Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In general, clear text passwords such as in a URL argument are stored internally in an encrypted form so that they are unreadable when the system configuration is displayed. In some cases, an entire command parameter may be encrypted when there is special sensitivity involved. Encrypted strings begin with a tilde (“~”) character.
The system supports SSH public key authentication for all commands that use the SSH protocol, including the ssh command and any file transfer commands using the scp and sftp schemes. This eliminates the need to specify passwords inside a URL.
The show ssh-client-keys command can be used to obtain the user’s public key from the local system so that it can be added to the list of authorized keys on the remote system.
Information on the available options for a CLI command can be obtained by ending a partial command line with a question mark (“?”). This will cause CLI to print out the available options for the remainder of the command line.
For example:
>backup ?
interval <secs> File rotation interval
url <URL> File upload URL
>backup url ?
url <URL> File upload URL
A CLI command line with only a question mark will result in a list of all CLI commands available to the user.
This is the Command Line Interface (CLI) reference guide for Island Router firmware version 2.3.2.
The Command Line Interface (CLI) provides a low-level interface for the configuration and monitoring of the Island router. It is accessed via the SSH protocol on TCP port 22. On some Island models, the CLI can also be accessed through a serial port.
When logging in to the CLI, two different user names are available: “admin” and “user”. The admin account has full privileges and access to all CLI commands. The user account is a read-only account which cannot access any commands that change the system configuration.
Before the CLI can be accessed, the SSH password must be set via the Island app. This sets the password for the “admin” user. The password for the “user” login can be set by the admin user using the CLI password command.
The CLI can also be accessed using SSH public key authentication. Authorized keys can be configured using the configure authorized-keys CLI command.
CLI command names and most keywords cay be abbreviated using the shortest unique prefix. For example, show interface summary can be abbreviated as sh int sum or even sh in su, but not as s int sum since the leading "s" is ambiguous.
Most CLI commands take effect immediately when issued, but are not saved to non-volatile storage until the command is issued. In other words, the command makes the current running configuration permanent by copying it to the startup configuration. Note, however, that any configuration changes made through the app cause the running configuration to be immediately saved to non-volatile storage, including any changes made using the CLI.
The auto-update command controls whether the Island will automatically update its firmware to the latest available version, and when the updates will occur.
This section describes the syntax and usage of each CLI command. The commands are listed in alphabetical order.
Certain commands (e.g., backup interval) cause an action to occur at regular intervals. In most cases, the start time is not specified by the user, but is calculated by the system. In those cases, the actual clock times for command execution are calculated based on midnight (local system time) on the day the command was issued. For intervals of one week or greater, the times are calculated based on midnight (00:00) Wednesday.
Examples:
4 hours
00:00, 04:00, 08:00, 12:00, 16:00, and 20:00 each day
18 hours
00:00 and 18:00 on the first day and 12:00 on the second day
36 hours
00:00 on the first day and 12:00 on the second day
9 days
Every 9 days starting at 00:00 on Wednesday
The backup command configures automatic backups of the Island configuration and statistics to a remote file server.
The following "ip" commands are used to configure network parameters on an interface. They are valid only in interface context as set with the interface command.
The following "ip" commands are used to configure network parameters that are not specific to a single interface.
This command clears the internal system log buffer in memory. It does not affect the log entries written to disk.
clear logThis command deletes all configuration information, both learned and manually-configured, from all network interfaces and sets the interfaces autoconfiguration mode to full.
The user will be prompted before the command is executed unless command confirmation has been disabled with no login confirm.
Under rare circumstances, an update may fail to complete, and will show indefinitely as pending or running. This command will stop the pending or running update.
clear updateBecause configuration commands can be entered at any time, this command is unnecessary, but is provided for those familiar with other systems that require its use.
If the CLI is in interface context, this command exits to global context. If the CLI is already in global context, this command ends the CLI session.
exitclear logclear networkclear networkclear updateconfigure terminalconfig terminalEnables the automatic backup function and specifies the destination of the backup file.
No automatic backup is performed by default.
The backup URL can refer to either a remote file or remote directory. If the URL ends in any character other than a slash (“/”), it is assumed to refer to a file name. The backup is written to that file, overwriting it if it already exists.
If the URL ends in a slash, the system assumes it is pointing to a directory. In this case, the system will create a new file with the following format: hostname-YYYYMMDD-HHMMSS.backup.
If the URL contains a password, it is encrypted so that it is not readable in the configuration file.
Refer to the page for more information on the syntax of the url parameter.
Delete all existing firewall state table entries.
clear connectionsThis command has no arguments.
This command deletes all existing connections (i.e., firewall state table entries). It is primarily for testing, and should be used with care since it will immediately terminate all active Internet connections through the Island.
Deletes the PIN used to access Island from the app.
Delete the SSH host key for a remote host or for all remote hosts.
Regenerates the public/private key pair used for VPNs.
clear vpn-keysThis command has no arguments.
This command is used to delete and regenerate the local Island’s public/private key pair used to establish secure connections with VPN peers.
Note that this will stop all communications with existing VPN peers until the new public key is provided to them. It will also prevent the mobile app from establishing a remote connection to the Island until it obtains the new public key, either by connecting via a LAN or by pasting the new public key in Tours. It will not affect the mobile app’s ability to connect directly via a local LAN.
Edits the list of authorized public keys for authentication of incoming SSH connections.
If neither user is specified, the keys for the administrative user are edited.
This command edits the list of authorized public keys for SSH authentication on inbound connections. The list contains one key per line in the OpenSSH authorized_keys file format.
Editing is done using the .
Restores the system from a backup file.
Displays a summary of available commands, or help for a specific command.
help <command>With no parameters, this command displays a simple list of available commands. If a command is specified, the syntax for that command is displayed.
For more detailed help on command syntax, use the question mark (“?”) for .
Controls whether empty history files are to be created.
By default, the system will not create empty history files.
Once a history instance has been defined, history files will be created peridically based on the setting of the command. By default, no history file is created for an interval if there were no history records generated during that interval. This command specifies that history files should always be created for an interval, even if the file contains no records.
Returns an Island to factory-default condition.
clear everythingThis command has no arguments.
This command returns an Island to a factory-fresh condition. All configuration, logs, statistics, and security keys will be deleted. The current firmware version will be retained, but all rollback checkpoints will be deleted.
The user will be prompted for confirmation before the command is executed.
When this command completes, the system will power off automatically. Power must be removed and re-applied in order to restart the system.
Enables or disables remote access.
[no] login remoteRemote access is disabled by default.
Island implements secure remote access from the Island app on Apple and Android devices. Remote access is disabled by default, but can be enabled with this command.
Set the brightness of the Island's LED.
Display the authorized SSH public keys for a user.
[no] backup url <url>clear ssh known-hosts <host>|allconfigure authorized-keys [admin|user]configure network [noconfig] <url>[no] history <instance> emptyshow config authorized-keys [admin|user]no
(Optional) Disables automatic backup.
url
Specifies the backup file destination.
clear connectionsclear dhcp-clientclear pinhost
The host for which the SSH key is to be deleted.
all
Deletes the SSH host key for all known hosts.
admin
Edit authorized keys for the administrative user.
user
Edit authorized keys for the read-only user.
noconfig
If specified, indicates that the primary show run configuration should not be restored. All other data are restored.
url
Specifies the backup file to be restored.
command
The name of a specific command.
no
(Optional) Empty history files will not be created.
instance
The history instance to be modified. If the specified instance does not exist, it will be created unless the no keyword was also specified. Must be alphanumeric.
no
(Optional) Disables remote access.
n
An integer representing the LED brightness in percent (0-100).
admin
Shows the authorized keys for the administrative user.
user
Shows the authorized SSH keys the read-only user
all
Specifies that updates may occur on any day of the week. Mutually exclusive with none and <day>.
none
Disables automatic updates. Mutually exclusuve with all and <day>.
day
Specifies that updates may occur only on the specified day(s) of the week. Must be one of monday, tuesday, wednesday, thursday, friday, saturday, or sunday. Multiple days may be specified separated by spaces. Mutually exclusive with all and none.
Updates will be performed at 3:00 AM local time on any day of the week by default.
The Island periodically checks to see if newer firmware is available. This command sets the day(s) of the week on which new firmware is allowed to be automatically installed.
If automatic updates are disabled using the command auto-update days none, the Island will still periodically check for firmware updates, and the app will indicate that newer firmware is available, but it will not be installed automatically. In this case, the user can install the update using the update command or the Island app.
Firmware updates may or may not interrupt packet routing, depending on the nature and extent of the update. Some updates will not interrupt routing at all, some may cause a short (5-10 second) interuption, and some may require a full reboot of the router.
hh
The hour of the day (local system time) in the range 0 to 23.
mm
The minute with the hour (local system time) in the range 0 to 59.
Updates will be performed at 3:00 AM local time on any day of the week by default.
This command specifies the time of day at which the Island will automatically update to the latest firmware.
no
(Optional) Returns the backup interval to its default value.
seconds
The interval at which the backup file should be written, in seconds.
The interval defaults to 3600 seconds (1 hour).
This command determines how often automatic system backups will be performed.
The system aligns the start time for the backup process relative to midnight on the day the command is issued or the system reloaded. For example, if the interval is set to 8 hours, backups will occur daily at 12 AM, 8 AM, and 4 PM every day. If the interval is set to 18 hours, backups will occur at 12 AM and 6 PM on the first day, and 12 PM and 6 AM on the second day, then repeat.
Refer to the Command Scheduler section for more information.
file
Deletes the specified dump file
all
Deletes all dump files
None; a file name or all must be specified.
Dump files are created when a software module terminates unexpectedly. They may be analyzed by Island support to determine the cause of a failure. This command is used to delete dump files that are no longer needed.
directory
(Optional)The log directory containing the log file.
file
The name of the file to be deleted.
If is not specified, the top-level log directory is assumed.
This command deletes a system log file.
To see a list of system log files, use the show syslog ? command.
no
(Optional) Use the local time zone instead of UTC.
instance
The history instance to be modified. If the specified instance does not exist, it will be created unless the no keyword was also specified. Must be alphanumeric.
The default is to use the local time zone for history file names and timestamps.
This command causes UTC time to be used for history file names and for any dates and times in the history records.
no
Removes the description from the interface.
string
An arbitrary text string describing the interface. If the string contains whitespace, it must be enclosed in quotes.
Interfaces have no description by default.
This command allows the user to set an optional description for an interface.
This command is valid only in interface context.
The space used by deleted records within the internal database is not always immediately reuseable due to the nature of the database. Over time, the database can accumulate a significant amount of unuseable space, resulting in decreased performance and additional disk space usage.
This command reclaims the unuseable space within the database by rebuilding it.
compactno
(Optional) Deletes the existing hostname.
string
An alphanumeric string of up to 63 characters, beginning with a letter.
The system host name is empty by default.
An Island may be given a unique and descriptive name to distinguish it from other Islands. The hostname will be used as the CLI prompt. It is also used to when auto-generating file names for some commands (e.g., backup url).
This command allows the user to edit the list of known SSH keys for remote hosts. The file format is that used by the OpenSSH suite.
Editing is done using the vim text editor.
no
(Optional) This is the same as ip dhcp-client off.
off
Disables the DHCP client on the interface.
on
Enables the DHCP client on the interface.
The DHCP client is enabled on WAN interfaces and disabled on LAN interfaces by default.
This command enables the DHCP client on an interface, allowing Island to obtain the IPv4 address and other options from an external DHCP server.
This command is valid only in interface context. Entering it will set the interface mode to manual.
no
(Optional) This is the same as ip ident6 off.
off
Disables fingerprinting of IPv6 devices on the interface.
on
Enables fingerprinting of IPv6 devices on the interface.
Devices fingerprinting is enabled on LAN interfaces and disabled on WAN interfaces by default.
This command enables or disables "fingerprinting" of IPv6 devices on an interface. Fingerprinting uses protocols such as SSDP and mDNS to gather information about devices on the network to aid in the identification of new and unknown devices.
This command is valid only in interface context. Entering it will set the interface mode to manual.
no
(Optional) Causes the specified interface to be deconfigured.
string
The name of the interface to be configured.
The CLI is in global context by default.
This command must be given before issuing any commands that modify an interface. The specified interface remains the “selected” interface until another interface command or the end command is issued.
The “no” form of this command deletes all configuration information, both learned and manually-configured, from the specified interface. For physical interfaces (e.g., Ethernet), the interface is placed into automatic configuration mode. For virtual interfaces, the interface is deleted from the system.
no
(Optional) Reset the command to its default value.
off
Intercept all recursive DNS requests passing through the Island.
on
Respond only to DNS requests addressed to the Island.
All recursive DNS requests passing through the Island are intercepted by default.
By default, Island intercepts all recursive DNS requests it sees and resolves them locally, even if the request was sent to a different DNS server. This improves DNS lookup speed and allows Island to perform filtering at the DNS level.
In some circumstances, it may not be desirable to intercept DNS requests directed at another DNS server. Enabling the local-only option causes Island to pass these requests on to the targeted server.
Note that Island will never intercept and respond to DNS over HTTPS (DoH) requests targeted to another server. Users wishing to force all DNS reqeusts to be handled by Island may wish to block access to external DoH servers using Island's filtering capabilities. Refer to the Island Router app documentation for more information.
n
The number of IP addresses.
The default maximum IP addresses is specific to each Island model.
This command specifies the maximum number of IP addresses (IPv4 and IPv6 combined) Island will support. Once this limit is reached, additional IP addresses will be ignored until older IP addresses go offline.
Caution: Changing this value causes a restart of the packet processing engine. This will cause a disruptime in routing for several seconds, and all active sessions through the Island will be deleted.
no
(Optional) This is the same as ip arp-scan off.
off
Disables ARP scanning.
on
Enables ARP scanning.
ARP scanning is enabled on LAN interfaces but disabled on WAN interfaces by default.
When ARP scanning is enabled on an Interface, Island will periodically send ARP requests to every valid IP address on the interface network. This allows Island to discover all devices on the network, even those that are not otherwise sending any traffic through the Island.
This command is valid only in interface context. Entering it will set the interface mode to manual.
n
The priority of the interface. Must be an integer between 1 and 4, with 1 being the highest priority and 4 being the lowest.
The default interface priority is 1.
Island supports multiple WAN connections. The interface priority determines which WAN connection(s) outgoing traffic will use when multiple WAN connections are present and active.
Outbound connections will normally use the highest priority active WAN interface. If multiple active WAN interfaces have the same priority, outbound connections will be distributed between them.
This command is valid only in interface context. Entering it does not change the configuration mode of the interface.
no
(Optional) Returns the interface duplex to its default value.
auto
The interface duplex mode is set via auto-negotiation.
half
The interface is placed into half-duplex mode.
full
The interface is placed into full-duplex mode.
Interface duplex is set via auto-negotiation by default.
This command can be used to force the duplex setting on an interface if autonegotiation is unavailable or undesirable.
If duplex is explicitly configured for an interface, the interface speed should also be explicitly configured. In other words, auto-negotiation should be enabled or disabled identically for both speed and duplex.
This command is valid only in interface context.
no
(Optional) Don't require a username and password on the serial port.
A username and password is not required on the serial port by default.
Some Island models have a serial port which provides direct access to the CLI. By default, no credentials are required to access the CLI through the serial port, and full access is granted. When the login console command is specified, the user will be prompted for a username ("admin" or "user") and password before access is granted.
no
(Optional) Reset the command to its default value.
off
An AAAA record will not be created in DDNS.
on
An AAAA record will be created in DDNS.
An AAAA record is created in DDNS by default.
The Island DDNS service creates both A (IPv4) and AAAA (IPv6) DNS records by default. This can cause delayed or broken connectivity when using a port-forward to direct incoming traffic to a device that does not support IPv6.
This command can be used to disable the generation of AAAA DNS records so that clients will attempt to connect using IPv4 only.
This command has no effect unless a DDNS name is defined in the app or using the ip ddns name command.
no
(Optional) Returns the Internet firewall to its default state.
off
Disables the Internet firewall
on
Enables the Internet firewall
The inbound Internet firewall is on by default.
This command disables the firewall function that blocks incoming traffic on a WAN interface. It takes effect only when there is a single physical port active on the Island.
This command should be used with extreme care and is intended only for very specific use cases such as using Island as a dedicated VPN concentrator, where firewall functionality is undesirable or handled by an external firewall. Note that all other Island functionality, including content filtering, is still active even when the firewall is disabled.
no
(Optional) This is the same as ip router-solicit off.
off
Disables the sending of IPv6 RS packets.
on
Enables the sending of IPv6 RS packets.
When autoconfiguration is enabled on an interface, the Island will determine the proper setting based on whether the the interface is determined to be a WAN or a LAN connection. Otherwise, the initial setting for newly-created interfaces is off.
This command determines whether IPv6 Router Solicitation (RS) packets are sent on an interface.
This command is valid only in interface context. Entering it will disable autoconfig on the interface.
no
(Optional) This is the same as ip ident4 off.
off
Disables fingerprinting of IPv4 devices on the interface.
on
Enables fingerprinting of IPv4 devices on the interface.
Devices fingerprinting is enabled on LAN interfaces and disabled on WAN interfaces by default.
This command enables or disables "fingerprinting" of IPv4 devices on an interface. Fingerprinting uses protocols such as SSDP and mDNS to gather information about devices on the network to aid in the identification of new and unknown devices.
This command is valid only in interface context. Entering it will set the interface mode to manual.
no
(Optional) Disables support access.
Support access is disabled by default.
This command establishes a VPN to Island Support to allow support personnel to remotely access the Island for troubleshooting and diagnostic purposes.
no
(Optional) Use the default MAC address output format.
template
A string defining the MAC address output format.
The default MAC address output format is "XX:XX:XX:XX:XX:XX".
This command is used to specify the output format for MAC addresses as used in the CLI and in system logs.
The format must contain 12 upper or lower case X’s as placeholders for each of the 12 hexadecimal digits in a MAC address. The case of a placeholder indicates the case of the corresponding output MAC character. All other characters in the format string are printed literally.
no
Disables CLI confirmation prompts.
CLI confirmation prompts are enabled by default.
To prevent the loss of important data, certain CLI commands (e.g., clear network, no interface, etc.) normally prompt the user for confirmation before executing. This can be inconvenient when executing batch CLI commands. The no login confirm command disables these confirmation prompts. The prompts can be re-enabled using the login confirm command.
no
(Optional) This is the same as ip arp-spoof off.
off
Disables ARP spoofing.
on
Enables ARP spoofing.
ARP spoofing is disabled by default.
When ARP spoofing is enabled, Island will send “spoofed” ARP responses to all clients presenting itself as the owner of the default gateway’s IP address.
ARP spoofing allows Island to insert itself into a network with an existing default gateway using a single interface. It forces all Internet-bound traffic from LAN clients to be sent to itself. Island will apply all configured security filters and other features before forwarding the packet to the actual default gateway.
This mode essentially provides all features of the Island without replacing an exiting gateway. However, it can cause problems with some hosts and security devices, and should therefore be used with caution.
This command is valid only in interface context. Entering it will set the interface mode to manual.
no
(Optional) Removes the specified NTP server. If no server is given, reverts to the default NTP server.
server
The name or IP address of an NTP server.
Island uses the pool at ntp.islandrouter.com by default.
This command specifies one or more NTP servers to be used to synchronize Island's internal clock. The command will accept multiple servers on one line, and the command may be specified multiple times.
ip
(Optional) Use IPv4.
ipv6
(Optional) Use IPv6.
host
The domain name or IP address of the host to be pinged.
If neither ip no ipv6 is specified, the protocol is chosen automatically.
The ping command is used to test the reachability of another system and measure the round-trip time (RTT) to the system using ICMP Echo Request packets. Once the command is issued, it will continue until stopped by pressing Control-C.
interface
The name of the parent interface.
This command has no default. The parent interface must be specified.
This command is required for VLAN interfaces. It defines the physical interface on which the VLAN is carried. It is valid only in interface context, and only for VLAN interfaces.
This command displays the list of known SSH keys for remote hosts. The file format is that used by the OpenSSH suite.
This command shows information about the internal storage space, including total size, space used, and available space
show free-spaceThis command displays a summary of the hardware configuration for the Island, including the platform type, CPU type, memory size, power supply status, and interface compliment.
show hardwareThis command lists any dump files created when a software module terminates unexpectedly. They may be analyzed by Island support to determine the cause of a failure.
backup url scp://jane:[email protected]/myIsland.backupclear ssh known-hosts server17.example.com
clear ssh known-hosts allclear vpn-keysconfig authorized-keys adminconfig network scp://jane:[email protected]/mybackuphelphistory myhist2 emptyclear everythinglogin remoteshow clockled level 30show config authorized-keysauto-update days all|none|<day> [<day> [...]]auto-update days thursday fridayauto-update <hh:mm>auto-update time 4:30[no] backup interval <seconds>backup interval 86400clear dump <file>|allclear dump pkgeng.coreclear syslog [<directory>] <file>clear syslog backup.log
clear syslog slog 20240514-151755[no] history <instance> utchistory myhist3 utc[no] description <string>description "Guest network"compact[no] hostname <string>hostname dallas-island-02configure known-hostsconfig known-hosts[no] ip dhcp-client off|onip dhcp-client on[no] ip ident6 off|onip ident6 off[no] interface <string>interface en0
no interface vlan14[no] ip dns local-only off|onip dns local-only offip max-clients <n>ip max-clients 8000[no] ip arp-scan off|onip arp-scan off[no] ip priority <n>ip arp-spoof on[no] duplex auto|half|fullduplex full[no] login consolelogin console[no] ip ddns ipv6 off|onip ddns ipv6 off[no] ip firewall off|onip firewall off[no] ip router-solicit off|onip router-solicit on[no] ip ident4 off|onip ident4 off[no] login supportlogin support[no] mac output-format <template>mac output-format "xxxx.xxxx.xxxx"[no] login confirmno login confirm[no] ip arp-spoof off|onip arp-spoof on[no] ntp <server> [<server> [...]]ntp pool.ntp.orgping [ip|ipv6] <host>ping 192.168.81.42
ping ipv6 www.example.comparent <interface>parent en2show config known-hostsshow config known-hostsshow free-spaceshow hardwareshow dumpsshow dumpsno
(Optional) Sets the severity level to the default value.
n
The minimum severity level to be logged.
The default minimum severity level is 5.
This command sets the minimum severity level of messages logged by the low-level packet handling subsystem in Island. Logging less severe messages can be useful when diagnosing network issues, but will also increase the amount of information logged.
The highest severity level is 0 and the lowest is 7, as follows:
0
Critical system failure
1
Critical or unexpected unrecoverable error
2
Unexpected recoverable error
3
Less severe error
4
Warning
5
Informational message
Manage a history file instance.
This command is used to create, modify, or delete a history file instance.
Island maintans a record of all device-related activity such as Internet access and session data counters, online and offline events, etc. These “history” events are stored internally in a compact binary format, and can be displayed with the show history command.
History data can formatted and saved in files to be transferred to a remote file server on a periodic basis. A history “instance” refers to a set of named history configuration commands that control the creation, format, transfer, and other characteristics of the associated history files.
The creation of history files is enabled with the command. Therefore when creating a new history instance, it is usually preferrable to issue all other desired history commands such as and before issuing the history interval command, otherwise the system may create one or more initial history files with improper characteristics.
History files are automatically deleted upon successful transfer to the remote system. To see the list of history files waiting to be transferred, use the command.
An entire history instance can be deleted by entering this command with the no prefix. This will delete all unsent history files and all configuration commands associated with the instance.
Enables or disables the DHCPv6 server on an interface.
The DHCPv6 server is enabled on LAN interfaces and disabled on WAN interfaces by default.
This command enables the DHCPv6 server on the interface. Island does not assign IPv6 addresses via DHCP; instead, hosts will use (SLAAC) to obtain their IPv6 address. Island's DHCPv6 server provides DNS and other requested information to IPv6 clients.
This command is valid only in interface context. Entering it will set the to manual.
Regenerates the local ssh host keys.
If no options are specified, all SSH host key types are regenerated.
This command is used to delete and regenerate the local SSH host keys.
The host keys are used by remote clients to authenticate connections to the local system.
Exits interface context and returns to global context.
Defines the range of IPv4 addresses available to DHCP clients.
In the abscence of this command, the default DHCP scope is "50-". Otherwise, the defaul low value is 1 and the default high value is the last available host address on the network.
This command defines the range of IPv4 addresses assignable to DHCP clients. The low value is the host portion of the first assigneable address in the scope. If omitted, the default low value is 1.
The high value is the host portion of the last assignable address in the scope. If omitted, the default high value is the host portion of the last assignable address in the interface's network range. Note that the highest address in a network is reserved for broadcasts, and will never be assigned by the DHCP server.
Since these values are the decimal value of the host portion (only) of the IP address, the high value may exceed 254 for networks larger than /24. For example, the highest assignable value for a /22 IPv4 network (i.e., 10 bits of host address) would be 1022.
This command is valid only in interface context. Entering it does not change the of the interface.
Rename an existing history instance.
None; all parameters must be specified.
This command allows an existing history instance to be given a new instance name. Once renamed, all references to the history instance must be done using the new instance name.
Renameing a history instance will cause the current history file (if any) to be closed and a new one started.
Enables or disables automatic VLAN provisioning for an interface.
Automatic VLAN provisioning is enabled by default.
When automatic VLAN provisioning is enabled, Island will create a new VLAN interface whenever a packet is received with an 802.1Q VLAN Identifier that does not match an existing VLAN interface.
This command is valid only in interface context. Entering it will set the to manual.
Specify the number of CPU cores dedicated to Ethernet polling.
The number of cores is selected automatically by default.
Normally, the system automatically determines the number of CPU cores to dedicate to Ethernet polling. This command is provided for diagnostic purposes, and should be used only as directed by Island support.
Specifies a remote directory to which history files will be written.
The default is to not write history files to a remote system
This command specifies the destination for files produced for this history instance.
The URL must point to a remote directory. Each history file will be writton to a unique file in that directory. The file name format is:
history.YYYYMMDDHHMMSSmmm‐nnnnnnnnnn
where “YYYYMMDDHHMMSSmmm” is the date and time including milliseconds and “nnnnnnnnnn” is the number of records in the file.
The path portion of the URL is ignored for the "tcp://" or "udp://" real-time streaming schemes.
Refer to the section of this document for more information on the syntax of the url parameter.
Sets the maximum transmission unit (MTU) on an interface.
The default MTU is 1,500 bytes for Ethernet interfaces and 1,408 bytes for WireGuard VPN interfaces.
This command sets the maximum transmission unit (MTU) for an interface.
This command is valid only in interface context. Entering it does not change the of the interface.
Enables or disables the sending of IPv6 Router Advertisement (RA) packets on an interface.
When autoconfiguration is enabled on an interface, the Island will determine the proper setting based on whether the the interface is determined to be a WAN or a LAN connection. Otherwise, the initial setting for newly-created interfaces is off.
This command determines whether IPv6 Router Advertisement (RA) packets are sent on an interface.
This command is valid only in interface context. Entering it will disable on the interface.
Enables or disables IPv4 Network Address Translation (NAT) on an interface.
IPv4 Network Address Transnation is enabled on WAN interfaces and disabled on LAN interfaces by default.
When Network Address Translation (NAT) is enabled on an interface, the source IP address of transmitted packets is changed to the Island's IP address assigned to the interface. Depending on the protocol involved, the source port number, as well as address information embeded in the payload, may be modified as well.
Island maintains a list of active NAT translations so that received packets can be routed back to the proper internal client.
NAT is typically used to map private IP addresses on a LAN to a public IP address on the WAN.
This command is valid only in interface context. Entering it will set the to manual.
Select the algorithm used to balance traffic between equal-priority WAN interfaces.
The outbound WAN interface is selected randomly for each connection by default.
Island supports multiple WAN interfaces. Outbound connections are routed to the highest priority active WAN interface as set by the command. When more than one active WAN interface is at the highest priority, Island will balance the outbound connections between them. This command selects the algorithm Island uses to determine which WAN interface is selected for each outbound connection in that case. The availble algorithms are as follows:
Enables or disables IPv6 Network Address Translation (NAT) on an interface.
IPv6 Network Address Transnation is disabled on all interfaces by default.
When Network Address Translation (NAT) is enabled on an interface, the source IP address of transmitted packets is changed to the Island's IP address assigned to the interface. Depending on the protocol involved, the source port number, as well as address information embeded in the payload, may be modified as well.
Island maintains a list of active NAT translations so that received packets can be routed back to the proper internal client.
NAT is typically used to map private IP addresses on a LAN to a public IP address on the WAN.
This command is valid only in interface context. Entering it will set the to manual.
Sets the method Island uses to resolve DNS requests.
Island uses Cloudflare's DNS over HTTPS service by default.
This command specifies how DNS lookups are performed by Island.
By default, Island uses DNS over HTTPS (DoH) services provided by Cloudflare to resolve DNS requests. The https option can be used to change the DoH provider to Google or to an arbitrary DoH server.
Island can also be configured to use standard recusive DNS resolution. Both the recursive and the dnssec options enable recursive DNS mode, the difference is that dnssec also enables DNSSEC validation.
If Island is unable to access the specified DoH provider, it will revert to recursive DNS.
Create a permanent Destination Network Address Translation (DNAT) entry.
By default, port-forwarded connections will be accepted on any of the Island's interface IP addreses, and the destination port number will not be modified.
Island normally blocks all inbound connection attempts from the Internet (i.e., on WAN ports) or on other internal networks (LANs) to internal devices. This command provides a method to allow inbound connections to specific internal devices (or to the Island itself) on specific TCP and UCP ports. In essence, it opens a "hole" in the internal stateful firewall for specific internal services.
If the public IP address is not specified, connections will be accepted an any of Island's interface addresses on the specified TCP or UDP port. Use care when doing this on ports used for internal management (e.g., TCP ports 22, 443, and 4443) or incoming VPN connections (UDP port 51820 or as defined by the command, and UDP port 3006) as the port-forward will make those services unavailable on those ports.
If the public IP address is specified, connections will be accepted only on that address.
The maximum number of port-forward commands is 1024.
Enables or disables the DHCP monitor service on an interface.
The DHCP monitor is enabled on LAN interfaces and disabled on WAN interfaces by default.
The DHCP monitor service watches for rogue DHCP servers on an interface and issues a warning if one is found.
If both DHCP monitor and are enabled on the same interface, DHCP client has precedence and DHCP monitor will be not run.
This command is valid only in interface context. Entering it will set the to manual.
Establishes a dynamic DDNS host name for the Island.
No DDNS name is assigned by default.
Island provides a DDNS service that assigns names with the "myisland.info" domain. The user may assign a simple host name using this command. For example, if "bobs-island" is specified, the resulting fully-qualified domain name (FQDN) will be "bobs-island.myisland.info".
There is no registration or authentication required for this service. Names are available on a first-come, first-served basis. Once a name is assigned to a specific Island, that name may not be assigned to another Island until a grace period has expired or the name is manually deleted using the "no" form of this command from the original Island with an active Internet connection.
The A and AAAA records for the FQDN will be updated automatically by the Island based on the public IPv4 and IPv6 addresses on the WAN port. If multiple WAN primary ports are in use (or multiple secondary WAN ports if no primary port is available), the A and AAAA records will be assigned arbitrarily to the IP address on one of the active ports.
Enables or disables the DHCP server on an interface.
The DHCP server is enabled on LAN interfaces and disabled on WAN interfaces by default.
The DHCP server is responsible for assigning IPv4 address and related options to clients on a connected network.
This command is valid only in interface context. Entering it will set the to manual.
Restore the system firmware and configuration to a previously stored checkpoint.
rollbackThis command has no arguments.
This command provides a way to return the system firmware and configuration to a previous state created with the command.
The command automatically saves a copy of the current firmware and system configuration as a checkpoint. The five most recent checkpoints are retained.
When the command is issued, the user may choose from a list of these checkpoints, and the system will be restored to the saved state.
Each checkpoint includes all changes made to the operating code on the system. In some cases, the checkpoint may include additional items. For example, if an update will use a new, incompatible version of a database or configuration, then the affected items are also included in the checkpoint.
Define a configuration parameter for an installed package.
There are no defaults for this command. All parameters must be specified.
Island supports installable software package to add features not included in the base firmware. Installable packages are installed with the command.
Some packages require user-specified configuration information, or "parameters". These parameters are set using this command.
Parameter names and values are specific to each package. Refer to the associated package documentation for supported parameters and values.
Sets the DHCP lease time on an interface.
The default lease time is 1800 seconds (30 minutes).
The default lease time for addresses assigned by Island's DHCP server is 30 minutes. This allows devices to respond reasonably quickly to network address changes.
Although rare, some devices cannot handle such a short lease time. This command can be used to change the DHCP lease time to a different value.
This command is valid only in interface context. Entering it does not change the of the interface.
Enables the generation of history files, and sets how often a new history file is created.
History files are not written by default.
This command enables the generation of history files for the specified instance, and specifies how often, in seconds, the current history file will be closed and a new file started.
The actual interval between files may be longer than specified if there are no events to log immediately after closing the previous history file. This does not apply if the history empty command has been given.
If the no keyword is specified, the current history file will be closed and no new history files will be created for this instance. Existing unsent history files will be retained until they are successfully transferred.
Reboot the system.
reloadThis command has no parameters.
The ping command is used to reboot the Island router.
A warning will be issued if the running configuration does not match the startup configuration. The user will be given the opportunity to save or discard the pending configuration changes. The reload command may be aborted using Control-C at this prompt.
[no] packet level <n>packet level 7[no] history <instance> [<command>][no] ip dhcp6-server off|onclear ssh host-key [ed25519|rsa][no] ip dhcp-scope [<low>]-[<high>]history <instance> rename <newname>[no] ip autovlan off|on[no] ethernet polling auto|<n>[no] history <instance> url [<url>]ip mtu <n>[no] ip router-advertise off|on[no] ip nat4 off|on[no] ip load-sharing dst-ip|random|src-dst-ip[no] ip nat6 off|onip dns mode dnssec
ip dns mode https cloudflare|google|<url>
ip dns mode recursiveip port-forward tcp|udp [<public-ip>:]<public-port> <mac>|island [<dest-port>][no] ip dhcp-monitor off|on[no] ip ddns name <string>[no] ip dhcp-server off|on[no] package <name> <parameter> <value>[no] ip dhcp-lease <seconds>[no] history <instance> interval <seconds>6
Debugging message
7
Verbose debugging message
no
(Optional) Deletes the specified history instance.
instance
The history instance to be created or modified. If the specified instance does not exist, it will be created unless the no keyword was also specified. Must be alphanumeric.
command
One of “empty”, “filter”, “interval”, “output-format”, “rename”, “url”, or “utc”. The command is required unless the no parameter is specified.
no
(Optional) This is the same as ip dhcp6-server off.
off
Disables the DHCPv6 serveron the interface.
on
Enables the DHCPv6 serve on the interface.
ed25519
Regenerate the ED25519 host key.
rsa
Regenerate the RSA host key.
low
The decimal value of the host portion of the first IP address in the scope.
high
The decimal value of the host portion of the last IP address in the scope.
instance
The history instance to be renamed.
newname
The new name for the history instance.
no
(Optional) This is the same as ip autovlan off.
off
Disables automatic VLAN provisioning.
on
Enables automatic VLAN provisioning.
no
(Optional) Returns the number cores for polling to its default value.
auto
The number of cores is selected automatically.
n
Use the specified number of cores for Ethernet polling. The allowed range is from 1 to the total number of CPU cores minus 1.
no
Removes the specified history URL.
instance
The history instance to be modified. If the specified instance does not exist, it will be created unless the no keyword was also specified. Must be alphanumeric.
url
This URL to which history files are to be written. Required unless the no parameter is specified.
n
The MTU size in bytes.
no
(Optional) This is the same as ip advertise off.
off
Disables the sending of IPv6 RA packets.
on
Enables the sending of IPv6 RA packets.
no
(Optional) This is the same as ip nat4 off.
off
Disables IPv4 NAT on the interface.
on
Enables IPv4 NAT on the interface.
no
(Optional) Returns the load sharing algorithm to its default value
dst-ip
Consider the destination IP address when choosing an outbound WAN interface
random
Randomly select the outbound WAN interface for every connection
src-dst-ip
Consider the source and destination IP addresses when choosing an outbound WAN interface
dst-ip
All connections to a given destination IP address will use the same interface.
random
The outbound interface is selected at random for each connection. This is the default.
src-dst-ip
All connections from a given source IP address to a given destination IP address will use the same interface.
no
(Optional) This is the same as ip nat6 off.
off
Disables IPv6 NAT on the interface.
on
Enables IPv6 NAT on the interface.
dnssec
Use recursive DNS with DNSSEC verification.
https
Use DNS over HTTPS (DoH).
cloudflare
Use Cloudflare for DoH resolution.
google
Use Google for DoH resolution.
url
Specify the URL of an arbitrary DoH server to use for DoH resolution.
resursive
Use recursive DNS.
tcp
Creates a TCP DNAT entry.
udp
Creates a UDP DNAT entry.
public-ip
(Optional) Specifies the IP address on which to accept incoming connections to be port-forwarded. If omitted, connections will be accepted on any of the Island's interface addresses.
public-port
The TCP or UDP port number on which to accept incoming connections.
mac
The MAC address of the device to which incoming connections are to be forwarded.
island
Specifies that incoming connections are to be forwarded to the Island itself.
dest-port
(Optional) The TCP or UDP port number on the target system. If omittied, the original destination port number is unmodified.
no
(Optional) This is the same as ip dhcp-client off.
off
Disables the DHCP monitor on the interface.
on
Enables the DHCP monitor on the interface.
no
(Optional) Deletes an existing DDNS name.
string
The desired DDNS host name. This must be a simple host name, not a domain name. It may consist of between 1 and 63 alphanumeric characters or a minus sign ("-"). The first character must be a letter or number.
no
(Optional) This is the same as ip dhcp-server off.
off
Disables the DHCP server on the interface.
on
Enables the DHCP server on the interface.
no
(Optional) Removes the specified parameter
name
The name of the installed package.
parameter
The name of the parameter to be set.
value
The value of the parameter to be set.
no
(Optional) Resets the DHCP lease time to the default value.
seconds
The DHCP lease time in seconds.
no
(Optional) Removes the interval for the specified instance.
instance
The history instance to be modified. If the specified instance does not exist, it will be created unless the no keyword was also specified. Must be alphanumeric.
seconds
The interval at which a new history file should be created, in seconds. The interval must be specified in order to enable history logging. The minimum interval is 60 seconds.
reloadno
(Optional) Removes the IP address from the interface.
address
The IP address to be assigned to the interface.
bits
The number of bits in the network portion of the address.
By default, Island will either obtain an IP address for an interface using DHCP (if the DHCP client is enabled on the interface) or will assign an arbitrary /24 private network (RFC1918) network address.
This command assigns an IPv4 or IPv6 address to an interface. Only one IPv4 and one IPv6 address may be assigned to a given interface.
This command does not automatically set the interface mode to manual or disable the DHCP client on the interface. However, if the DHCP client is enabled, the specified IP address will be overwritten if an address is later obtained from a DHCP server. To ensure a manually-configured IP address is not changed, set the interface mode to lan, or set it to manual and disable the DHCP client.
This command is valid only in interface context.
no
(Optional) Reset the command to its default value.
off
Disable IPv6 on the Island.
on
Enable IPv6 the Island.
IPv6 is enabled by default.
IPv6 is fully supported by Island, and is enabled on all interfaces by default. Island will attempt to obtain an IPv6 address and a delegated prefix on each WAN port, and will assigne IPv6 addresses to each LAN port.
While IPv6 can be disabled on individual interfaces using interface-specific ip commands, this command can be used to disable IPv6 on all interfaces.
no
(Optional) Deletes an existing password.
admin
Sets or changes the administrator password.
user
Sets or changes the read-only user password.
password
(Optional) The password to be set.
There is no password on the admin or user accounts by default.
This command sets the password for the specified user for access to the CLI. Users without a password may not log in to the CLI via ssh.
If the new password is not specified on the command line, the system will prompt for it.
no
(Optional) Removes an existing DHCP reservation
ip
The IP address to be assigned to the device.
mac
The MAC address of the device.
There are no DHCP reservations by default.
This command reserves an IP address for a client. The DHCP server will not assign a reserved IP address to any other client. When the client makes a DHCP request to the Island, the DHCP server will assign the specified address to the client, if able.
If the server is unable to assign the address (perhaps because the address is already in use by another client), it will assign another address from the DHCP scope. When the client renews its DHCP lease, the DHCP server will again try to assign the reserved address.
The reserved IP address must be a valid address on one of the interfaces on the Island. However, it does not need to be within the DHCP scope assigned to the interface.
Only one DHCP reservation is allowed for a given device.
address
The target IP network or host address.
bits
The number of network bits in the target IP address.
gateway
The IP address to which packets for the target address are to be sent.
default
Can be used in place of "0.0.0.0/0" or "::/0" to represent the default route.
No static routes exist by default.
The command allows manually-configured (i.e., "static") routes to be inserted into Island's routing table.
Both IPv4 and IPv6 routes are supported. The target address and the gateway must both be the same protocol (IPv4 or IPv6).
The word "default" may be used to represent the default route (0.0.0.0/0 or ::0/0). The protocol of the default route (IPv4 or IPv6) will be determined by the the protocol of the specified gateway.
no history myhist2ip dhcp6-server onclear ssh host-key
clear ssh host-key ed25519endip dhcp-scope 100-
ip dhcp-scope 100-510history myhist2 rename myhist3ip autovlan offethernet polling 2
ethernet polling autohistory myhist3 url scp://jane:[email protected]/historyip mtu 1300ip router-advertise onip nat4 onip load-sharing src-dst-ipip nat6 onip dns mode recursive
ip dns mode https https://doh.example.com/dns-queryip port-forward tcp 3074 00:00:5e:00:53:7aip dhcp-monitor onip ddns bobs-islandip dhcp-server onrollbackpackage pingurl interval 300ip dhcp-lease 3600history myhist2 interval 3600[no] ip address <address>/<bits>ip address 172.16.2.20/24
ip address 2001:db8:1e:4::29/64[no] ip ipv6 off|onip ipv6 off[no] password admin|user [<password>]password admin[no] ip dhcp-reserve <ip> <mac>ip dhcp-reserve 192.168.3.77 00:00:5E:00:53:7Aip route <address>/<bits> <gateway>
ip route default <gateway>ip route default 203.0.113.1
ip route default 2001:DB8:C014:7BE5::1
ip route 172.16.0.0/22 192.168.3.17Sets the output format for history log records.
The default output format is: "%d? %12t?? sub=%s?? mac=%m?? ip=%21ys?? dest=%21yd?? proto=%L?? policy=%P(%p)?? category=%C(%c)?? group=%G(%g)?? rule=%U(%u)?? button=%b?? count=%n?? stage=%S?? waited=%w?? rxbytes=%xr?? txbytes=%xt?? desc=%E?? ident=%I?? comment=%O?? host=%ah?? country=%N?? cat=%Mh?? flags=%f?? method=%am?? path=%ap?? version=%av?? timeOffset=%J?"
Note that the default format includes fields which are not used in the current product.
The output format template consists of arbitrary text containing field substitutions. These substitutions begin with a percent sign ("%"). The list of valid substitutions is shown in the table below.
The percent sign may optionally be followed by a decimal minimum field width. The field value will be left-justified within the specified width.
A substitution, along with any surrounding text, may optionally be enclosed in question mark characters. This will cause all text between the question marks to be suppressed if no substitution is made.
The contextual help for this command may include subsitutions for fields that are not used in the current product. Only the currently supported subsitutions are included in this table.
Sets the configuration mode for an interface.
The default is full automatic configuration.
When autoconfig is set to full on an interface (the default), the Island will determine if the interface is connected to a local area network (LAN) or to the Internet (WAN), and will set all other interface parameters as appropriate for the type of connection detected. This mode works well in most cases, and is useful for initial installation. Once installation is complete, it is generally recommended to select one of the other modes as appropriate for each interface.
When set to manual, automatic configuration is disabled, and the current interface configuration is written to the running configuration. Individual may then be modified as needed. This configuration is the most flexible but requires that each interface configuration option be set appropriately. It can be used for unusual situations where the predefined interface modes (described below) are not sufficient.
When using manualmode, users may find it convenient to first set the interface mode to one of the modes listed below first, before switching to manual mode, to provide a convenient starting point for all interface settings. Note that the interface must be active (up) in order for the current interface settings to be retained when the mode is switched to manual.
The remainder of the modes are used to set the interface configuration appropriate for the most common network scenarios. The available modes are as follows:
lan: This mode is for a typical LAN where Island should be the DHCP server. Island's DHCP server is enabled, the DHCP client is disabled, and the DHCP monitor is enabled.
lan-no-dhcp: This mode is the same as lan except Island's DHCP server and DHCP monitor is disabled, and the DHCP client is enabled. This mode is used when another DHCP server is used for the network.
wan: This mode is for a typical WAN connection where Island obtains its IP address from the provider using DHCP.
Note that issuing most will cause the interface mode to be set to manual. When this happens, the remaining interface configuration options with their current values will be written to the running configuration, and can be modified as needed. Refer to the documentation for a specific command to determine if that command will force the interface mode to manual.
This command is valid only in interface context.
Removes an installable package from the system.
[no] history <instance> output-format <template>ip autoconfig disabled|full|lan|lan-no-dhcp|manual|static-wan|wanclear package <name>%m
Source MAC address
%Mh
Destination host category list
%N
Country code
%O
Comment
%rn
Interface name
%R
Constant random number
%t
Event type
%xr
Bytes received
%xt
Bytes transmitted
%%
Percent sign
no
(Optional) Reverts to the default output format.
instance
The history instance to be modified. If the specified instance does not exist, it will be created unless the no keyword was also specified. Must be alphanumeric.
template
The history output format template, described below.
%d[(format)]
Date and time formatted using strftime. The default format is "%Y/%m/%d %T".
%D
Date and time formatted as "yyyy-mm-ddThh:mm:ss.xxx(Z|+/-HH:MM)".
%f
Event flags
%h
Destination host name
%H
Island host name
%i
Source IP addres
all
All attributes in "tag=value" format
csv
All attributes in CSV format
syslog
Structured syslog
usyslog
Unstructured syslog
json
JSON
raw
Raw binary
static-wan: This mode is for a WAN connection where Island is assigned a static IP address.
disabled
Disable the interface.
full
Automatically set the interface configuration.
lan
Configure the interface for a typical LAN where Island is the DHCP server.
lan-no-dhcp
Configure the interface for a LAN where the Island is not the DHCP server.
manual
Disable automatic configuration on the interface. This mode will be enabled automatically if certain ip interface commands are issued.
static-wan
Configure the interface for a WAN with a static address.
wan
Configure the interface for a WAN with a dynamic (i.e., DHCP) address.
name
The name of the package to be deleted
history output-format json
history output-format "%d type=%12t mac=%m? host=%60h?? category=%Mh?"ip autoconfig lan
ip autoconfig static-wanclear package pingurlRegenerates local SSH client keys.
If neither adminnor useris specified, the keys for both users are regenerated.
This command is used to delete and regenerate the local SSH client keys.
SSH client keys can be used for public key authentication with the ssh command as well as commands that use the scp protocol (e.g., write net scp://…).
clear ssh client-keys [admin|user]admin
Regenerate keys for the admin user
user
Regenerate keys for the read-only user.
no
(Optional) This is the same as ip dhcp6-client off.
off
Disables the DHCPv6 client on the interface.
on
Enables the DHCPv6 client on the interface.
The DHCPv6 client is enabled by default on WAN interfaces and disabled on LAN interfaces.
The DHCPv6 client is responsible for obtaining an IPv6 address and related options from a DHCPv6 server and assigning it to an interface.
If the DHCPv6 client is not enabled, or if a DHCPv6 server is not available, the IPv6 address is assigned based on the type of interface. On WAN interfaces, it will be assigned using Stateless Address Auto-Configuration (SLAAC). On LAN interfaces, Island will us either a delegated prefix selected from one of the WAN providers (if available) or will assign a Unique Local Address (ULA).
This command is valid only in interface context. Entering it will set the interface mode to manual.
clear ssh client-keys admin[no] ip dhcp6-client off|onip dhcp6-client onno
(Optional) Removes the history filter.
instance
The history instance to be modified. If the specified instance does not exist, it will be created unless the no keyword was also specified. Must be alphanumeric.
string
The filter string.
All history events are logged by default.
Using the history filter command, you can restrict the types of activties that are logged to the history files. The filter syntax is:
<field><op><value>[<cong>…]
The field paramater specifies the field with the history records to test. Valid fields are listed below.
Note that the contextual help for this command may list additional field names that are reserved for diagnostic purposes or for future use.
Field names are case-insensitive.
time
The timestamp on the record. The timestamp format for string comparisons is "YYYY-MM-DDTHH:MM:SS.mmm" (e.g., "2024-06-01T19:23:47.316").
type
The record type; one of "associate", "disassociate", "access", "session", or "comment".
count
For "associate" and "disassociate" records, this is a reference count. For session records with the "fin" flag set, it is the session duration in nanoseconds.
flags
A bit field of flags associated with the record. Valid values for Island include "nonrender" (4), "secure" (16), "blocked" (32), "allowed" (64), and "fin" (128).
mac
The source MAC address of the packet or device associated with the record.
ip
The source IP address of the packet or device associated with the record.
The comparison operator.
=
Matches if the field value is exactly the same as the comparison value. This can be either a string or a numeric comparson depending on the field and the value.
!=
Matches if the field value is not exactly the same as the comparison value. This can be either a string or a numeric comparson depending on the field and the value.
<
Matches if the field value is numerically less than the comparison value.
<=
Matches if the field value is numerically less than or equal to the comparison value.
>
Matches if the field value is numerically greater than the comparison value.
>=
Matches if the field value is numerically greater than or equal to the comparison value.
The value to compare against. This can be a string, a regular expression, or a numeric value. Strings must be enclosed in quotes if they contain special characters.
Regular expressions are delineated with a slash (e.g., mac=/^B4:AE:2B/). Regular expressions are valid only with the "=" and "!=" operators.
Joins multiple comparison expressions together.
| (vertical bar)
Logical "or"
& (ampersand)
Logical "and"
, (comma)
Logical "and"
[no] history <instance> filter <string>history myhist2 filter "type=associate&mac=00:00:5E:00:53:D2"
history blockedlist filter "flags=/blocked/"port
The source TCP/UDP port number of the packet or device associated with the record.
destIP
The destination IP address of the packet associated with the record.
destPort
The destination TCP/UDP port number of the packet associated with the record.
sourceName
The name of the interface (e.g., "en0") associated with the device on an "associate" or "disassociate" record.
cat
The numerical value of the website category associated with the record. The cat field is a bit mask, and is therefore usually best tested using the "&" operator.
comment
A text string containing miscellaneous information associate with some records.
country
A two-letter code (e.g., "US") representing the country in which the remote IP address is registered.
&
Performs a bitwise test.
Some commands (e.g., write network) require a URL argument to identify a remote file or directory. The format for a URL argument is:
scheme://[username[:password]@]host[:port]/[path]
Supported schemes for most commands are http, https, ftp, ftps, sftp, scp, smb, and tftp.
The host parameter may be an IP address or a domain name.
The optional port parameter is not supported on all protocols.