, and balanced between available cores. If Performance Pack is not running, the default affinities of all interfaces are with one available core. In both cases, any processing core running a kernel instance, or defined as the affinity for another process, is considered unavailable and will not be set as the affinity for any interface.

In some cases, which are discussed in the following sections, it may be advisable to change the distribution of kernel instances, the SND, and other processes, among the processing cores. This is done by changing the affinities of different NICs (interfaces) and/or processes. However, to ensure CoreXL's efficiency, all interface traffic must be directed to cores not running kernel instances. Therefore, if you change affinities of interfaces or other processes, you will need to accordingly set the number of kernel instances and ensure that the instances run on other processing cores.

Under normal circumstances, it is not recommended for the SND and an instance to share a core. However, it is necessary for the SND and an instance to share a core when using a machine with exactly two cores.

Allocating Processing Cores

In certain cases, it may be advisable to change the distribution of kernel instances, the SND, and other processes, among the processing cores. This section discusses these cases.

Before planning core allocation, make sure you have read the Processing Core Allocation.

Adding Processing Cores to the Hardware

Increasing the number of processing cores on the hardware platform does not automatically increase the number of kernel instances. If the number of kernel instances is not increased, CoreXL does not utilize some of the processing cores. After upgrading the hardware, increase the number of kernel instances using cpconfig.

Reinstalling the gateway will change the number of kernel instances if you have upgraded the hardware to an increased number of processing cores, or if the number of processing cores stays the same but the number of kernel instances was previously manually changed from the default. Use cpconfig to reconfigure the number of kernel instances.

In a clustered deployment, changing the number of kernel instances (such as by reinstalling CoreXL) should be treated as a version upgrade. Follow the instructions in the R76 Installation and Upgrade Guide, in the "Upgrading ClusterXL Deployments" chapter, and perform either a Minimal Effort Upgrade (using network downtime) or a Zero Downtime Upgrade (no downtime, but active connections may be lost), substituting the instance number change for the version upgrade in the procedure. A Full Connectivity Upgrade cannot be performed when changing the number of kernel instances in a clustered environment.

Allocating an Additional Core to the SND

In some cases, the default configuration of instances and the SND will not be optimal. If the SND is slowing the traffic, and your platform contains enough cores that you can afford to reduce the number of kernel instances, you may want to allocate an additional core to the SND. This is likely to occur especially if much of the traffic is of the type accelerated by Performance Pack; in a ClusterXL Load Sharing deployment; or if IPS features are disabled. In any of these cases, the task load of the SND may be disproportionate to that of the kernel instances.

To check if the SND is slowing down the traffic:

1. Identify the processing core to which the interfaces are directing traffic using fw ctl affinity -l -r.
2. Under heavy traffic conditions, run the top command on the CoreXL gateway and check the values for the different cores under the 'idle' column.

It is recommended to allocate an additional core to the SND only if all of the following conditions are met:

• Your platform has at least eight processing cores.
• The 'idle' value for the core currently running the SND is in the 0%-5% range.
• The sum of the 'idle' values for the cores running kernel instances is significantly higher than 100%.

If any of the above conditions are not met, the default configuration of one processing core allocated to the SND is sufficient, and no further configuration is necessary.

Allocating an additional processing core to the SND requires performing the following two stages in the order that they appear:

1. Reduce the number of kernel instances using cpconfig.
2. Set interface affinities to the remaining cores, as detailed below.
3. Reboot to implement the new configuration.

Setting Interface Affinities

Check which cores are running the kernel instances. See also Allocating Processing Cores. Allocate the remaining cores to the SND by setting interface affinities to the cores. The correct method of defining interface affinities depends on whether or not Performance Pack is running, as described in the following sections.

• When Performance Pack is Running
  If Performance Pack is running, interface affinities are handled by using Performance Pack's sim affinity command.
  The default sim affinity setting is Automatic. In Performance Pack's Automatic mode, interface affinities are automatically distributed among cores that are not running kernel instances and that are not set as the affinity for any other process.
  In most cases, you do not need to change the sim affinity setting.
• Setting Interface Affinities when Performance Pack is not Running
  If Performance Pack is not running, interface affinities are loaded at boot from a configuration text file called fwaffinity.conf, located under: $FWDIR/conf . In the text file, lines beginning with the letter i define interface affinities.
  If Performance Pack is running, interface affinities are defined by sim affinity settings, and lines beginning with i in fwaffinity.conf are ignored.
  If you are allocating only one processing core to the SND, it is best to have that core selected automatically by leaving the default interface affinity set to automatic, and having no explicit core affinities for any interfaces. To do this, make sure fwaffinity.conf contains the following line:
  i default auto
  In addition, make sure that fwaffinity.conf contains no other lines beginning with i, so that no explicit interface affinities are defined. All interface traffic will be directed to the remaining core.
  If you are allocating two processing cores to the SND, you need to explicitly set interface affinities to the two remaining cores. If you have multiple interfaces, you need to decide which interfaces to set for each of the two cores. Try to achieve a balance of expected traffic between the cores (you can later check the balance by using the top command).

To explicitly set interface affinities, when Performance Pack is not running:

1. Set the affinity for each interface by editing fwaffinity.conf. The file should contain one line beginning with i for each interface. Each of these lines should follow the following syntax:
   i <interfacename> <cpuid>
   where <interfacename> is the interface name, and <cpuid> is the number of the processing core to be set as the affinity of that interface.
   For example, if you want the traffic from eth0 and eth1 to go to core #0, and the traffic from eth2 to go to core #1, create the following lines in fwaffinity.conf:
   i eth0 0
   i eth1 0
   i eth2 1
   Alternatively, you can choose to explicitly define interface affinities for only one processing core, and define the other core as the default affinity for the remaining interfaces, by using the word default for <interfacename>.
   In the case described in the previous example, the lines in fwaffinity.conf would be:
   i eth2 1
   i default 0
2. Run $FWDIR/scripts/fwaffinity_apply for the fwaffinity.conf settings to take effect.

The affinity of virtual interfaces can be set using their physical interface(s).

Allocating a Core for Heavy Logging

If the gateway is performing heavy logging, it may be advisable to allocate a processing core to the fwd daemon, which performs the logging. Like adding a core for the SND, this too will reduce the number of cores available for kernel instances.

To allocate a processing core to the fwd daemon, you need to do two things:

1. Reduce the number of kernel instances using cpconfig.
2. Set the fwd daemon affinity, as detailed below.

Setting the fwd Daemon Affinity

Check which processing cores are running the kernel instances and which cores are handling interface traffic using fw ctl affinity -l -r. Allocate the remaining core to the fwd daemon by setting the fwd daemon affinity to that core.

Note - Avoiding the processing core or cores that are running the SND is important only if these cores are explicitly defined as affinities of interfaces. If interface affinities are set to Automatic, any core that is not running a kernel instance can be used for the fwd daemon, and interface traffic will be automatically diverted to other cores.

Affinities for Check Point daemons (such as the fwd daemon), if set, are loaded at boot from the fwaffinity.conf configuration text file located at: $FWDIR/conf . Edit the file by adding the following line:

n fwd <cpuid>

where <cpuid> is the number of the processing core to be set as the affinity of the fwd daemon. For example, to set core #2 as the affinity of the fwd daemon, add to the file:

n fwd 2

Reboot for the fwaffinity.conf settings to take effect.

Configuring CoreXL

To enable/disable CoreXL:

1. Log in to the Security Gateway.
2. Run cpconfig
3. Select Configure Check Point CoreXL.
4. Enable or disable CoreXL.
5. Reboot the Security Gateway.

To configure the number of instances:

1. Run cpconfig
2. Select Configure Check Point CoreXL.
3. If CoreXL is enabled, enter the number of firewall instances.
   If CoreXL is disabled, enable CoreXL and then set the number of firewall instances.

Reboot the gateway.

Note - In a clustered deployment, changing the number of kernel instances should be treated as a version upgrade.

Command Line Reference

Affinity Settings

Affinity settings controlled by the fwaffinity_apply script file, which executes automatically at boot. When you make a change to affinity settings, the settings will not take effect until you either reboot or manually execute the fwaffinity_apply script.

fwaffinity_apply executes affinity definitions according to the information in the fwaffinity.conf text file. To change affinity settings, edit the text file.

Note - If Performance Pack is running, interface affinities are only defined by Performance Pack's sim affinity command. The fwaffinity.conf interface affinity settings are ignored.

fwaffinity.conf

fwaffinity.conf is located in the $FWDIR/conf directory.

Syntax

Each line in the text file uses the same format: <type> <id> <cpu>

Data	Values	Description
<type>	i	interface
	n	Check Point daemon
	k	kernel instance
<id>	interface name	if <type> = i
	daemon name	if <type> = n
	instance number	if <type> = k
	default	interfaces that are not specified in another line
<cpuid>	<number>	number(s) of processing core(s) to be set as the affinity
	all	all processing cores are available to the interface traffic, daemon or kernel instance
	ignore	no specified affinity (useful for excluding an interface from a default setting)
	auto	Automatic mode See also Processing Core Allocation.

Note - Interfaces that share an IRQ cannot have different cores as their affinities, including when one interface is included in the default affinity setting. Either set both interfaces to the same affinity, or use ignore for one of them. To view the IRQs of all interfaces, run: fw ctl affinity -l -v -a .

fwaffinty_apply

fwaffinity_apply is located in the $FWDIR/scripts directory. Use the following syntax to execute the command: $FWDIR/scripts/fwaffinity_apply <option>

where <option> is one of the following parameters:

Parameter	Description
-q	Quiet mode - print only error messages.
-t <type>	Only apply affinity for the specified type.
-f	Sets interface affinity even if automatic affinity is active.

fw ctl affinity

The fw ctl affinity command controls affinity settings. However, fw ctl affinity settings will not persist through a restart of the Security Gateway.

To set affinities, execute fw ctl affinity -s.

To list existing affinities, execute fw ctl affinity -l.

fw ctl affinity -s

Use this command to set affinities.

fw ctl affinity -s settings are not persistent through a restart of the Security Gateway. If you want the settings to be persistent, either use sim affinity or edit the fwaffinity.conf configuration file.

To set interface affinities, you should use fw ctl affinity only if Performance Pack is not running. If Performance Pack is running, you should set affinities by using the Performance Pack sim affinity command. These settings will be persistent. If Performance Pack's sim affinity is set to Automatic mode (even if Performance Pack was subsequently disabled), you will not be able to set interface affinities by using fw ctl affinity -s.

Syntax

fw ctl affinity -s <proc_selection> <cpuid>

<proc_selection> is one of the following parameters:

Parameter	Description
-p <pid>	Sets affinity for a particular process, where <pid> is the process ID#.
-n <cpdname>	Sets affinity for a Check Point daemon, where <cpdname> is the Check Point daemon name (for example: fwd).
-k <instance>	Sets affinity for a kernel instance, where <instance> is the instance's number.
-i <interfacename>	Sets affinity for an interface, where <interfacename> is the interface name (for example: eth0).

<cpuid> should be a processing core number or a list of processing core numbers. To have no affinity to any specific processing core, <cpuid> should be: all.

Note - Setting an Interface Affinity will set the affinities of all interfaces sharing the same IRQ to the same processing core. To view the IRQs of all interfaces, run: fw ctl affinity -l -v -a

Example

To set kernel instance #3 to run on processing core #5, run:

fw ctl affinity -s -k 3 5

fw ctl affinity -l

Use this command to list existing affinities. For an explanation of kernel, daemon and interface affinities, see CoreXL Administration.

Syntax

fw ctl affinity -l [<proc_selection>] [<listtype>]

If <proc_selection> is omitted, fw ctl affinity -l lists affinities of all Check Point daemons, kernel instances and interfaces. Otherwise, <proc_selection> is one of the following parameters:

Parameter	Description
-p <pid>	Displays the affinity of a particular process, where <pid> is the process ID#.
-n <cpdname>	Displays the affinity of a Check Point daemon, where <cpdname> is the Check Point daemon name (for example: fwd).
-k <instance>	Displays the affinity of a kernel instance, where <instance> is the instance's number.
-i <interfacename>	Displays the affinity of an interface, where <interfacename> is the interface name (for example: eth0).

If <listtype> is omitted, fw ctl affinity -l lists items with specific affinities, and their affinities. Otherwise, <listtype> is one or more of the following parameters:

Parameter	Description
-a	All: includes items without specific affinities.
-r	Reverse: lists each processing core and the items that have it as their affinity.
-v	Verbose: list includes additional information.

Example

To list complete affinity information for all Check Point daemons, kernel instances and interfaces, including items without specific affinities, and with additional information, run:

fw ctl affinity -l -a -v

fw ctl multik stat

The fw ctl multik stat and fw6ctl multik stat (multi-kernel statistics) commands show information for each kernel instance. The state and processing core number of each instance is displayed, along with:

• The number of connections currently being handled.
• The peak number of concurrent connections the instance has handled since its inception.