CLI Procedures - IPv6 Static Routes
This section includes some basic procedures for managing static routes using the CLI.
To show IPv6 static routes, run
show ipv6 route static
Codes: C - Connected, S - Static, B - BGP, Rg - RIPng, A - Aggregate,
O - OSPFv3 IntraArea (IA - InterArea, E - External),
K - Kernel Remnant, H - Hidden, P - Suppressed
S 3100:55::1/64 is directly connected
S 3200::/64 is a blackhole route
S 3300:123::/64 is a blackhole route
S 3600:20:20:11::/64 is directly connected, eth3
|
To add an IPv6 static route, run:
set ipv6 static-route <Destination> nexthop gateway <GW IP> on
set ipv6 static-route <Destination> nexthop gateway <GW IP> interface
<GW IF> on
- Destination IPv6 address.
- Next hop gateway IPv6 address.
- Next hop gateway interface name.
Example:
set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 on
set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 interface eth3 on
To add an IPv6 static route with paths and priorities, run:
set static-route <Destination> nexthop gateway <GW ID> priority <P Value>
- Destination IP address.
- Next hop gateway IP address.
- Integer between 1 and 8 (default =1)
Run this command for each path, assigning a priority value to each. You can define two or more paths using the same priority to specify a backup path with equal priority.
Example:
set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 priority 3 on
To add an IPv6 static route where packets are dropped, run:
set ipv6 static-route <Destination> nexthop reject
set ipv6 static-route <Destination> nexthop blackhole
- Destination IP address.
- Drops packets and sends an error message to the traffic source.
- Drops packets, but does not send an error message.
Examples:
set ipv6 static-route 3100:192::0/64 nexthop reject
or
set ipv6 static-route 3100:192::0/64 nexthop blackhole
To delete an IPv6 route and all related paths, run:
set ipv6 static-route <Destination> off
- Destination IP address.
Example:
set ipv6 static-route 3100:192::0/64 off
To delete a path only, run:
set static-route <Destination> nexthop gateway <GW IP> off
- Destination IP address.
- Next hop gateway IP address or interface name.
Example:
set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 off
CLI Reference (interface)
This section summarizes the CLI interface
Description
|
Add, delete and configure interface properties.
|
Syntax
|
add interface <IF>
6in4 <Tunnel ID> remote <IP> ttl <Time>
6to4 <Tunnel ID> ttl <Time>
alias <IP>
loopback <IP>
vlan <VLAN ID>
delete interface <IF>
6in4 <Tunnel ID>
6to4 <Tunnel ID>
alias <IP>
ipv4-address <IP>
ipv6-address <IP>
ipv6-autoconfig
loopback <IP>
vlan <VLAN ID>
set interface <IF>
ipv4-address <IP>
mask-length <Mask>
subnet-mask <Mask>
ipv6-address <IP> mask-length <Mask>
ipv6-autoconfig <on | off>
comments <Text>
mac-addr <MAC>
mtu <MTU setting>
state <on | off>
link-speed <Speed Duplex>
auto-negotiation <on | off>
|
Parameters
|
interface
|
Configures a physical or virtual interface
|
6in4
|
Configures a 6in4 tunnel for IPv6 traffic over an IPv4 network
|
6to4
|
Configures a 6to4 tunnel for IPv6 traffic over an IPv4 network
|
remote
|
Sets the remote IP address for a 6in4 or 6to4 tunnel
|
ttl
|
Sets the time-to-live value for a 6in4 or 6to4 tunnel
|
alias
|
Assigns more than one IP addresses to a physical interface
(IPv4 only)
|
loopback
|
Assigns an IP address to a logical loopback interface. This can be useful as a proxy for an unnumbered interface.
|
vlan
|
Assigns a VLAN tag to an existing physical interface to create a logical subnet.
|
ipv4-address
ipv6-address
|
Assigns the IPv4 or IPv6 address
|
ipv6-autoconfig
|
If on
|
mask-length
|
Configures IPv4 or IPv6 subnet mask length using CIDR ( /xx) notation
|
subnet-mask
|
Configures IPv4 subnet mask using dotted decimal notation
|
comments
|
Adds free text comments to an interface definition
|
mac-addr
|
Configures the interface hardware MAC address
|
mtu
|
Configure the Maximum Transmission Unit size for an interface
|
state
|
Sets interfaces status to onoff
|
link-speed
|
Configures the interface link speed and duplex status
|
auto-
negotiation
|
Configures automatic negotiation of interface link speed and duplex settings - on off
|
|
|
Parameter Values
|
<Tunnel ID>
|
Unique tunnel identifier (Integer in the range 2-4094)
|
<IP>
|
IPv4 or IPv6 address
|
<IF>
|
Interface name
|
<Time>
|
TTL time in seconds in the range 0-255 (default = 0)
|
<VLAN ID>
|
Integer in the range 2-4094
|
<Mask>
|
Interface net mask in dotted decimal or CIDR (/xx) notation as applicable
|
<MAC>
|
Manually enter the applicable hardware address
|
<MTU Setting>
|
Integer greater or equal to 68 (Default = 1500)
|
<Speed>
|
Enter the link speed in Mbps and duplex status using one of these values:
10M/half
10M/full
100M/half
100M/full
1000M/full
10000M/full
|
|
|
Examples
|
See the interface configuration section.
|
Comments
|
There are some command options and parameters that you cannot do using the WebUI.
|
Netflow Export
NetFlow is an industry standard for traffic monitoring. It is a network protocol developed by Cisco for collecting network traffic patterns and volume. It lets one host (the Exporter) send information about network flows to another host (the Collector). A network flow is a unidirectional stream of packets that share a set of characteristics.
You can configure Gaia as an Exporter of NetFlow records for all the traffic that is accelerated by SecureXL.
The Collector is supplied by a different vendor, and is configured separately.
NetFlow Export configuration is a list of collectors, to which the service sends records.
- To enable NetFlow, configure at least one collector.
- To disable NetFlow, make sure no collectors are configured.
You can configure up to three collectors. NetFlow records go to all configured collectors. If you configure three collectors, each record is sent three times.
Notes:
- The IP addresses and TCP/UDP ports reported by NetFlow are the ones on which it expects to receive traffic. Therefore, for NATted connections, one of the two directions of flow is reported with the NATted address.
- If SecureXL is not enabled or not working, NetFlow packets are not sent.
- NetFlow sends the connection records after the connections have terminated. If the system is idle or the connections are long-lasting, you may have to wait to see NetFlow packets.
Flow Records
You can configure Gaia to export flow records using NetFlow Versions 5 or 9. (Version 9 is specified in RFC 3954.) Regardless of which export format you choose, Gaia exports values for the following fields:
- Source IP address
- Destination IP address
- Source port
- Destination port
- Ingress physical interface index (defined by SNMP)
- Egress physical interface index (defined by SNMP)
- Packet count for this flow
- Byte count for this flow
- Start of flow timestamp (FIRST_SWITCHED)
- End of flow timestamp (LAST_SWITCHED)
- IP protocol number
- TCP flags from the flow (TCP only).
Configuring Netflows Export - WebUI
To configure NetFlows using the WebUI:
- Open the > page of the WebUI.
- Click .
- Enter the required data.
Netflows Data to Prepare for each collector:
Parameter
|
Description
|
|
|
The IPv4 address to which NetFlow packets are sent. This is mandatory.
|
|
|
The UDP port number on which the collector is listening. This is mandatory. There is no default or standard port number for NetFlow.
|
|
|
The NetFlow protocol version to send: or . Each has a different packet format. The default is .
|
|
|
Optional: The IPv4 address of the NetFlow packets source. This must be an IP address of the local host. The default (which is recommended) is an IP address from the network interface on which the NetFlow traffic is going out.
|
|
