Commands for the CLI

The LCOS command-line interface is operated with the following commands. Some of the available menu commands can be displayed using the HELP command.

Note: Which commands are available depends upon the equipment of the device.
Important: Some commands require special privileges in order to run, and these are listed along with the respective command. Commands that do not specify any rights have no restrictions.
Table 1. Overview of all commands available at the command line
Command Description
add|set [<Path>] <Value(s)> Sets a configuration parameter to a particular value. If the configuration parameter is a table value, a value must be specified for each column. Entering the * character leaves any existing table entry unchanged. Access rights: Supervisor-Write,Local-Admin-Write,Limited-Admin-Write
add|set [<Path>] ? Lists all possible input values for a configuration parameter. If no specific path is entered, the possible input values for all configuration parameters in the current directory are listed. Access rights: Supervisor-Write,Local-Admin-Write,Limited-Admin-Write
beginscript [-u] [-C d] [-s <password>] Resets the CLI session to script mode. In this state, commands entered are not transferred directly to the device's configuration RAM but initially to its script memory. Possible arguments are:
  • -u: Forces the unconditional execution of a script or a configuration.
  • -C d: Skips the default "Check for difference. Also applies when the -u option is used.
  • -s: Decrypts the script with the password used for readscript -s.
Access rights: Supervisor-Write
bootconfig [-s (1|2|all)] [-r (1|2|all)] Enables you to save and delete boot configurations. Options:
  • -s: Stores the current configuration of a device either as a custom default setting (1), rollout configuration (2), or both (all).
  • -r: Optionally deletes the current custom default setting (1), the rollout configuration (2), or both (all).
Access rights: Supervisor-Write
Note: For further information on boot configurations refer to the chapter Alternative boot config
ccset Sets the device configuration to standards-compliant default values with respect to CC-EAL4+ (such as ISDN=off). Prerequisite for this is that the feature bit (CC-EAL) is set on the device.
cctest [-s] Checks the conformity of the device to CC-EAL4+. Prerequisite for this is that the feature bit (CC-EAL) is set on the device. By adding the parameter s, the results or outputs are displayed in the syslog table.
cd <Path> Switch to the current directory. Various abbreviations can be used, such as replacing cd ../.. with cd ..., etc.
clear Clears the current CLI output. All previously entered commands can be viewed by means of the log.
default [-r] [<Path>] Resets individual parameters, tables or entire menu trees back to their default configuration. If <PATH> indicates a branch of the menu tree, then the option -r (recursive) must be entered. Access rights: Supervisor-Write
del|delete|rm [<Path>] <Row>|* Deletes the table row <Row> in the current table or the table referenced in the branch of the menu tree with <Path>. Enter the line number for the <Row>. The wildcard symbol * deletes a table, for example, del Config/Cron-Table *. Access rights: Supervisor-Write,Local-Admin-Write,Limited-Admin-Write
deletebootlog Clears the contents of the persistent boot log memory.
dir|list|ls|llong|l [-a] [-r] [-s] [<Path>] [<Filter>] Displays the current directory content. Possible arguments are:
  • -a: In addition to the content of the query, this also lists the SNMP IDs. The output begins with the SNMP ID of the device followed by the SNMP ID of the current menu. The SNMP IDs of the subordinate items can be read from the individual entries.
  • -r: Also lists all subdirectories as well as the tables they contain.
  • -s: Sorts the display of the current directory; grouped by sub directories, tables, values, and actions; in ascending alphabetical order.
dnsquery [-t <type>] [-d <destination>] name[@rtg-tag] Resolves DNS requests. Possible parameters:
  • name: The DNS name to resolve.
  • @rtg-tag: Optional routing tag for reaching the DNS server.
  • -t <type>: Type: A, AAAA, PTR, SRV, NAPTR
  • -d <destination>: Destination used for reaching the DNS servers. As in the forwarding table, a routing tag can also be specified if the forwarding destination is an IP address (e.g. 8.8.8.8@4095). You can also specify two comma-separated IP addresses (with an optional routing tag) (e.g. 8.8.4.4@4095,8.8.8.8@4095). The DNS client switches between servers if one does not respond
If the command is entered without options, i.e. with the mandatory domain name only, then a request of type AAAA as well as a request of type A will be issued. Example:
> dnsquery www.lancom.de

DNS result:
===========
www.lancom.de: type A, class IN, ttl 1 hour, addr 176.9.82.168
www.lancom.de: type AAAA, class IN, ttl 1 hour, addr 2a01:4f8:151:20a3::2
Note: The AAAA-type response is only issued if the IPv6 address can also be reached.
The type can also be specified explicitly using the option -t. The available types are AAAA, A, PTR, SRV and NAPTR. In the case of a PTR request, the requested IP address must be specified directly and may not be converted in the "ARPA" string:
> dnsquery -tptr 176.9.82.168

DNS result:
===========
168.82.9.176.in-addr.arpa: type PTR, class IN, ttl 5 hours, 32 minutes, 30 seconds, www.lancom-systems.de
Because the dnsquery command uses the DNS client of the LANCOM device, its behavior is determined by the DNS configuration of the device (i.e. forwarding, loopback addresses, etc.). Since the DNS configuration may differ depending on the routing tag, the dnsquery command can be used to append the requested name (or to the requested address in the case of PTR requests) by means of an @ extension:
> dnsquery www.lancom.de@4095

DNS result:
===========
www.lancom.de: type A, class IN, ttl 1 hour, addr 176.9.82.168
www.lancom.de: type AAAA, class IN, ttl 1 hour, addr 2a01:4f8:151:20a3::2
It is also possible to send the requests while bypassing the forwarding configuration by specifying the -d parameter. Anything that can be specified as a destination in the forwarding table can also be specified as a destination here. With the destination set manually, the loopback address is set according to the loopback configuration. Example: AAAA+A request via WAN connection INTERNET
> dnsquery -dinternet www.lancom.de

DNS result:
===========
www.lancom.de: type A, class IN, ttl 1 hour, addr 176.9.82.168
www.lancom.de: type AAAA, class IN, ttl 1 hour, addr 2a01:4f8:151:20a3::2
Note: To do this, a DNS server must of course have been assigned to the INTERNET WAN connection, e.g. via PPP, DHCP, or manually in the IP parameter list.
Example: PTR request via Google server
> dnsquery -d8.8.8.8 -tptr 176.9.82.168

DNS result:
===========
168.82.9.176.in-addr.arpa: type PTR, class IN, ttl 5 hours, 32 minutes, 30 seconds, www.lancom-systems.de
If no server responds, the client retries three times at increasing intervals, i.e. after each request, it waits 1, 2, 4, and finally 8 seconds. If there is no answer by then, the request is canceled. Pressing <CR> while a request is ongoing causes it to be canceled.
do <Path> [<Parameter>] Executes the action in the current or the referenced directory, for example, do Other/Coldstart. If the action has additional parameters, they can be added at the end.
echo <Argument> Displays the commands on the CLI.
enable <Parameter> Extends the rights of authenticated TACACS+ users. Possible parameters are:
  • 0: No rights
  • 1: Read-only
  • 3: Read-write
  • 5: Read-only-limited Admin
  • 7: Read-write-limited Admin
  • 9: Read-only Admin
  • 11: Read-write Admin
  • 15: Supervisor (root)
exit|quit|x Ends the terminal session.
feature <Code> Activates the software option with the specified activation code. Access rights: Supervisor-Write Command line options: Feature <activation-code> Activation using activation code Feature -Q Query status of current and past remote activation requests Feature -q <query-id> Query status of a single request Feature -l <license-key> -t <license-type> [-i <license-index>] [-a <source-address>] [-u <server-url>] [-c <contact-data>] start a new remote activation request. Progress can be tracked using -q/-Q -a <source-address> source IP address or interface, e.g. INT, DMZ, LBx -l <license-key> 16/19 character license key -t <license-type> type of license, e.g. VPN25 -i <license-index> index of existing license for extension, 0 for additional license -u <server-url> URL of the license server -c <contact-data> comma separated list of contact details
find <term> Looks for the search <term> and outputs all menu items containing it.
flash yes|no Regulates the storing of configuration changes using the command line. By default, changes to the configuration using commands in the command line are written directly to the boot-resistant Flash memory of the devices (yes). If updating the configuration is suppressed in the Flash memory (no), changes are only stored in RAM (deleted on booting). Access rights: Supervisor-Write
getenv <Name> Lists the respective environmental variables (without line feed). Please also note the command "printenv".
history Displays a list of recently executed commands. Command !# can be used to directly call the list commands using their number (#): For example, !3 executes the third command in the list.
ikectl [-[r|d|D] <peer-name-list>] [-[e|r|d] <ipsec-name-list>] [-[r|d] [<ike-cookies-list>|<esp-spi-list>]] [-R <peer-name-list> <redirect-target>] This command widens the range of analysis options, for example by executing targeted actions to isolate the problem in the event of an error. This function allows you to quickly and automatically modify and test a VPN, among other things.
  • -e <ipsec-name-list>: Creates a Phase 2-SA/CHILD_SA when entered with the VPN rule name
  • -r <peer-name-list>: Performs a rekeying of the Phase 1-SA/IKE_SA when entered with the name of the VPN remote peer
  • -r <ike-cookies-list>: Performs rekeying when entered with the IKE cookie
  • -r <ipsec-name-list>: Performs a rekeying of the Phase 2-SA/Child_SA when entered with the name of the VPN rule
  • -r <esp-spi-list>: Performs a rekeying of the Phase 2-SA/Child_SA when entered with the incoming or outgoing ESP-SPI
  • -d <peer-name-list>: Deletes a Phase 1-SA/IKE_SA when entered with the name of the VPN remote peer
  • -d <ike-cookies-list>: Deletes a Phase 1-SA / IKE_SA when entered with IKEv1 cookies / IKEv2 SPIs
  • -d <ipsec-name-list>: Deletes a Phase 2-SA/CHILD_SA when entered with the VPN rule name
  • -d <esp-spi-list>: Deletes a Phase 2-SA/Child_SA when entered with the incoming or outgoing ESP-SPI
  • -D <peer-name-list>: Starts the liveness check (Dead Peer Detection – DPD) when entered with the name of the VPN remote peer
  • -R <peer-name-list> <redirect-target: Redirects IKEv2 remote sites to a new destination using the IKEv2 redirect. If the list of remote sites is empty, all remote sites are redirected. This command can be used for maintenance purposes to move VPN remote sites from the current VPN gateway to another gateway securely.
  • <peer-name-list>: List of remote peer names separated by spaces and consisting of max. 16 characters
  • <ipsec-name-list>: Space-separated list of VPN rule names, as displayed in "show vpn" as ipsec-0-PEER-pr0-l0-r0.
    Important: To find a certain CHILD_SA/Phase 2-SA for a road warrior, it is important to also specify the remote station name as follows: "peer-name ipsec-name".
  • <ike-cookies-list>: Consists of a list of 16 hexadecimal values separated by spaces, e.g 0x000102030405060708090A0B0C0D0E0F
  • <esp-spi-list>: Consists of a list of 4 hexadecimal values separated by spaces, e.g. 0x00010203
  • <redirect-target>: Target to which the remote site(s) are to be redirected. The target can be an IPv4 address, IPv6 address or a DNS name
Example: ikectl ‑r peer ipsec-name-peer-2 ‑D peer3 ‑d peer4 0x12345678 ‑e "RoadWarrior IPSEC-0-DEFAULT-PR0-L0-R0"
importfile -a <application> [-p <passphrase>] [-n] [-h <Hash> -f <Fingerprint>] [-c] [-r] Your device supports the loading of files into file slots from the console and also by means of a script. This offers the convenience of using a script to roll-out files together with the configuration or, for example, to import SSH keys and VPN certificates. Required parameters: -a <application> <application> specifies the storage location and thus the usage for the entered data. For a complete list of the storage locations on your device, enter importfile -?. Optional parameters: -n -n starts the non-interactive mode. There are no prompts or other outputs on the CLI. The non-interactive mode is intended for use with scripts. -p <passphrase> <passphrase> is the password required to decrypt an entered private key. -h <hash> The hash algorithm used to determine the fingerprint of the root CA certificate. -f <fingerprint> The fingerprint of the root CA certificate, created with –h. The fingerprint can be entered either with or without colons. -c Only CA certificates are uploaded. -r Uploaded CA certificates replace any existing ones.
iperf [-s|-c <Host>] [-u] [-p <Port>] [-B <Interface>] [-c] [-b [<Bandw>/]<Bandw>[kKmM]] [-l <Length>] [-t <Time>] [-d] [-r] [-L <Port>] [-h] Starts iPerf on the device in order to perform a bandwidth measurement with an iPerf2 remote station. Possible arguments are:
  • Client/server
    • -u, --udp: Uses UDP instead of TCP.
    • -p, --port <Port>: Connects with or expects data packets on this port (default: 5001).
    • -B, --bind <Interface>: Permits the connection only via the specified interface (IP address or interface name).
  • Server specific
    • -s, --server: Starts iPerf in server mode and waits for an iPerf client to contact it.
  • Client specific
    • -c, --client <Host>: Starts iPerf in client mode and connects with the iPerf server <Host> (IP address or DNS name).
    • -b, --bandwidth [<Bandw>/]<Bandw>{kKmM}: Limit the [down]/up-stream bandwidth when analyzing a UDP connection. This Is specified as kilobytes (kK) or megabytes (mM) per second (default: 1 Mbps).
    • -l, --len <Length>: Sets the length of the UDP data packets.
    • -t, --time <Time>: Sets the duration of the connection in seconds (default: 10 seconds).
    • -d, --dualtest: The test is bidirectional: the iPerf server and client send and receive at the same time.
    • -r, --tradeoff: The test is sequential: the iPerf server and client send and receive one after the other.
    • -L, --listenport <Port>: Specifies the port where the device in bidirectional mode expects to receive data packets from the remote iPerf server (default: 5001).
  • Miscellaneous
    • -h, --help: Outputs the help text.
killscript <Name> Deletes the remaining unprocessed content of a script session Select the script session using its name.Access rights: Supervisor-Write
language Selects a language for the CLI display. The command language ? lists the available languages.
lig [[-i <instance>] | [-m <server>]] [-id <num>] destination-eid [-retries <num>] [-rtg-tag <num>] [-source-eid <num>] LIG (Locator/ID Separation Protocol Internet Groper) is a command-line tool specified in RFC 6835 to query LISP mappings on a map resolver. Possible arguments are:
  • -i <instance>: Name of the LISP instance used for the destination query
  • -m <server>: LISP map server used for the destination query
  • -id <num>: LISP Instance ID [0-16777215] used for the destination query
  • destination-eid: Requested destination EID
  • -retries <num>: LISP retries to the map server [0-10]
  • -rtg-tag <num>: Routing tag used
  • -source-eid <num>: Source EID used
Example: lig -i LISP-INST 172.16.200.1
linktest Only available on WLAN devices. It displays the results of the WLAN link test.Access rights: Supervisor-Write Execution right: WLAN link test
ll2mdetect Searches for devices via LL2M in the LAN. For further information on this command refer to the section Commands for the LL2M client.Access rights: Supervisor-Write
ll2mexec Sends one command per LL2M to a device in the LAN. For further information on this command refer to the section Commands for the LL2M client.Access rights: Supervisor-Write
loadconfig (-s <server IP address> -f <filename>)|<URL> Uploads a configuration file to the device via TFTP. You can optionally enter the server address and the file name, or the entire URL. For further information on this command refer to the section File download from a TFTP or HTTP(S) server.
Important: The cron table works with the user configured for it, meaning that if "loadconfig" is executed via the cron table, it will only be able to read the configuration completely if it is run with the root administrator.
Access rights: Supervisor-Write
loadfile [-a <Address>] [-s <Server-IP-address>] [-n] [-f <File-name>] [-o <File-name>] [-c <File-name>] [-p <File-name>] [-d <Passphrase>] [-C n|d] [-m <Version>] [-u] [-x <File-name>] [-i] Uploads a certificate file to the device. Possible arguments are:
  • -a: Specifies the source address of the file:
    • a.b.c.d: Source IP address
    • INT: Use the address of the first intranet interface as the source address
    • DMZ: Use the address of the first DMZ interface as the source address
    • LBx: Use the loopback address x (0..f) as the source address
    • <Interface>: Use the address of the LAN interface <interface> as the source address
  • -s: Address of the TFTP server
  • -n: Ignore server name on SSL/TLS connections
  • -f: <File name> of the configuration file on the TFTP server
  • -o: Destination file <file name>for file download
  • -c: File <file name> with the root certificate for HTTPS
  • -p: File <file name> with unencrypted PKCS#12 container for HTTPS CA certificates and / or client-side authentication
  • -d: <Passphrase> to decrypt downloaded encrypted PKCS#12 containers
  • -C: Checks whether firmware is newer than (n) or different from (d) the current firmware
  • -m: Set a minimum <version> of the firmware
  • -u: Download firmware file unconditionally; skip the version check.
  • -x: File <file name> with additional CA certificates for HTTPS checks; the value ' none' prevents the default certificates from being downloaded
  • -i: Send Sysinfo as a POST request (for HTTP(S) only)
Note: The options [-f] and [-s] and the URL cannot be used simultaneously. For HTTP(S) downloads, you must specify the source by means of a URL. The maximum length of the URL is 252 characters.
Access rights: Supervisor-Write
loadfirmware [-e] (-s <server IP address> -f <filename>)|<URL> Uploads firmware to the device via TFTP. You can optionally enter the server address and the file name, or the entire URL. The -e option switch causes the firmware file to be saved completely in the local file system first before the firmware update starts. For further information on this command refer to the section File download from a TFTP or HTTP(S) server. Access rights: Supervisor-Write
loadscript (-s <server IP address> -f <filename>)|<URL> Uploads a configuration script to the device via TFTP. You can optionally enter the server address and the file name, or the entire URL. For further information on this command refer to the section File download from a TFTP or HTTP(S) server.
Important: The cron table works with the user configured for it, meaning that if "loadscript" is executed via the cron table, it will only be able to read the configuration completely if it is run with the root administrator.
Access rights: Supervisor-Write
lspci Output of information via PCI devices Access rights: Supervisor-Read
ping <IPv4-Address|Hostname> ping -6 <IPv6-Address>%<Scope> Sends an ICMP echo request to the IP address specified. For more information about the command and the specifics of pinging IPv6 addresses, see the section Parameter overview for the ping command.
printenv Shows an overview of all environmental variables and their values.
readconfig [-h] [-s <password>] Shows the complete configuration in the format of the device syntax.
  • -h: Adds a checksum to the configuration file.
  • -s <password>: Encrypts the configuration file with the use of the specified password.
Access rights: Supervisor-Read
readmib Display of the SNMP Management Information Base. Available only on devices without a unified MIB. Access rights: Supervisor-Read,Local-Admin-Read
readscript [-n] [-d] [-i] [-c] [-m] [-h] [-s <password>] [-o] The readscript command generates a text dump of all commands and parameters required to configure the device in its current state. You can use the following option switches for this:
  • -n: The text output is only numerical without identifiers. The output only contains the current status values of the configuration as well as the associated SNMP IDs.
  • -d: The default values are included in the text output.
  • -i: The table designations are included in the text output.
  • -c: Includes any comments contained in the script file.
  • -m: The text is output to the screen in a compact but difficult to read format (no indentations).
  • -h: Adds a checksum to the script file.
  • -s <password>: Encrypts the script file with the use of the specified password.
  • -o: Replaces the passwords with a "*" to obfuscate them in the text output.
Access rights: Supervisor-Read
readstatus Outputs the status of all SNMP IDs for the device.
release [-x] *|<Interface_1…Interface_n> The DHCPv6 client returns its IPv6 address and / or its prefix to the DHCPv6 server. It then submits a new request for an address or prefix to the DHCPv6 server. Depending on the provider, the server assigns a new address to the client, or reassigns the previous one. Whether the client receives a different address or prefix is determined solely by the server. The option switch -x suppresses the confirmation message. The * wildcard applies the command on all of the interfaces and prefix delegations. Alternatively, you can specify one or more specific interfaces.
repeat <Interval> <Command> IPv6 address release: Repeats the specified command every <Interval> seconds until the process is ended with new input.
rollout (-r|-remove) <RelatedFile> Deletes the files of the user-specific rollout wizard from the file system of the device. Possible files are:
  • wizard: Deletes the wizard
  • template: Deletes the template
  • logo: Deletes the logo
  • all: Deletes the wizard, the template and the logo
Access rights: Supervisor-Write
setenv <Name> <Value> Sets an environmental variable to the specified value. Access rights: Supervisor-Write, Local-Admin-Write, Limited-Admin-Write
setpass|passwd [-u <User>][-n <new> <old>] Changes the password of the current user account. In order to change the password without a subsequent input prompt, use the option switch -n while entering the new and old password.
Note:

The password can have a maximum of 128 characters and use the following characeter set:

#ABCDEFGHIJKLMNOPQRSTUVWXYZ@{|}~!$%&'()*+-,/:;<=>?[\]^_.0123456789abcdefghijklmnopqrstuvwxyz `

If the command passwd is deployed in a script and a $ is used in the password, an additional $ has to be prepended, as it would otherwise be interpreted as a variable and setting the password would fail.

In order to change the password of the local user account when authentication by TACACS+ is enabled, use the option switch -u with the name of the corresponding user. If the local user does not exist or the user name is missing, the command aborts. The user must also have supervisor rights, or authorization by TACACS must be enabled.
show <Options> <Filter> Shows selected internal data, such as
  • admin-distance – shows the administrative (routing) distance of all internal applications or routing protocols
  • bootlog – the last boot processes
  • filter – firewall filtering rules
  • Fw-dns-destinations – Optionally accepts a space-separated list of names of the firewall's DNS destinations. All DNS destinations or the ones specified in the parameter are listed sequentially. For each destination, the counter from Status > Firewall > DNS-Database > Destination-Usage is displayed, followed by the list of wildcard expressions. For each wildcard expression, the currently resolved addresses and the data records that are a direct or indirect match are displayed.
  • ip-addresses – displays all IPv4 and IPv6 addresses for the device for the LAN and WAN interfaces, along with advanced status information
  • ipv4-addresses – displays all IPv4 addresses for the device for the LAN and WAN interfaces, along with advanced status information
  • lisp instance – displays status information about all configured LISP instances
  • lisp instance [instance] – displays status information about the LISP instance named [instance]
  • lisp map-cache – displays status information about the map cache entries available for all instances
  • lisp map-cache [instance] – displays status information about the map cache entries for the instance named [instance]
  • lisp registrations – displays status information about the EIDs/RLOCs of all instances registered with the map server
  • lisp registrations [instance] – displays status information about the EIDs/RLOCs of the instance named [instance] registered with the map server
  • lta – shows information about groups or users of the LANCOM Trusted Access. This is set up and managed via the LANCOM Management Cloud.
  • mem, heap – memory usage
  • netflow collectors – displays information about the configured NetfFlow collectors
  • netflow interfaces – displays information about interfaces and the corresponding NetFlow parameters
  • netflow metering-profiles – displays information about the metering profiles of NetFlow/IPFIX
    Note: For more information about NetFlow/IPFIX, please see Netflow / IPFIX.
  • VLAN – dynamically added VLANs and VLAN memberships, e.g. added to the static configuration at runtime by CAPWAP or WLAN/802.1X
  • VPN – VPN rules
With additional filter arguments you can further limit the output. For an overview of all possible options, enter show ?. The filters available with an option are displayed by show <option> ?. For example, show VPN ? shows the filters available for the VPN rules. For information on displaying IPv6-specific data, read the section Overview of IPv6-specific show commands. Access rights: Supervisor-Read, Local-Admin-Read
sleep [-u] <Value><Suffix> Delays the processing of configuration commands by a particular time or terminates them at a particular time. Applicable values for <SUFFIX> are s, m and h for seconds, minutes and hours. If no suffix is defined, the command uses milliseconds. With option switch -u, the sleep command accepts times in format MM/DD/YYYY hh:mm:ss (English) or in format TT.MM.JJJJ hh:mm:ss (German). Times will only be accepted if the system time has been set.
smssend [-s <SMSC-Number>] (-d <Destination>) (-t <Text>) Available only on devices with 3G/4G WWAN module: Sends a text message to the destination number entered.
  • -s <SMSC-Number>: Alternative SMSC phone number (optional). If you omit this part of the command, the device uses the phone number stored on the USIM card or that configured under SNMP ID 2.83.
  • -d <Destination>: Destination phone number
  • -t <Text>: Contents of the message with <=160 characters. For an overview of available characters, see the section Character set for sending SMS. Special characters must be in UTF8 encoded form.
ssh [-?|h] [-o "option=value"] [-<a|b> Loopback-Address] [-p Port] [-C] [-j Keepalive-Interval] <Host> Establishes an SSH connection to the <Host>. Possible arguments are:
  • -?|h: Outputs the help text.
  • -o "option=value": additional options with corresponding values can be specified.
  • -a|b: Allows a route or loopback address to be specified for the device to use if the destination can be reached via multiple routes. The function of -a and -b is identical. -b is the usual option used by an OpenSSH client on UNIX systems, whereas some other commands integrated into LCOS use -a to specify a loopback address.
  • -p: Sets the <Port> of the host
  • -C: Enforces compressed data transfer
  • -j: Specifies how frequently the client sends a keepalive.
sshcopyid To store your SSH public key using SSH Access rights: Supervisor-Write
sshkeygen [-h] [-q] [-t dsa|rsa|ecdsa] [-b <bits>] [-f <file-name>] [-R <host-name>] Creates or deletes the SSH key in the device. Possible arguments are:
  • -h: Displays a brief help text about the available parameters
  • -q: The device overrides existing keys without a prompt (quiet mode)
  • -t: This parameter specifies what type of key is generated. SSH supports the following types of keys:
    • RSA
    • DSA
    • ECDSA
  • -b: This parameter sets the length of the RSA key in bits. If you do not specify a length, the command produces a key with a length of 1024 bits by default.
  • -f: These parameters specify the mounting point of the generated key file in the device file system. The choice of mounting point depends on the type key you are generating. The choices available to you are:
    • ssh_rsakey for RSA keys
    • ssh_dsakey for DSA keys
    • ssh_ecdsakey for ECDSA keys
Note: For further information on SSH / SSL keys used in the device refer to the chapter Device-internal SSH/SSL keys
ssldefaults [-y] This command resets the SSL / TLS settings in all submenus of the current configuration to the default values after a security prompt. In LCOS, each module comes with its own submenu for SSL / TLS settings. This provides a way to reset all settings in these various submenus to the current secure default settings. The parameter -y ensures that the security prompt is automatically answered so that the command can be used non-interactively in scripts.
stop Ends the ping command
sysinfo Shows the system information (e.g., hardware release, software version, MAC address, serial number, etc.).
tab For use in script files: For the command that follows, this sets the order of the columns for the arguments in the case that the columns in the table differ from the default (e.g. a column was added).Access rights: Supervisor-Write,Local-Admin-Write,Limited-Admin-Write
telnet <Address> Establishes a Telnet connection to the given <address>.
testmail <From> <To_1…To_n> [<Realname> <Subject> <Body>] Sends a test e‑mail. A sender address and receiver address are necessary; real name, subject line and message content are optional. Access rights: Supervisor-Write,Local-Admin-Write,Limited-Admin-Write
time <DateTime> Sets a time in format MM/DD/YYYY hh:mm:ss. Access rights: Supervisor-Write,Local-Admin-Write,Limited-Admin-Write Execution right: Time Wizard
trace <Parameter> <Filter> Starts a trace command for output of diagnosis data. With additional filter arguments you can further limit the output. For further information on this command refer to the section Parameter overview for the trace command.Access rights: Supervisor-Read,Limited-Admin-Read,Limited-Admin-Write
unmount [-?][-f] <Volume> Outputs the current volume table.
  • -f: Releases the specified volume. <Volume> may be the volume ID or any mount point.
  • -?: Outputs the help text.
unsetenv <Name> Deletes the specified environmental variable. Access rights: Supervisor-Write,Local-Admin-Write,Limited-Admin-Write
wakeup [MAC] Performs a Wake On LAN for the device with the MAC address [MAC]. Access rights: Supervisor-Write,Local-Admin-Write,Limited-Admin-Write
who Lists active configuration sessions.
writeconfig [-u] [-C d] [-s password] [-b index] Writes a new configuration on the device in the syntax format for the device. The system interprets all of the following lines as configuration values until two empty lines are read. Possible arguments are:
  • -u: Forces the unconditional execution of a script or a configuration.
  • -C d: Skips the default "Check for difference. Also applies when the -u option is used.
  • -s password: Decrypts the configuration file with the use of the specified password.
  • -b index: Writes the configuration as an alternative boot configuration. Index must be 1, 2 or all.
Access rights: Supervisor-Write
writeflash Load a new firmware file (only via TFTP). Access rights: Supervisor-Write
!! Repeat last command
!<num> Repeat command <num> times
!<prefix> Repeat last command beginning with <prefix>
#<blank> Comment

Legend

Explanations for addressing, syntax and command input

Command-specific help

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo