General Purpose Command Set
help
Displays system commands information. It is executed automatically, if the user types an unknown command.
Syntax:
system
The command is used to review and update system parameters.
Syntax:
user [Login]
Assigns a name under which the system administrator enters the router from the console or remotely, using telnet/http.
password [Password]
Sets the system administrator's password.
[no]useAAA
Enables/disables device access control using a RADIUS server. To use the authentication the AAA module should be running (see "AAA (access control using RADIUS server)). Remember that the AAA authentication method has the highest priority and local login database is used only in case when the required account is not found on the RADIUS server. If there is no local user account the management interface will be accessible with any login and password even if the AAA authentication is turned on.
[no]useLocalAAA
Changes the authentication priority; the local account is checked first, in case it's not found, authentication is performed via RADIUS.
contact [String]
Contact details.
guest [guest login]
Specifies a login for entering a guest mode, any password may be used. In the guest mode the router's configuration parameters neither security-related parameters can't be modified.
name [System Name]
The device name that will be displayed in the browser tab title while the web interface is used.
prompt [any_word]
Replaces the prompt on the screen with the given word of a maximum length of 16 characters.
location [String]
Describes the system location; for example in SNMP protocol.
mgmtAccount [user:pass@host]
Access details for the software update server via SNMP.
gpsxy XX.XXXXX YY.YYYYY
Sets the geographical coordinates of the device (longitude, latitude).
log {on|off} | {show [offset] | clear}| [no]filter | {ADDR | -}
Manages the system log operation:
"on" – display messages on the current console.
"off" – stop displaying messages on the console.
"show" – show the system log (time is expressed in seconds/milliseconds back from the current time).
"clear" – clear the system log.
"[no]filter" – removes neighboring identical lines from system log leaving only one copy of each message and counts their recurrence (enabled by default).
"ADDR" – IP address parameter specifies the UNIX host where the system log is located to which messages are directed under the standard "syslog" protocol. In the "syslogd" settings set the "facility.level" equal to "user.notice" or just a numeric value 15.
"-" – disable logging on the remote host.
factorypassword {single|otp}
Sets the access mode on the device with the factory password. Each unit has its unique factory access password that can be obtained via the technical support. Once obtained this password stays the same for each factory login attempt (the "single" mode). Setting the unit to "otp" mode tells it to ask for a new password each time the factory login is given (the unit will provide different sequences, that should be submitted to the technical support in order to obtain a new password). Whenever the unit is set to "single" mode again, its unique factory access password is restored.
search [seconds]
Forces all indication to blink for searching the devices in a group of one type units. By default, this mode turns off after 10 seconds.
[no]indicator
Enables/disables LED indicators on the unit in order to hide the active device.
[no]fastroute
Enables/disables the fast routing mode. In this mode the router becomes invisible for traceroute network tracing procedures, while still performing all routing functions. It is not recommended to enable the fast routing mode simultaneously on several devices connected to the same cable Ethernet segment, because this may produce a IP packets storm.
[no]mintgateway
Позволяет использовать в качестве шлюза по умолчанию (default gateway) ближайший узел MINT, который сконфигурирован с опцией “mint extg”, если такой имеется.
[no]authFailLog
Enables/disables the unsuccessful authentication attempts logging.
[no]sendredirects
Enables/disables sending "icmp redirect" messages for the packets source suppression if routing is incorrectly configured.
[no]dropredirects
Enables/disables receiving "icmp redirect" messages for routing tables updating if routing is incorrectly configured.
OfficialAddress X.X.X.X | 0
Sets the IP address which will be used as a source IP address in all outgoing connections of the unit.
The "0" value removes the current address.
icmplimit N [200]
Sets the limit of the outcoming ICMP packets number per second (0 by default, no limitation applied). It helps to avoid the device reboot while network scanning programs are working. The "0" value removes all limitations.
uptime
Displays the time since the last system's reboot.
cpu
Indicates current CPU load (in percent).
[no]pager
Enables/disables page splits in the console output.
[no]ipforwarding
Enables/disables IP Forwarding.
info [-f] [NAME]
Displays device information:
"-f" – full information.
"NAME" – information about specified section.
version
Displays the software version.
NOTE
Any parameter can be deleted by setting a "-" value. Any changes in configuration can be saved by the "config save" command.
config
Allows to view, save, export, and import the device configuration..
Syntax:
show
Displays the current configuration of the system. Any change of the system parameters may be immediately viewed using the config show command. The optional parameter may contain a selection of AstraFleX commands (abbreviated to their initial letters), as shown in the following examples; only those system parameters will then be displayed which relate to the commands selected.
Example:
Display MINT and RIP protocols configuration:
co show mint rip
Display the configuration of all commands started with "r" , except "rip":
co show r !rip
diff
Displays all modifications made since the configuration was saved last time.
save
Saves the current system configuration in the router's flash memory for subsequent permanent use. All modifications to the system parameters, if not saved by this command, are valid only during the current session (until the system reset). After applying this command, the previous configuration is automatically saved as a backup with 0 number.
clear
Clears (resets to default) configuration in device flash. After entering device should be rebooted without saving the configuration.
import
Downloads the device configuration from the remote server. The information is performed using FTP . The file name shall be specified in full, in the format of the remote server's file system.
export
Saves the device configuration to the remote server. The information is performed using FTP. The file name shall be specified in full, in the format of the remote server's file system.
backup [list]
Displays backup configuration list.
backup save N "Comment"
Creates backup configuration N (1 ... 8).
backup replace N "Text"
Replace backup configuration.
backup restore N
Restore backup configuration N.
backup del N
Removes backup configuration N.
backup show N
Displays backup configuration N.
backup comment N "Comment"
Changes backup configuration N description.
backup {import | export} N ftp://login:password@host/file
Imports/exports backup configuration from/to ftp server.
set
Sets time zone settings. Supports automatic summer/winter time switching.
NOTE
Timezone is determined on Master device and automatically distributed on all other devices, connected with it. Thus, if on Slave devices the timezone is set, then it will be redefined to the timezone of Master.
Syntax:
TIMEZONE
Time zone in POSIX format:
"std offset" – time zone name and time offset, which must be added for a UTC time value. If only these parameters are specified, then the time zone will be applied without daylight saving time.
The following parameters are optional, must be used if automatic summer/winter time switching is needed.
"[dst] [offset]" – the name and offset for the corresponding Daylight Saving Time zone.
start[/time],end[/time] – the day and time of the beginning and end of the period when summer time is applied. The "start" and "end" values are set in the "Mm.n.d" form:
"Mm" – month, 1...12;
"d" – day of week, 0...6, there 0 – is sunday;
"n" – week in month, 1...5, there 1 – first week, 5 – last.
Example:
NOTE
For detailed information about TIMEZONE format: http://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html
flashnet
Uploads a new software version.
Syntax:
get
Loads a new software version into the device from a remote server using FTP. The file name shall be specified in full, in the format of the remote server's file system.
The download process has two phases:
Reading a file from a remote server and checking its integrity.
Upload the system image to the device's memory.
The second phase is indicated with symbol ".".
To update the firmware from FTP server use command:
flashnet get ftp:ftp@ftp://92.168.100.34/firmware.H11S01v1.6.6.bin
where
"H11" – hardware platform.
"1.6.6" – latest firmware version.
"ftp" – username.
"ftp" – password.
NOTE
After firmware updating, restart the unit with the command:
restart yes
put
Uploads current software from the device to a remote server.
-S
Any other IP address (SourceAddress) may be set as default.
restart
Full reset and re-initialization of a router. Equivalent to power off and on. May be used to restore initial configuration after a number of unsuccessful attempts to understand what exactly is done wrong, and after loading a new version of software.
Syntax:
y
Restart is executed immediately, without asking for confirmation.
SECONDS
The time for which the device restart will be delayed, in seconds. This option can be useful in case of dangerous manipulations with device's configuration when there is a risk to lose control over the device. Repeated entering of this command will start the countdown from the beginning.
stop
Cancels a postponed restart.
ping
Sends test packets ("ICMP_ECHO_REQUEST") to the given IP-address. It allows estimating the attainability of a host and the destination response time.
Syntax:
-s size_in_bytes
The test packet length within the range of 10 to 8000 bytes (optional, 56 by default).
-c count_packets
Specifies the number of request messages sent, 5 by default.
-S IP
Sets different source IP address. By default, the sending interface's address is put in the "source address" field of the packets.
-t sec
Interval between sending each request, 1 second by default. Fractional values are possible.
-q
Quiet mode. Displays only summary information.
-l
Same as -q, but displays lost packets.
telnet
Sets up a connection with a remote host specified by the IP address in the terminal emulation mode. The "telnet" command uses transparent symbols stream without any intermediate interpretation; therefore, the terminal type is defined by the terminal from which the command has been executed. To interrupt the terminal emulation session, press "Ctrl/D".
Syntax:
port
Telnet port.
-S source
Device's IP address
tracert
Traces the packet transmission path up to the host, specified by the "HostAddress" parameter. The command sends packets to the specified host, assigning different values to the "time to live" field in their IP headers, and analyzes "ICMP TIME_EXCEEDED" indications coming from different routers along the path to that host. By default, the sending interface's address is put in the "source address" field of the packets. Using the "-s" option, any other IP address (SourceAddress) may be substituted for this default address.
Tracing is limited to a path with maximum 30 intermediate nodes. Trace packets are 36 bytes long. The trace procedure makes 3 attempts for every intermediate node. Every trace result contains the IP address of an intermediate node and the response time (in milliseconds) of every attempt.
Syntax:
-S src_addr
Node IP address.
NOTE
In addition, it may contain some special symbols corresponding to specific reply codes of the ICMP protocol:
"!" – port unattainable.
"!N" – network unattainable.
"!H" – node (host) unattainable.
"!P" – inappropriate protocol.
"!F" – too long packet.
"!X" – access to a node is administratively restricted (filter, proxy etc.).
"*" – no reply.
webcfg
Web-interface support module.
Syntax:
sta[rt]
Enables web-interface support on the device. Web-interface allows easy graphical device configuration with the help of a web-browser.
sto[p]
Disables web-interface support on the device.
cmd[s]
Displays commands applied via web-interface.
clrc[md]
Removes commands applied via web-interface .
-http={on,off}
Enables/disables access to the web-interface via HTTPS.
-help -h -?
List all " webcfg " command arguments.
-lang={en|ru|fr|it|cn}
Sets web-interface localization: English, Russian, French, Italian and Chinese.
rshd
Remote Shell (RSH) Server is useful for periodic removal of accumulated statistics from the device . The built-in RSH server makes it possible remote command execution using the "rsh" program. Identification is based on using privileged TCP ports and a list of authorized hosts. By default RSH is disabled.
Syntax:
enable
Enters the system with three parameters:
"RUSER" – the remote user name (up to 16 symbols).
"RHOST" – remote host IP address.
"LUSER" – the local user name (up to 16 symbols).
ipstat
Allows specified user to use the "ipstat" command only.
disable
Disables an entry with defined parameters.
start
Starts server. When started, the server ignores requests for command execution until at least one valid system entry is enabled. A request for command execution is serviced only if for all three parameters it specifies the values corresponding to a valid entry. Up to 6 independent entries may be defined. The name of a local user is in no relation with the AstraFleX main authorization system; it may be considered simply as a keyword.
stop
Stops server.
flush
Clears the RSH server configuration.
[-]log
Enables/disables logging attepts of RSH protocol command using.
Example:
Remove the statistics from the device using RSH:
ipstat
The IP statistics gathering module provides for collecting information on data flows traversing the router, for further analysis and/or for accounting. Information is accumulated in the router's RAM memory as a series of records having three fields: source address, destination address, number of bytes transferred. By default, only outgoing packets are counted, at the moment they are sent to a physical interface.
Syntax:
enable [incoming|outgoing|full] [detail] [SLOTS] | disable
Enables/disables IP statistics gathering:
"incoming/outgoing" – allows gathering only incoming/outgoing packets.
"full" – gathering both incoming and outgoing packets.
"detail" – detailed IP statistics gathering including ports and protocols information.
"SLOTS" – allows to set the maximum number of records in the "ipstat" table. By default – 1000, this amount is usually enough for 15-20 minutes on a common subscriber terminal. One record takes 12 bytes.
clear
Clear accumulated statistical info.
traf [detail] [speed | total_bytes | pps] [reverse] [[if=IFNAME] [swg=N] -f "PCAP"]
Allows visually inspect statistics collection process in real time:
"detail" – switches on detailed IP statistics gathering including ports and protocols information.
"speed" – sorts the command output by transmission rate.
"total_bytes" – sorts "ipstat" output according to the number of transmittered bytes for the whole period.
"pps" – sorts the command output by the number of transmittered bytes in second.
"reverse" – allows to sort by the specified criterium (speed | total_bytes | pps) in reverse order.
"if=IFNAME" – the command output for the specified port.
"swg=N" – the command output for the specified switch group.
"-f "PCAP" – the command output for the specified pcap expression.
fixit
Dumps the statistic from the router's memory into an intermediate buffer. The memory is cleared, statistic accumulation starts from the begginig.
fixget
Shows the dump buffer content. This command may be executed any number of times, with no damage to the dumped statistical info.
fixclear
Clears the temporary dump buffer.
strict | -strict
If the record table in the router memory overflows, or if there is not enough memory currently available, an appropriate warning is written into the system log, and further statistical data are discarded. If the "strict " option is enabled, then at the overflow condition the transit routing is disabled, but the router still responds to any protocol.
add [intf] [swg=N] -f "PCAP"
Limits the packets number to those that satisfy the added rule:
"intf" – the interface name through which the packet enters the system.
"swg=N" – accepts packets belonging to the switch group N.
"-f "PCAP" – pcap expression filter.
NOTE
The syntax of the rules is equal to the "ipfw" command syntax.
del num
Deletes the N-th rule from the list.
rearrange [N]
Renumbers all the ipstat rules with the given increment (default step is 1).
sflowagent
Realization of a standard Sflow protocol. Sflow – is protocol for monitoring computer networks. It is commonly used by Internet Providers to capture traffic data in switched or routed networks.
Syntax:
sta[rt]
Starts Sflow agent.
sto[p]
Stops Sflow agent.
wi[pe]
Stops Sflow agent and clears its configuration.
add[instance] 'name'
Adds statistics gathering component ("ipstat" by default).
del[instance] 'name'
Deletes statistics gathering component ("ipstat" by default).
stat 'name'
Shows statistics for a component ("ipstat" by default).
cl[earstat] 'name'
Clears component statistic ("ipstat" by default).
-collector=IPaddress[:port]
Sets address of a collector that process sflow-packets. Default port is 6343.
-agent=IPaddress
Sets agent's own address (device).
-maxpacket=size
Sets maximum size of a Sflow-packet in bytes. 1472 bytes by default. Upper bound is limited by hardware and operational system capabilities. In case of its exceeding packet size will be decreased to acceptable value.
-interval=number
Time in seconds equal to interval with which statistics is delivered from instance. Increasing of this parameter leads to increasing in overall system efficiency but in case of unexpected network activity splash data could be lost. 15 seconds by default.
-datagrams=number
Maximum number of datagrams between times of receiving statistics from instance. Increasing of this parameter leads to the decrease in datagram average size and increases in theoretical number of delivered statistics data. Reduces the load on the CPU but in the same time reduces overall system efficiency. However, reducing of system efficiency doesn’t happen with low traffic. It is recommended to increase this parameter when decreasing maxpacket parameter and/or when increasing interval parameter. 100 by default. Maximum flow: sflow= datagrams/interval* maxpacket, (Bytes/sec)
-rawheader={on|off}
Sends original ip4v headers in spite of statistics data ("off" by default). Used for compliance with traffic monitoring programs.
-debug={on|off}
Adds debug output to the log.
-version -v
Shows current Sflow agent version.
Output parameter description.
Cycles
Overall number of gathering statistics success cycles.
Overflow records
Number of records in Instance for all cases when Instance overflowed earlier then interval period had ended.
Overflow count
Number of times when Instance overflowed earlier then interval period had ended.
Samples
Number of grouped records delivered from "flow records".
Datagrams
Overall number of sent datagrams.
Records
The number of statistics records.
Bytes
Overall number of transmitted data by Sflow protocol.
Unused datagrams
Number of datagrams that could be created in compliance with datagrams parameter but was not used.
Dropped records
Number of discarded datagrams.
Dropped samples
Number of discarded records delivered from "flow records".
Pending datagrams
The number of datagrams waiting to be sent.
Lost flow records
Number of "flow records" that were discarded because of "maxpacket", "interval" and "datagrams" parameters low values.
Lost overflow records
Number of times when Instance overflowed earlier then interval period had ended and data were lost.
Example:
acl
While network planning it is often necessary to group similar parameters in lists which can be used for different filters (e.g. "ipfw", "qm", "ipstat"). Access control lists can effectively solve this problem.
Syntax:
add $NAME TYPE XXX ...
Creates an access list with "NAME" title and "TYPE" type. Lists names must start with $ symbol and can include up to 7 letters, digits and other symbols excluding spaces and semicolon. At the same time the command can contain several parameters of "TYPE" type which will be included in the list. If the list with this name has been already created listed parameters will be attached to this list.
del $NAME [XXX ...]
Removes specified parameters from the "NAME" list. If none of parameters are mentioned all list will be deleted.
ren $NAME1 $NAME2
Changes list's name from "NAME1" to "NAME2".
flush
Removes all lists
Accepted list types (TYPE)
net
Contains network addresses in dot format:
xxx.xxx.xxx.xxx или xxx.xxx.xxx.xxx/MASKLEN or
xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx.
Lists of "net" type optimize their parameters by excluding duplicates and by having the feature that enables bigger networks include smaller networks. For example, if the list contained 1.1.1.1 parameter, when you include 1.1.1.0/24 parameter in the list 1.1.1.1 will be excluded.
Example:
acl add $LIST1 net 10.0.0.0/8 192.168.0.0/16 5.5.5.5
acl del $LIST1 100.100.100.100/28
Reserved access lists
$ACLOCAL net
List of IP addresses for access limitation to the device via telnet, ssh, http/https, snmp protocols (ports 22, 23, 80, 162, 443).
In case "$ACLOCAL" access list is in the configuration all attempts to establish a connection with the device from addresses (networks) that are not in this list will be rejected. There is no need to create rules.
Example:
acl add $ACLOCAL net 10.0.0.0/8 192.168.0.0/16
$LOCAL net
All local IP addresses assigned to the device. It can be used to set filters to restrict/allow access to the device via telnet, ssh, http/https, snmp (ports 22, 23, 80, 162, 443). For detailed information about filters configuration see the "ipfw command (IP Firewall)" article.
sntp
Allows the system to synchronize the time with configured NTP server using fourth version of SNTP protocol RFC 2030. Client works in unicast server request mode in certain time range.
Since MINT provides both time and timezone synchronization it's not necessary to use SNTP protocol for host to host time synchronization. So the optimal synchronization scenario is as follows:
Master device
SNTP client is disabled and configured to receive time from corporate or public source.
SNTP server is disabled.
Slave device
SNTP client is disabled - synchronization is performed by MINT.
Syntax:
start
Starts time synchronization process.
stop
Stops process.
-server={ipaddr}
Set SNTP server IP address.
Example:
sntp -server=9.1.1.1
-gps={on|off}
Enable/disable GPS time source. In case the external synchronization unit AUX-OUT-SYNC is connected to the device, the built-in GNSS receiver can be used as a precise time source (if there are signals from satellites constellation). It is not necessary to set the external SMTP server address.
Example:
sntp -server=''ip-external-sntp-server' -gps=on
In this case, the device will use both the satellite and the external SNTP server as the source of the precise time, and the satellite source will be the priority.
-interval={seconds}
Specifies poll interval in seconds, by default is 1800.
Example:
sntp -interval=5000
-supplier={on|off}
Enables/disables server mode support.
-debug={on|off}
Enables/disables debug information logging.
Example:
sntp -debug=on
sntp -debug=off
date
Date and time management. Shows or sets the date and time in AstraFleX system. While setting the date and time not only kernel clock is being changed but hardware clock changes its value either (if the device supports this feature).
Syntax:
cc
Century, 20 or 21.
yy
Year in abbreviated form (i.e. 89 for 1989, 05 for 2005).
mm
Month in numeric form (1 to 12).
dd
Day (1 to 31).
HH
Hour (0 to 23).
MM
Minute (0 to 59).
ss
Second (0 to 61 - 59 plus maximum two leap seconds).
Examples:
erp
Emergency Repair Procedure utility allows restoring lost system password to the device.
Syntax:
-serial <n>
Device serial number.
-code <c>
Special ERP code (factory password).
-ip <address>
IP address of device’s Ethernet interface.
-mask <mask>
Network mask.
boot
Device reboot.
reset
Resets device configuration including system user name and password. Serial number and special ERP code must be specified.
ifup
Turns up device's Ethernet interface (eth0) and adds IP address and net mask alias to it. Serial number, IP address and net mask should be specified.
Two Astra Wireless devices are required to perform Emergency Repair Procedure. First device is a device which should be repaired, second – device on which ERP utility will be run to repair the first device. Both of the devices should be connected to the same Ethernet segment via their Ethernet interfaces. The second device should have no "switch local tag <х>" option configured on its Ethernet interface.
Password restore procedure:
Run the ERP utility with "serial" option and specify a repairing device serial number. ERP will go to standby mode waiting for a first device to reboot.
Reboot device which should be repaired by power off and on.
After device is rebooted ERP will show "Sequence" parameter value and serial number of device. Please contact Astra Wireless tech support and provide these values.
The tech support write back an ERP code.
Run the following ERP command:
Reboot a repairing device again.
The utility will reset login, password and configuration on device to default.
Login to a repairing device with any non-blank username and password and enter the following command:
To change IP address on Ethernet interface of a repairing device from a second device without login use the following command:
aaa (access control using RADIUS server)
The "aaa" module allows access control configuration on the device using remote RADIUS server.
Syntax:
start
Starts "aaa" utility.
stop
Stops "aaa" utility.
-auth=ip[:port],secret[,identifier]
Sets parameters to access remote RADIUS server:
"ip[:port]" – IP address and port of a RADIUS server.
"secret" – password to access the server.
"identifier" – Network Access Server ID.
-remove=ip[:port]
Removes information about a RADIUS server from the configuration.
Whenever the debug mode is activated on a device that uses "aaa" access authentication via the remote RADIUS server, the authentication debug info is displayed on the local console to verify the settings.
Request id
Internal unique id of the request.
Type
Request type, i.e. "Access-Request".
The RADIUS attributes for Access-Request and Access-Accept requests are shown in the tables below.
Access-Request
1 - User-Name
The user name
2 - User-Password
The password
4 - NAS-IP-Address
IP address of the remote access server
6 - Service-Type
The Login (1) value is sent
31 - Calling-Station-Id
IP address of the connecting device
32 - NAS-Identifier
Base station symbolic name
61 - NAS-Port-Type
The Virtual (5) value is sent
Simplified, extended support of the RADIUS server for the wireless connections identification is provided:
1 - User-Name = "00-00-00-00-00-00"
Connecting device MAC address
2 - User-Password = "dummy"
Dummy predefined value
6 - Service-Type = Framed (2)
The Framed (2) value is sent
31 - Calling-Station-Id = "00-00-00-00-00-00"
MAC address of the connecting device
2 - NAS-Identifier = "Base 1"
Base station symbolic name
61 - NAS-Port-Type = Wireless-802.16 (27)
Value Wireless-802.16 (27)
Access-Accept
Session-Timeout
If the response from the RADIUS server contains the Session-Timeout parameter, then after a specified time (sec.), a new authentication request will be sent to extend or break the existing link. Value: 3600 seconds
license
The "license" command manages operations with a license file on the device.
Syntax:
-install=<url>
Uploads license file into the device from a remote server using FTP.
-export=<url>
Downloads license file from the device to a remote server using FTP.
-show
Displays license information on the screen.
Example:
dport
This command sets a console port bitrate. Available values are: 9600, 19200, 38400, 57600, 115200 Bit/sec. Default value is 38400 Bit/sec.
Syntax:
mem
This command show statistics for allocated device memory, network buffers, queues and drops on interfaces. Command output is described in the picture below.
Syntax:
grep
The "grep" command searches the output of the given command for lines matching the given PATTERN and displays the result.
Syntax:
-e PATTERN, --regexp=PATTERN
Uses a searching PATTERN that starts with "-" sign.
-i, --ignore-case
Ignore case distinction between capital and lowercase letters.
-v, --invert-match
Perform the invert filtering.
-w, --word-regexp
Display only those lines that matches the whole word.
-x, --line-regexp
Display only those lines that matches the whole line.
-c, --count
Does not display output, but number of lines matched, in combine with "-v, --invert-match" option - number of non-matching lines.
-m NUM, --max-count=NUM
Stops searching after the specified number of matching lines
-n, --line-number
All the command output lines are index numbered starting from 1.
-A NUM, --after-context=NUM
Prints the specified number "NUM" of lines, situated after "А" lines, matching given PATTERNs. Resulting output is separated from other matching entries with a special line (--).
-B NUM, --before-context=NUM
Prints the specified number " NUM " of lines, situated after "В" lines, matching given PATTERNs. Resulting output is separated from other matching entries with a special line (--).
-C NUM, --context=NUM
Prints the specified number " NUM " of lines, situated after "С" lines, matching given PATTERNs. Resulting output is separated from other matching entries with a special line (--).
gps
Manages GPS/GLONASS module.
Syntax:
-t=<level>
Service messages logging level:
"2" – logging all NMEA messages received from GPS/GLONASS module.
"1" – logging information about connection/disconnection to GPS/GLONASS, changing the number of visible satellites or a significant change in coordinates.
"0" – no logging is perfomed.
-a[=(0:1)]
Turn on/off the power supply to the antenna amplifier (if any):
"1" – turn on (by default, if value is not specified).
"2" – turn off.
start
Starts GPS/GLONASS module.
stop
Stops GPS/GLONASS module.
coordinates
Displays information about current GPS/GLONASS receiver state.
Command output:
______________
#1> gps coordinates
Satellites: 8
LAT/LONG: 56.811911/60.547041
Altitude: 275.89
HDOP: 0.92
FIX: 3D, GLONASS
Total GPS time: 17:43:19
Total nonvalid time: 00:00:01(0%)
Number of losses: 0
Now coordinates are valid last 17:43:18
Satellites histogram:
^
|
2.0 +
|
3.0 +
|
4.0 +
|
5.0 +
| <1%
6.0 +
| 1%
7.0 + |||||||||||||||||||||||||||||||||||||||||||||||||| 99%
v SATmin= 5 SATmax= 10
______________
"Satellites" – current number of visible satellites.
"LAT/LONG" – receiver geographic coordinates in degrees:
"LAT" – latitude -90.0000000° ... +90.0000000°.
"LONG" – longitude -180.0000000° ... +180.00000°.
"Altitude" – height above sea level in meters.
"HDOP" – horizontal plane coordinates accuracy reduction coefficient.
CAUTION
For reliable time synchronization, it is recommended to use less then 1,5 the " HDOP" parameter values.
The GNSS system can have following values:
GPS.
GLONASS.
GPS+GLONASS.
Statistic data (can also be displayed by "gps stat" command):
"Total GPS time" – total time of GPS service operation.
"Total nonvalid time" – total time during which the coordinates were nonvalid.
"Number of losses" – coordinates losses number.
"Now coordinates are valid last …" – time of GPS service operation since coordinates become valid.
"Satellites histogram" – visible satellites histogram.
"SATmin" and "SATmax" – the minimum and maximum number of visible satellites recorded since the last statistics reset.
"FIX - NO FIX|2D|3D" – coordinate determination current state. Following values are available:
"NO FIX" – coordinates are not defined.
"2D" – latitude and longitude are defined.
"3D" – latitude, longitude and height above sea level are defined.
stat
Dislays statistic about GPS/GLONASS module operation (without current receiver state).
clear
Clears statistic.
CAUTION
Note, that "tcp", "console", "-i", "-r", "-p" and "-s" parameters are used for diagnostics and debugging in case of emergency and only by specialists.
NOTE
The "gps" command is available in software version with the TDMA technology support.
tsync
Manages external synchronization source.
Syntax:
enable [BAUDRATE]
Enable synchronization by using external source.
disable
Disable external source.
[no]trace
Enable message output tracing (debugging) in the syslog.
[show]
Displays statistic.
clear
Clears statistic.
NOTE
The "tsync" command is available in software version with the TDMA technology support.
SSH protocol
SSH (Secure Shell) protocol allows secure remote management of network devices. Its functionality is similar to Telnet protocol but, as opposed to Telnet, SSH encodes all protocol messages/datagrams including transmitted passwords. For using SSH protocol SSH Server and SSH Client is needed. SSH Server accepts connections from client hosts (SSH Clients), performs their authentification and start serving the authorized clients.
Astra Wireless devices has built-in SSH Server and SSH Client functionality.
sshd
Built-in SSH Server (SSH daemon) configuration is performed using "sshd" command. By default, the SSH Server is disabled.
Access to the device via SSH protocol may be limited by using "$ACLOCAL" access control list. When "$ACLOCAL" list is configured on the device SSH Server rejects all connection attempts from SSH Clients with IP address or networks that are not present in the list.
Syntax:
-help, -h
Displays the command syntax.
-port=PORT
SSH Server TCP port number, which is used to receive connections SSH, by default is 22.
-window=SIZE
Allows changing SSH Server internal receiving window size in bytes. SSH Server window size defines maximum allowed bandwidth for "SSH Client - SSH Server" data channel. By default, SSH Server window size is 24576 bytes.
-keepalive=TIME
Sets session activity check duration period in seconds. By default server doesn’t make activity check (“0” value).
-banner=on | off
Shows/hide AstraFleX SSH information banner after loggin.
-log-level={emerg|alert|crit|error|warning|notice|info|debug|LEVEL} [notice]
Allows choosing logging levels of the SSH Server service information that will be written into the system log, to manage system log please use "sys log" command.
Different levels of logging can be chosen by "emerg", "alert", "error", "warning", "notice", "info", "debug" parameters or specified by the number of the needed level (from 0 to 7) using numeric "LEVEL" parameter. By default, "info" (6th level) is chosen.
-algo-list
Shows a list of all available SSH algorithms for key exchange ( kex ), authentification ( host key ), data encoding (cipher), data verification ( hash ) and data compression ( compress ).
-kex-algos[=ALGO-LIST]
Choosing kex algorithms from the list of algorithms (ALGO-LIST), to be used in SSH key exchange process.
-hostkey-algos[=ALGO-LIST]
Choosing host key algorithms from the list of algorithms (ALGO-LIST), to be used in SSH Server-Client authentification process.
-cipher-algos[=ALGO-LIST]
Choosing cipher algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data encoding.
-hash-algos[=ALGO-LIST]
Choosing hash algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data verification.
-comp-algos[=ALGO-LIST]
Choosing compression algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data compression.
-auth-methods[=AUTH-METHODS-LIST]
C hoosing an available authentication method from the (AUTH-METHODS-LIST) list.
An "all" value enables all authentication methods (set by default).
-none-cipher=on | off
Enable/disable encoding usage. Used when the simple TCP tunnel is needed, that significantly reduces the CPU load.
start
Starts SSH Server.
stop
Stops SSH Server.
newkeys
Host Keys re-generation.
NOTE
When first-time started SSH Server generates DSS and RSA Host Keys to be used for public key based SSH Server authentication.
pub[key] {sh[ow] | cl[ear] | de[lete] N}
"show" – shows SSH Client’s public keys that are registered in the SSH Server list.
"clear" – deletes all the SSH Client’s public keys from the SSH Server.
"delete" – deletes a certain SSH Client’s public key from the SSH Server list. Parameter "N" – is an index of the key in the list.
pub[key] {in[stall] | im[port] [LOGIN[:PASSWORD]@]HOST/FILE} [COMMENT]
Allows enabling public key based authentification of SSH Clients. In the Public key authentication mode SSH Server authorize SSH Client bypassing password login procedure. This mode is enabled automatically once a public key of the SSH Client is cached in SSH Server’s registry:
"install" – sets the SSH client public key in the SSH server registry.
"import" – imports an SSH client's public key into the SSH server registry from a remote FTP server:
"HOST" – remote FTP server IP address.
"FILE" – file containing SSH Client’s RSA/DSS public key in OpenSSH or SSH2 format. If login and password are set on the remote FTP server they should be specified as "LOGIN" and "PASSWORD" parameters.
"COMMENT" – allows adding a comment to the public key entry in the SSH Server list of clients public keys. By default, a comment with clients IP address or FTP IP address from where the key was obtained is added.
tun[nel] add LOGIN PASSWORD IFNAME
Sets separate authentication parameters for each tap interface:
"LOGIN" – username.
"PASSWORD" – password.
"IFNAME" – tap interface name.
If the values above are not specified, default authentication parameters will be used.
tun[nel] del LOGIN | clear
"del LOGIN" – deletes specified username from the SSH Tunnel configuration.
"clear" – deletes all SSH Tunnel users from SSH Server configuration.
NOTE
By default SSH Server applies only password authentication. However, this may not be enough to provide the necessary security level. Astra Wireless devices have several built-in SSH authentication methods, which are managed by "sshd pubkey" and "sshd -auth-methods" command. At the same time, an SSH Server will keep the connected SSH client public key.
sshc
Built-in SSH Client configuration is performed using "sshc" command.
Syntax:
[options] [LOGIN@]HOST[:PORT] [REMOTE-COMMAND]
Connect to the remote SSH Server:
"LOGIN" – username (maybe omitted when default logging name is used on the remote device).
"HOST" – a remote device IP address.
"REMOTE-COMAND" – defines a command that should be executed on the SSH Server after successful login.
-help, -h
Displays the command syntax.
-window=SIZE
Allows changing SSH Server internal receiving window size in bytes. SSH Server window size defines maximum allowed bandwidth for "SSH Client - SSH Server" data channel. By default, SSH Server window size is 24576 bytes.
-keepalive=TIME
Sets a frequency of sending compulsory session activity confirmations to the server. This allows not to loose the session to the server when SSH Client leaved unused for a long time period. By default, SSH Client doesn’t send any special activity confirmations ("0" value). Measured in seconds.
-compress, -C
Enables data compression.
-bind-addr=ADDR, -b ADDR
Sets SSH packets source IP address. This source IP address substitutes the default sending interface's IP address field of the SSH packets.
-pubkey-show
Displays generated public keys.
-pubkey-new[=BITS]
Generates new DSS and RSA SSH Client’s public keys. "BITS" parameter should be specified as a key size in bits, possible values: 512-4096.
-pubkey-clear
Deletes public keys on SSH Client.
-pubkey-export=[LOGIN[:PASSWORD]@]HOST/FILE
Exports public keys from SSH Client to a file on the remote FTP server:
"HOST" – remote FTP Server IP address.
"FILE" – a file name that will contain SSH Client’s RSA/DSS public keys. If login and password are set on the remote FTP server they should be specified as "LOGIN" and "PASSWORD" parameters.
-algo-list
Shows a list of all available SSH algorithms for key exchange ( kex ), authentification ( host key ), data encoding (cipher), data verification ( hash ) and data compression ( compress ).
-kex-algos[=ALGO-LIST]
Choosing kex algorithms from the list of algorithms (ALGO-LIST), to be used in SSH key exchange process.
-hostkey-algos[=ALGO-LIST]
Choosing host key algorithms from the list of algorithms (ALGO-LIST), to be used in SSH Server-Client authentification process.
-cipher-algos[=ALGO-LIST], -c ALGO-LIST
Choosing cipher algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data encoding.
-hash-algos[=ALGO-LIST], -m ALGO-LIST
Choosing hash algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data verification.
-comp-algos[=ALGO-LIST]
Choosing compression algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data compression.
NOTE
For compulsory SSH Client’s session interruption (for example, if SSH Server is not responding to SSH Client’s requests) please use the following key sequence: "Enter~." (on the keyboard, firstly, press "Enter" key, then "~" key, then "." key).
sshtun
The "sshtun" command allows to create upto 16 independent L2 tunnels via SSH connection.
In order to create tunnel, it is necessary to create tap interfaces on the both sides by using "ifconfig tapX up" command. The tap interface can have an IP address and be used as independent network interface, e.g. for routing, as well as a part of switch group. In addition, the tap interface can be used as the parent interface for the vlan, lag and prf interfaces, also as MINT network part.
The client SSH Tunnel module automatically re-establishes the connection to the remote server when the device is rebooted or the connection is broken. It can work with NAT, including addresses that are obtained dynamically via DHCP.
Syntax:
-help, -h
Displays the command syntax.
-log-level={emerg|alert|crit|error|warning|notice|info|debug|LEVEL}
Allows choosing logging levels of the SSH Server service information that will be written into the system log, to manage system log please use "sys log" command.
Different levels of logging can be chosen by "emerg", "alert", "error", "warning", "notice", "info", "debug" parameters or specified by the number of the needed level (from 0 to 7) using numeric "LEVEL" parameter. By default, "info" (6th level) is chosen.
-algo-list
Shows a list of all available SSH algorithms for key exchange ( kex ), authentification ( host key ), data encoding (cipher), data verification ( hash ) and data compression ( compress ).
start | stop | clear
Starts/stops/clears SSH Tunnel configuration.
IFNAME [options] [LOGIN[:PASSWORD]@HOST[:PORT]] [start | stop | del[ete]]
Starts/stops/removes specified SSH tunnel.
Parameters for an SSH tunnel establishing:
"IFNAME" – remote SSH server tap interface name.
"LOGIN" – remote SSH server username .
"PASSWORD" – remote SSH server password.
"HOST" – remote SSH server IP address.
"PORT" – remote SSH server port number.
-window=SIZE
Allows changing SSH Server internal receiving window size in bytes. SSH Server window size defines maximum allowed bandwidth for "SSH Client - SSH Server" data channel. By default, SSH Server window size is 24576 bytes.
NOTE
For maximum performance, the "-window" parameter value should be not less than 128000 on the both tunnel sides.
-keepalive=TIME
Sets a frequency of sending compulsory session activity confirmations to the server. This allows not to loose the session to the server when SSH Client leaved unused for a long time period. By default, SSH Client doesn’t send any special activity confirmations ("0" value). Measured in seconds.
-compress=on | off, -C on | off
Enables/disables data compression.
-bind-addr=ADDR, -b ADDR
Sets SSH packets source IP address. This source IP address substitutes the default sending interface's IP address field of the SSH packets.
-remote-if=REMOTE_TAP_NUM
The tap interface number on the remote site.
-reconnect-delay=TIME
Timeout for reconnection in case the connection is broken.
-kex-algos[=ALGO-LIST]
Choosing kex algorithms from the list of algorithms (ALGO-LIST), to be used in SSH key exchange process.
-hostkey-algos[=ALGO-LIST]
Choosing host key algorithms from the list of algorithms (ALGO-LIST), to be used in SSH Server-Client authentification process.
-cipher-algos[=ALGO-LIST], -c ALGO-LIST
Choosing cipher algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data encoding.
-hash-algos[=ALGO-LIST], -m ALGO-LIST
Choosing hash algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data verification.
-comp-algos[=ALGO-LIST]
Choosing compression algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data compression.
-auth-methods[=AUTH-METHODS-LIST]
Choosing an available authentication method from the (AUTH-METHODS-LIST) list.
An "all" value enables all authentication methods (set by default).
-none-cipher=on | off
Enable/disable encoding usage. Used when the simple TCP tunnel is needed, that significantly reduces the CPU load.
nslookup
Nslookup utility sends requests to the DNS server for direct and reverse domain names exchange.
Syntax:
name
Domain name is used to get an IP address.
ip
IP address is used to get a domain name.
DNSclient
DNS module provides the node address definition by its full name.
Syntax:
start
Starts DNS client service.
stop
Stops DNS client service.
-domain={name}
Sets a local d omain name.
-server={address}
Sets a server IP address. This parameter can be set several times.
get
Loads a new software version to the device. Loading is performed via FTP. The file name shall be specified in full, in the format of the file system.
The download process has two phases:
Reading a file from a remote server and checking its integrity.
Upload the system image to the device's memory.
The second phase is indicated with symbol ".".
To update firmware from FTP server use command:
flashnet get ftp:ftp@ftp://92.168.100.34/firmware.H11S01v1.6.6.bin
where
"H11" – hardware platform.
"1.6.6" – latest firmware version.
"ftp" – username.
"ftp" – password.
NOTE
After firmware updating, restart the unit with the command:
restart yes
put
Downloads current software from the device.
-S
Any other IP address (SourceAddress) may be set as default.
cron
The AstraFleX firmware allows to set execution of some commands at a specified time or periodically with a certain frequency. Thus, is possible to perform regular configuration backup without the participation of the system administrator.
Syntax:
start
Starts the Cron service.
stop
Stops the Cron service.
clear
Clears all records in the table.
add commandID "command" [from][-to][\interval]
Adds new record to the Cron table:
"commandID" – arbitrary name of the record.
"command" – command to be executed.
"from" and "-to" – allow to set the exact date and/or time of the command execution. Valid formats (any character can be replaced with "." to set "don't care" value) are:
31/12/2016 12:00:00
31/12/2016 12:00
12:00:00
12:00
"\interval" – allows to adjust the frequency of the command application. Valid formats (the "." character is not allowed) are:
\ 2 12:33:15
\ 2 12:33
\ 12:33:15
\ 12:33
\ 2
NOTE
Records that contain the exact date and/or time will be valid only if the system date and time are set by sntp or gps. Otherwise, only records with execution frequency will be executed, every 7 days for example (since the device last reboot).
del commandID
Removes the record from the Cron table.
dump
Displays the Cron table.
Example:
Set the configuration backup every 6 days.
Last updated