The system of ESR router CLI commands is divided into hierarchic levels (sections).
Global mode
Top level of the command hierarchy is shown in the table 2.
Table 2 – Command modes hierarchy (top level)
Level | Entry command | Prompt line view | Exit command |
|---|---|---|---|
Root mode (ROOT) | esr> esr# | exit end | |
Configuration mode (CONFIG) | configure | esr(config)# | |
Device debugging mode (DEBUG) | debug | esr(debug)# |
Figure 1 – Top level of command mode hierarchy
In the root command mode (ROOT) you can perform the following:
– operation with configuration files:
- application;
- confirmation;
- reset;
- saving;
- undo pending changes;
- revert to the confirmed configuration;
– router reboot;
– monitoring and the current device configuration displaying.
From the root mode (ROOT), proceeding to the following sections is performed:
– device configuration mode (CONFIG);
– device debugging mode (DEBUG).
Router configuration
ESR router configuration is performed in CONFIG mode The mode is available from the root mode (ROOT). Switching to the configuration mode is performed only in a privileged one.
To switch from the root mode (ROOT), you should run the following commands:
esr> enable esr# configure esr(config)#
In ESR router configuration mode the following functions are performed:
- system timer management;
- system log management;
- remote access configuration;
- QoS configuration;
- Spanning Tree configuration;
- VLAN configuration;
- static routes configuration;
- routing protocol precedence configuration;
- switching to the function configuration modes, the description is shown in the table 3.
Table 3 – Command modes for router management
Level | Entry command1 | Prompt line view | Previous level |
|---|---|---|---|
GigabitEthernet interfaces configuration | interface gigabitethernet <PORT> | esr(config-if-gi)# | CONFIG |
TengigabitEthernet interfaces configuration | interface tengigabitethernet <PORT> | esr(config-if-te)# | CONFIG |
Channel aggregation groups configuration (CONFIG - PORT - CHANNEL) | interface port-channel <CH> | esr(config-port-channel)# | CONFIG |
Sub interfaces configuration (CONFIG-SUBIF) | interface gigabitethernet <PORT>.<VLAN> or interface tengigabitethernet <PORT>.<VLAN> or interface port-channel <CH>.<VLAN> | esr(config-subif)# | CONFIG |
Sub interfaces configuration (CONFIG - QINQ - IF) | interface gigabitethernet <PORT>.<VLAN>.<VLAN> or interface tengigabitethernet <PORT>.<VLAN>.<VLAN> or interface port-channel <CH>.<VLAN>.<VLAN> | esr(config-qinq-if)# | CONFIG |
Virtual interfaces configuration | interface loopback <PORT> | esr(config-loopback)# | CONFIG |
E1 interfaces configuration (CONFIG-E1) | interface e1 <PORT> | esr(config-e1)# | CONFIG |
E1 channels aggregation group configuration | interface multilink <PORT> | esr(config-multilink)# | CONFIG |
FXO ports configuration | interface voice-port <NUM> | esr(config-voice-port-fxo)# | CONFIG |
FXS ports configuration | interface voice-port <NUM> | esr(config-voice-port-fxs)# | CONFIG |
VTI configuration | tunnel vti <VTI> | esr(config-vti)# | CONFIG |
Serial interface configuration2 | line aux | esr(config-line-aux)# | CONFIG |
L2TP tunnel configuration (CONFIG - L 2 TP) | tunnel l2tp <L2TP> | esr(config-l2tp)# | CONFIG |
L2TPv3 tunnel configuration (CONFIG - L 2 TPV 3) | tunnel l2tpv3 <L2TPV3> | esr(config-l2tpv3)# | CONFIG |
GRE tunnel configuration (CONFIG - GRE) | tunnel gre <GRE> | esr(config-gre)# | CONFIG |
SoftGRE tunnels configuration (CONFIG -SOFT GRE) | tunnel softgre <SOFTGRE> | esr(config-softgre)# | CONFIG |
Logical tunnels configuration (CONFIG - LT) | tunnel lt <LT> | esr(config-lt)# | CONFIG |
Configuring sub interface on L2 tunnel (CONFIG -SUBTUNNEL) | tunnel softgre <GRE>.<VLAN> | esr(config-subtunnel)# | CONFIG |
IPv4-over-IPv4 tunnel configuration (CONFIG - IP 4 IP 4) | tunnel ip4ip4 <IP4IP4> | esr(config-ip4ip4)# | CONFIG |
Network bridges configuration (CONFIG - BRIDGE) | bridge <BRIDGE> | esr(config-bridge)# | CONFIG |
VLAN Configuration (CONFIG-VLAN) | vlan <VLAN> | esr(config-vlan)# | CONFIG |
Network policy configuration for VLAN specification by LLDPDU messages of a client | network-policy <NAME> | esr(config-net-policy) | CONFIG |
DHCP server address pool configuration | ip dhcp-server pool <NAME> | esr(config-dhcp-server)# | CONFIG |
DHCP option 60 configuration | ip dhcp-server vendor-class-id <NAME> | esr(config-dhcp-vendor-id)# | CONFIG |
DHCP server address pool configuration | ipv6 dhcp-server pool <NAME> | esr(config-ipv6-dhcp-server)# | CONFIG |
DHCP option 60 configuration | ipv6 dhcp-server vendor-class-id <NAME> | esr(config-dhcp-vendor-id)# | CONFIG |
Application profile configuration (CONFIG-OBJECT-GROUP-APPLICATION) | object-group application <NAME> | esr(config-object-group-application)# | CONFIG |
IP address profile configuration | object-group network <NAME> | esr(config-object-group-network)# | CONFIG |
Configuration of match profile of | object-group address-port <NAME> | esr(config-object-group-address-port)# | CONFIG |
TCP/UDP port profile configuration | object-group service <NAME> | esr(config-object-group-service)# | CONFIG |
URL profile configuration | object-group url <NAME> | esr(config-object-group-url)# | CONFIG |
XAUTH profile configuration (CONFIG-ACCESS-PROFILE) | access profile <NAME> | esr(config-access-profile)# | CONFIG |
IP address pool configuration (CONFIG - POOL) | address-assignment pool <NAME> | esr(config-pool)# | CONFIG |
IKE protocol gateway configuration | security ike gateway <NAME> | esr(config-ike-gw)# | CONFIG |
IKE protocol policy configuration | security ike policy <NAME> | esr(config-ike-policy)# | CONFIG |
IKE protocol profile configuration | security ike proposal <NAME> | esr(config-ike-proposal)# | CONFIG |
IPsec protocol set policy configuration | security ipsec policy <NAME> | esr(config-ipsec-policy)# | CONFIG |
IPsec protocol set profile configuration | security ipsec proposal <NAME> | esr(config-ipsec-proposal)# | CONFIG |
IPsec-based VPN configuration | security ipsec vpn <NAME> | esr(config-ipsec-vpn)# | CONFIG |
ACL configuration | ip access-list extended <NAME> | esr(config-acl)# | CONFIG |
ACL rule configuration | rule <ORDER> | esr(config-acl-rule)# | CONFIG-ACL |
Security zone configuration | security zone <NAME> | esr(config-zone)# | CONFIG |
Rule group configuration for security zone pairs | security zone-pair <FROM> <TO> | esr(config-zone-pair)# | CONFIG |
Rule configuration for security zone pairs | rule <ORDER> | esr(config-zone-rule)# | CONFIG-ZONE-PAIR |
Configuring destination address translation service | nat destination | esr(config-dnat)# | CONFIG |
Configuring IP addresses pool and TCP/UDP ports for DNAT | pool <NAME> | esr(config-dnat-pool)# | CONFIG-DNAT |
DNAT rule set configuration | ruleset <NAME> | esr(config-dnat-ruleset)# | CONFIG-DNAT |
DNAT rule configuration | rule <ORDER> | esr(config-dnat-rule)# | CONFIG-DNAT-RULESET |
Configuring sender address translation service | nat source | esr(config-snat)# | CONFIG |
Configuring IP addresses pool and TCP/UDP ports for SNAT | pool <NAME> | esr(config-snat-pool)# | CONFIG-SNAT |
SNAT rule set configuration | ruleset <NAME> | esr(config-snat-ruleset)# | CONFIG-SNAT |
SNAT rule configuration | rule <ORDER> | esr(config-snat-rule)# | CONFIG-SNAT-RULESET |
System user configuration | username <NAME> | esr(config-user)# | CONFIG |
Local console configuration | line console | esr(config-line-console)# | CONFIG |
Remote console configuration | line telnet | esr(config-line-telnet)# | CONFIG |
Secure remote console configuration | line ssh | esr(config-line-ssh)# | CONFIG |
TACACS server configuration | tacacs-server host <ADDR> | esr(config-tacacs-server)# | CONFIG |
RADIUS server configuration | radius-server host <ADDR> | esr(config-radius-server)# | CONFIG |
RADIUS server profile configuration | aaa radius-profile <NAME> | esr(config-aaa-radius-profile)# | CONFIG |
DAS server configuration | das-server <NAME> | esr(config-das-server)# | CONFIG |
DAS server profile configuration | aaa das-profile <NAME> | esr(config-aaa-das-profile)# | CONFIG |
LDAP server configuration | ldap-server host <ADDR> | esr(config-ldap-server)# | CONFIG |
Configuring remote access server via PPTP | remote-access pptp <NAME> | esr(config-pptp-server)# | CONFIG |
Configuring remote access users via PPTP | username <NAME> | esr(config-pptp-user)# | CONFIG-PPTP |
Configuring remote access server via L2TP | remote-access l2tp <NAME> | esr(config-l2tp-server)# | CONFIG |
Configuring remote access users via L2TP | username <NAME> | esr(config-l2tp-user)# | CONFIG-L2TP-SERVER |
Configuring remote access client via PPTP | tunnel pptp <PPTP-ID> | esr(config-pptp)# | CONFIG |
Configuring remote access client via PPPoE | tunnel pppoe <PPPOE-ID> | esr(config-pppoe)# | CONFIG |
Configuring SNMP user | snmp-server <NAME> | esr(config-snmp-user)# | CONFIG |
Configuring NTP server or peer | service ntp server <ADDR> | esr(config-ntp)# | CONFIG |
Configuring BGP process | router bgp <AS> | esr(config-bgp)# | CONFIG |
Configuring BGP process IPv4/IPv6 addressing | address-family { ipv4 | ipv6 } | esr(config-bgp-af)# | CONFIG-BGP |
Configuring BGP neighbors grouping | peer-group <NAME> | esr(config-bgp-group)# | CONFIG-BGP-FAMILY |
Configuring BGP process neighbor | neighbor <ADDR> | esr(config-bgp-neighbor)# | CONFIG-BGP-FAMILY |
Configuring subnet list | ip prefix-list <NAME> | esr(config-pl)# | CONFIG |
Configuring subnet list | ipv6 prefix-list <NAME> | esr(config-ipv6-pl)# | CONFIG |
Configuring a route map | route-map <NAME> | esr(config-route-map)# | CONFIG |
Configuring route map rules | rule <ORDER> | esr(config-route-map-rule)# | CONFIG-ROUTE-MAP |
Configuring RIP | router rip | esr(config-rip)# | CONFIG |
Configuring OSFP process | router ospf <ID> | esr(config-ospf)# | CONFIG |
Configuring OSFP area | area <ID> | esr(config-ospf-area)# | CONFIG-OSPF |
Configuring virtual OSFP connection | virtual-link <ID> | esr(config-ospf-vlink)# | CONFIG-OSPF-AREA |
Configuring OSPFv3 process | ipv6 router ospf <ID> | esr(config-ipv6-ospf)# | CONFIG |
Configuring OSPFv3 area | area <ID> | esr(config-ipv6-ospf-area)# | CONFIG-OSPFV3 |
Configuring virtual OSFPv3 connection | virtual-link <ID> | esr(config-ipv6-ospf-vlink)# | CONFIG-OSPFV3-AREA |
Configuring key list | key-chain <KEYCHAIN> | esr(config-keychain)# | CONFIG |
Configuring key | key <ID> | esr(config-keychain-key)# | CONFIG-KEYCHAIN |
Configuring redundancy parameters | spanning-tree mst configuration | esr(config-mst)# | CONFIG |
Configuring WAN rules | wan load-balance rule <ID> | esr(config-wan-rule)# | CONFIG |
Configuring WAN (IPv6) rules | Ipv6 wan load-balance rule <ID> | esr(config-ipv6-wan-rule)# | CONFIG |
Configuring target lists | wan load-balance target-list <NAME> | esr(config-target-list)# | CONFIG |
Configuring target lists (IPv6) | Ipv6 wan load-balance target-list <NAME> | esr(config-ipv6-target-list)# | CONFIG |
Configuring target | target <ID> | esr(config-wan-target)# | CONFIG-TARGET-LIST |
Configuring target (IPv6) | target <ID> | esr(config-ipv6-wan-target)# | CONFIG-IPV6-TARGET-LIST |
Configuring WiFi Controller | wireless-controller | esr(config-wireless)# | CONFIG |
VRF configuration | ip vrf <NAME> | esr(config-vrf)# | CONFIG |
QoS policy configuration | policy-map <NAME> | esr(config-policy-map)# | CONFIG |
QoS class configuration | class-map <NAME> | esr(config-class-map)# | CONFIG |
Configuring a class within the QoS policy | class <NAME> | esr(config-class-policy-map)# | CONFIG |
Configuring a PPP user for remote side authentication | ppp chap username <NAME> | esr(config-ppp-user)# | CONFIG-E1 |
ppp chap username <NAME> | CONFIG-MULTILINK | ||
user <NAME> | CONFIG-CELLULAR-PROFILE | ||
user <NAME> | CONFIG-ACCESS-PROFILE | ||
username <NAME> | CONFIG-L2TP-SERVER | ||
username <NAME> | CONFIG-PPTP-SERVER | ||
Configuring redundancy parameters | archive | esr(config-archive)# | CONFIG |
Configuring Netflow statistics collection server | netflow collector <ADDR> | esr(config-netflow-host)# | CONFIG |
Configuring sFlow statistics collection server | sflow collector <ADDR> | esr(config-sflow-host)# | CONFIG |
Configuring SNMP statistics collection server | snmp-server host <ADDR> | esr(config-snmp-host)# | CONFIG |
Changing the password after the expiration time | - | esr(change-expired-password)# | - |
Configuration of an http request filtering profile | ip http profile <NAME> | esr(config-profile) | CONFIG |
1 The detailed description of commands is shown below
2 Only for ESR-21
Types and naming order of router interfaces
Network interfaces of various types and purposes are used for the router operation. The naming system allows you to uniquely address the interfaces by their functional purpose and location in the system. The following table contains the list of interfaces types.
Table 4 – Types and naming order of router interfaces
Interface type | Designation |
|---|---|
Physical interfaces | Designation of physical interface includes its type and identifier. The identifier of physical interfaces is as follows: < UNIT>/< SLOT>/< PORT>, where - <UNIT> – number of a device in a device group, - <SLOT> – device module number or '0' if the device does not consist of modules, - <PORT> – port sequence number. |
1Gbps ports | gigabitethernet <UNIT>/<SLOT>/<PORT> Designation example: gigabitethernet 1/0/12 It is permitted to use short name, for example, gi1/0/12. |
10Gbps ports | tengigabitethernet <UNIT>/<SLOT>/<PORT> Designation example: tengigabitethernet 1/0/2 It is permitted to use short name, for example, te1/0/2. |
Channel aggregation groups | Designation of channel aggregation group includes its type and identifier: port-channel <CHANNEL_ID> Designation example: port-channel 6 It is permitted to use short name, for example, po1. |
Sub-interfaces | Designation of sub-interface is generated from the designation of basic interface and sub-interface identifier (VLAN) separated by a dot. Designation examples: gigabitethernet 1/0/12.100 tengigabitethernet 1/0/2.123 port-channel 1.6 Sub-interface identifier may take values of [1..4094]. |
Q-in-Q interfaces | Designation of Q-in-Q interface is generated from the designation of basic interface, service VLAN identifier and user VLAN identifier separated by a dot. Designation examples: gigabitethernet 1/0/12.100.10 tengigabitethernet 1/0/2.45.12 port-channel 1.6.34 Service and user VLAN identifier may take values of [1..4094]. |
E1 interfaces | Designation of E1 interface includes its type and identifier. E1 interfaces identifier is as follows: < UNIT>/< SLOT>/< STREAM>, where - <UNIT> – number of a device in a device group [1..1], - <SLOT> – number of device E1 module [0..12], - <STREAM> – E1 flow sequence number [1..1]. Designation example: e1 1/0/1 |
E1 channels aggregation groups | Designation of E1 channels aggregation group includes its type and interface sequence number: multilink <CHANNEL_ID> Designation example: multilink 3 |
Logical interfaces | Designation of logical interface is the interface sequence number: Designation examples: loopback 4 bridge 60 service-port 1 |
USB modems | Designation of USB modem includes its type and sequence number: modem <MODEM-NUM> Designation example: modem 1 |
FXS/FXO ports | Designation of FXS/FXO ports includes its type and sequence number: interface voice-port <NUM> Designation example: voice-port 1 |
Number of interfaces of each type depends on the router model.
The current firmware does not support for devices stacking. A device number in unit device group can only take the value of 1.
Some commands support for simultaneous operation with the interface group. To specify the interface group, you may use a comma-separated list or specify a range of identifiers using a hyphen '-'.
Examples of interface groups specifying:
interface gigabitethernet 1/0/1, gigabitethernet 1/0/5
interface tengigabitethernet 1/0/1-2
interface gi1/0/1-3,gi1/0/7,te1/0/1
Types and naming order of router tunnels
Network tunnels of various types and purposes are used for the router operation. The naming system allows you to uniquely address the tunnels by their functional purpose. The following table contains the list of tunnels types.
Table 5 – Types and naming order of router tunnels
Tunnel type | Designation |
|---|---|
L2TP tunnel | Designation of L2TP tunnel includes the type and sequence number of a tunnel: l2tp <L2TP_ID> Designation example: l2tp 1 |
L2TPv3 tunnel | Designation of L2TPv3 tunnel includes the type and sequence number of a tunnel: l2tpv3 <L2TPV3_ID> Designation example: l2tpv3 1 |
GRE tunnel | Designation of GRE tunnel includes the type and sequence number of a tunnel: gre <GRE_ID> Designation example: gre 1 |
GRE sub tunnel | Designation of GRE sub tunnel includes the type, sequence number of a tunnel and a sub tunnel VLAN ID: gre <GRE_ID>.<VLAN_ID> Designation example: gre 1.200 |
SoftGRE tunnel | Designation of SoftGRE tunnel includes the type and sequence number of a tunnel and, optionally, a virtual interface VLAN ID: softgre <GRE_ID>[.<VLAN>] Designation example: softgre 1, softgre 1.10 |
IPv4-over-IPv4 tunnel | Designation of IPv4-over-IPv4 tunnel includes the type and sequence number of a tunnel: ip4ip4 <IPIP_ID> Designation example: ip4ip4 1 |
IPsec tunnel | Designation of IPsec tunnel includes the type and sequence number of a tunnel: vti <VTI_ID> Designation example: vti 1 |
Logical tunnel (tunnel between VRF) | Designation of logical tunnel includes the type and sequence number of a tunnel: lt <LT_ID> Designation example: Designation example: lt 1 |
PPPoE tunnel | Designation of PPPoE tunnel includes the type and sequence number of a tunnel: pppoe <PPPoE_ID> Designation example: pppoe 1 |
PPTP tunnel | Designation of PPPTP tunnel includes the type and sequence number of a tunnel: pptp <PPTP_ID> Designation example: pptp 1 |
Number of tunnels of each type depends on the router model and firmware version.