Information on the available options for a CLI command can be obtained by ending a partial command line with a question mark (“?”). This will cause CLI to print out the available options for the remainder of the command line.

For example:

>backup ? interval <secs> File rotation interval url <URL> File upload URL >backup url ? url <URL> File upload URL

A CLI command line with only a question mark will result in a list of all CLI commands available to the user.

The auto-update command controls whether the Island will automatically update its firmware to the latest available version, and when the updates will occur.

The following "ip" commands are used to configure network parameters on an interface. They are valid only in interface context as set with the interface command.

The following "ip" commands are used to configure network parameters that are not specific to a single interface.

This section describes the syntax and usage of each CLI command. The commands are listed in alphabetical order.

The backup command configures automatic backups of the Island configuration and statistics to a remote file server.

Syntax

clear pin

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command deletes the PIN used to access the Island using the app. The app will prompt the user for a new PIN on the next access.

Examples

clear pin

Related Commands

Syntax

clear update

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

Under rare circumstances, an update may fail to complete, and will show indefinitely as pending or running. This command will stop the pending or running update.

Examples

clear update

Related Commands

Syntax

configure known-hosts

Syntax Description

This command has no arguments

Defaults

Usage Guidelines

This command allows the user to edit the list of known SSH keys for remote hosts. The file format is that used by the OpenSSH suite.

Editing is done using the vim text editor.

Examples

config known-hosts

Related Commands

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command deletes all existing connections (i.e., firewall state table entries). It is primarily for testing, and should be used with care since it will immediately terminate all active Internet connections through the Island.

Examples

Related Commands

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command causes the Island to request an immediate renewal of all IP addresses learned through DHCP.

Examples

Related Commands

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command clears the internal system log buffer in memory. It does not affect the log entries written to disk.

Examples

Related Commands

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command deletes all configuration information, both learned and manually-configured, from all network interfaces and sets the to full.

The user will be prompted before the command is executed unless command confirmation has been disabled with .

Examples

Related Commands

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command is used to delete and regenerate the local Island’s public/private key pair used to establish secure connections with VPN peers.

Note that this will stop all communications with existing VPN peers until the new public key is provided to them. It will also prevent the mobile app from establishing a remote connection to the Island until it obtains the new public key, either by connecting via a LAN or by pasting the new public key in Tours. It will not affect the mobile app’s ability to connect directly via a local LAN.

Examples

Related Commands

Syntax

Syntax Description

This command has no arguments

Defaults

Usage Guidelines

Because configuration commands can be entered at any time, this command is unnecessary, but is provided for those familiar with other systems that require its use.

Examples

Related Commands

Syntax

end

Syntax Description

This command has no arguments

Defaults

The CLI is initially in global context when invoked.

Usage Guidelines

This command is used to return the CLI to global context after being placed into interface context with the command.

Examples

Related Commands

Syntax

Syntax Description

Defaults

The number of cores is selected automatically by default.

Usage Guidelines

Normally, the system automatically determines the number of CPU cores to dedicate to Ethernet polling. This command is provided for diagnostic purposes, and should be used only as directed by Island support.

Examples

Related Commands

Syntax

exit

Syntax Description

This command has no arguments

Defaults

Usage Guidelines

If the CLI is in interface context, this command exits to global context. If the CLI is already in global context, this command ends the CLI session.

Examples

Related Commands

Syntax

Syntax Description

Defaults

History files are not written by default.

Usage Guidelines

This command enables the generation of history files for the specified instance, and specifies how often, in seconds, the current history file will be closed and a new file started.

The actual interval between files may be longer than specified if there are no events to log immediately after closing the previous history file. This does not apply if the history empty command has been given.

If the no keyword is specified, the current history file will be closed and no new history files will be created for this instance. Existing unsent history files will be retained until they are successfully transferred.

Examples

Related Commands

Syntax

Syntax Description

Defaults

ARP scanning is enabled on LAN interfaces but disabled on WAN interfaces by default.

Usage Guidelines

When ARP scanning is enabled on an Interface, Island will periodically send ARP requests to every valid IP address on the interface network. This allows Island to discover all devices on the network, even those that are not otherwise sending any traffic through the Island.

This command is valid only in interface context. Entering it will set the to manual.

Examples

Related Commands

Syntax

Syntax Description

Defaults

The default interface priority is 1.

Usage Guidelines

Island supports multiple WAN connections. The interface priority determines which WAN connection(s) outgoing traffic will use when multiple WAN connections are present and active.

Outbound connections will normally use the highest priority active WAN interface. If multiple active WAN interfaces have the same priority, outbound connections will be distributed between them.

This command is valid only in interface context. Entering it does not change the of the interface.

Examples

Related Commands

Syntax

Syntax Description

Defaults

The DHCP client is enabled on WAN interfaces and disabled on LAN interfaces by default.

Usage Guidelines

This command enables the DHCP client on an interface, allowing Island to obtain the IPv4 address and other options from an external DHCP server.

This command is valid only in interface context. Entering it will set the to manual.

Examples

Related Commands

Syntax

Syntax Description

Defaults

All recursive DNS requests passing through the Island are intercepted by default.

Usage Guidelines

By default, Island intercepts all recursive DNS requests it sees and resolves them locally, even if the request was sent to a different DNS server. This improves DNS lookup speed and allows Island to perform filtering at the DNS level.

In some circumstances, it may not be desirable to intercept DNS requests directed at another DNS server. Enabling the local-only option causes Island to pass these requests on to the targeted server.

Note that Island will never intercept and respond to DNS over HTTPS (DoH) requests targeted to another server. Users wishing to force all DNS reqeusts to be handled by Island may wish to block access to external DoH servers using Island's filtering capabilities. Refer to the Island Router app documentation for more information.

Examples

Related Commands

Syntax

Syntax Description

Defaults

A username and password is not required on the serial port by default.

Usage Guidelines

Some Island models have a serial port which provides direct access to the CLI. By default, no credentials are required to access the CLI through the serial port, and full access is granted. When the command is specified, the user will be prompted for a username ("admin" or "user") and password before access is granted.

Examples

Related Commands

The Command Line Interface (CLI) provides a low-level interface for the configuration and monitoring of the Island router. It is accessed via the SSH protocol on TCP port 22. On some Island models, the CLI can also be accessed through a serial port.

When logging in to the CLI, two different user names are available: “admin” and “user”. The admin account has full privileges and access to all CLI commands. The user account is a read-only account which cannot access any commands that change the system configuration.

Before the CLI can be accessed, the SSH password must be set via the Island app. This sets the password for the “admin” user. The password for the “user” login can be set by the admin user using the CLI command.

The CLI can also be accessed using SSH public key authentication. Authorized keys can be configured using the CLI command.

CLI command names and most keywords cay be abbreviated using the shortest unique prefix. For example, show interface summary can be abbreviated as sh int sum or even sh in su, but not as s int sum since the leading "s" is ambiguous.

Most CLI commands take effect immediately when issued, but are not saved to non-volatile storage until the command is issued. In other words, the command makes the current running configuration permanent by copying it to the startup configuration. Note, however, that any configuration changes made through the app cause the running configuration to be immediately saved to non-volatile storage, including any changes made using the CLI.

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command displays the list of known SSH keys for remote hosts. The file format is that used by the OpenSSH suite.

Examples

Related Commands

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command lists any dump files created when a software module terminates unexpectedly. They may be analyzed by Island support to determine the cause of a failure.

Examples

Related Commands

In general, clear text passwords such as in a URL argument are stored internally in an encrypted form so that they are unreadable when the system configuration is displayed. In some cases, an entire command parameter may be encrypted when there is special sensitivity involved. Encrypted strings begin with a tilde (“~”) character.

The system supports SSH public key authentication for all commands that use the SSH protocol, including the ssh command and any file transfer commands using the scp and sftp schemes. This eliminates the need to specify passwords inside a URL.

The show ssh-client-keys command can be used to obtain the user’s public key from the local system so that it can be added to the list of authorized keys on the remote system.

Syntax

clear ssh host-key [ed25519|rsa]

Syntax Description

Defaults

If no options are specified, all SSH host key types are regenerated.

Usage Guidelines

This command is used to delete and regenerate the local SSH host keys.

The host keys are used by remote clients to authenticate connections to the local system.

Examples

clear ssh host-key
clear ssh host-key ed25519

Related Commands

Syntax

compact

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

The space used by deleted records within the internal database is not always immediately reuseable due to the nature of the database. Over time, the database can accumulate a significant amount of unuseable space, resulting in decreased performance and additional disk space usage.

This command reclaims the unuseable space within the database by rebuilding it.

Examples

compact

Related Commands

Syntax

[no] history <instance> empty

Syntax Description

Defaults

By default, the system will not create empty history files.

Usage Guidelines

Once a history instance has been defined, history files will be created peridically based on the setting of the history interval command. By default, no history file is created for an interval if there were no history records generated during that interval. This command specifies that history files should always be created for an interval, even if the file contains no records.

Examples

history myhist2 empty

Related Commands

Syntax

history <instance> rename <newname>

Syntax Description

Defaults

None; all parameters must be specified.

Usage Guidelines

This command allows an existing history instance to be given a new instance name. Once renamed, all references to the history instance must be done using the new instance name.

Renameing a history instance will cause the current history file (if any) to be closed and a new one started.

Examples

history myhist2 rename myhist3

Related Commands

Syntax

[no] history <instance> url [<url>]

Syntax Description

Defaults

The default is to not write history files to a remote system

Usage Guidelines

This command specifies the destination for files produced for this history instance.

The URL must point to a remote directory. Each history file will be writton to a unique file in that directory. The file name format is:

history.YYYYMMDDHHMMSSmmm‐nnnnnnnnnn

where “YYYYMMDDHHMMSSmmm” is the date and time including milliseconds and “nnnnnnnnnn” is the number of records in the file.

The path portion of the URL is ignored for the "tcp://" or "udp://" real-time streaming schemes.

Refer to the URL Format section of this document for more information on the syntax of the url parameter.

Examples

history myhist3 url scp://jane:[email protected]/history

Related Commands

Syntax

[no] history <instance> utc

Syntax Description

Defaults

The default is to use the local time zone for history file names and timestamps.

Usage Guidelines

This command causes UTC time to be used for history file names and for any dates and times in the history records.

Examples

history myhist3 utc

Related Commands

Syntax

[no] hostname <string>

Syntax Description

Defaults

The system host name is empty by default.

Usage Guidelines

An Island may be given a unique and descriptive name to distinguish it from other Islands. The hostname will be used as the CLI prompt. It is also used to when auto-generating file names for some commands (e.g., backup url).

Examples

hostname dallas-island-02

Related Commands

Syntax

ip dns mode dnssec
ip dns mode https cloudflare|google|<url>
ip dns mode recursive

Syntax Description

Defaults

Island uses Cloudflare's DNS over HTTPS service by default.

Usage Guidelines

This command specifies how DNS lookups are performed by Island.

By default, Island uses DNS over HTTPS (DoH) services provided by Cloudflare to resolve DNS requests. The https option can be used to change the DoH provider to Google or to an arbitrary DoH server.

Island can also be configured to use standard recusive DNS resolution. Both the recursive and the dnssec options enable recursive DNS mode, the difference is that dnssec also enables DNSSEC validation.

If Island is unable to access the specified DoH provider, it will revert to recursive DNS.

Examples

ip dns mode recursive
ip dns mode https https://doh.example.com/dns-query

Related Commands

Syntax

[no] ip firewall off|on

Syntax Description

Defaults

The inbound Internet firewall is on by default.

Usage Guidelines

This command disables the firewall function that blocks incoming traffic on a WAN interface. It takes effect only when there is a single physical port active on the Island.

This command should be used with extreme care and is intended only for very specific use cases such as using Island as a dedicated VPN concentrator, where firewall functionality is undesirable or handled by an external firewall. Note that all other Island functionality, including content filtering, is still active even when the firewall is disabled.

Examples

ip firewall off

Related Commands

Syntax

led level <n>

Syntax Description

Defaults

The default LED level is 100.

Usage Guidelines

The command sets the brightness of the Island's LED display. The value must be an integer from 0 (off) to 100 (full brightness).

Examples

led level 30

Related Commands

Syntax

ip route <address>/<bits> <gateway>
ip route default <gateway>

Syntax Description

Defaults

No static routes exist by default.

Usage Guidelines

The command allows manually-configured (i.e., "static") routes to be inserted into Island's routing table.

Both IPv4 and IPv6 routes are supported. The target address and the gateway must both be the same protocol (IPv4 or IPv6).

The word "default" may be used to represent the default route (0.0.0.0/0 or ::0/0). The protocol of the default route (IPv4 or IPv6) will be determined by the the protocol of the specified gateway.

Examples

ip route default 203.0.113.1
ip route default 2001:DB8:C014:7BE5::1
ip route 172.16.0.0/22 192.168.3.17

Related Commands

Syntax

[no] login confirm

Syntax Description

Defaults

CLI confirmation prompts are enabled by default.

Usage Guidelines

To prevent the loss of important data, certain CLI commands (e.g., clear network, no interface, etc.) normally prompt the user for confirmation before executing. This can be inconvenient when executing batch CLI commands. The no login confirm command disables these confirmation prompts. The prompts can be re-enabled using the login confirm command.

Examples

no login confirm

Related Commands

Syntax

[no] login remote

Syntax Description

Defaults

Remote access is disabled by default.

Usage Guidelines

Island implements secure remote access from the Island app on Apple and Android devices. Remote access is disabled by default, but can be enabled with this command.

Examples

login remote

Related Commands

Some commands (e.g., write network) require a URL argument to identify a remote file or directory. The format for a URL argument is:

scheme://[username[:password]@]host[:port]/[path]

Supported schemes for most commands are http, https, ftp, ftps, sftp, scp, smb, and tftp.

The host parameter may be an IP address or a domain name.

The optional port parameter is not supported on all protocols.

Syntax

[no] login support

Syntax Description

Defaults

Support access is disabled by default.

Usage Guidelines

This command establishes a VPN to Island Support to allow support personnel to remotely access the Island for troubleshooting and diagnostic purposes.

Examples

login support

Related Commands

Syntax

auto-update <hh:mm>

Syntax Description

Defaults

Updates will be performed at 3:00 AM local time on any day of the week by default.

Usage Guidelines

This command specifies the time of day at which the Island will automatically update to the latest firmware.

Examples

auto-update time 4:30

Related Commands

Syntax

auto-update days all|none|<day> [<day> [...]]

Syntax Description

Defaults

Updates will be performed at 3:00 AM local time on any day of the week by default.

Usage Guidelines

The Island periodically checks to see if newer firmware is available. This command sets the day(s) of the week on which new firmware is allowed to be automatically installed.

If automatic updates are disabled using the command auto-update days none, the Island will still periodically check for firmware updates, and the app will indicate that newer firmware is available, but it will not be installed automatically. In this case, the user can install the update using the update command or the Island app.

Firmware updates may or may not interrupt packet routing, depending on the nature and extent of the update. Some updates will not interrupt routing at all, some may cause a short (5-10 second) interuption, and some may require a full reboot of the router.

Examples

auto-update days thursday friday

Related Commands

Syntax

[no] backup url <url>

Syntax Description

Defaults

No automatic backup is performed by default.

Usage Guidelines

The backup URL can refer to either a remote file or remote directory. If the URL ends in any character other than a slash (“/”), it is assumed to refer to a file name. The backup is written to that file, overwriting it if it already exists.

If the URL ends in a slash, the system assumes it is pointing to a directory. In this case, the system will create a new file with the following format: hostname-YYYYMMDD-HHMMSS.backup.

If the URL contains a password, it is encrypted so that it is not readable in the configuration file.

Refer to the URL Format page for more information on the syntax of the url parameter.

Examples

backup url scp://jane:[email protected]/myIsland.backup

Related Commands

Syntax

clear dump <file>|all

Syntax Description

Defaults

None; a file name or all must be specified.

Usage Guidelines

Examples

clear dump pkgeng.core

Related Commands

Syntax

clear package <name>

Syntax Description

Defaults

None; a package name must be specified.

Usage Guidelines

Island supports installable software packages to implement optional features. The clear package command deletes an installed package from the system.

Examples

clear package pingurl

Related Commands

Syntax

clear ssh known-hosts <host>|all

Syntax Description

Defaults

None; either a host or all must be specified.

Usage Guidelines

This command allows the user to delete the remote SSH host key for a single host, or for all known hosts.

Examples

clear ssh known-hosts server17.example.com
clear ssh known-hosts all

Related Commands

Syntax

configure network [noconfig] <url>

Syntax Description

Defaults

Usage Guidelines

This commands reloads the entire system configuration from a backup file previously created with the write network or backup url commands.

Refer to the URL Format section of this document for more information on the syntax of the url parameter.

Examples

config network scp://jane:[email protected]/mybackup

Related Commands

Syntax

[no] duplex auto|half|full

Syntax Description

Defaults

Interface duplex is set via auto-negotiation by default.

Usage Guidelines

This command can be used to force the duplex setting on an interface if autonegotiation is unavailable or undesirable.

If duplex is explicitly configured for an interface, the interface speed should also be explicitly configured. In other words, auto-negotiation should be enabled or disabled identically for both speed and duplex.

This command is valid only in interface context.

Examples

duplex full

Related Commands

Syntax

help <command>

Syntax Description

Defaults

Usage Guidelines

With no parameters, this command displays a simple list of available commands. If a command is specified, the syntax for that command is displayed.

For more detailed help on command syntax, use the question mark (“?”) for context sensitive help.

Examples

help

Related Commands

Syntax

[no] interface <string>

Syntax Description

Defaults

The CLI is in global context by default.

Usage Guidelines

This command must be given before issuing any commands that modify an interface. The specified interface remains the “selected” interface until another interface command or the end command is issued.

The “no” form of this command deletes all configuration information, both learned and manually-configured, from the specified interface. For physical interfaces (e.g., Ethernet), the interface is placed into automatic configuration mode. For virtual interfaces, the interface is deleted from the system.

Examples

interface en0
no interface vlan14

Related Command

Syntax

[no] ip address <address>/<bits>

Syntax Description

Defaults

By default, Island will either obtain an IP address for an interface using DHCP (if the DHCP client is enabled on the interface) or will assign an arbitrary /24 private network (RFC1918) network address.

Usage Guidelines

This command assigns an IPv4 or IPv6 address to an interface. Only one IPv4 and one IPv6 address may be assigned to a given interface.

This command does not automatically set the interface mode to manual or disable the DHCP client on the interface. However, if the DHCP client is enabled, the specified IP address will be overwritten if an address is later obtained from a DHCP server. To ensure a manually-configured IP address is not changed, set the interface mode to lan, or set it to manual and disable the DHCP client.

This command is valid only in interface context.

Examples

ip address 172.16.2.20/24
ip address 2001:db8:1e:4::29/64

Related Commands

Syntax

[no] ip autovlan off|on

Syntax Description

Defaults

Automatic VLAN provisioning is enabled by default.

Usage Guidelines

When automatic VLAN provisioning is enabled, Island will create a new VLAN interface whenever a packet is received with an 802.1Q VLAN Identifier that does not match an existing VLAN interface.

This command is valid only in interface context. Entering it will set the interface mode to manual.

Examples

ip autovlan off

Related Commands

Syntax

[no] ip arp-spoof off|on

Syntax Description

Defaults

ARP spoofing is disabled by default.

Usage Guidelines

When ARP spoofing is enabled, Island will send “spoofed” ARP responses to all clients presenting itself as the owner of the default gateway’s IP address.

ARP spoofing allows Island to insert itself into a network with an existing default gateway using a single interface. It forces all Internet-bound traffic from LAN clients to be sent to itself. Island will apply all configured security filters and other features before forwarding the packet to the actual default gateway.

This mode essentially provides all features of the Island without replacing an exiting gateway. However, it can cause problems with some hosts and security devices, and should therefore be used with caution.

This command is valid only in interface context. Entering it will set the interface mode to manual.

Examples

ip arp-spoof on

Related Commands

Syntax

[no] ip dhcp6-client off|on

Syntax Description

Defaults

The DHCPv6 client is enabled by default on WAN interfaces and disabled on LAN interfaces.

Usage Guidelines

The DHCPv6 client is responsible for obtaining an IPv6 address and related options from a DHCPv6 server and assigning it to an interface.

If the DHCPv6 client is not enabled, or if a DHCPv6 server is not available, the IPv6 address is assigned based on the type of interface. On WAN interfaces, it will be assigned using Stateless Address Auto-Configuration (SLAAC). On LAN interfaces, Island will us either a delegated prefix selected from one of the WAN providers (if available) or will assign a Unique Local Address (ULA).

This command is valid only in interface context. Entering it will set the interface mode to manual.

Examples

ip dhcp6-client on

Related Commands

Syntax

[no] ip dhcp6-server off|on

Syntax Description

Defaults

The DHCPv6 server is enabled on LAN interfaces and disabled on WAN interfaces by default.

Usage Guidelines

This command enables the DHCPv6 server on the interface. Island does not assign IPv6 addresses via DHCP; instead, hosts will use Stateless Address Autoconfiguration (SLAAC) to obtain their IPv6 address. Island's DHCPv6 server provides DNS and other requested information to IPv6 clients.

This command is valid only in interface context. Entering it will set the interface mode to manual.

Examples

ip dhcp6-server on

Related Commands

Syntax

[no] ip dhcp-lease <seconds>

Syntax Description

Defaults

The default lease time is 1800 seconds (30 minutes).

Usage Guidelines

The default lease time for addresses assigned by Island's DHCP server is 30 minutes. This allows devices to respond reasonably quickly to network address changes.

Although rare, some devices cannot handle such a short lease time. This command can be used to change the DHCP lease time to a different value.

This command is valid only in interface context. Entering it does not change the configuration mode of the interface.

Examples

ip dhcp-lease 3600

Related Commands

Syntax

[no] ip ident6 off|on

Syntax Description

Defaults

Devices fingerprinting is enabled on LAN interfaces and disabled on WAN interfaces by default.

Usage Guidelines

This command enables or disables "fingerprinting" of IPv6 devices on an interface. Fingerprinting uses protocols such as SSDP and mDNS to gather information about devices on the network to aid in the identification of new and unknown devices.

This command is valid only in interface context. Entering it will set the interface mode to manual.

Examples

ip ident6 off

Related Commands

Syntax

[no] ip nat4 off|on

Syntax Description

Defaults

IPv4 Network Address Transnation is enabled on WAN interfaces and disabled on LAN interfaces by default.

Usage Guidelines

When Network Address Translation (NAT) is enabled on an interface, the source IP address of transmitted packets is changed to the Island's IP address assigned to the interface. Depending on the protocol involved, the source port number, as well as address information embeded in the payload, may be modified as well.

Island maintains a list of active NAT translations so that received packets can be routed back to the proper internal client.

NAT is typically used to map private IP addresses on a LAN to a public IP address on the WAN.

This command is valid only in interface context. Entering it will set the interface mode to manual.

Examples

ip nat4 on

Related Commands

Syntax

ip mtu <n>

Syntax Description

Defaults

The default MTU is 1,500 bytes for Ethernet interfaces and 1,408 bytes for WireGuard VPN interfaces.

Usage Guidelines

This command sets the maximum transmission unit (MTU) for an interface.

This command is valid only in interface context. Entering it does not change the configuration mode of the interface.

Examples

ip mtu 1300

Related Commands

Syntax

[no] ip nat6 off|on

Syntax Description

Defaults

IPv6 Network Address Transnation is disabled on all interfaces by default.

Usage Guidelines

When Network Address Translation (NAT) is enabled on an interface, the source IP address of transmitted packets is changed to the Island's IP address assigned to the interface. Depending on the protocol involved, the source port number, as well as address information embeded in the payload, may be modified as well.

Island maintains a list of active NAT translations so that received packets can be routed back to the proper internal client.

NAT is typically used to map private IP addresses on a LAN to a public IP address on the WAN.

This command is valid only in interface context. Entering it will set the interface mode to manual.

Examples

ip nat6 on

Related Commands

Syntax

[no] ip router-solicit off|on

Syntax Description

Defaults

When autoconfiguration is enabled on an interface, the Island will determine the proper setting based on whether the the interface is determined to be a WAN or a LAN connection. Otherwise, the initial setting for newly-created interfaces is off.

Usage Guidelines

This command determines whether IPv6 Router Solicitation (RS) packets are sent on an interface.

This command is valid only in interface context. Entering it will disable autoconfig on the interface.

Examples

ip router-solicit on

Related Commands

Syntax

[no] ip ddns name <string>

Syntax Description

Defaults

No DDNS name is assigned by default.

Usage Guidelines

Island provides a DDNS service that assigns names with the "myisland.info" domain. The user may assign a simple host name using this command. For example, if "bobs-island" is specified, the resulting fully-qualified domain name (FQDN) will be "bobs-island.myisland.info".

There is no registration or authentication required for this service. Names are available on a first-come, first-served basis. Once a name is assigned to a specific Island, that name may not be assigned to another Island until a grace period has expired or the name is manually deleted using the "no" form of this command from the original Island with an active Internet connection.

The A and AAAA records for the FQDN will be updated automatically by the Island based on the public IPv4 and IPv6 addresses on the WAN port. If multiple WAN primary ports are in use (or multiple secondary WAN ports if no primary port is available), the A and AAAA records will be assigned arbitrarily to the IP address on one of the active ports.

Examples

ip ddns bobs-island

Related Commands

Syntax

[no] ip ddns ipv6 off|on

Syntax Description

Defaults

An AAAA record is created in DDNS by default.

Usage Guidelines

The Island DDNS service creates both A (IPv4) and AAAA (IPv6) DNS records by default. This can cause delayed or broken connectivity when using a port-forward to direct incoming traffic to a device that does not support IPv6.

This command can be used to disable the generation of AAAA DNS records so that clients will attempt to connect using IPv4 only.

This command has no effect unless a DDNS name is defined in the app or using the ip ddns name command.

Examples

ip ddns ipv6 off

Related Commands

Syntax

[no] ntp <server> [<server> [...]]

Syntax Description

Defaults

Island uses the pool at ntp.islandrouter.com by default.

Usage Guidelines

This command specifies one or more NTP servers to be used to synchronize Island's internal clock. The command will accept multiple servers on one line, and the command may be specified multiple times.

Examples

ntp pool.ntp.org

Related Commands

Syntax

rollback

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command provides a way to return the system firmware and configuration to a previous state created with the update command.

The update command automatically saves a copy of the current firmware and system configuration as a checkpoint. The five most recent checkpoints are retained.

When the rollback command is issued, the user may choose from a list of these checkpoints, and the system will be restored to the saved state.

Each checkpoint includes all changes made to the operating code on the system. In some cases, the checkpoint may include additional items. For example, if an update will use a new, incompatible version of a database or configuration, then the affected items are also included in the checkpoint.

Examples

rollback

Related Commands

Syntax

show clock

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command displays the current system date, time, and time zone.

Examples

show clock

Related Commands

Syntax

Syntax Description

Defaults

The interval defaults to 3600 seconds (1 hour).

Usage Guidelines

This command determines how often automatic system backups will be performed.

The system aligns the start time for the backup process relative to midnight on the day the command is issued or the system reloaded. For example, if the interval is set to 8 hours, backups will occur daily at 12 AM, 8 AM, and 4 PM every day. If the interval is set to 18 hours, backups will occur at 12 AM and 6 PM on the first day, and 12 PM and 6 AM on the second day, then repeat.

Refer to the section for more information.

Examples

Related Commands

Syntax

Syntax Description

Defaults

If neither adminnor useris specified, the keys for both users are regenerated.

Usage Guidelines

This command is used to delete and regenerate the local SSH client keys.

SSH client keys can be used for public key authentication with the ssh command as well as commands that use the scp protocol (e.g., write net scp://…).

Examples

Related Commands

Syntax

Syntax Description

Defaults

Usage Guidelines

This command is used to create, modify, or delete a history file instance.

Island maintans a record of all device-related activity such as Internet access and session data counters, online and offline events, etc. These “history” events are stored internally in a compact binary format, and can be displayed with the show history command.

History data can formatted and saved in files to be transferred to a remote file server on a periodic basis. A history “instance” refers to a set of named history configuration commands that control the creation, format, transfer, and other characteristics of the associated history files.

The creation of history files is enabled with the command. Therefore when creating a new history instance, it is usually preferrable to issue all other desired history commands such as and before issuing the history interval command, otherwise the system may create one or more initial history files with improper characteristics.

History files are automatically deleted upon successful transfer to the remote system. To see the list of history files waiting to be transferred, use the command.

An entire history instance can be deleted by entering this command with the no prefix. This will delete all unsent history files and all configuration commands associated with the instance.

Examples

Related Commands

Syntax

Syntax Description

Defaults

The default is full automatic configuration.

Usage Guidelines

When autoconfig is set to full on an interface (the default), the Island will determine if the interface is connected to a local area network (LAN) or to the Internet (WAN), and will set all other interface parameters as appropriate for the type of connection detected. This mode works well in most cases, and is useful for initial installation. Once installation is complete, it is generally recommended to select one of the other modes as appropriate for each interface.

When set to manual, automatic configuration is disabled, and the current interface configuration is written to the running configuration. Individual may then be modified as needed. This configuration is the most flexible but requires that each interface configuration option be set appropriately. It can be used for unusual situations where the predefined interface modes (described below) are not sufficient.

When using manualmode, users may find it convenient to first set the interface mode to one of the modes listed below first, before switching to manual mode, to provide a convenient starting point for all interface settings. Note that the interface must be active (up) in order for the current interface settings to be retained when the mode is switched to manual.

The remainder of the modes are used to set the interface configuration appropriate for the most common network scenarios. The available modes are as follows:

• lan: This mode is for a typical LAN where Island should be the DHCP server. Island's DHCP server is enabled, the DHCP client is disabled, and the DHCP monitor is enabled.

• lan-no-dhcp: This mode is the same as lan except Island's DHCP server and DHCP monitor is disabled, and the DHCP client is enabled. This mode is used when another DHCP server is used for the network.

• wan: This mode is for a typical WAN connection where Island obtains its IP address from the provider using DHCP.

• static-wan: This mode is for a WAN connection where Island is assigned a static IP address.

Note that issuing most will cause the interface mode to be set to manual. When this happens, the remaining interface configuration options with their current values will be written to the running configuration, and can be modified as needed. Refer to the documentation for a specific command to determine if that command will force the interface mode to manual.

This command is valid only in interface context.

Examples

Related Commands

Syntax

Syntax Description

Defaults

The DHCP monitor is enabled on LAN interfaces and disabled on WAN interfaces by default.

Usage Guidelines

The DHCP monitor service watches for rogue DHCP servers on an interface and issues a warning if one is found.

If both DHCP monitor and are enabled on the same interface, DHCP client has precedence and DHCP monitor will be not run.

This command is valid only in interface context. Entering it will set the to manual.

Examples

Related Commands

Syntax

Syntax Description

Defaults

The DHCP server is enabled on LAN interfaces and disabled on WAN interfaces by default.

Usage Guidelines

The DHCP server is responsible for assigning IPv4 address and related options to clients on a connected network.

This command is valid only in interface context. Entering it will set the to manual.

Examples

Related Commands

Syntax

Syntax Description

Defaults

Devices fingerprinting is enabled on LAN interfaces and disabled on WAN interfaces by default.

Usage Guidelines

This command enables or disables "fingerprinting" of IPv4 devices on an interface. Fingerprinting uses protocols such as SSDP and mDNS to gather information about devices on the network to aid in the identification of new and unknown devices.

This command is valid only in interface context. Entering it will set the to manual.

Examples

Related Commands

Syntax

Syntax Description

Defaults

When autoconfiguration is enabled on an interface, the Island will determine the proper setting based on whether the the interface is determined to be a WAN or a LAN connection. Otherwise, the initial setting for newly-created interfaces is off.

Usage Guidelines

This command determines whether IPv6 Router Advertisement (RA) packets are sent on an interface.

This command is valid only in interface context. Entering it will disable on the interface.

Examples

Related Commands

Syntax

Syntax Description

Defaults

There are no DHCP reservations by default.

Usage Guidelines

This command reserves an IP address for a client. The DHCP server will not assign a reserved IP address to any other client. When the client makes a DHCP request to the Island, the DHCP server will assign the specified address to the client, if able.

If the server is unable to assign the address (perhaps because the address is already in use by another client), it will assign another address from the DHCP scope. When the client renews its DHCP lease, the DHCP server will again try to assign the reserved address.

The reserved IP address must be a valid address on one of the interfaces on the Island. However, it does not need to be within the DHCP scope assigned to the interface.

Only one DHCP reservation is allowed for a given device.

Examples

Related Commands

Syntax

Syntax Description

Defaults

IPv6 is enabled by default.

Usage Guidelines

IPv6 is fully supported by Island, and is enabled on all interfaces by default. Island will attempt to obtain an IPv6 address and a delegated prefix on each WAN port, and will assigne IPv6 addresses to each LAN port.

While IPv6 can be disabled on individual interfaces using , this command can be used to disable IPv6 on all interfaces.

Examples

Related Commands

Syntax

Syntax Description

Defaults

By default, port-forwarded connections will be accepted on any of the Island's interface IP addreses, and the destination port number will not be modified.

Usage Guidelines

Island normally blocks all inbound connection attempts from the Internet (i.e., on WAN ports) or on other internal networks (LANs) to internal devices. This command provides a method to allow inbound connections to specific internal devices (or to the Island itself) on specific TCP and UCP ports. In essence, it opens a "hole" in the internal stateful firewall for specific internal services.

If the public IP address is not specified, connections will be accepted an any of Island's interface addresses on the specified TCP or UDP port. Use care when doing this on ports used for internal management (e.g., TCP ports 22, 443, and 4443) or incoming VPN connections (UDP port 51820 or as defined by the command, and UDP port 3006) as the port-forward will make those services unavailable on those ports.

If the public IP address is specified, connections will be accepted only on that address.

The maximum number of port-forward commands is 1024.

Examples

Related Commands

Syntax

Syntax Description

Defaults

The default MAC address output format is "XX:XX:XX:XX:XX:XX".

Usage Guidelines

This command is used to specify the output format for MAC addresses as used in the CLI and in system logs.

The format must contain 12 upper or lower case X’s as placeholders for each of the 12 hexadecimal digits in a MAC address. The case of a placeholder indicates the case of the corresponding output MAC character. All other characters in the format string are printed literally.

Examples

Related Commands

Syntax

Syntax Description

Defaults

If neither ip no ipv6 is specified, the protocol is chosen automatically.

Usage Guidelines

The ping command is used to test the reachability of another system and measure the round-trip time (RTT) to the system using ICMP Echo Request packets. Once the command is issued, it will continue until stopped by pressing Control-C.

Examples

Related Commands

Syntax

Syntax Description

Defaults

This command has no default. The parent interface must be specified.

Usage Guidelines

This command is required for VLAN interfaces. It defines the physical interface on which the VLAN is carried. It is valid only in interface context, and only for VLAN interfaces.

Examples

Related Commands

Syntax

Syntax Description

This command has no parameters.

Defaults

Usage Guidelines

The ping command is used to reboot the Island router.

A warning will be issued if the running configuration does not match the startup configuration. The user will be given the opportunity to save or discard the pending configuration changes. The reload command may be aborted using Control-C at this prompt.

Examples

Related Commands

Syntax

Syntax Description

Defaults

The keys for the administrative user are shown by default.

Usage Guidelines

This commands displays the contents of the authorized SSH public keys file for the specified user.

Examples

Related Commands

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command shows information about the internal storage space, including total size, space used, and available space

Examples

Related Commands

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command returns an Island to a factory-fresh condition. All configuration, logs, statistics, and security keys will be deleted. The current firmware version will be retained, but all rollback checkpoints will be deleted.

The user will be prompted for confirmation before the command is executed.

When this command completes, the system will power off automatically. Power must be removed and re-applied in order to restart the system.

Examples

Related Commands

Syntax

Syntax Description

This command has no arguments.

Defaults

Usage Guidelines

This command displays a summary of the hardware configuration for the Island, including the platform type, CPU type, memory size, power supply status, and interface compliment.

Examples

Related Commands

Syntax

Syntax Description

Defaults

If is not specified, the top-level log directory is assumed.

Usage Guidelines

This command deletes a system log file.

To see a list of system log files, use the show syslog ? command.

Examples

Related Commands

Syntax

Syntax Description

Defaults

Interfaces have no description by default.

Usage Guidelines

This command allows the user to set an optional description for an interface.

This command is valid only in interface context.

Examples

Related Commands

Syntax

Syntax Description

Defaults

There are no defaults for this command. All parameters must be specified.

Usage Guidelines

Island supports installable software package to add features not included in the base firmware. Installable packages are installed with the command.

Some packages require user-specified configuration information, or "parameters". These parameters are set using this command.

Parameter names and values are specific to each package. Refer to the associated package documentation for supported parameters and values.

Examples

Related Commands

Syntax

Syntax Description

Defaults

There is no password on the admin or user accounts by default.

Usage Guidelines

This command sets the password for the specified user for access to the CLI. Users without a password may not log in to the CLI via ssh.

If the new password is not specified on the command line, the system will prompt for it.

Examples

Related Commands

Syntax

[no] packet level <n>

Syntax Description

Defaults

The default minimum severity level is 5.

Usage Guidelines

This command sets the minimum severity level of messages logged by the low-level packet handling subsystem in Island. Logging less severe messages can be useful when diagnosing network issues, but will also increase the amount of information logged.

The highest severity level is 0 and the lowest is 7, as follows:

Examples

packet level 7

Related Commands

Certain commands (e.g., backup interval) cause an action to occur at regular intervals. In most cases, the start time is not specified by the user, but is calculated by the system. In those cases, the actual clock times for command execution are calculated based on midnight (local system time) on the day the command was issued. For intervals of one week or greater, the times are calculated based on midnight (00:00) Wednesday.

Examples:

Syntax

ip max-clients <n>

Syntax Description

Defaults

The default maximum IP addresses is specific to each Island model.

Usage Guidelines

This command specifies the maximum number of IP addresses (IPv4 and IPv6 combined) Island will support. Once this limit is reached, additional IP addresses will be ignored until older IP addresses go offline.

Caution: Changing this value causes a restart of the packet processing engine. This will cause a disruptime in routing for several seconds, and all active sessions through the Island will be deleted.

Examples

ip max-clients 8000

Related Commands

Syntax

[no] ip load-sharing dst-ip|random|src-dst-ip

Syntax Description

Defaults

The outbound WAN interface is selected randomly for each connection by default.

Usage Guidelines

Island supports multiple WAN interfaces. Outbound connections are routed to the highest priority active WAN interface as set by the ip priority command. When more than one active WAN interface is at the highest priority, Island will balance the outbound connections between them. This command selects the algorithm Island uses to determine which WAN interface is selected for each outbound connection in that case. The availble algorithms are as follows:

Examples

ip load-sharing src-dst-ip

Related Commands

Syntax

configure authorized-keys [admin|user]

Syntax Description

Defaults

If neither user is specified, the keys for the administrative user are edited.

Usage Guidelines

This command edits the list of authorized public keys for SSH authentication on inbound connections. The list contains one key per line in the OpenSSH authorized_keys file format.

Editing is done using the vim text editor.

Examples

config authorized-keys admin

Related Commands

Syntax

[no] ip dhcp-scope [<low>]-[<high>]

Syntax Description

Defaults

In the abscence of this command, the default DHCP scope is "50-". Otherwise, the defaul low value is 1 and the default high value is the last available host address on the network.

Usage Guidelines

This command defines the range of IPv4 addresses assignable to DHCP clients. The low value is the host portion of the first assigneable address in the scope. If omitted, the default low value is 1.

The high value is the host portion of the last assignable address in the scope. If omitted, the default high value is the host portion of the last assignable address in the interface's network range. Note that the highest address in a network is reserved for broadcasts, and will never be assigned by the DHCP server.

Since these values are the decimal value of the host portion (only) of the IP address, the high value may exceed 254 for networks larger than /24. For example, the highest assignable value for a /22 IPv4 network (i.e., 10 bits of host address) would be 1022.

This command is valid only in interface context. Entering it does not change the configuration mode of the interface.

Examples

ip dhcp-scope 100-
ip dhcp-scope 100-510

Related Commands

Syntax

[no] history <instance> output-format <template>

Syntax Description

Defaults

The default output format is: "%d? %12t?? sub=%s?? mac=%m?? ip=%21ys?? dest=%21yd?? proto=%L?? policy=%P(%p)?? category=%C(%c)?? group=%G(%g)?? rule=%U(%u)?? button=%b?? count=%n?? stage=%S?? waited=%w?? rxbytes=%xr?? txbytes=%xt?? desc=%E?? ident=%I?? comment=%O?? host=%ah?? country=%N?? cat=%Mh?? flags=%f?? method=%am?? path=%ap?? version=%av?? timeOffset=%J?"

Note that the default format includes fields which are not used in the current product.

Usage Guidelines

The output format template consists of arbitrary text containing field substitutions. These substitutions begin with a percent sign ("%"). The list of valid substitutions is shown in the table below.

The percent sign may optionally be followed by a decimal minimum field width. The field value will be left-justified within the specified width.

A substitution, along with any surrounding text, may optionally be enclosed in question mark characters. This will cause all text between the question marks to be suppressed if no substitution is made.

The contextual help for this command may include subsitutions for fields that are not used in the current product. Only the currently supported subsitutions are included in this table.