Fortinet white logo
Fortinet white logo

CLI Reference

config system interface

config system interface

Configure interfaces.

config system interface
    Description: Configure interfaces.
    edit <name>
        set vdom {string}
        set cli-conn-status {integer}
        set mode [static|dhcp|...]
        config client-options
            Description: DHCP client options.
            edit <id>
                set code {integer}
                set type [hex|string|...]
                set value {string}
                set ip {user}
            next
        end
        set distance {integer}
        set priority {integer}
        set dhcp-relay-interface-select-method [auto|sdwan|...]
        set dhcp-relay-interface {string}
        set dhcp-relay-service [disable|enable]
        set dhcp-relay-ip {user}
        set dhcp-relay-link-selection {ipv4-address}
        set dhcp-relay-request-all-server [disable|enable]
        set dhcp-relay-type [regular|ipsec]
        set dhcp-relay-agent-option [enable|disable]
        set dhcp-classless-route-addition [enable|disable]
        set management-ip {ipv4-classnet-host}
        set ip {ipv4-classnet-host}
        set allowaccess {option1}, {option2}, ...
        set gwdetect [enable|disable]
        set ping-serv-status {integer}
        set detectserver {user}
        set detectprotocol {option1}, {option2}, ...
        set ha-priority {integer}
        set fail-detect [enable|disable]
        set fail-detect-option {option1}, {option2}, ...
        set fail-alert-method [link-failed-signal|link-down]
        set fail-action-on-extender [soft-restart|hard-restart|...]
        set fail-alert-interfaces <name1>, <name2>, ...
        set dhcp-client-identifier {string}
        set dhcp-renew-time {integer}
        set ipunnumbered {ipv4-address}
        set username {string}
        set pppoe-unnumbered-negotiate [enable|disable]
        set password {password}
        set idle-timeout {integer}
        set detected-peer-mtu {integer}
        set disc-retry-timeout {integer}
        set padt-retry-timeout {integer}
        set service-name {string}
        set ac-name {string}
        set lcp-echo-interval {integer}
        set lcp-max-echo-fails {integer}
        set defaultgw [enable|disable]
        set dns-server-override [enable|disable]
        set dns-server-protocol {option1}, {option2}, ...
        set auth-type [auto|pap|...]
        set pptp-client [enable|disable]
        set pptp-user {string}
        set pptp-password {password}
        set pptp-server-ip {ipv4-address}
        set pptp-auth-type [auto|pap|...]
        set pptp-timeout {integer}
        set arpforward [enable|disable]
        set broadcast-forward [enable|disable]
        set bfd [global|enable|...]
        set bfd-desired-min-tx {integer}
        set bfd-detect-mult {integer}
        set bfd-required-min-rx {integer}
        set l2forward [enable|disable]
        set icmp-send-redirect [enable|disable]
        set icmp-accept-redirect [enable|disable]
        set stpforward [enable|disable]
        set stpforward-mode [rpl-all-ext-id|rpl-bridge-ext-id|...]
        set macaddr {mac-address}
        set substitute-dst-mac {mac-address}
        set speed [auto|10full|...]
        set status [up|down]
        set netbios-forward [disable|enable]
        set wins-ip {ipv4-address}
        set type [physical|vlan|...]
        set dedicated-to [none|management]
        set trust-ip-1 {ipv4-classnet-any}
        set trust-ip-2 {ipv4-classnet-any}
        set trust-ip-3 {ipv4-classnet-any}
        set trust-ip6-1 {ipv6-prefix}
        set trust-ip6-2 {ipv6-prefix}
        set trust-ip6-3 {ipv6-prefix}
        set ring-rx {integer}
        set ring-tx {integer}
        set wccp [enable|disable]
        set drop-overlapped-fragment [enable|disable]
        set drop-fragment [enable|disable]
        set src-check [enable|disable]
        set explicit-web-proxy [enable|disable]
        set explicit-ftp-proxy [enable|disable]
        set proxy-captive-portal [enable|disable]
        set tcp-mss {integer}
        set inbandwidth {integer}
        set outbandwidth {integer}
        set egress-shaping-profile {string}
        set ingress-shaping-profile {string}
        set disconnect-threshold {integer}
        set spillover-threshold {integer}
        set ingress-spillover-threshold {integer}
        set weight {integer}
        set interface {string}
        set external [enable|disable]
        set mtu-override [enable|disable]
        set mtu {integer}
        set vlan-protocol [8021q|8021ad]
        set vlanid {integer}
        set forward-domain {integer}
        set remote-ip {ipv4-classnet-host}
        set member <interface-name1>, <interface-name2>, ...
        set lacp-mode [static|passive|...]
        set lacp-ha-secondary [enable|disable]
        set system-id-type [auto|user]
        set system-id {mac-address}
        set lacp-speed [slow|fast]
        set min-links {integer}
        set min-links-down [operational|administrative]
        set algorithm [L2|L3|...]
        set link-up-delay {integer}
        set aggregate-type [physical|vxlan]
        set priority-override [enable|disable]
        set aggregate {string}
        set redundant-interface {string}
        set devindex {integer}
        set switch {string}
        set description {var-string}
        set alias {string}
        set security-mode [none|captive-portal|...]
        set security-mac-auth-bypass [mac-auth-only|enable|...]
        set security-external-web {var-string}
        set security-external-logout {string}
        set replacemsg-override-group {string}
        set security-redirect-url {var-string}
        set auth-cert {string}
        set auth-portal-addr {string}
        set security-exempt-list {string}
        set security-groups <name1>, <name2>, ...
        set ike-saml-server {string}
        set role [lan|wan|...]
        set snmp-index {integer}
        set secondary-IP [enable|disable]
        config secondaryip
            Description: Second IP address of interface.
            edit <id>
                set ip {ipv4-classnet-host}
                set allowaccess {option1}, {option2}, ...
                set gwdetect [enable|disable]
                set ping-serv-status {integer}
                set detectserver {user}
                set detectprotocol {option1}, {option2}, ...
                set ha-priority {integer}
            next
        end
        set color {integer}
        config tagging
            Description: Config object tagging.
            edit <name>
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        set eip {ipv4-address-any}
        set eap-supplicant [enable|disable]
        set eap-method [tls|peap]
        set eap-identity {string}
        set eap-password {password}
        set eap-ca-cert {string}
        set eap-user-cert {string}
        config ipv6
            Description: IPv6 of interface.
            set ip6-mode [static|dhcp|...]
            set nd-mode [basic|SEND-compatible]
            set nd-cert {string}
            set nd-security-level {integer}
            set nd-timestamp-delta {integer}
            set nd-timestamp-fuzz {integer}
            set nd-cga-modifier {user}
            set ip6-dns-server-override [enable|disable]
            set ip6-address {ipv6-prefix}
            config ip6-extra-addr
                Description: Extra IPv6 address prefixes of interface.
                edit <prefix>
                next
            end
            set ip6-allowaccess {option1}, {option2}, ...
            set ip6-send-adv [enable|disable]
            set icmp6-send-redirect [enable|disable]
            set ip6-manage-flag [enable|disable]
            set ip6-other-flag [enable|disable]
            set ip6-max-interval {integer}
            set ip6-min-interval {integer}
            set ip6-link-mtu {integer}
            set ra-send-mtu [enable|disable]
            set ip6-reachable-time {integer}
            set ip6-retrans-time {integer}
            set ip6-default-life {integer}
            set ip6-hop-limit {integer}
            set autoconf [enable|disable]
            set unique-autoconf-addr [enable|disable]
            set interface-identifier {ipv6-address}
            set ip6-prefix-mode [dhcp6|ra]
            set ip6-delegated-prefix-iaid {integer}
            set ip6-upstream-interface {string}
            set ip6-subnet {ipv6-prefix}
            config ip6-prefix-list
                Description: Advertised prefix list.
                edit <prefix>
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set valid-life-time {integer}
                    set preferred-life-time {integer}
                    set rdnss {user}
                    set dnssl <domain1>, <domain2>, ...
                next
            end
            config ip6-delegated-prefix-list
                Description: Advertised IPv6 delegated prefix list.
                edit <prefix-id>
                    set upstream-interface {string}
                    set delegated-prefix-iaid {integer}
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set subnet {ipv6-network}
                    set rdnss-service [delegated|default|...]
                    set rdnss {user}
                next
            end
            set dhcp6-relay-service [disable|enable]
            set dhcp6-relay-type {option}
            set dhcp6-relay-source-interface [disable|enable]
            set dhcp6-relay-ip {user}
            set dhcp6-client-options {option1}, {option2}, ...
            set dhcp6-prefix-delegation [enable|disable]
            set dhcp6-information-request [enable|disable]
            config dhcp6-iapd-list
                Description: DHCPv6 IA-PD list.
                edit <iaid>
                    set prefix-hint {ipv6-network}
                    set prefix-hint-plt {integer}
                    set prefix-hint-vlt {integer}
                next
            end
            set cli-conn6-status {integer}
        end
    next
end

config system interface

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 15

vdom

Interface is in this virtual domain (VDOM).

string

Maximum length: 31

cli-conn-status

CLI connection status.

integer

Minimum value: 0 Maximum value: 4294967295

0

mode

Addressing mode (static, DHCP, PPPoE).

option

-

static

Option

Description

static

Static setting.

dhcp

External DHCP client mode.

pppoe

External PPPoE mode.

distance

Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.

integer

Minimum value: 1 Maximum value: 255

5

priority

Priority of learned routes.

integer

Minimum value: 1 Maximum value: 65535

0

dhcp-relay-interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

dhcp-relay-interface

Specify outgoing interface to reach server.

string

Maximum length: 15

dhcp-relay-service

Enable/disable allowing this interface to act as a DHCP relay.

option

-

disable

Option

Description

disable

None.

enable

DHCP relay agent.

dhcp-relay-ip

DHCP relay IP address.

user

Not Specified

dhcp-relay-link-selection

DHCP relay link selection.

ipv4-address

Not Specified

0.0.0.0

dhcp-relay-request-all-server

Enable/disable sending of DHCP requests to all servers.

option

-

disable

Option

Description

disable

Send DHCP requests only to a matching server.

enable

Send DHCP requests to all servers.

dhcp-relay-type

DHCP relay type (regular or IPsec).

option

-

regular

Option

Description

regular

Regular DHCP relay.

ipsec

DHCP relay for IPsec.

dhcp-relay-agent-option

Enable/disable DHCP relay agent option.

option

-

enable

Option

Description

enable

Enable DHCP relay agent option.

disable

Disable DHCP relay agent option.

dhcp-classless-route-addition

Enable/disable addition of classless static routes retrieved from DHCP server.

option

-

disable

Option

Description

enable

Enable addition of classless static routes retrieved from DHCP server.

disable

Disable addition of classless static routes retrieved from DHCP server.

management-ip

High Availability in-band management IP address of this interface.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

ip

Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

allowaccess

Permitted types of management access to this interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

fgfm

FortiManager access.

radius-acct

RADIUS accounting access.

probe-response

Probe access.

fabric

Security Fabric access.

ftm

FTM access.

speed-test

Speed test access.

gwdetect

Enable/disable detect gateway alive for first.

option

-

disable

Option

Description

enable

Enable detect gateway alive for first.

disable

Disable detect gateway alive for first.

ping-serv-status

PING server status.

integer

Minimum value: 0 Maximum value: 255

0

detectserver

Gateway's ping server for this IP.

user

Not Specified

detectprotocol

Protocols used to detect the server.

option

-

ping

Option

Description

ping

PING.

tcp-echo

TCP echo.

udp-echo

UDP echo.

ha-priority

HA election priority for the PING server.

integer

Minimum value: 1 Maximum value: 50

1

fail-detect

Enable/disable fail detection features for this interface.

option

-

disable

Option

Description

enable

Enable interface failed option status.

disable

Disable interface failed option status.

fail-detect-option

Options for detecting that this interface has failed.

option

-

link-down

Option

Description

detectserver

Use a ping server to determine if the interface has failed.

link-down

Use port detection to determine if the interface has failed.

fail-alert-method

Select link-failed-signal or link-down method to alert about a failed link.

option

-

link-down

Option

Description

link-failed-signal

Link-failed-signal.

link-down

Link-down.

fail-action-on-extender

Action on FortiExtender when interface fail.

option

-

soft-restart

Option

Description

soft-restart

Soft-restart-on-extender.

hard-restart

Hard-restart-on-extender.

reboot

Reboot-on-extender.

fail-alert-interfaces <name>

Names of the FortiProxy interfaces to which the link failure alert is sent.

Names of the non-virtual interface.

string

Maximum length: 15

dhcp-client-identifier

DHCP client identifier.

string

Maximum length: 48

dhcp-renew-time

DHCP renew time in seconds , 0 means use the renew time provided by the server.

integer

Minimum value: 300 Maximum value: 604800

0

ipunnumbered

Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.

ipv4-address

Not Specified

0.0.0.0

username

Username of the PPPoE account, provided by your ISP.

string

Maximum length: 64

pppoe-unnumbered-negotiate

Enable/disable PPPoE unnumbered negotiation.

option

-

enable

Option

Description

enable

Enable IP address negotiating for unnumbered.

disable

Disable IP address negotiating for unnumbered.

password

PPPoE account's password.

password

Not Specified

idle-timeout

PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.

integer

Minimum value: 0 Maximum value: 32767

0

detected-peer-mtu

MTU of detected peer.

integer

Minimum value: 0 Maximum value: 4294967295

0

disc-retry-timeout

Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.

integer

Minimum value: 0 Maximum value: 4294967295

1

padt-retry-timeout

PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.

integer

Minimum value: 0 Maximum value: 4294967295

1

service-name

PPPoE service name.

string

Maximum length: 63

ac-name

PPPoE server name.

string

Maximum length: 63

lcp-echo-interval

Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.

integer

Minimum value: 0 Maximum value: 32767

5

lcp-max-echo-fails

Maximum missed LCP echo messages before disconnect.

integer

Minimum value: 0 Maximum value: 32767

3

defaultgw

Enable to get the gateway IP from the DHCP or PPPoE server.

option

-

enable

Option

Description

enable

Enable default gateway.

disable

Disable default gateway.

dns-server-override

Enable/disable use DNS acquired by DHCP or PPPoE.

option

-

enable

Option

Description

enable

Use DNS acquired by DHCP or PPPoE.

disable

No not use DNS acquired by DHCP or PPPoE.

dns-server-protocol

DNS transport protocols.

option

-

cleartext

Option

Description

cleartext

DNS over UDP/53, DNS over TCP/53.

dot

DNS over TLS/853.

doh

DNS over HTTPS/443.

auth-type

PPP authentication type to use.

option

-

auto

Option

Description

auto

Automatically choose authentication.

pap

PAP authentication.

chap

CHAP authentication.

mschapv1

MS-CHAPv1 authentication.

mschapv2

MS-CHAPv2 authentication.

pptp-client

Enable/disable PPTP client.

option

-

disable

Option

Description

enable

Enable PPTP client.

disable

Disable PPTP client.

pptp-user

PPTP user name.

string

Maximum length: 64

pptp-password

PPTP password.

password

Not Specified

pptp-server-ip

PPTP server IP address.

ipv4-address

Not Specified

0.0.0.0

pptp-auth-type

PPTP authentication type.

option

-

auto

Option

Description

auto

Automatically choose authentication.

pap

PAP authentication.

chap

CHAP authentication.

mschapv1

MS-CHAPv1 authentication.

mschapv2

MS-CHAPv2 authentication.

pptp-timeout

Idle timer in minutes (0 for disabled).

integer

Minimum value: 0 Maximum value: 65535

0

arpforward

Enable/disable ARP forwarding.

option

-

enable

Option

Description

enable

Enable ARP forwarding.

disable

Disable ARP forwarding.

broadcast-forward

Enable/disable broadcast forwarding.

option

-

disable

Option

Description

enable

Enable broadcast forwarding.

disable

Disable broadcast forwarding.

bfd

Bidirectional Forwarding Detection (BFD) settings.

option

-

global

Option

Description

global

BFD behavior of this interface will be based on global configuration.

enable

Enable BFD on this interface and ignore global configuration.

disable

Disable BFD on this interface and ignore global configuration.

bfd-desired-min-tx

BFD desired minimal transmit interval.

integer

Minimum value: 1 Maximum value: 100000

250

bfd-detect-mult

BFD detection multiplier.

integer

Minimum value: 1 Maximum value: 50

3

bfd-required-min-rx

BFD required minimal receive interval.

integer

Minimum value: 1 Maximum value: 100000

250

l2forward

Enable/disable l2 forwarding.

option

-

disable

Option

Description

enable

Enable L2 forwarding.

disable

Disable L2 forwarding.

icmp-send-redirect

Enable/disable sending of ICMP redirects.

option

-

enable

Option

Description

enable

Enable sending of ICMP redirects.

disable

Disable sending of ICMP redirects.

icmp-accept-redirect

Enable/disable ICMP accept redirect.

option

-

enable

Option

Description

enable

Enable ICMP accept redirect.

disable

Disable ICMP accept redirect.

stpforward

Enable/disable STP forwarding.

option

-

disable

Option

Description

enable

Enable STP forwarding.

disable

Disable STP forwarding.

stpforward-mode

Configure STP forwarding mode.

option

-

rpl-all-ext-id

Option

Description

rpl-all-ext-id

Replace all extension IDs (root, bridge).

rpl-bridge-ext-id

Replace the bridge extension ID only.

rpl-nothing

Replace nothing.

macaddr

Change the interface's MAC address.

mac-address

Not Specified

00:00:00:00:00:00

substitute-dst-mac

Destination MAC address that all packets are sent to from this interface.

mac-address

Not Specified

00:00:00:00:00:00

speed

Interface speed. The default setting and the options available depend on the interface hardware.

option

-

auto

Option

Description

auto

Automatically adjust speed.

10full

10M full-duplex.

10half

10M half-duplex.

100full

100M full-duplex.

100half

100M half-duplex.

1000full

1000M full-duplex.

1000auto

1000M auto adjust.

status

Bring the interface up or shut the interface down.

option

-

up

Option

Description

up

Bring the interface up.

down

Shut the interface down.

netbios-forward

Enable/disable NETBIOS forwarding.

option

-

disable

Option

Description

disable

Disable NETBIOS forwarding.

enable

Enable NETBIOS forwarding.

wins-ip

WINS server IP.

ipv4-address

Not Specified

0.0.0.0

type

Interface type.

option

-

vlan

Option

Description

physical

Physical interface.

vlan

VLAN interface.

aggregate

Aggregate interface.

redundant

Redundant interface.

tunnel

Tunnel interface.

loopback

Loopback interface.

vdom-link

VDOM link interface.

vxlan

VXLAN interface.

dedicated-to

Configure interface for single purpose.

option

-

none

Option

Description

none

Interface not dedicated for any purpose.

management

Dedicate this interface for management purposes only.

trust-ip-1

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip-2

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip-3

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip6-1

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

trust-ip6-2

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

trust-ip6-3

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

ring-rx

RX ring size.

integer

Minimum value: 0 Maximum value: 4294967295

0

ring-tx

TX ring size.

integer

Minimum value: 0 Maximum value: 4294967295

0

wccp

Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers.

option

-

disable

Option

Description

enable

Enable WCCP protocol on this interface.

disable

Disable WCCP protocol on this interface.

drop-overlapped-fragment

Enable/disable drop overlapped fragment packets.

option

-

disable

Option

Description

enable

Enable drop of overlapped fragment packets.

disable

Disable drop of overlapped fragment packets.

drop-fragment

Enable/disable drop fragment packets.

option

-

disable

Option

Description

enable

Enable/disable drop fragment packets.

disable

Do not drop fragment packets.

src-check

Enable/disable source IP check.

option

-

enable

Option

Description

enable

Enable source IP check.

disable

Disable source IP check.

explicit-web-proxy

Enable/disable the explicit web proxy on this interface.

option

-

disable

Option

Description

enable

Enable explicit Web proxy on this interface.

disable

Disable explicit Web proxy on this interface.

explicit-ftp-proxy

Enable/disable the explicit FTP proxy on this interface.

option

-

disable

Option

Description

enable

Enable explicit FTP proxy on this interface.

disable

Disable explicit FTP proxy on this interface.

proxy-captive-portal

Enable/disable proxy captive portal on this interface.

option

-

disable

Option

Description

enable

Enable proxy captive portal on this interface.

disable

Disable proxy captive portal on this interface.

tcp-mss

TCP maximum segment size. 0 means do not change segment size.

integer

Minimum value: 48 Maximum value: 65535

0

inbandwidth

Bandwidth limit for incoming traffic , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 80000000

0

outbandwidth

Bandwidth limit for outgoing traffic.

integer

Minimum value: 0 Maximum value: 80000000

0

egress-shaping-profile

Outgoing traffic shaping profile.

string

Maximum length: 35

ingress-shaping-profile

Incoming traffic shaping profile.

string

Maximum length: 35

disconnect-threshold

Time in milliseconds to wait before sending a notification that this interface is down or disconnected.

integer

Minimum value: 0 Maximum value: 10000

0

spillover-threshold

Egress Spillover threshold , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

0

ingress-spillover-threshold

Ingress Spillover threshold , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

0

weight

Default weight for static routes (if route has no weight configured).

integer

Minimum value: 0 Maximum value: 255

0

interface

Interface name.

string

Maximum length: 15

external

Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet).

option

-

disable

Option

Description

enable

Enable identifying the interface as an external interface.

disable

Disable identifying the interface as an external interface.

mtu-override

Enable to set a custom MTU for this interface.

option

-

disable

Option

Description

enable

Override default MTU.

disable

Use default MTU.

mtu

MTU value for this interface.

integer

Minimum value: 0 Maximum value: 4294967295

1500

vlan-protocol

Ethernet protocol of VLAN.

option

-

8021q

Option

Description

8021q

IEEE 802.1Q.

8021ad

IEEE 802.1AD.

vlanid

VLAN ID.

integer

Minimum value: 1 Maximum value: 4094

0

forward-domain

Transparent mode forward domain.

integer

Minimum value: 1 Maximum value: 4094

1

remote-ip

Remote IP address of tunnel.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

member <interface-name>

Physical interfaces that belong to the aggregate or redundant interface.

Physical interface name.

string

Maximum length: 79

lacp-mode

LACP mode.

option

-

active

Option

Description

static

Use static aggregation, do not send and ignore any LACP messages.

passive

Passively use LACP to negotiate 802.3ad aggregation.

active

Actively use LACP to negotiate 802.3ad aggregation.

lacp-ha-secondary

LACP HA secondary member.

option

-

enable

Option

Description

enable

Allow HA secondary member to send/receive LACP messages.

disable

Block HA secondary member from sending/receiving LACP messages.

system-id-type

Method in which system ID is generated.

option

-

auto

Option

Description

auto

Use the MAC address of the first member.

user

User-defined system ID.

system-id

Define a system ID for the aggregate interface.

mac-address

Not Specified

00:00:00:00:00:00

lacp-speed

How often the interface sends LACP messages.

option

-

slow

Option

Description

slow

Send LACP message every 30 seconds.

fast

Send LACP message every second.

min-links

Minimum number of aggregated ports that must be up.

integer

Minimum value: 1 Maximum value: 32

1

min-links-down

Action to take when less than the configured minimum number of links are active.

option

-

operational

Option

Description

operational

Set the aggregate operationally down.

administrative

Set the aggregate administratively down.

algorithm

Frame distribution algorithm.

option

-

L4

Option

Description

L2

Use layer 2 address for distribution.

L3

Use layer 3 address for distribution.

L4

Use layer 4 information for distribution.

Source-MAC

Use source MAC address for distribution.

link-up-delay

Number of milliseconds to wait before considering a link is up.

integer

Minimum value: 50 Maximum value: 3600000

50

aggregate-type

Type of aggregation.

option

-

physical

Option

Description

physical

Physical interface aggregation.

vxlan

VXLAN interface aggregation.

priority-override

Enable/disable fail back to higher priority port once recovered.

option

-

enable

Option

Description

enable

Enable fail back to higher priority port once recovered.

disable

Disable fail back to higher priority port once recovered.

aggregate

Aggregate interface.

string

Maximum length: 15

redundant-interface

Redundant interface.

string

Maximum length: 15

devindex

Device Index.

integer

Minimum value: 0 Maximum value: 4294967295

0

switch

Contained in switch.

string

Maximum length: 15

description

Description.

var-string

Maximum length: 255

alias

Alias will be displayed with the interface name to make it easier to distinguish.

string

Maximum length: 25

security-mode

Turn on captive portal authentication for this interface.

option

-

none

Option

Description

none

No security option.

captive-portal

Captive portal authentication.

802.1X

802.1X port-based authentication.

security-mac-auth-bypass

Enable/disable MAC authentication bypass.

option

-

disable

Option

Description

mac-auth-only

Enable MAC authentication bypass without EAP.

enable

Enable MAC authentication bypass.

disable

Disable MAC authentication bypass.

security-external-web

URL of external authentication web server.

var-string

Maximum length: 1023

security-external-logout

URL of external authentication logout server.

string

Maximum length: 127

replacemsg-override-group

Replacement message override group.

string

Maximum length: 35

security-redirect-url

URL redirection after disclaimer/authentication.

var-string

Maximum length: 1023

auth-cert

HTTPS server certificate.

string

Maximum length: 35

auth-portal-addr

Address of captive portal.

string

Maximum length: 63

security-exempt-list

Name of security-exempt-list.

string

Maximum length: 35

security-groups <name>

User groups that can authenticate with the captive portal.

Names of user groups that can authenticate with the captive portal.

string

Maximum length: 79

ike-saml-server

Configure IKE authentication SAML server.

string

Maximum length: 35

role

Interface role.

option

-

undefined

Option

Description

lan

Connected to local network of endpoints.

wan

Connected to Internet.

dmz

Connected to server zone.

undefined

Interface has no specific role.

snmp-index

Permanent SNMP Index of the interface.

integer

Minimum value: 1 Maximum value: 2147483647

0

secondary-IP

Enable/disable adding a secondary IP to this interface.

option

-

disable

Option

Description

enable

Enable secondary IP.

disable

Disable secondary IP.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

eip

External IP.

ipv4-address-any

Not Specified

0.0.0.0

eap-supplicant

Enable/disable EAP-Supplicant.

option

-

disable

Option

Description

enable

Enable EAP Supplicant.

disable

Disable EAP Supplicant.

eap-method

EAP method.

option

-

Option

Description

tls

TLS.

peap

PEAP.

eap-identity

EAP identity.

string

Maximum length: 35

eap-password

EAP password.

password

Not Specified

eap-ca-cert

EAP CA certificate name.

string

Maximum length: 79

eap-user-cert

EAP user certificate name.

string

Maximum length: 35

config client-options

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

code

DHCP client option code.

integer

Minimum value: 0 Maximum value: 255

0

type

DHCP client option type.

option

-

hex

Option

Description

hex

DHCP option in hex.

string

DHCP option in string.

ip

DHCP option in IP.

fqdn

DHCP option in domain search option format.

value

DHCP client option value.

string

Maximum length: 312

ip

DHCP option IPs.

user

Not Specified

config secondaryip

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip

Secondary IP address of the interface.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

allowaccess

Management access settings for the secondary IP address.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

fgfm

FortiManager access.

radius-acct

RADIUS accounting access.

probe-response

Probe access.

fabric

Security Fabric access.

ftm

FTM access.

speed-test

Speed test access.

gwdetect

Enable/disable detect gateway alive for first.

option

-

disable

Option

Description

enable

Enable detect gateway alive for first.

disable

Disable detect gateway alive for first.

ping-serv-status

PING server status.

integer

Minimum value: 0 Maximum value: 255

0

detectserver

Gateway's ping server for this IP.

user

Not Specified

detectprotocol

Protocols used to detect the server.

option

-

ping

Option

Description

ping

PING.

tcp-echo

TCP echo.

udp-echo

UDP echo.

ha-priority

HA election priority for the PING server.

integer

Minimum value: 1 Maximum value: 50

1

config tagging

Parameter

Description

Type

Size

Default

name

Tagging entry name.

string

Maximum length: 63

category

Tag category.

string

Maximum length: 63

tags <name>

Tags.

Tag name.

string

Maximum length: 79

config ipv6

Parameter

Description

Type

Size

Default

ip6-mode

Addressing mode (static, DHCP, delegated).

option

-

static

Option

Description

static

Static setting.

dhcp

DHCPv6 client mode.

pppoe

IPv6 over PPPoE mode.

delegated

IPv6 address with delegated prefix.

nd-mode

Neighbor discovery mode.

option

-

basic

Option

Description

basic

Do not support SEND.

SEND-compatible

Support SEND.

nd-cert

Neighbor discovery certificate.

string

Maximum length: 35

nd-security-level

Neighbor discovery security level.

integer

Minimum value: 0 Maximum value: 7

0

nd-timestamp-delta

Neighbor discovery timestamp delta value.

integer

Minimum value: 1 Maximum value: 3600

300

nd-timestamp-fuzz

Neighbor discovery timestamp fuzz factor.

integer

Minimum value: 1 Maximum value: 60

1

nd-cga-modifier

Neighbor discovery CGA modifier.

user

Not Specified

ip6-dns-server-override

Enable/disable using the DNS server acquired by DHCP.

option

-

enable

Option

Description

enable

Enable using the DNS server acquired by DHCP.

disable

Disable using the DNS server acquired by DHCP.

ip6-address

Primary IPv6 address prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx.

ipv6-prefix

Not Specified

::/0

ip6-allowaccess

Allow management access to the interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

fgfm

FortiManager access.

fabric

Fabric access.

ip6-send-adv

Enable/disable sending advertisements about the interface.

option

-

disable

Option

Description

enable

Enable sending advertisements about this interface.

disable

Disable sending advertisements about this interface.

icmp6-send-redirect

Enable/disable sending of ICMPv6 redirects.

option

-

enable

Option

Description

enable

Enable sending of ICMPv6 redirects.

disable

Disable sending of ICMPv6 redirects.

ip6-manage-flag

Enable/disable the managed flag.

option

-

disable

Option

Description

enable

Enable the managed IPv6 flag.

disable

Disable the managed IPv6 flag.

ip6-other-flag

Enable/disable the other IPv6 flag.

option

-

disable

Option

Description

enable

Enable the other IPv6 flag.

disable

Disable the other IPv6 flag.

ip6-max-interval

IPv6 maximum interval (4 to 1800 sec).

integer

Minimum value: 4 Maximum value: 1800

600

ip6-min-interval

IPv6 minimum interval (3 to 1350 sec).

integer

Minimum value: 3 Maximum value: 1350

198

ip6-link-mtu

IPv6 link MTU.

integer

Minimum value: 1280 Maximum value: 16000

0

ra-send-mtu

Enable/disable sending link MTU in RA packet.

option

-

enable

Option

Description

enable

Enable sending link MTU in RA packet.

disable

Disable sending link MTU in RA packet.

ip6-reachable-time

IPv6 reachable time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 3600000

0

ip6-retrans-time

IPv6 retransmit time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 4294967295

0

ip6-default-life

Default life (sec).

integer

Minimum value: 0 Maximum value: 9000

1800

ip6-hop-limit

Hop limit (0 means unspecified).

integer

Minimum value: 0 Maximum value: 255

0

autoconf

Enable/disable address auto config.

option

-

disable

Option

Description

enable

Enable auto-configuration.

disable

Disable auto-configuration.

unique-autoconf-addr

Enable/disable unique auto config address.

option

-

disable

Option

Description

enable

Enable unique auto-configuration address.

disable

Disable unique auto-configuration address.

interface-identifier

IPv6 interface identifier.

ipv6-address

Not Specified

::

ip6-prefix-mode

Assigning a prefix from DHCP or RA.

option

-

dhcp6

Option

Description

dhcp6

Use delegated prefix from a DHCPv6 client to form a delegated IPv6 address.

ra

Use prefix from RA to form a delegated IPv6 address.

ip6-delegated-prefix-iaid

IAID of obtained delegated-prefix from the upstream interface.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip6-upstream-interface

Interface name providing delegated information.

string

Maximum length: 15

ip6-subnet

Subnet to routing prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx.

ipv6-prefix

Not Specified

::/0

dhcp6-relay-service

Enable/disable DHCPv6 relay.

option

-

disable

Option

Description

disable

Disable DHCPv6 relay

enable

Enable DHCPv6 relay.

dhcp6-relay-type

DHCPv6 relay type.

option

-

regular

Option

Description

regular

Regular DHCP relay.

dhcp6-relay-source-interface

Enable/disable use of address on this interface as the source address of the relay message.

option

-

disable

Option

Description

disable

Use address of the egress interface as source address of the relay message.

enable

Use address of this interface as source address of the relay message.

dhcp6-relay-ip

DHCPv6 relay IP address.

user

Not Specified

dhcp6-client-options

DHCPv6 client options.

option

-

Option

Description

rapid

Send rapid commit option.

iapd

Send including IA-PD option.

iana

Send including IA-NA option.

dhcp6-prefix-delegation

Enable/disable DHCPv6 prefix delegation.

option

-

disable

Option

Description

enable

Enable DHCPv6 prefix delegation.

disable

Disable DHCPv6 prefix delegation.

dhcp6-information-request

Enable/disable DHCPv6 information request.

option

-

disable

Option

Description

enable

Enable DHCPv6 information request.

disable

Disable DHCPv6 information request.

cli-conn6-status

CLI IPv6 connection status.

integer

Minimum value: 0 Maximum value: 4294967295

0

config ip6-extra-addr

Parameter

Description

Type

Size

Default

prefix

IPv6 address prefix.

ipv6-prefix

Not Specified

::/0

config ip6-prefix-list

Parameter

Description

Type

Size

Default

prefix

IPv6 prefix.

ipv6-network

Not Specified

::/0

autonomous-flag

Enable/disable the autonomous flag.

option

-

enable

Option

Description

enable

Enable the autonomous flag.

disable

Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

-

enable

Option

Description

enable

Enable the onlink flag.

disable

Disable the onlink flag.

valid-life-time

Valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

2592000

preferred-life-time

Preferred life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

604800

rdnss

Recursive DNS server option.

user

Not Specified

dnssl <domain>

DNS search list option.

Domain name.

string

Maximum length: 79

config ip6-delegated-prefix-list

Parameter

Description

Type

Size

Default

prefix-id

Prefix ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

upstream-interface

Name of the interface that provides delegated information.

string

Maximum length: 15

delegated-prefix-iaid

IAID of obtained delegated-prefix from the upstream interface.

integer

Minimum value: 0 Maximum value: 4294967295

0

autonomous-flag

Enable/disable the autonomous flag.

option

-

enable

Option

Description

enable

Enable the autonomous flag.

disable

Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

-

enable

Option

Description

enable

Enable the onlink flag.

disable

Disable the onlink flag.

subnet

Add subnet ID to routing prefix.

ipv6-network

Not Specified

::/0

rdnss-service

Recursive DNS service option.

option

-

specify

Option

Description

delegated

Delegated RDNSS settings.

default

System RDNSS settings.

specify

Specify recursive DNS servers.

rdnss

Recursive DNS server option.

user

Not Specified

config dhcp6-iapd-list

Parameter

Description

Type

Size

Default

iaid

Identity association identifier.

integer

Minimum value: 0 Maximum value: 4294967295

0

prefix-hint

DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.

ipv6-network

Not Specified

::/0

prefix-hint-plt

DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.

integer

Minimum value: 0 Maximum value: 4294967295

604800

prefix-hint-vlt

DHCPv6 prefix hint valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

2592000

config system interface

config system interface

Configure interfaces.

config system interface
    Description: Configure interfaces.
    edit <name>
        set vdom {string}
        set cli-conn-status {integer}
        set mode [static|dhcp|...]
        config client-options
            Description: DHCP client options.
            edit <id>
                set code {integer}
                set type [hex|string|...]
                set value {string}
                set ip {user}
            next
        end
        set distance {integer}
        set priority {integer}
        set dhcp-relay-interface-select-method [auto|sdwan|...]
        set dhcp-relay-interface {string}
        set dhcp-relay-service [disable|enable]
        set dhcp-relay-ip {user}
        set dhcp-relay-link-selection {ipv4-address}
        set dhcp-relay-request-all-server [disable|enable]
        set dhcp-relay-type [regular|ipsec]
        set dhcp-relay-agent-option [enable|disable]
        set dhcp-classless-route-addition [enable|disable]
        set management-ip {ipv4-classnet-host}
        set ip {ipv4-classnet-host}
        set allowaccess {option1}, {option2}, ...
        set gwdetect [enable|disable]
        set ping-serv-status {integer}
        set detectserver {user}
        set detectprotocol {option1}, {option2}, ...
        set ha-priority {integer}
        set fail-detect [enable|disable]
        set fail-detect-option {option1}, {option2}, ...
        set fail-alert-method [link-failed-signal|link-down]
        set fail-action-on-extender [soft-restart|hard-restart|...]
        set fail-alert-interfaces <name1>, <name2>, ...
        set dhcp-client-identifier {string}
        set dhcp-renew-time {integer}
        set ipunnumbered {ipv4-address}
        set username {string}
        set pppoe-unnumbered-negotiate [enable|disable]
        set password {password}
        set idle-timeout {integer}
        set detected-peer-mtu {integer}
        set disc-retry-timeout {integer}
        set padt-retry-timeout {integer}
        set service-name {string}
        set ac-name {string}
        set lcp-echo-interval {integer}
        set lcp-max-echo-fails {integer}
        set defaultgw [enable|disable]
        set dns-server-override [enable|disable]
        set dns-server-protocol {option1}, {option2}, ...
        set auth-type [auto|pap|...]
        set pptp-client [enable|disable]
        set pptp-user {string}
        set pptp-password {password}
        set pptp-server-ip {ipv4-address}
        set pptp-auth-type [auto|pap|...]
        set pptp-timeout {integer}
        set arpforward [enable|disable]
        set broadcast-forward [enable|disable]
        set bfd [global|enable|...]
        set bfd-desired-min-tx {integer}
        set bfd-detect-mult {integer}
        set bfd-required-min-rx {integer}
        set l2forward [enable|disable]
        set icmp-send-redirect [enable|disable]
        set icmp-accept-redirect [enable|disable]
        set stpforward [enable|disable]
        set stpforward-mode [rpl-all-ext-id|rpl-bridge-ext-id|...]
        set macaddr {mac-address}
        set substitute-dst-mac {mac-address}
        set speed [auto|10full|...]
        set status [up|down]
        set netbios-forward [disable|enable]
        set wins-ip {ipv4-address}
        set type [physical|vlan|...]
        set dedicated-to [none|management]
        set trust-ip-1 {ipv4-classnet-any}
        set trust-ip-2 {ipv4-classnet-any}
        set trust-ip-3 {ipv4-classnet-any}
        set trust-ip6-1 {ipv6-prefix}
        set trust-ip6-2 {ipv6-prefix}
        set trust-ip6-3 {ipv6-prefix}
        set ring-rx {integer}
        set ring-tx {integer}
        set wccp [enable|disable]
        set drop-overlapped-fragment [enable|disable]
        set drop-fragment [enable|disable]
        set src-check [enable|disable]
        set explicit-web-proxy [enable|disable]
        set explicit-ftp-proxy [enable|disable]
        set proxy-captive-portal [enable|disable]
        set tcp-mss {integer}
        set inbandwidth {integer}
        set outbandwidth {integer}
        set egress-shaping-profile {string}
        set ingress-shaping-profile {string}
        set disconnect-threshold {integer}
        set spillover-threshold {integer}
        set ingress-spillover-threshold {integer}
        set weight {integer}
        set interface {string}
        set external [enable|disable]
        set mtu-override [enable|disable]
        set mtu {integer}
        set vlan-protocol [8021q|8021ad]
        set vlanid {integer}
        set forward-domain {integer}
        set remote-ip {ipv4-classnet-host}
        set member <interface-name1>, <interface-name2>, ...
        set lacp-mode [static|passive|...]
        set lacp-ha-secondary [enable|disable]
        set system-id-type [auto|user]
        set system-id {mac-address}
        set lacp-speed [slow|fast]
        set min-links {integer}
        set min-links-down [operational|administrative]
        set algorithm [L2|L3|...]
        set link-up-delay {integer}
        set aggregate-type [physical|vxlan]
        set priority-override [enable|disable]
        set aggregate {string}
        set redundant-interface {string}
        set devindex {integer}
        set switch {string}
        set description {var-string}
        set alias {string}
        set security-mode [none|captive-portal|...]
        set security-mac-auth-bypass [mac-auth-only|enable|...]
        set security-external-web {var-string}
        set security-external-logout {string}
        set replacemsg-override-group {string}
        set security-redirect-url {var-string}
        set auth-cert {string}
        set auth-portal-addr {string}
        set security-exempt-list {string}
        set security-groups <name1>, <name2>, ...
        set ike-saml-server {string}
        set role [lan|wan|...]
        set snmp-index {integer}
        set secondary-IP [enable|disable]
        config secondaryip
            Description: Second IP address of interface.
            edit <id>
                set ip {ipv4-classnet-host}
                set allowaccess {option1}, {option2}, ...
                set gwdetect [enable|disable]
                set ping-serv-status {integer}
                set detectserver {user}
                set detectprotocol {option1}, {option2}, ...
                set ha-priority {integer}
            next
        end
        set color {integer}
        config tagging
            Description: Config object tagging.
            edit <name>
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        set eip {ipv4-address-any}
        set eap-supplicant [enable|disable]
        set eap-method [tls|peap]
        set eap-identity {string}
        set eap-password {password}
        set eap-ca-cert {string}
        set eap-user-cert {string}
        config ipv6
            Description: IPv6 of interface.
            set ip6-mode [static|dhcp|...]
            set nd-mode [basic|SEND-compatible]
            set nd-cert {string}
            set nd-security-level {integer}
            set nd-timestamp-delta {integer}
            set nd-timestamp-fuzz {integer}
            set nd-cga-modifier {user}
            set ip6-dns-server-override [enable|disable]
            set ip6-address {ipv6-prefix}
            config ip6-extra-addr
                Description: Extra IPv6 address prefixes of interface.
                edit <prefix>
                next
            end
            set ip6-allowaccess {option1}, {option2}, ...
            set ip6-send-adv [enable|disable]
            set icmp6-send-redirect [enable|disable]
            set ip6-manage-flag [enable|disable]
            set ip6-other-flag [enable|disable]
            set ip6-max-interval {integer}
            set ip6-min-interval {integer}
            set ip6-link-mtu {integer}
            set ra-send-mtu [enable|disable]
            set ip6-reachable-time {integer}
            set ip6-retrans-time {integer}
            set ip6-default-life {integer}
            set ip6-hop-limit {integer}
            set autoconf [enable|disable]
            set unique-autoconf-addr [enable|disable]
            set interface-identifier {ipv6-address}
            set ip6-prefix-mode [dhcp6|ra]
            set ip6-delegated-prefix-iaid {integer}
            set ip6-upstream-interface {string}
            set ip6-subnet {ipv6-prefix}
            config ip6-prefix-list
                Description: Advertised prefix list.
                edit <prefix>
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set valid-life-time {integer}
                    set preferred-life-time {integer}
                    set rdnss {user}
                    set dnssl <domain1>, <domain2>, ...
                next
            end
            config ip6-delegated-prefix-list
                Description: Advertised IPv6 delegated prefix list.
                edit <prefix-id>
                    set upstream-interface {string}
                    set delegated-prefix-iaid {integer}
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set subnet {ipv6-network}
                    set rdnss-service [delegated|default|...]
                    set rdnss {user}
                next
            end
            set dhcp6-relay-service [disable|enable]
            set dhcp6-relay-type {option}
            set dhcp6-relay-source-interface [disable|enable]
            set dhcp6-relay-ip {user}
            set dhcp6-client-options {option1}, {option2}, ...
            set dhcp6-prefix-delegation [enable|disable]
            set dhcp6-information-request [enable|disable]
            config dhcp6-iapd-list
                Description: DHCPv6 IA-PD list.
                edit <iaid>
                    set prefix-hint {ipv6-network}
                    set prefix-hint-plt {integer}
                    set prefix-hint-vlt {integer}
                next
            end
            set cli-conn6-status {integer}
        end
    next
end

config system interface

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 15

vdom

Interface is in this virtual domain (VDOM).

string

Maximum length: 31

cli-conn-status

CLI connection status.

integer

Minimum value: 0 Maximum value: 4294967295

0

mode

Addressing mode (static, DHCP, PPPoE).

option

-

static

Option

Description

static

Static setting.

dhcp

External DHCP client mode.

pppoe

External PPPoE mode.

distance

Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.

integer

Minimum value: 1 Maximum value: 255

5

priority

Priority of learned routes.

integer

Minimum value: 1 Maximum value: 65535

0

dhcp-relay-interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

dhcp-relay-interface

Specify outgoing interface to reach server.

string

Maximum length: 15

dhcp-relay-service

Enable/disable allowing this interface to act as a DHCP relay.

option

-

disable

Option

Description

disable

None.

enable

DHCP relay agent.

dhcp-relay-ip

DHCP relay IP address.

user

Not Specified

dhcp-relay-link-selection

DHCP relay link selection.

ipv4-address

Not Specified

0.0.0.0

dhcp-relay-request-all-server

Enable/disable sending of DHCP requests to all servers.

option

-

disable

Option

Description

disable

Send DHCP requests only to a matching server.

enable

Send DHCP requests to all servers.

dhcp-relay-type

DHCP relay type (regular or IPsec).

option

-

regular

Option

Description

regular

Regular DHCP relay.

ipsec

DHCP relay for IPsec.

dhcp-relay-agent-option

Enable/disable DHCP relay agent option.

option

-

enable

Option

Description

enable

Enable DHCP relay agent option.

disable

Disable DHCP relay agent option.

dhcp-classless-route-addition

Enable/disable addition of classless static routes retrieved from DHCP server.

option

-

disable

Option

Description

enable

Enable addition of classless static routes retrieved from DHCP server.

disable

Disable addition of classless static routes retrieved from DHCP server.

management-ip

High Availability in-band management IP address of this interface.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

ip

Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

allowaccess

Permitted types of management access to this interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

fgfm

FortiManager access.

radius-acct

RADIUS accounting access.

probe-response

Probe access.

fabric

Security Fabric access.

ftm

FTM access.

speed-test

Speed test access.

gwdetect

Enable/disable detect gateway alive for first.

option

-

disable

Option

Description

enable

Enable detect gateway alive for first.

disable

Disable detect gateway alive for first.

ping-serv-status

PING server status.

integer

Minimum value: 0 Maximum value: 255

0

detectserver

Gateway's ping server for this IP.

user

Not Specified

detectprotocol

Protocols used to detect the server.

option

-

ping

Option

Description

ping

PING.

tcp-echo

TCP echo.

udp-echo

UDP echo.

ha-priority

HA election priority for the PING server.

integer

Minimum value: 1 Maximum value: 50

1

fail-detect

Enable/disable fail detection features for this interface.

option

-

disable

Option

Description

enable

Enable interface failed option status.

disable

Disable interface failed option status.

fail-detect-option

Options for detecting that this interface has failed.

option

-

link-down

Option

Description

detectserver

Use a ping server to determine if the interface has failed.

link-down

Use port detection to determine if the interface has failed.

fail-alert-method

Select link-failed-signal or link-down method to alert about a failed link.

option

-

link-down

Option

Description

link-failed-signal

Link-failed-signal.

link-down

Link-down.

fail-action-on-extender

Action on FortiExtender when interface fail.

option

-

soft-restart

Option

Description

soft-restart

Soft-restart-on-extender.

hard-restart

Hard-restart-on-extender.

reboot

Reboot-on-extender.

fail-alert-interfaces <name>

Names of the FortiProxy interfaces to which the link failure alert is sent.

Names of the non-virtual interface.

string

Maximum length: 15

dhcp-client-identifier

DHCP client identifier.

string

Maximum length: 48

dhcp-renew-time

DHCP renew time in seconds , 0 means use the renew time provided by the server.

integer

Minimum value: 300 Maximum value: 604800

0

ipunnumbered

Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.

ipv4-address

Not Specified

0.0.0.0

username

Username of the PPPoE account, provided by your ISP.

string

Maximum length: 64

pppoe-unnumbered-negotiate

Enable/disable PPPoE unnumbered negotiation.

option

-

enable

Option

Description

enable

Enable IP address negotiating for unnumbered.

disable

Disable IP address negotiating for unnumbered.

password

PPPoE account's password.

password

Not Specified

idle-timeout

PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.

integer

Minimum value: 0 Maximum value: 32767

0

detected-peer-mtu

MTU of detected peer.

integer

Minimum value: 0 Maximum value: 4294967295

0

disc-retry-timeout

Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.

integer

Minimum value: 0 Maximum value: 4294967295

1

padt-retry-timeout

PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.

integer

Minimum value: 0 Maximum value: 4294967295

1

service-name

PPPoE service name.

string

Maximum length: 63

ac-name

PPPoE server name.

string

Maximum length: 63

lcp-echo-interval

Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.

integer

Minimum value: 0 Maximum value: 32767

5

lcp-max-echo-fails

Maximum missed LCP echo messages before disconnect.

integer

Minimum value: 0 Maximum value: 32767

3

defaultgw

Enable to get the gateway IP from the DHCP or PPPoE server.

option

-

enable

Option

Description

enable

Enable default gateway.

disable

Disable default gateway.

dns-server-override

Enable/disable use DNS acquired by DHCP or PPPoE.

option

-

enable

Option

Description

enable

Use DNS acquired by DHCP or PPPoE.

disable

No not use DNS acquired by DHCP or PPPoE.

dns-server-protocol

DNS transport protocols.

option

-

cleartext

Option

Description

cleartext

DNS over UDP/53, DNS over TCP/53.

dot

DNS over TLS/853.

doh

DNS over HTTPS/443.

auth-type

PPP authentication type to use.

option

-

auto

Option

Description

auto

Automatically choose authentication.

pap

PAP authentication.

chap

CHAP authentication.

mschapv1

MS-CHAPv1 authentication.

mschapv2

MS-CHAPv2 authentication.

pptp-client

Enable/disable PPTP client.

option

-

disable

Option

Description

enable

Enable PPTP client.

disable

Disable PPTP client.

pptp-user

PPTP user name.

string

Maximum length: 64

pptp-password

PPTP password.

password

Not Specified

pptp-server-ip

PPTP server IP address.

ipv4-address

Not Specified

0.0.0.0

pptp-auth-type

PPTP authentication type.

option

-

auto

Option

Description

auto

Automatically choose authentication.

pap

PAP authentication.

chap

CHAP authentication.

mschapv1

MS-CHAPv1 authentication.

mschapv2

MS-CHAPv2 authentication.

pptp-timeout

Idle timer in minutes (0 for disabled).

integer

Minimum value: 0 Maximum value: 65535

0

arpforward

Enable/disable ARP forwarding.

option

-

enable

Option

Description

enable

Enable ARP forwarding.

disable

Disable ARP forwarding.

broadcast-forward

Enable/disable broadcast forwarding.

option

-

disable

Option

Description

enable

Enable broadcast forwarding.

disable

Disable broadcast forwarding.

bfd

Bidirectional Forwarding Detection (BFD) settings.

option

-

global

Option

Description

global

BFD behavior of this interface will be based on global configuration.

enable

Enable BFD on this interface and ignore global configuration.

disable

Disable BFD on this interface and ignore global configuration.

bfd-desired-min-tx

BFD desired minimal transmit interval.

integer

Minimum value: 1 Maximum value: 100000

250

bfd-detect-mult

BFD detection multiplier.

integer

Minimum value: 1 Maximum value: 50

3

bfd-required-min-rx

BFD required minimal receive interval.

integer

Minimum value: 1 Maximum value: 100000

250

l2forward

Enable/disable l2 forwarding.

option

-

disable

Option

Description

enable

Enable L2 forwarding.

disable

Disable L2 forwarding.

icmp-send-redirect

Enable/disable sending of ICMP redirects.

option

-

enable

Option

Description

enable

Enable sending of ICMP redirects.

disable

Disable sending of ICMP redirects.

icmp-accept-redirect

Enable/disable ICMP accept redirect.

option

-

enable

Option

Description

enable

Enable ICMP accept redirect.

disable

Disable ICMP accept redirect.

stpforward

Enable/disable STP forwarding.

option

-

disable

Option

Description

enable

Enable STP forwarding.

disable

Disable STP forwarding.

stpforward-mode

Configure STP forwarding mode.

option

-

rpl-all-ext-id

Option

Description

rpl-all-ext-id

Replace all extension IDs (root, bridge).

rpl-bridge-ext-id

Replace the bridge extension ID only.

rpl-nothing

Replace nothing.

macaddr

Change the interface's MAC address.

mac-address

Not Specified

00:00:00:00:00:00

substitute-dst-mac

Destination MAC address that all packets are sent to from this interface.

mac-address

Not Specified

00:00:00:00:00:00

speed

Interface speed. The default setting and the options available depend on the interface hardware.

option

-

auto

Option

Description

auto

Automatically adjust speed.

10full

10M full-duplex.

10half

10M half-duplex.

100full

100M full-duplex.

100half

100M half-duplex.

1000full

1000M full-duplex.

1000auto

1000M auto adjust.

status

Bring the interface up or shut the interface down.

option

-

up

Option

Description

up

Bring the interface up.

down

Shut the interface down.

netbios-forward

Enable/disable NETBIOS forwarding.

option

-

disable

Option

Description

disable

Disable NETBIOS forwarding.

enable

Enable NETBIOS forwarding.

wins-ip

WINS server IP.

ipv4-address

Not Specified

0.0.0.0

type

Interface type.

option

-

vlan

Option

Description

physical

Physical interface.

vlan

VLAN interface.

aggregate

Aggregate interface.

redundant

Redundant interface.

tunnel

Tunnel interface.

loopback

Loopback interface.

vdom-link

VDOM link interface.

vxlan

VXLAN interface.

dedicated-to

Configure interface for single purpose.

option

-

none

Option

Description

none

Interface not dedicated for any purpose.

management

Dedicate this interface for management purposes only.

trust-ip-1

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip-2

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip-3

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip6-1

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

trust-ip6-2

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

trust-ip6-3

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

ring-rx

RX ring size.

integer

Minimum value: 0 Maximum value: 4294967295

0

ring-tx

TX ring size.

integer

Minimum value: 0 Maximum value: 4294967295

0

wccp

Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers.

option

-

disable

Option

Description

enable

Enable WCCP protocol on this interface.

disable

Disable WCCP protocol on this interface.

drop-overlapped-fragment

Enable/disable drop overlapped fragment packets.

option

-

disable

Option

Description

enable

Enable drop of overlapped fragment packets.

disable

Disable drop of overlapped fragment packets.

drop-fragment

Enable/disable drop fragment packets.

option

-

disable

Option

Description

enable

Enable/disable drop fragment packets.

disable

Do not drop fragment packets.

src-check

Enable/disable source IP check.

option

-

enable

Option

Description

enable

Enable source IP check.

disable

Disable source IP check.

explicit-web-proxy

Enable/disable the explicit web proxy on this interface.

option

-

disable

Option

Description

enable

Enable explicit Web proxy on this interface.

disable

Disable explicit Web proxy on this interface.

explicit-ftp-proxy

Enable/disable the explicit FTP proxy on this interface.

option

-

disable

Option

Description

enable

Enable explicit FTP proxy on this interface.

disable

Disable explicit FTP proxy on this interface.

proxy-captive-portal

Enable/disable proxy captive portal on this interface.

option

-

disable

Option

Description

enable

Enable proxy captive portal on this interface.

disable

Disable proxy captive portal on this interface.

tcp-mss

TCP maximum segment size. 0 means do not change segment size.

integer

Minimum value: 48 Maximum value: 65535

0

inbandwidth

Bandwidth limit for incoming traffic , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 80000000

0

outbandwidth

Bandwidth limit for outgoing traffic.

integer

Minimum value: 0 Maximum value: 80000000

0

egress-shaping-profile

Outgoing traffic shaping profile.

string

Maximum length: 35

ingress-shaping-profile

Incoming traffic shaping profile.

string

Maximum length: 35

disconnect-threshold

Time in milliseconds to wait before sending a notification that this interface is down or disconnected.

integer

Minimum value: 0 Maximum value: 10000

0

spillover-threshold

Egress Spillover threshold , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

0

ingress-spillover-threshold

Ingress Spillover threshold , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

0

weight

Default weight for static routes (if route has no weight configured).

integer

Minimum value: 0 Maximum value: 255

0

interface

Interface name.

string

Maximum length: 15

external

Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet).

option

-

disable

Option

Description

enable

Enable identifying the interface as an external interface.

disable

Disable identifying the interface as an external interface.

mtu-override

Enable to set a custom MTU for this interface.

option

-

disable

Option

Description

enable

Override default MTU.

disable

Use default MTU.

mtu

MTU value for this interface.

integer

Minimum value: 0 Maximum value: 4294967295

1500

vlan-protocol

Ethernet protocol of VLAN.

option

-

8021q

Option

Description

8021q

IEEE 802.1Q.

8021ad

IEEE 802.1AD.

vlanid

VLAN ID.

integer

Minimum value: 1 Maximum value: 4094

0

forward-domain

Transparent mode forward domain.

integer

Minimum value: 1 Maximum value: 4094

1

remote-ip

Remote IP address of tunnel.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

member <interface-name>

Physical interfaces that belong to the aggregate or redundant interface.

Physical interface name.

string

Maximum length: 79

lacp-mode

LACP mode.

option

-

active

Option

Description

static

Use static aggregation, do not send and ignore any LACP messages.

passive

Passively use LACP to negotiate 802.3ad aggregation.

active

Actively use LACP to negotiate 802.3ad aggregation.

lacp-ha-secondary

LACP HA secondary member.

option

-

enable

Option

Description

enable

Allow HA secondary member to send/receive LACP messages.

disable

Block HA secondary member from sending/receiving LACP messages.

system-id-type

Method in which system ID is generated.

option

-

auto

Option

Description

auto

Use the MAC address of the first member.

user

User-defined system ID.

system-id

Define a system ID for the aggregate interface.

mac-address

Not Specified

00:00:00:00:00:00

lacp-speed

How often the interface sends LACP messages.

option

-

slow

Option

Description

slow

Send LACP message every 30 seconds.

fast

Send LACP message every second.

min-links

Minimum number of aggregated ports that must be up.

integer

Minimum value: 1 Maximum value: 32

1

min-links-down

Action to take when less than the configured minimum number of links are active.

option

-

operational

Option

Description

operational

Set the aggregate operationally down.

administrative

Set the aggregate administratively down.

algorithm

Frame distribution algorithm.

option

-

L4

Option

Description

L2

Use layer 2 address for distribution.

L3

Use layer 3 address for distribution.

L4

Use layer 4 information for distribution.

Source-MAC

Use source MAC address for distribution.

link-up-delay

Number of milliseconds to wait before considering a link is up.

integer

Minimum value: 50 Maximum value: 3600000

50

aggregate-type

Type of aggregation.

option

-

physical

Option

Description

physical

Physical interface aggregation.

vxlan

VXLAN interface aggregation.

priority-override

Enable/disable fail back to higher priority port once recovered.

option

-

enable

Option

Description

enable

Enable fail back to higher priority port once recovered.

disable

Disable fail back to higher priority port once recovered.

aggregate

Aggregate interface.

string

Maximum length: 15

redundant-interface

Redundant interface.

string

Maximum length: 15

devindex

Device Index.

integer

Minimum value: 0 Maximum value: 4294967295

0

switch

Contained in switch.

string

Maximum length: 15

description

Description.

var-string

Maximum length: 255

alias

Alias will be displayed with the interface name to make it easier to distinguish.

string

Maximum length: 25

security-mode

Turn on captive portal authentication for this interface.

option

-

none

Option

Description

none

No security option.

captive-portal

Captive portal authentication.

802.1X

802.1X port-based authentication.

security-mac-auth-bypass

Enable/disable MAC authentication bypass.

option

-

disable

Option

Description

mac-auth-only

Enable MAC authentication bypass without EAP.

enable

Enable MAC authentication bypass.

disable

Disable MAC authentication bypass.

security-external-web

URL of external authentication web server.

var-string

Maximum length: 1023

security-external-logout

URL of external authentication logout server.

string

Maximum length: 127

replacemsg-override-group

Replacement message override group.

string

Maximum length: 35

security-redirect-url

URL redirection after disclaimer/authentication.

var-string

Maximum length: 1023

auth-cert

HTTPS server certificate.

string

Maximum length: 35

auth-portal-addr

Address of captive portal.

string

Maximum length: 63

security-exempt-list

Name of security-exempt-list.

string

Maximum length: 35

security-groups <name>

User groups that can authenticate with the captive portal.

Names of user groups that can authenticate with the captive portal.

string

Maximum length: 79

ike-saml-server

Configure IKE authentication SAML server.

string

Maximum length: 35

role

Interface role.

option

-

undefined

Option

Description

lan

Connected to local network of endpoints.

wan

Connected to Internet.

dmz

Connected to server zone.

undefined

Interface has no specific role.

snmp-index

Permanent SNMP Index of the interface.

integer

Minimum value: 1 Maximum value: 2147483647

0

secondary-IP

Enable/disable adding a secondary IP to this interface.

option

-

disable

Option

Description

enable

Enable secondary IP.

disable

Disable secondary IP.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

eip

External IP.

ipv4-address-any

Not Specified

0.0.0.0

eap-supplicant

Enable/disable EAP-Supplicant.

option

-

disable

Option

Description

enable

Enable EAP Supplicant.

disable

Disable EAP Supplicant.

eap-method

EAP method.

option

-

Option

Description

tls

TLS.

peap

PEAP.

eap-identity

EAP identity.

string

Maximum length: 35

eap-password

EAP password.

password

Not Specified

eap-ca-cert

EAP CA certificate name.

string

Maximum length: 79

eap-user-cert

EAP user certificate name.

string

Maximum length: 35

config client-options

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

code

DHCP client option code.

integer

Minimum value: 0 Maximum value: 255

0

type

DHCP client option type.

option

-

hex

Option

Description

hex

DHCP option in hex.

string

DHCP option in string.

ip

DHCP option in IP.

fqdn

DHCP option in domain search option format.

value

DHCP client option value.

string

Maximum length: 312

ip

DHCP option IPs.

user

Not Specified

config secondaryip

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip

Secondary IP address of the interface.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

allowaccess

Management access settings for the secondary IP address.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

fgfm

FortiManager access.

radius-acct

RADIUS accounting access.

probe-response

Probe access.

fabric

Security Fabric access.

ftm

FTM access.

speed-test

Speed test access.

gwdetect

Enable/disable detect gateway alive for first.

option

-

disable

Option

Description

enable

Enable detect gateway alive for first.

disable

Disable detect gateway alive for first.

ping-serv-status

PING server status.

integer

Minimum value: 0 Maximum value: 255

0

detectserver

Gateway's ping server for this IP.

user

Not Specified

detectprotocol

Protocols used to detect the server.

option

-

ping

Option

Description

ping

PING.

tcp-echo

TCP echo.

udp-echo

UDP echo.

ha-priority

HA election priority for the PING server.

integer

Minimum value: 1 Maximum value: 50

1

config tagging

Parameter

Description

Type

Size

Default

name

Tagging entry name.

string

Maximum length: 63

category

Tag category.

string

Maximum length: 63

tags <name>

Tags.

Tag name.

string

Maximum length: 79

config ipv6

Parameter

Description

Type

Size

Default

ip6-mode

Addressing mode (static, DHCP, delegated).

option

-

static

Option

Description

static

Static setting.

dhcp

DHCPv6 client mode.

pppoe

IPv6 over PPPoE mode.

delegated

IPv6 address with delegated prefix.

nd-mode

Neighbor discovery mode.

option

-

basic

Option

Description

basic

Do not support SEND.

SEND-compatible

Support SEND.

nd-cert

Neighbor discovery certificate.

string

Maximum length: 35

nd-security-level

Neighbor discovery security level.

integer

Minimum value: 0 Maximum value: 7

0

nd-timestamp-delta

Neighbor discovery timestamp delta value.

integer

Minimum value: 1 Maximum value: 3600

300

nd-timestamp-fuzz

Neighbor discovery timestamp fuzz factor.

integer

Minimum value: 1 Maximum value: 60

1

nd-cga-modifier

Neighbor discovery CGA modifier.

user

Not Specified

ip6-dns-server-override

Enable/disable using the DNS server acquired by DHCP.

option

-

enable

Option

Description

enable

Enable using the DNS server acquired by DHCP.

disable

Disable using the DNS server acquired by DHCP.

ip6-address

Primary IPv6 address prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx.

ipv6-prefix

Not Specified

::/0

ip6-allowaccess

Allow management access to the interface.

option

-

Option

Description

ping

PING access.

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

http

HTTP access.

telnet

TELNET access.

fgfm

FortiManager access.

fabric

Fabric access.

ip6-send-adv

Enable/disable sending advertisements about the interface.

option

-

disable

Option

Description

enable

Enable sending advertisements about this interface.

disable

Disable sending advertisements about this interface.

icmp6-send-redirect

Enable/disable sending of ICMPv6 redirects.

option

-

enable

Option

Description

enable

Enable sending of ICMPv6 redirects.

disable

Disable sending of ICMPv6 redirects.

ip6-manage-flag

Enable/disable the managed flag.

option

-

disable

Option

Description

enable

Enable the managed IPv6 flag.

disable

Disable the managed IPv6 flag.

ip6-other-flag

Enable/disable the other IPv6 flag.

option

-

disable

Option

Description

enable

Enable the other IPv6 flag.

disable

Disable the other IPv6 flag.

ip6-max-interval

IPv6 maximum interval (4 to 1800 sec).

integer

Minimum value: 4 Maximum value: 1800

600

ip6-min-interval

IPv6 minimum interval (3 to 1350 sec).

integer

Minimum value: 3 Maximum value: 1350

198

ip6-link-mtu

IPv6 link MTU.

integer

Minimum value: 1280 Maximum value: 16000

0

ra-send-mtu

Enable/disable sending link MTU in RA packet.

option

-

enable

Option

Description

enable

Enable sending link MTU in RA packet.

disable

Disable sending link MTU in RA packet.

ip6-reachable-time

IPv6 reachable time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 3600000

0

ip6-retrans-time

IPv6 retransmit time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 4294967295

0

ip6-default-life

Default life (sec).

integer

Minimum value: 0 Maximum value: 9000

1800

ip6-hop-limit

Hop limit (0 means unspecified).

integer

Minimum value: 0 Maximum value: 255

0

autoconf

Enable/disable address auto config.

option

-

disable

Option

Description

enable

Enable auto-configuration.

disable

Disable auto-configuration.

unique-autoconf-addr

Enable/disable unique auto config address.

option

-

disable

Option

Description

enable

Enable unique auto-configuration address.

disable

Disable unique auto-configuration address.

interface-identifier

IPv6 interface identifier.

ipv6-address

Not Specified

::

ip6-prefix-mode

Assigning a prefix from DHCP or RA.

option

-

dhcp6

Option

Description

dhcp6

Use delegated prefix from a DHCPv6 client to form a delegated IPv6 address.

ra

Use prefix from RA to form a delegated IPv6 address.

ip6-delegated-prefix-iaid

IAID of obtained delegated-prefix from the upstream interface.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip6-upstream-interface

Interface name providing delegated information.

string

Maximum length: 15

ip6-subnet

Subnet to routing prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx.

ipv6-prefix

Not Specified

::/0

dhcp6-relay-service

Enable/disable DHCPv6 relay.

option

-

disable

Option

Description

disable

Disable DHCPv6 relay

enable

Enable DHCPv6 relay.

dhcp6-relay-type

DHCPv6 relay type.

option

-

regular

Option

Description

regular

Regular DHCP relay.

dhcp6-relay-source-interface

Enable/disable use of address on this interface as the source address of the relay message.

option

-

disable

Option

Description

disable

Use address of the egress interface as source address of the relay message.

enable

Use address of this interface as source address of the relay message.

dhcp6-relay-ip

DHCPv6 relay IP address.

user

Not Specified

dhcp6-client-options

DHCPv6 client options.

option

-

Option

Description

rapid

Send rapid commit option.

iapd

Send including IA-PD option.

iana

Send including IA-NA option.

dhcp6-prefix-delegation

Enable/disable DHCPv6 prefix delegation.

option

-

disable

Option

Description

enable

Enable DHCPv6 prefix delegation.

disable

Disable DHCPv6 prefix delegation.

dhcp6-information-request

Enable/disable DHCPv6 information request.

option

-

disable

Option

Description

enable

Enable DHCPv6 information request.

disable

Disable DHCPv6 information request.

cli-conn6-status

CLI IPv6 connection status.

integer

Minimum value: 0 Maximum value: 4294967295

0

config ip6-extra-addr

Parameter

Description

Type

Size

Default

prefix

IPv6 address prefix.

ipv6-prefix

Not Specified

::/0

config ip6-prefix-list

Parameter

Description

Type

Size

Default

prefix

IPv6 prefix.

ipv6-network

Not Specified

::/0

autonomous-flag

Enable/disable the autonomous flag.

option

-

enable

Option

Description

enable

Enable the autonomous flag.

disable

Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

-

enable

Option

Description

enable

Enable the onlink flag.

disable

Disable the onlink flag.

valid-life-time

Valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

2592000

preferred-life-time

Preferred life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

604800

rdnss

Recursive DNS server option.

user

Not Specified

dnssl <domain>

DNS search list option.

Domain name.

string

Maximum length: 79

config ip6-delegated-prefix-list

Parameter

Description

Type

Size

Default

prefix-id

Prefix ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

upstream-interface

Name of the interface that provides delegated information.

string

Maximum length: 15

delegated-prefix-iaid

IAID of obtained delegated-prefix from the upstream interface.

integer

Minimum value: 0 Maximum value: 4294967295

0

autonomous-flag

Enable/disable the autonomous flag.

option

-

enable

Option

Description

enable

Enable the autonomous flag.

disable

Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

-

enable

Option

Description

enable

Enable the onlink flag.

disable

Disable the onlink flag.

subnet

Add subnet ID to routing prefix.

ipv6-network

Not Specified

::/0

rdnss-service

Recursive DNS service option.

option

-

specify

Option

Description

delegated

Delegated RDNSS settings.

default

System RDNSS settings.

specify

Specify recursive DNS servers.

rdnss

Recursive DNS server option.

user

Not Specified

config dhcp6-iapd-list

Parameter

Description

Type

Size

Default

iaid

Identity association identifier.

integer

Minimum value: 0 Maximum value: 4294967295

0

prefix-hint

DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.

ipv6-network

Not Specified

::/0

prefix-hint-plt

DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.

integer

Minimum value: 0 Maximum value: 4294967295

604800

prefix-hint-vlt

DHCPv6 prefix hint valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

2592000