Author Topic: Shut/No Shut on Interface - CLI  (Read 10637 times)

k99

  • Newbie
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Shut/No Shut on Interface - CLI
« on: May 06, 2008, 06:35:47 am »
Hi all,

What command would I use to shut/no shit or release/renew an I.P on an interface in the CLI via telnet?

Thanks


alan

  • Hero Member
  • *****
  • Posts: 796
  • Karma: +0/-0
    • View Profile
    • paleale
Re: Shut/No Shut on Interface - CLI
« Reply #1 on: May 06, 2008, 08:09:30 am »
to shut an interface...
set interface ethernet1 phy link-down

try this for DHCP client renewal (did not test)
exec dhcp ?

screenie.

  • Global Moderator
  • Atomic Playboy
  • *****
  • Posts: 1315
  • Karma: +1/-0
    • View Profile
Re: Shut/No Shut on Interface - CLI
« Reply #2 on: May 06, 2008, 09:11:16 am »
DHCP renew:

unset int .. dhcp client
set int .... dhcp client
Regards, Screenie
------------------------
JNSS, JNCIA, JNCIS, JNCIP, JNCI

k99

  • Newbie
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Re: Shut/No Shut on Interface - CLI
« Reply #3 on: May 20, 2008, 08:45:32 am »
Thanks guys,

The DHCP definitely worked.

This command didn't:

set interface ethernet1 phy link-down

The Netscreen takes the below command though:

set interface ethernet1 phy

Would this do the same thing (disable/shut port)?

These are my options after the int:

set int untrust phy ?
<return>
auto                 auto negotiation
full                 force full duplex
half                 force half duplex
holddown             holddown time


alan

  • Hero Member
  • *****
  • Posts: 796
  • Karma: +0/-0
    • View Profile
    • paleale
Re: Shut/No Shut on Interface - CLI
« Reply #4 on: May 20, 2008, 08:46:52 am »
set interface ethernet1 phy link-down didn't work? What ScreenOS?

k99

  • Newbie
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Re: Shut/No Shut on Interface - CLI
« Reply #5 on: May 20, 2008, 11:21:10 am »
No it didn't.  Screen OS version is 5.1.  I have another netscreen running 5.4...I will try it on my other box later on and i'll let you know.

aweck

  • Sr. Member
  • ****
  • Posts: 433
  • Karma: +0/-0
    • View Profile
    • HIC Networks
Re: Shut/No Shut on Interface - CLI
« Reply #6 on: May 21, 2008, 06:31:38 am »
Are you logged into the box with the root account?  I've never experienced a code version (>= 5) where the 'link-down' command didn't take.
JNCIE-ER #63, JNCIE-M #705, JNCIE-SEC, JNCIS-FWV, JNCIS-SSL
http://www.hicnetworks.com/

k99

  • Newbie
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Re: Shut/No Shut on Interface - CLI
« Reply #7 on: May 21, 2008, 08:46:17 pm »
Hello,

I'm the root.  I tried on my 5.4 box and i'm having the same issue:

5gt-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address         Zone        MAC            VLAN St

trust          192.168.1.1/24     Trust       0012.1111.2222    -
wireless1      0.0.0.0/0          Wzone1      0012.1111.2222    -
wireless2      0.0.0.0/0          Trust       0012.1111.2222    -
untrust        1.2.3.4/23   Untrust     0012.1111.2222    -
serial         0.0.0.0/0          Null        0012.1111.2222    -
vlan1          0.0.0.0/0          VLAN        0012.1111.2222   1
null           0.0.0.0/0          Null        N/A               -
5gt-> set int trust phy ?
<return>
auto                 auto negotiation
full                 force full duplex
half                 force half duplex
holddown             holddown time
5gt-> set int trust phy link-down
                            ^-----------unknown keyword link-down
5gt-> set int untrust phy link-down
                              ^-----------unknown keyword link-down

5gt->   get sys | i Softw
Software Version: 5.4.0r3a.0, Type: Firewall+VPN
AP software version: 4.1.3.15.20

aweck

  • Sr. Member
  • ****
  • Posts: 433
  • Karma: +0/-0
    • View Profile
    • HIC Networks
Re: Shut/No Shut on Interface - CLI
« Reply #8 on: May 22, 2008, 06:23:04 am »
Those interfaces (trust / untrust) on the 5GT do not necessarily reference a given physical port which is why you can't turn them up or down.  I'm not sure if the command will take if you reference a port.
JNCIE-ER #63, JNCIE-M #705, JNCIE-SEC, JNCIS-FWV, JNCIS-SSL
http://www.hicnetworks.com/

k99

  • Newbie
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Re: Shut/No Shut on Interface - CLI
« Reply #9 on: May 22, 2008, 06:24:42 am »
OK, I thought it would be able to shut down any active interface...is there a command to shut/unshut the untrust interface, other than rebooting the device?

muppet

  • Global Moderator
  • Full Member
  • *****
  • Posts: 211
  • Karma: +0/-0
  • I Like Beer
    • View Profile
    • LiCe for EPIC5
Re: Shut/No Shut on Interface - CLI
« Reply #10 on: May 22, 2008, 09:18:42 am »
There's no command to shut/unshut interfaces on the 5GT.

It's annoying.

VictorNOC

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Shut/No Shut on Interface - CLI
« Reply #11 on: May 23, 2008, 01:48:02 am »
Are these options the same for all types of interfaces?  (I mean, GBIC or SFP, on-board...).

For example, "auto" option doesn't appears when use GBIC.
Is it possible that "link-down" option doesn't appear due to this?

mindedc

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Shut/No Shut on Interface - CLI
« Reply #12 on: June 17, 2008, 04:45:57 pm »

That is a 5-GT thing. You can do this on a SSG-5/20 both cli and in web UI, however you cannot with a 520/550 on the web UI, only cli.... go figure.... There is also a bug that is fixed either in the very late 5.4 or in 6.0 where if you set physical interface properties it will knock your configs out of sync on a NSRP pair.  Basically on allmost all of the platforms past the 5-gt you can disable/enable the interfaces. I used to do this a lot on routers, but honestly I almost never have the occasion to do this on ethernet interfaces on firewalls, but the few times I have it's been annoying.