Firmware and configuration management

auto

This command enables the creation of a backup configuration file on a remote server and/or locally after a specified period of time (see section time-period).

The use of a negative form (no) of the command disables sending mode in a specified period of time.

Syntax

[no] auto

Parameters

The command does not contain parameters.

Required privilege level

15

Command mode

CONFIG-ARCHIVE

Example:

esr(config-archive)# auto

CODE

boot system

The command is used to select an active software image loaded to the device.

Syntax

boot system <IMAGE>

Parameters

<IMAGE> – name of the software image which will be loaded to the device:

image-1 – next device boot will be performed from the first software image;
image-2 – next device boot will be performed from the second software image.

Required privilege level

15

Command mode

ROOT

Example:

esr# boot system image-2

CODE

by-commit

The command enables the mode of sending the configuration file to the redundancy server in a specified period of time.

The use of a negative form (no) of the command disables the sending mode after the successful application of configuration.

Syntax

[no] by-commit

Parameters

The command does not contain parameters.

Required privilege level

15

Command mode

CONFIG-ARCHIVE

Example:

esr(config-archive)# by-commit

CODE

commit

The command allows to apply (enable) the configuration changes. RUNNING configuration is replaced by CANDIDATE configuration. To enable the changes applied, you need to confirm the operation by ‘confirm’ command during the time period not exceeding the acknowledgement timer lifetime (600 seconds by default, can be changed by the system config-confirm timeout command).

Syntax

commit

Parameters

The command does not contain parameters.

Required privilege level

10

Command mode

ROOT

CHANGE-EXPIRED-PASSWORD

Example:

esr# commit

CODE

Configuration changes are applied.

confirm

The command is intended to confirm the configuration appliance. If during a specified time period (600 seconds by default, can be changed by the system config-confirm timeout command) after applying the configuration you do not enter a confirmation by «commit» command, automatic rollback to a previously valid configuration will occur. Automatic rollback system prevents loss of connection with the device.

Syntax

confirm

Parameters

The command does not contain parameters.

Required privilege level

10

Command mode

ROOT

CHANGE-EXPIRED-PASSWORD

Example:

esr# confirm

CODE

Confirmation of configuration changes.

copy

The command is used to copy files among the various sources and receivers.

Syntax

copy <SOURCE> <DESTINATION>

Parameters

<SOURCE> – source, defined as:

tftp://<ip>[<port>]:/<path> – address of file on TFTP server, where:
- <ip> – TFTP server IP address;
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on TFTP server.
tftp://<ipv6>[%<interface>][<port>]:/<path> – address of file on TFTP server, where:
- <ipv6> – TFTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on TFTP server.
ftp://[<user>[:<password>]@]<ip>[<port>]:/<path>
- <ip> – FTP server IP address;
- <user> – user name (configure the default user name by the ip ftp client username command, described in Section ip ftp client username);
- <password> – password (configure the default password by the ip ftp client password command, described in Section ip ftp client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on FTP server.
ftp://[<user>[:<password>]@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – FTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip ftp client username command, described in Section ip ftp client username);
- <password> – password (configure the default password by ip ftp client password command, described in Section ip ftp client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on FTP server.
sftp://[<user>[:<password>]@]<ip>[<port>]:/<path>
- <ip> – FTP server IP address;
- <user> – user name (configure the default user name by the ip sftp client username command, described in Section ip sftp client username);
- <password> – password (configure the default password by the ip sftp client password command, described in Section ip sftp client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on FTP server.
sftp://[<user>[:<password>]@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – FTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip sftp client username command, described in Section ip sftp client username);
- <password> – password (configure the default password by the ip sftp client password command, described in Section ip sftp client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on FTP server.
scp://[<user>:<password>@]<ip>[<port>]:/<path>
- <ip> – IP address of server;
- <user> – user name (configure the default user name by the ip ssh client username command, described in Section ip ssh client username);
- <password> – password (configure the default password by ip ssh client password command, described in Section ip ssh client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on server.
scp://[<user>:<password>@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – IPv6 address of server;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip ssh client username command, described in Section ip ssh client username);
- <password> – password (configure the default password by the ip ssh client password command, described in Section ip ssh client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on server.
http://<ip>[<port>]:/<path> – address of file on HTTP server, where:
- <ip> – IP address of HTTP server;
- <port> – port on which HTTP server is launched, separated from IP address by '#' or ':' character;
- <path> – file path on HTTP server.
http://<ipv6>[%<interface>][<port>]:/<path> – address of file on HTTP server, where:
- <ipv6> – IPv6 address of HTTP server;
- <interface> – outgoing network interface for link-local addresses;
- <port> – port on which HTTP server is launched is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on TFTP server.
https://[ca/<CA-FILE>][:server-crt/<SC-FILE>][:server-key/<SK-FILE>]@<ip>[<port>]:/<path> – address of file on HTTPS server, where:
- <CA-FILE> – authentication server certificate file name in the corresponding memory section of the router;
- <SC-FILE> – file name of the server public certificate in the corresponding section of the router’s memory;
- <SK-FILE> – server private key file name in the corresponding memory section of the router;
- <ip> – IP address of HTTP server;
- <port> – port on which HTTPS server is launched, separated from IP address by '#' or ':' character;
- <path> – file path on HTTP server.
https://[ca/<CA-FILE>][:server-crt/<SC-FILE>][:server-key/<SK-FILE>]@<ipv6>[%<interface>][<port>]:/<path> – address of file on HTTPS server, where:
- <CA-FILE> – authentication server certificate file name in the corresponding memory section of the router;
- <SC-FILE> – file name of the server public certificate in the corresponding section of the router’s memory;
- <SK-FILE> – server private key file name in the corresponding memory section of the router;
- <ipv6> – IPv6 address of HTTPS server;
- <interface> – outgoing network interface for link-local addresses;
- <port> – port on which HTTP server is launched is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on TFTP server.
usb://usb_name:/PATH
- usb_name – name assigned to USB storage. The following parameters can be displayed by "show storage-devices” command (see Section show storage-devices);
- <PATH> – file path on USB storage.
mmc://mmc_name:/PATH (except ESR-10/12V/12VF/14VF)
- mmc_name – name assigned to MMC storage. The following parameters can be displayed by "show storage-devices” command (see Section show storage-devices);
- <PATH> – file path on MMC storage.
system:factory-config – factory configuration;
system:default-config – default configuration (blank);
system:running-config – running configuration;
system:candidate-config – configuration which will be applied after 'commit' command execution;
system:firmware – device firmware. Copying is performed from inactive device software image;
system:boot-1 – primary device bootloader (SBI, bl1, x-loader).
system:boot-2 – secondary device bootloader (u-boot, boot).
flash:critlog/FILE – folder to save kernel messages during the entire operation of the device;
flash:syslog/FILE – folder to save current session logs, saved after rebooting;
tmpsys:syslog/FILE – folder to save current session logs, is not saved after rebooting;
flash:backup/FILE – folder for saving backup copies of current router configurations;
flash:data/FILE – folder for downloading files from the router.

<DESTINATION> – destination, defined as:

tftp://<ip>[<port>]:/<path> – address of file on TFTP server, where:
- <ip> – TFTP server IP address;
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on TFTP server.
tftp://<ipv6>[%<interface>][<port>]:/<path> – address of file on TFTP server, where:
- <ipv6> – TFTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on TFTP server.
ftp://[<user>[:<password>]@]<ip>[<port>]:/<path>
- <ip> – FTP server IP address;
- <user> – user name (configure the default user name by the ip ftp client username command, described in Section ip ftp client username);
- <password> – password (configure the default password by ip ftp client password command, described in Section ip ftp client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on FTP server.
ftp://[<user>[:<password>]@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – FTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip ftp client username command, described in Section ip ftp client username);
- <password> – password (configure the default password by the ip ftp client password command, described in Section ip ftp client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on FTP server.
sftp://[<user>[:<password>]@]<ip>[<port>]:/<path>
- <ip> – FTP server IP address;
- <user> – user name (configure the default user name by the ip sftp client username command, described in Section ip sftp client username);
- <password> – password (configure the default password by the ip sftp client password command, described in Section ip sftp client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on FTP server.
sftp://[<user>[:<password>]@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – FTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip sftp client username command, described in Section ip sftp client username);
- <password> – password (configure the default password by the ip sftp client password command, described in Section ip sftp client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on FTP server.
scp://[<user>:<password>@]<ip>[<port>]:/<path>
- <ip> – IP address of server;
- <user> – user name (configure the default user name by the ip ssh client username command, described in Section ip ssh client username);
- <password> – password (configure the default password by ip ssh client password command, described in Section ip ssh client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on server.
scp://[<user>:<password>@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – IPv6 address of server;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip ssh client username command, described in Section ip ssh client username);
- <password> – password (configure the default password by ip ssh client password command, described in Section ip ssh client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on server.
usb://usb_name:/PATH
- usb_name – name assigned to USB storage. The following parameters can be displayed by "show storage-devices” command (see Section show storage-devices);
- <PATH> – file path on USB storage.
mmc://mmc_name:/PATH (except ESR-10/12V/12VF/14VF)
- mmc_name – name assigned to MMC storage. The following parameters can be displayed by "show storage-devices” command (see Section show storage-devices);
- <PATH> – file path on MMC storage.
system:candidate-config – configuration which will be applied after 'commit' command execution;
system:licence – device licence;
system:boot-licence – device license used when starting the secondary bootloader;
system:firmware – device firmware. Copying is always performed to inactive device software image;
system:boot2 – secondary device bootloader (u-boot, x-loader);
certificate/ca/ – folder to keep CA’s certificate;
certificate/dh/ – folder to keep Diffie-Hellman key;
certificate/server_key/ – folder to keep a private key of OPENVPN server;
certificate/server_crt/ – folder to keep a private key of OPENVPN server;
certificate:client-key/FILE – folder to keep a private key of OPENVPN client;
certificate:client-crt/FILE – folder to keep a certificate of OPENVPN client;
certificate/ta/ – folder to keep НМАС key;
certificate/crl/ – folder to keep the list of revoked certificates;
flash:data/FILE – folder for downloading files from the router.

Required privilege level

15

Command mode

ROOT

Example 1

esr# copy tftp://10.100.100.1/esr.cfg system:candidate-config

CODE

Example 2

esr# copy tftp://10.100.100.1/crl.pem system:certificate/crl/crl.pem

CODE

count-backup

This command sets the maximum number of locally saved configuration backups.

The use of a negative form (no) of the command sets the default value.

Syntax

count-backup <NUM>

no count-backup

Parameters

<NUM> – set the maximum number of locally saved configuration backups. Takes values in the range of [1..100].

Default value

1

Required privilege level

15

Command mode

CONFIG-ARCHIVE

Example:

esr(config-archive)# count-backup 20

CODE

delete

The command is used to remove licences, certificates, keys.

Syntax

delete <FILE>

Parameters

<FILE> – file type, may take the following values (when removing from the folder, you need to specify a file name):

flash:backup/FILE – folder for saving backup copies of current router configurations;
flash:critlog/FILE – folder to save kernel messages during the entire operation of the device;
flash:data/FILE – folder for downloading files from the router;
flash:syslog/FILE – folder to save current session logs, saved after rebooting;
tmpsys:syslog/FILE – folder to save current session logs, is not saved after rebooting;
certificate/ca/FILE – folder to keep CA’s certificate;
certificate/dh/FILE – folder to keep Diffie-Hellman key;
certificate/server_key/FILE – folder to keep a private key of IPsec/OpenVPN server key;
certificate/server_crt/FILE – folder to keep a public certificate of IPsec/OpenVPN server;
certificate:client-key/FILE – folder to keep a private key of OPENVPN client;
certificate:client-crt/FILE – folder to keep a certificate of OPENVPN client;
certificate/ta/FILE – folder to keep НМАС key;
certificate/crl/FILE – folder to keep the list of revoked certificates;
system:licence – license to activate functionality that requires a license;
system:boot-licence – device license used when starting the secondary bootloader;
usb://usb_name:/FILE
- usb_name – name assigned to USB storage. The following parameters can be displayed by "show storage-devices” command (see Section show storage-devices);
- <FILE> – the path to the file and its name on the USB flash drive.
mmc://mmc_name:/<FILE> (except ESR-10/12V/12VF/14VF)
- mmc_name – name assigned to MMC storage. The following parameters can be displayed by "show storage-devices” command (see Section show storage-devices);
- <FILE> – the path to the file and its name on the MMC flash drive.

Required privilege level

15

Command mode

ROOT

Example:

esr# delete system:certificate/dh/dh.key

CODE

dir

The command displays external storage medium (USB/MMC cards) and local router content.

Syntax

dir <PATH>
{ usb://<USB-device-name>/<PATH> | mmc://<MMC-device-name>/<PATH> | flash:backup/FILE | flash:data/FILE }

Parameters

<PATH> – the name of the local partition or the path to the folder on the external drive. Takes the following values:

flash:critlog – folder to save kernel messages during the entire operation of the device;
flash:syslog/ – folder to save current session logs, saved after rebooting;
flash:backup/ – folder for saving backup copies of current router configurations;
flash:data/ – folder for downloading files from the router;
tmpsys:syslog/ – folder to save current session logs, is not saved after rebooting;
certificate/ca/ – folder to keep CA’s certificate;
certificate/dh/ – folder to keep Diffie-Hellman key;
certificate/ta/ – folder to keep НМАС key
certificate/crl/ – folder to keep the list of revoked certificates;
certificate/server_key/ – folder to keep a private key of IPsec/OpenVPN server key;
certificate/server_crt/ – folder to keep a public certificate of IPsec/OpenVPN server;
certificate:client-key/ – folder to keep a private key of OPENVPN client;
certificate:client-crt/ – folder to keep a certificate of OPENVPN client;
usb://usb_name:/PATH
- usb_name – name assigned to USB storage. The following parameters can be displayed by "show storage-devices” command (see Section show storage-devices);
- <PATH> – file path on USB storage.
mmc://mmc_name:/PATH (except ESR-10/12V/12VF/14VF)
- mmc_name – name assigned to MMC storage. The following parameters can be displayed by "show storage-devices” command (see Section show storage-devices);
- <PATH> – file path on MMC storage.

<USB-device-name> – USB storage name assigned by the system. Displayed in ‘show storage-devices usb’ command output, Section show storage-devices.

<MMC-device-name> – MMC storage name assigned by the system. Displayed in ‘show storage-devices usb’ command output, Section show storage-devices.

flash:backup/FILE – file for saving backup copies of current router configurations;
flash:data/FILE – folder for downloading files from the router;

<PATH> – path to the required folder on USB/MMC storage.

flash:backup/FILE – file for saving backup copies of current router configurations;

flash:data/FILE – folder for downloading files from the router;

Required privilege level

1

Command mode

ROOT

Example:

esr# dir mmc://EF28-D074
Name                                       Type         Size
----------------------------------------   ----------   --------   --
esr1000-1.4.0-build21.uboot                File         0.00       B
.Trash-1000                                Directory    0.00       B

CODE

merge

This command is used to merge a local or downloadable configuration file with candidate-config.

Syntax

merge <SOURCE> system:candidate-config

Parameters

<SOURCE> – source, defined as:

tftp://<ip>[<port>]:/<path> – address of file on TFTP server, where:
- <ip> – TFTP server IP address;
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on TFTP server.
tftp://<ipv6>[%<interface>][<port>]:/<path> – address of file on TFTP server, where:
- <ipv6> – TFTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on TFTP server.
ftp://[<user>[:<password>]@]<ip>[<port>]:/<path>
- <ip> – FTP server IP address;
- <user> – user name (configure the default user name by the ip ftp client username command, described in Section ip ftp client username);
- <password> – password (configure the default password by the ip ftp client password command, described in Section ip ftp client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on FTP server.
ftp://[<user>[:<password>]@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – FTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip ftp client username command, described in Section ip ftp client username);
- <password> – password (configure the default password by ip ftp client password command, described in Section ip ftp client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on FTP server.
sftp://[<user>[:<password>]@]<ip>[<port>]:/<path>
- <ip> – FTP server IP address;
- <user> – user name (configure the default user name by the ip sftp client username command, described in Section ip sftp client username);
- <password> – password (configure the default password by the ip sftp client password command, described in Section ip sftp client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on FTP server.
sftp://[<user>[:<password>]@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – FTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip sftp client username command, described in Section ip sftp client username);
- <password> – password (configure the default password by the ip sftp client password command, described in Section ip sftp client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on FTP server.
scp://[<user>:<password>@]<ip>[<port>]:/<path>
- <ip> – IP address of server;
- <user> – user name (configure the default user name by the ip ssh client username command, described in Section ip ssh client username);
- <password> – password (configure the default password by ip ssh client password command, described in Section ip ssh client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on server.
scp://[<user>:<password>@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – IPv6 address of server;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip ssh client username command, described in Section ip ssh client username);
- <password> – password (configure the default password by the ip ssh client password command, described in Section ip ssh client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on server.
http://<ip>[<port>]:/<path> – address of file on HTTP server, where:
- <ip> – IP address of HTTP server;
- <port> – port on which HTTP server is launched, separated from IP address by '#' or ':' character;
- <path> – file path on HTTP server.
http://<ipv6>[%<interface>][<port>]:/<path> – address of file on HTTP server, where:
- <ipv6> – IPv6 address of HTTP server;
- <interface> – outgoing network interface for link-local addresses;
- <port> – port on which HTTP server is launched is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on TFTP server.
https://[ca/<CA-FILE>][:server-crt/<SC-FILE>][:server-key/<SK-FILE>]@<ip>[<port>]:/<path> – address of file on HTTPS server, where:
- <CA-FILE> – authentication server certificate file name in the corresponding memory section of the router;
- <SC-FILE> – file name of the server public certificate in the corresponding section of the router’s memory;
- <SK-FILE> – server private key file name in the corresponding memory section of the router;
- <ip> – IP address of HTTP server;
- <port> – port on which HTTPS server is launched, separated from IP address by '#' or ':' character;
- <path> – file path on HTTP server.
https://[ca/<CA-FILE>][:server-crt/<SC-FILE>][:server-key/<SK-FILE>]@<ipv6>[%<interface>][<port>]:/<path> – address of file on HTTPS server, where:
- <CA-FILE> – authentication server certificate file name in the corresponding memory section of the router;
- <SC-FILE> – file name of the server public certificate in the corresponding section of the router’s memory;
- <SK-FILE> – server private key file name in the corresponding memory section of the router;
- <ipv6> – IPv6 address of HTTPS server;
- <interface> – outgoing network interface for link-local addresses;
- <port> – port on which HTTP server is launched is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on TFTP server.
flash:data/FILE – folder for downloading files from the router.

Required privilege level

15

Command mode

ROOT

Example

esr# merge tftp://10.100.100.1/esr.cfg system:candidate-config

CODE

path

The command defines the protocol, server address as well as the location and name prefix of a file on the server. When performing a redundancy, the current time and date in the format YYYYMMDD_HHMMSS is added to the file name prefix.

The use of a negative form (no) of the command removes a specified value.

Syntax

path <PATH>

no path

Parameters

<PATH> – the format of the path to the folder on the remote server by tftp/ftp/sftp/scp in one of the following formats:

tftp://<ip>[<port>]:/<path> – address of file on TFTP server, where:
- <ip> – TFTP server IP address;
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on TFTP server.
tftp://<ipv6>[%<interface>][<port>]:/<path> – address of file on TFTP server, where:
- <ipv6> – TFTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on TFTP server.
ftp://[<user>[:<password>]@]<ip>[<port>]:/<path>
- <ip> – FTP server IP address;
- <user> – user name (configure the default user name by the ip ftp client username command, described in Section ip ftp client username);
- <password> – password (configure the default password by the ip ftp client password command, described in Section ip ftp client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on FTP server.
ftp://[<user>[:<password>]@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – FTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip ftp client username command, described in Section ip ftp client username);
- <password> – password (configure the default password by ip ftp client password command, described in Section ip ftp client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on FTP server.
sftp://[<user>[:<password>]@]<ip>[<port>]:/<path>
- <ip> – FTP server IP address;
- <user> – user name (configure the default user name by the ip sftp client username command, described in Section ip sftp client username);
- <password> – password (configure the default password by the ip sftp client password command, described in Section ip sftp client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on FTP server.
sftp://[<user>[:<password>]@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – FTP server IPv6 address;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip sftp client username command, described in Section ip sftp client username);
- <password> – password (configure the default password by the ip sftp client password command, described in Section ip sftp client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on FTP server.
scp://[<user>:<password>@]<ip>[<port>]:/<path>
- <ip> – IP address of server;
- <user> – user name (configure the default user name by the ip ssh client username command, described in Section ip ssh client username);
- <password> – password (configure the default password by ip ssh client password command, described in Section ip ssh client password);
- <port> – port that listens to TFTP server, separated from IP address by '#' or ':' character;
- <path> – file path on server.
scp://[<user>:<password>@]<ipv6>[%<interface>][<port>]:/<path>
- <ipv6> – IPv6 address of server;
- <interface> – outgoing network interface for link-local addresses;
- <user> – user name (configure the default user name by the ip ssh client username command, described in Section ip ssh client username);
- <password> – password (configure the default password by the ip ssh client password command, described in Section ip ssh client password);
- <port> – port that TFTP server listens to is separated from the IPv6 address by the symbol '#' or ':' (in this case, the IPv6 address must be enclosed in square brackets '[]');
- <path> – file path on server.

Required privilege level

15

Command mode

CONFIG-ARCHIVE

Example:

esr(config-archive)# path tftp://10.10.10.1:/esr-1000/config

CODE

restore

The command allows to cancel applied but not confirmed configuration and return to the last confirmed one. The command is applied to the whole device configuration. Undoing changes can be carried out only until ‘confirm’ command is entered. When executing ‘restore’ command, there is a loss of unconfirmed configuration.

Syntax

restore

Parameters

The command does not contain parameters.

Required privilege level

10

Command mode

ROOT

Example:

esr# restore

CODE

Reversion to the last confirmed configuration is completed.

rollback

The command allows to cancel not applied configuration changes. As a result of command execution, CANDIDATE configuration will be deleted. The command may be used only until ‘commit’ command is entered.

The command is applied to the whole device configuration.

Syntax

rollback

Parameters

The command does not contain parameters.

Required privilege level

10

Command mode

ROOT

Example:

esr# rollback

CODE

Cancellation of all not applied configuration changes has been made.

save

The command is used to save CANDIDATE configuration to the device ROM.

Syntax

save

Parameters

The command does not contain parameters.

Required privilege level

10

Command mode

ROOT

Example:

esr# save

CODE

Upload of current configuration on the device Flash memory.

show bootvar

The command is used to display information on software images loaded to the device.

Syntax

show bootvar

Parameters

The command does not contain parameters.

Required privilege level

1

Command mode

ROOT

Example:

esr# show bootvar
Image   Version                     Date                   Status         After reboot
-----   -------------------------   --------------------   ------------   ------------
1       1.0.7 build 119[5cd22b8]      date 22/12/2015 time   Not Active
                                      18:00:47
2       1.0.7 build 119[5cd22b8]      date 22/12/2015 time   Active            *
                                      18:00:47

CODE

show boot-licence

This command is used to view information about the active license of the device used at the stage of loading the secondary bootloader.

Syntax

show boot-licence

Parameters

The command does not contain parameters.

Required privilege level

5

Command mode

ROOT

Example:

esr# show boot-licence
Licence information
-------------------
Name:    Eltex
Version: 1.0 
Type:    ESR-1000 
S/N:     NP01000530
MAC:     A8:F9:4B:AA:44:BB
Features:
 KSS - Kaspersky Security System

CODE

show candidate-config

The command is used to display the device configuration which will be set after the settings are applied (‘commit’ command).

Syntax

show candidate-config [ <SECTION> ]

Parameters

<SECTION> – configuration section:

aaa – configuration of authentication, authorization and accounting parameters;
access-list – access lists configuration;
bridges – network bridges configuration;
- [ <NUM> ] – network bridge number.
channel-group – channel aggregation group configuration;
clock – router’s system clock and NTP configuration;
dhcp – DHCP server, client and Relay agent configuration;
content-provider – configuration of the source of updates to rules distributed under a commercial license;
dual-homing – Dual Homing configuration¹;
extended – extended configuration output;
hostname – router network name;
interfaces [<IF>] – interface configuration:
- <IF> – an interface's name specified in the form described in Section Types and naming order of router interfaces.
ip-address – IP interface configuration;
ipv6 [<SUBSECTION>] – IPv6 configuration:
- address – IPv6 interface configuration;
- dhcp [<SUBSECTION>] – IPv6 DHCP services configuration:
- client – IPv6 DHCP server configuration;
  - relay – IPv6 DHCP Relay agent configuration;
  - server – IPv6 DHCP client configuration.
- routing [<SUBSECTION>] – IPv6 routing configuration:
  - bfd – IPv6 BFD configuration;
  - bgp – IPv6 BGP configuration;
  - ospf – OSPFv3 configuration;
  - prefix-lists – IPv6 prefix lists configuration;
  - rip – RIP configuration;
  - static – static routes configuration.
- vrrp – IPv6 configuration of VRRP.
dialplan – dial plan configuration;
lldp – LLDP configuration;
mac-address-table – MAC table configuration¹;
mailservers – configuration of mail servers and domains;
mdns – mDNS functionality;
mirroring – mirroring configuration¹;
mpls – MPLS technology protocols configuration;
mdns – mDNS functionality configuration;
multiwan – configuration of redundancy and WAN interface balancing service;
nat [<SUBSECTION>] – NAT service configuration:
- source – Source NAT service configuration;
- destination – Destination NAT service configuration;
- alg – NAT algorithm configuration.
netflow – Netflow protocol configuration;
object-groups [ <TYPE> [ <NAME> ] ] – profile configuration;
- <TYPE> – profile type, may take values:
  - network;
  - address-port;
  - application;
  - mac;
  - service;
  - url.
- <NAME> – specified type profile name.
port-security – Port Security configuration¹^;
qos – QoS configuration;
remote-access [<SUBSECTION>] – L2TP over IPsec profiles and PPTP servers configuration;
- l2tp – configuration of L2TP over IPsec servers’ profiles;
- pptp – PPTP servers’ profile configuration;
- openvpn – OpenVPN servers’ profile configuration;
remote-client – remote access configuration (SSH, Telnet, etc.);
rmon – RMON configuration;
routing [<SUBSECTION>] – routing configuration:
- bfd – BFD configuration;
- bgp – BGP configuration;
- isis – IS-IS protocol configuration;
- key-chains – authentication keys configuration;
- ospf – OSPF configuration;
- prefix-list – prefix list configuration;
- rip – RIP configuration;
- route-maps – route maps comfiguration
  - [ <RM-NAME> ] – route map name.
- static – static routes configuration;
- tracking – Tracking objects configuration.
security [<SUBSECTION>] – IPsec VPN and Firewall services configuration;
- antispam – "Antispam" service profile configuration;
- ike – IKE configuration;
- ipsec – IPsec configuration
- zone – Firewall zones configuration;
- zone-pair – configuration of transitions between Firewall zones;
sip – SIP configuration;
- profile – SIP profile configuration;
- service – SIP configuration;
sflow – sFlow protocol configuration;
snmp – SNMP server configuration;
spanning-tree – Spanning Tree Protocol family configuration¹;
sla – IP SLA service configuration
system – systemic parameters configuration;
syslog – Syslog service configuration;
tunnels [<TYPE> [<NUM> ] ] – tunnel configuration:
- <TYPE> – tunnel type, may take values:
  - gre – GRE tunnel configuration;
  - ip4ip4 – configuration of IPv4 over IPv4 tunnels;
  - l2tp – L2TP tunnels configuration;
  - l2tpv3 – L2TPv3 tunnels configuration;
  - lt – logical tunnels configuration;
  - softgre – SoftGRE tunnel configuration¹;
  - vti – VTI tunnels configuration;
  - pptp – PPTP clients configuration;
  - pppoe – PPPoE clients configuration;
  - l2tp – L2TP clients configuration;
  - openvpn – OPENVPN clients configuration;
- <NUM> – number of the specified tunnel type in the router's configuration.
vlans – VLAN configuration;
voice – voice service configuration;
vrf – VRF configuration;
vrrp – VRRP protocol configuration;
wisla – configuration of wiSLA services quality monitoring system;
wireless-controller – Wi-Fi controller parameters configuration;
zabbix – Zabbix agent configuration.

¹ In the current firmware version, this functionality is supported only by ESR-1000 router

Required privilege level

10

Command mode

ROOT

Example:

esr# show candidate-config
ntp enable
ntp broadcast-client enable
syslog max-files 3
syslog file-size 512
syslog file default info
vlan 2
exit
security zone trusted
exit
security zone untrusted
exit
object-group service telnet
  port-range 23
exit
object-group service ssh
  port-range 22
exit
object-group service dhcp_server
  port-range 67
exit More? Enter – next line; Space – next page; Q – quit; R – show the rest.

CODE

show configuration changes

This command displays the differences between the configuration files.

Syntax

show configuration changes [<CONFIG> < CONFIG>]

Parameters

<CONFIG> – configuration file for comparison. May take the following values:

candidate-config;
running-config;
factory-config;
default-config;
flash:backup/FILE.

Default value

Without <CONFIG>, the difference between running-config and candidate-config is displayed.

Required privilege level

10

Command mode

ROOT

Example:

esr(config-)# show configuration changes
+ interface gigabitethernet 1/0/1.100
+   ip firewall disable
+   ip address 10.54.22.1/24
+ exit

CODE

show crypto certificates

The command displays information on certificate amount.

Syntax

show crypto certificates [ <CERTIFICATE-TYPE> ]

Parameters

<CERTIFICATE-TYPE> – certificate or key type, may take the following values:

ca – Certificate Authority;
crl – Certificate Revocation List;
dh – Diffie-Hellman key;
server-crt – public server certificate;
server-key – private server key;
client-crt – client certificate;
client-key – client private key;
ta – HMAC key.

Required privilege level

15

Command mode

ROOT

Example:

esr# show crypto certificates
Type           Total
------------   -------
ca	             3
dh             	1
server key     	2
server crt   	1
ta            	1
crl            	1

CODE

show licence

The command is used to display information on the active device license.

Syntax

show licence

Parameters

The command does not contain parameters.

Required privilege level

5

Command mode

ROOT

Example:

esr# show licence
Licence information
-------------------
Name: X-Telecom
Version: 1.0
Type: ESR-1000
S/N: NP01000046
MAC: A8:F9:4B:AA:03:20
Features:
    DHCP – Dynamic Host Configuration Protocol
    IDS – Empty description
    SWUTIL – View interface's utilization

CODE

show running-config

The command is used to display the current device configuration.

Syntax

show running-config [<SECTION>]

Parameters

<SECTION> – configuration section, the description is given in Section show candidate-config.

Required privilege level

10

Command mode

ROOT

Example:

esr# show running-config syslog
syslog max-files 3
syslog file-size 512
syslog file default info
syslog console info

CODE

show storage-devices

The command displays information on connected external storage mediums (USB/MMC memory cards).

Syntax

show storage-devices { usb | mmc }

Parameters

usb – USB storage.

mmc – SD/MMC memory card.

Required privilege level

1

Command mode

ROOT

Example:

esr# show storage-devices mmc
Name                             Total, MB    Used, MB     Free, MB
------------------------------   ----------   ----------   ---------- 
EF28-D074                        99.79        72.64        27.15

CODE

show version

The command is used to display the current firmware version and device hardware version.

Syntax

show version

Parameters

The command does not contain parameters.

Required privilege level

1

Command mode

ROOT

Example:

esr# show version
Boot version:
  1.0.7.16 (date 18/11/2015 time 13:40:59)
SW version:
  1.0.7 build 17[d9bdbda] (date 21/11/2015 time 18:06:41)
HW version:
  1v7

CODE

time-period

The command sets the time period after which the automatic redundancy of the configuration will be performed.

The use of a negative form (no) of the command sets the default value.

Syntax

time-period <TIME>

no time-period

Parameters

<TIME> – periodicity of automatic redundancy of the configuration, takes the value in minutes [1..35791394].

Default value

720 minutes

Required privilege level

15

Command mode

CONFIG-ARCHIVE

Example:

esr(config-archive)# time-period 1440

CODE

type

This command sets the backup configuration of the router.

The use of a negative form (no) of the command sets the default mode.

Syntax

type <TYPE>

no type

Parameters

<TYPE> – type of the router configuration backup. Takes the following values:

local – saving backup configurations occurs in the flash: backup/section with a file name in the form of 'config_YYYYMMDD_HHMMSS;' Where:
- YYYY – year, according to the system clock of the router at the time of recording the configuration backup;
- MM – month, according to the system clock of the router at the time of recording the configuration backup;
- DD – day, according to the system clock of the router at the time of recording the configuration backup;
- HH – hour, according to the system clock of the router at the time of recording the configuration backup;
- MM – minute, according to the system clock of the router at the time of recording the configuration backup;
- SS – second, according to the system clock of the router at the time of recording the configuration backup.
remote – backup configurations are saved on a remote server;
both – backup configurations are saved in section flash:backup and on a remote server;

Default value

remote

Required privilege level

15

Command mode

CONFIG-ARCHIVE

Example:

esr(config-archive)# type both

CODE