User Manual
Arista Networks
www.arista.com
Arista EOS version 4.15.2F
29 September 2015
Headquarters
Support
Sales
408 547-5500
408 547-5502
866 476-0000
408 547-5501
866 497-0000
www.arista.com
support@arista.com
sales@arista.com
5453 Great America Parkway
Santa Clara, CA 95054
USA
© Copyright 2015 Arista Networks, Inc. The information contained herein is subject to change without
notice. Arista Networks and the Arista logo are trademarks of Arista Networks, Inc., in the United States
and other countries. Other product or service names may be trademarks or service marks of others.
Table of Contents
Table of Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 1
Chapter 2
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Initial Configuration and Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Initial Switch Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Connection Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Recovery Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Session Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Chapter 3
Command-Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Chapter 4
AAA Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Chapter 5
Administering the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Accessing the EOS CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Processing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Switch Platforms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Managing Switch Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Other Command-Line Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Common Criteria (CC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Directory Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Command-Line Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Authorization, Authentication, and Accounting Overview . . . . . . . . . . . . . . . . . . 169
Configuring the Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Server Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Role Based Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Activating Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
TACACS+ Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
AAA Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Managing the Switch Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Managing the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
User Manual: Version 4.15.2F
29 September 2015
3
Table of Contents
Synchronizing the Time Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Managing Display Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Event Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Switch Administration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
4
Booting the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Boot Loader – Aboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Configuration Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Supervisor Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
System Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Aboot Shell. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Aboot Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Switch Booting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Upgrades and Downgrades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Upgrade/Downgrade Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Accelerated Software Upgrade (ASU). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Leaf Smart System Upgrade (Leaf SSU) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Standard Upgrades and Downgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Upgrade/Downgrade Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Switch Environment Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Environment Control Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Environment Control Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Configuring and Viewing Environment Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Environment Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Ethernet Ports Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Ethernet Standards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Ethernet Physical Layer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Ethernet Configuration Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Ethernet Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Port Channels and LACP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Port Channel Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Port Channel Conceptual Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Port Channel Configuration Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Load Balancing Hash Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Port Channel and LACP Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . 478
29 September 2015
User Manual: Version 4.15.2F
Table of Contents
Chapter 11
Chapter 12
Multi-Chassis Link Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
MLAG Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
MLAG Conceptual Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
MLAG Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Configuring MLAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
MLAG Implementation Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
MLAG Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
802.1x Port Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
802.1x Port Security Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
802.1x Port Security Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564
Configuring 802.1x Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Displaying 802.1x information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
IEEE 802.1x Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574
Chapter 13
DCBX and Flow Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
Chapter 14
LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Chapter 15
Data Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
Chapter 16
Tap Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
DCBX and Priority-Based Flow Control Overview . . . . . . . . . . . . . . . . . . . . . . . . . 588
DCBX and PFC Configuration and Verification Procedures . . . . . . . . . . . . . . . . . 589
DCBX and Flow Control Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . 591
LLDP Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
LLDP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
LLDP Configuration Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
LLDP Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
Data Transfer Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
Data Transfer Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632
MAC Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636
Configuring Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639
Monitoring Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
Data Transfer Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 656
Tap Aggregation Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723
Tap Aggregation Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723
Tap Aggregation Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727
Tap Aggregation Traffic Steering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733
Tap Aggregation GUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
Keyframe and Timestamp Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 738
Tap Aggregation Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740
User Manual: Version 4.15.2F
29 September 2015
5
Table of Contents
Chapter 17
VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775
Chapter 18
VXLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819
Chapter 19
ACLs and Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 849
Chapter 20
VRRP and VARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923
Chapter 21
Chapter 22
6
VLAN Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775
VLAN Conceptual Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775
VLAN Configuration Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778
VLAN Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 786
VXLAN Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819
VXLAN Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 820
VXLAN Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 824
VXLAN Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833
ACL, Route Map, and Prefix List Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 849
Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 850
Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 863
Prefix Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 868
ACL, Route Map, and Prefix List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871
VRRP and VARP Conceptual Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923
VRRP and VARP Implementation Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925
VRRP and VARP Implementation Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 933
VRRP and VARP Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 938
Spanning Tree Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965
Introduction to Spanning Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965
Spanning Tree Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965
Configuring a Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 972
STP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985
Quality of Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1041
Quality of Service Conceptual Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1041
QoS Configuration: Arad Platform Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1046
QoS Configuration: FM6000 Platform Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . 1055
QoS Configuration: Petra Platform Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1062
QoS Configuration: Trident Platform Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . 1069
QoS Configuration: Trident-II Platform Switches . . . . . . . . . . . . . . . . . . . . . . . . . 1078
QoS Configuration: ACL Policing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1085
Quality of Service Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1089
29 September 2015
User Manual: Version 4.15.2F
Table of Contents
Chapter 23
Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1161
Traffic Management Conceptual Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1161
Traffic Management Configuration – Arad Platform Switches . . . . . . . . . . . . . . 1164
Traffic Management Configuration – FM6000 Platform Switches . . . . . . . . . . . . 1169
Traffic Management Configuration – Petra Platform Switches . . . . . . . . . . . . . . 1176
Traffic Management Configuration – Trident Platform Switches . . . . . . . . . . . . 1179
Traffic Management Configuration – Trident-II Platform Switches . . . . . . . . . . 1186
Traffic Management Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . 1189
Chapter 24
IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265
Chapter 25
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1367
Chapter 26
Open Shortest Path First – Version 2 . . . . . . . . . . . . . . . . . . . . . . . . . . 1423
Chapter 27
Chapter 28
IPv4 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265
IPv4 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1268
IPv4 Multicast Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1273
Route Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1277
DHCP Relay for IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1282
IP NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1288
IPv4 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1295
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1367
IPv6 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1368
Configuring IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1370
IPv6 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1379
OSPFv2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1423
OSPFv2 Conceptual Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1424
Configuring OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1427
OSPFv2 Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1442
OSPFv2 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1451
Open Shortest Path First – Version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . 1513
OSPFv3 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1513
OSPFv3 Conceptual Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1514
Configuring OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1517
OSPFv3 Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1527
OSPFv3 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1535
Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1579
BGP Conceptual Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1579
Configuring BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1581
BGP Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1595
BGP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1598
User Manual: Version 4.15.2F
29 September 2015
7
Table of Contents
Chapter 29
Chapter 30
Chapter 31
8
Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1693
RIP Conceptual Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1693
Running RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1694
RIP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1697
IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1711
IS-IS Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1711
IS-IS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1712
IS-IS Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1718
Multiprotocol Label Switching (MPLS) . . . . . . . . . . . . . . . . . . . . . . . . . 1745
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1745
Decap Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1748
Nexthop Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1750
MPLS Command Descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1754
Chapter 32
BFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1771
Chapter 33
Multicast Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787
Chapter 34
IGMP and IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1811
Chapter 35
Protocol Independent Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1905
Introduction to BFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1771
BFD Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1772
BFD Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1773
BFD Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1776
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787
Multicast Architecture Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1788
Multicast Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1790
Multicast Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1794
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1811
IGMP Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1812
Configuring IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1814
Configuring IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1816
IGMP Host Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1824
IGMP and IGMP Snooping Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1826
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1905
Configuring PIM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1907
Multicast Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1911
PIM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1915
29 September 2015
User Manual: Version 4.15.2F
Table of Contents
Chapter 36
Multicast Source Discovery Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 1947
MSDP Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1947
MSDP Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1948
MSDP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1950
MSDP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1957
Chapter 37
AVB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1981
Chapter 38
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1997
Chapter 39
AVB Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1981
AVB Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1982
AVB Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1984
AVB Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1987
SNMP Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1997
SNMP Conceptual Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1997
Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1999
SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2005
Latency Analyzer (LANZ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2037
Introduction to LANZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2037
LANZ Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2037
Configuring LANZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2039
LANZ Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2047
Chapter 40
VM Tracer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2067
Chapter 41
Path Tracer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2097
Chapter 42
MapReduce Tracer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2129
VM Tracer Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2067
VM Tracer Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2068
VM Tracer Configuration Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2070
VM Tracer Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2074
Path Tracer Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2097
Path Tracer Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2101
Path Tracer Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2108
MapReduce Tracer Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2129
MapReduce Tracer Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2131
Displaying MapReduce Tracer Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2135
MapReduce Tracer Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2140
User Manual: Version 4.15.2F
29 September 2015
9
Table of Contents
Chapter 43
sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2183
Chapter 44
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2201
Chapter 45
DirectFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2235
sFlow Conceptual Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2183
sFlow Configuration Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2186
sFlow Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2188
OpenFlow Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2201
OpenFlow Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2202
OpenFlow Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2209
OpenFlow Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2212
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2235
DirectFlow Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2237
DirectFlow Feature Interactions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2238
DirectFlow Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2240
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2255
10
29 September 2015
User Manual: Version 4.15.2F
Command Reference
Chapter 1
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Chapter 2
Initial Configuration and Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Chapter 3
Command-Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
domain (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
idle-timeout (Console Management). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
idle-timeout (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
idle-timeout (Telnet Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
management api http-commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
management console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
management ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
management telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
management xmpp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
protocol http (API Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
protocol https (API Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
protocol https certificate (API Management) . . . . . . . . . . . . . . . . . . . . . . . . . 68
server (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
session privilege (XMPP Management). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
show inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
show xmpp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
show xmpp status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
show xmpp switch-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
shutdown (API Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
shutdown (Telnet Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
shutdown (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
switch-group (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
username (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
vrf (API Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
vrf (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
xmpp send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
xmpp session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
User Manual: Version 4.15.2F
action bash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
bash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
boot test memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
comment (various configuration modes) . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
configure (configure terminal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
configure network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
29 September 2015
11
Command Reference
copy running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
dir. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
entropy source hardware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
event-handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
fips restrictions (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
hostkey client strict-checking (SSH Management) . . . . . . . . . . . . . . . . . . . 129
ip ftp client source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
ip http client source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
ip ssh client source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
ip tftp client source-interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
known-hosts (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
local (SSH Management-Tunnel) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
logging source-interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
logging trap system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
log-level (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
management security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
platform sand fabric mode (7500 and 7500E Series) . . . . . . . . . . . . . . . . . . 141
platform sand forwarding mode (7500 and 7500E Series) . . . . . . . . . . . . . 143
pwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
remote (SSH Management-Tunnel). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
secret hash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
send log message. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
server-alive count-max (SSH Management-Tunnel). . . . . . . . . . . . . . . . . . 151
server-alive interval (SSH Management-Tunnel) . . . . . . . . . . . . . . . . . . . . 152
show (various configuration modes) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
show event-handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
show management ssh hostkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
show module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
show platform sand compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
show schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
show schedule summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
shutdown (SSH Management-Tunnel) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
terminal length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
terminal monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
trigger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
tunnel (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
12
29 September 2015
User Manual: Version 4.15.2F
Command Reference
Chapter 4
AAA Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
User Manual: Version 4.15.2F
aaa accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
aaa accounting dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
aaa accounting system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
aaa authentication login. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
aaa authentication policy local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
aaa authentication policy log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
aaa authorization commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
aaa authorization config-commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
aaa authorization console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
aaa authorization exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
aaa authorization policy local default-role . . . . . . . . . . . . . . . . . . . . . . . . . . 205
aaa group server radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
aaa group server tacacs+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
aaa root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
clear aaa counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
clear aaa counters radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
clear aaa counters tacacs+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
deny (Role) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
enable secret. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
ip radius source-interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
ip tacacs source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
no <sequence number> (Role) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
permit (Role) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
radius-server deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
radius-server key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
radius-server retransmit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
resequence (Role) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
server (server-group-RADIUS configuration mode). . . . . . . . . . . . . . . . . . 226
server (server-group-TACACS+ configuration mode). . . . . . . . . . . . . . . . 227
show aaa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
show aaa counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
show aaa method-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
show aaa sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
show privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
show radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
show role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
show tacacs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
show user-account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
tacacs-server policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
tacacs-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
29 September 2015
13
Command Reference
username sshkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Chapter 5
14
Administering the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
banner login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
banner motd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
clear ptp interface counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
clock set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
no event-monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
event-monitor <log enable> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
event-monitor backup max-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
event-monitor backup path. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
event-monitor buffer max-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
event-monitor clear. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
event-monitor interact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
event-monitor sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
ip domain lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
ipv6 host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
ntp authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
ntp authentication-key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
ntp serve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
ntp serve all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
ntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
ntp source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
ntp trusted-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
ptp announce interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
ptp announce timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
ptp delay-mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
ptp delay-req interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
ptp domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
ptp enable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
ptp forward-v1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
ptp hold-ptp-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
ptp mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
ptp pdelay-neighbor-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
ptp pdelay-req interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
ptp priority1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
ptp priority2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
ptp source ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
ptp sync interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
ptp sync timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
ptp transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
29 September 2015
User Manual: Version 4.15.2F
Command Reference
ptp ttl. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
show banner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
show clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
show event-monitor arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
show event-monitor mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
show event-monitor route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
show event-monitor sqlite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
show hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
show ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
show ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
show ntp associations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
show ntp status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
show ptp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
show ptp clock. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
show ptp foreign-master-record. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
show ptp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
show ptp interface counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
show ptp parent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
show ptp source ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
show ptp time-property. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Chapter 6
Booting the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Chapter 7
Upgrades and Downgrades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
CONSOLESPEED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
NET commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
PASSWORD (ABOOT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
SWI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
boot console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
boot secret. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
erase startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
redundancy force-switchover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
reload. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
reload <scheduled> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
service sequence-numbers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
show redundancy file-replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
show redundancy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
show redundancy switchover sso . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
show reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
show reload cause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
User Manual: Version 4.15.2F
install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
reload fast-boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
reload hitless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
29 September 2015
15
Command Reference
16
Chapter 8
Switch Environment Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Chapter 9
Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Chapter 10
Port Channels and LACP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
environment fan-speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
environment insufficient-fans action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
environment overheat action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
locator-led. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
show environment all. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
show environment cooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
show environment power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
show environment temperature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
show locator-led . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
flowcontrol receive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
flowcontrol send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
hardware port-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
interface ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
interface management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
link-debounce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
show flowcontrol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
show hardware port-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
show interfaces capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
show interfaces counters bins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
show interfaces counters errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
show interfaces counters queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
show interfaces counters rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
show interfaces negotiation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
show interfaces phy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
show interfaces status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
show interfaces status errdisabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
show interfaces transceiver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
show interfaces transceiver properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
show platform fm6000 agileport map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
transceiver qsfp default-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
distribution random . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
distribution symmetric-hash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
fields ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
fields mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
ingress load-balance profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
lacp rate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
29 September 2015
User Manual: Version 4.15.2F
Command Reference
lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
load-balance fm6000 profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
load-balance policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
port-channel hash-seed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
port-channel lacp fallback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
port-channel lacp fallback timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
port-channel load-balance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
port-channel load-balance arad fields ip. . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
port-channel load-balance fm6000 fields ip . . . . . . . . . . . . . . . . . . . . . . . . . 499
port-channel load-balance fm6000 fields mac . . . . . . . . . . . . . . . . . . . . . . . 500
port-channel load-balance petraA fields ip. . . . . . . . . . . . . . . . . . . . . . . . . . 501
port-channel load-balance trident fields ip. . . . . . . . . . . . . . . . . . . . . . . . . . 502
port-channel load-balance trident fields ipv6 . . . . . . . . . . . . . . . . . . . . . . . 503
port-channel load-balance trident fields mac. . . . . . . . . . . . . . . . . . . . . . . . 504
port-channel min-links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
show etherchannel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
show lacp aggregates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
show lacp counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
show lacp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
show lacp internal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
show lacp neighbor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
show lacp sys-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
show load-balance profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
show port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
show port-channel limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
show port-channel load-balance fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
show port-channel summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
show port-channel traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
Chapter 11
Multi-Chassis Link Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
User Manual: Version 4.15.2F
clear mlag tunnel counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544
domain-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
heartbeat-interval (MLAG) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
local-interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
mlag (port-channel interface configuration) . . . . . . . . . . . . . . . . . . . . . . . . 548
mlag configuration (global configuration) . . . . . . . . . . . . . . . . . . . . . . . . . . 549
peer-address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550
peer-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
reload-delay mlag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
reload-delay mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
reload-delay non-mlag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554
show mlag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
show mlag interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
show mlag interfaces members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557
show mlag interfaces states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
show mlag issu warnings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
show mlag tunnel counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
shutdown (MLAG) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561
29 September 2015
17
Command Reference
18
Chapter 12
802.1x Port Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
Chapter 13
DCBX and Flow Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
Chapter 14
LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
clear dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
dot1x system-auth-control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
dot1x max-reauth-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
dot1x pae authenticator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 578
dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579
dot1x reauthentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580
dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581
dot1x timeout reauth-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582
dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584
show dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
show dot1x all summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
dcbx application priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592
dcbx mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
no priority-flow-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594
platform fm6000 pfc-wm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
priority-flow-control mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596
priority-flow-control priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
show dcbx. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
show dcbx application-priority-configuration . . . . . . . . . . . . . . . . . . . . . . . 599
show dcbx priority-flow-control-configuration . . . . . . . . . . . . . . . . . . . . . . 600
show dcbx status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
show interfaces priority-flow-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
show platform fm6000 pfc-wm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603
show priority-flow-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
clear lldp counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
clear lldp table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
lldp holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615
lldp management-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616
lldp management-address vrf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
lldp receive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618
lldp reinit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619
lldp run . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620
lldp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621
lldp tlv-select . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622
lldp transmit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
show lldp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624
show lldp local-info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 626
show lldp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 627
show lldp traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629
29 September 2015
User Manual: Version 4.15.2F
Command Reference
Chapter 15
Data Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
User Manual: Version 4.15.2F
clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 658
clear mac address-table dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
clear server-failure servers inactive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661
control-plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662
default-profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664
errdisable detect cause link-flap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665
errdisable flap-setting cause link-flap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666
errdisable recovery cause. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
errdisable recovery interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668
interface loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669
ip access-group (Control Plane mode). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 670
link state group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671
link state track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 672
links minimum. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673
load interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674
mac address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
mac address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676
monitor link-flap policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
monitor link-flap profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
monitor server-failure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
monitor server-failure link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681
monitor session destination. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 682
monitor session destination cpu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
monitor session ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684
monitor session source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685
monitor session source ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 686
monitor session truncate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687
mtu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688
network (server-failure configuration mode). . . . . . . . . . . . . . . . . . . . . . . . 689
no monitor session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 690
profile max-flaps (Link Flap Configuration). . . . . . . . . . . . . . . . . . . . . . . . . 691
proxy (server-failure configuration mode) . . . . . . . . . . . . . . . . . . . . . . . . . . 692
show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693
show interfaces description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695
show link state group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696
show mac address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 697
show mac address-table aging time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
show mac address-table count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700
show mac address-table mlag-peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701
show mac address-table multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702
show mac address-table multicast brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703
show monitor server-failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 704
show monitor server-failure history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
show monitor server-failure servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706
show monitor session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 708
show port-security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 709
show port-security address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710
29 September 2015
19
Command Reference
show port-security interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711
show storm-control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 712
show switch forwarding-mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713
show track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 714
shutdown (server-failure configuration mode) . . . . . . . . . . . . . . . . . . . . . . 715
storm-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716
switch forwarding-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
switchport. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
switchport mac address learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719
switchport port-security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 720
switchport port-security maximum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721
track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722
20
Chapter 16
Tap Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723
Chapter 17
VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775
class (policy-map (tapagg)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 741
class-map type tapagg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 743
mac timestamp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 744
match (class-map (tapagg)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745
match (policy-map (tapagg)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 746
mode (tap-agg configuration mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749
mode exclusive no-errdisable (tap-agg configuration mode) . . . . . . . . . . 750
platform fm6000 keyframe device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751
platform fm6000 keyframe. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 752
platform fm6000 keyframe rate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753
platform fm6000 keyframe source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 754
policy-map type tapagg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755
resequence (class-map (tapagg)). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 756
resequence (policy-map (tapagg)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 757
service-policy type tapagg (Interface mode) . . . . . . . . . . . . . . . . . . . . . . . . 758
set (policy-map-class (tapagg)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 759
show interfaces tap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 760
show interfaces tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761
show platform fm6000 keyframe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762
show tap aggregation groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763
switchport tap allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764
switchport tap default group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765
switchport tap identity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766
switchport tap native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767
switchport tap truncation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768
switchport tool allowed vlan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769
switchport tool group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 770
switchport tool identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772
tap aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773
autostate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787
encapsulation dot1q vlan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 788
29 September 2015
User Manual: Version 4.15.2F
Command Reference
interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 789
l2-protocol encapsulation dot1q vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 790
name (VLAN configuration mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791
private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792
private-vlan mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793
show dot1q-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 794
show interfaces private-vlan mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795
show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796
show interfaces switchport backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797
show interfaces trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 798
show interfaces vlans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 799
show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 800
show vlan dynamic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801
show vlan internal allocation policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802
show vlan internal usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 803
show vlan private-vlan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 804
show vlan summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805
show vlan trunk group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 806
state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807
switchport access vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 808
switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809
switchport private-vlan mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811
switchport trunk allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812
switchport trunk group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 813
switchport trunk native vlan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 814
switchport vlan mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815
trunk group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 816
vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817
vlan internal allocation policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818
Chapter 18
VXLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819
Chapter 19
ACLs and Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 849
clear vxlan counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834
interface vxlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835
ip address virtual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836
show vxlan address-table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 837
show vxlan counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 838
show vxlan flood vtep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 839
show vxlan vtep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 840
vxlan flood vtep. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 841
vxlan multicast-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 843
vxlan source-interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844
vxlan udp-port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 845
vxlan vlan vni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 846
vxlan vni notation dotted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847
User Manual: Version 4.15.2F
clear ip access-lists counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873
29 September 2015
21
Command Reference
clear ipv6 access-lists counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874
continue (route-map) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875
deny (IPv4 ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876
deny (IPv6 ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878
deny (IPv6 Prefix List) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 880
deny (MAC ACL). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881
deny (Standard IPv4 ACL). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882
deny (Standard IPv6 ACL). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883
description (route-map) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 884
ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885
ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886
ip access-list standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887
ip prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 888
ipv6 access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 889
ipv6 access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 890
ipv6 access-list standard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891
ipv6 prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 892
mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 893
mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894
match (route-map) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895
no <sequence number> (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 897
permit (IPv4 ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 898
permit (IPv6 ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 900
permit (IPv6 Prefix List) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 902
permit (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903
permit (Standard IPv4 ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 904
permit (Standard IPv6 ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905
remark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 906
resequence (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907
route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908
seq (IPv6 Prefix Lists) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910
set (route-map) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911
set community (route-map). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 912
set extcommunity (route-map) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 913
show (ACL configuration modes) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914
show ip access-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916
show ip prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
show ipv6 access-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918
show ipv6 prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 919
show mac access-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 920
show route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921
statistics per-entry (ACL configuration modes) . . . . . . . . . . . . . . . . . . . . . . 922
Chapter 20
22
VRRP and VARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923
ip fhrp accept-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 939
ip virtual-router address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 940
ip virtual-router mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 941
ip virtual-router mac-address advertisement-interval . . . . . . . . . . . . . . . . 942
29 September 2015
User Manual: Version 4.15.2F
Command Reference
ipv6 virtual-router address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 943
no vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 944
show ip virtual-router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 945
show ipv6 virtual-router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 946
show vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 947
show vrrp internal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949
vrrp authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950
vrrp delay reload. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 951
vrrp description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 952
vrrp ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953
vrrp ip secondary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 954
vrrp ip version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 955
vrrp ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 956
vrrp mac-address advertisement-interval. . . . . . . . . . . . . . . . . . . . . . . . . . . 957
vrrp preempt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 958
vrrp preempt delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 959
vrrp priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 961
vrrp shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 962
vrrp timers advertise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963
vrrp track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 964
Chapter 21
Spanning Tree Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965
User Manual: Version 4.15.2F
abort (mst-configuration mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 987
clear spanning-tree counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 988
clear spanning-tree counters session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 989
clear spanning-tree detected-protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 990
exit (mst-configuration mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 991
instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992
name (mst-configuration mode). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 993
revision (mst-configuration mode). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 994
show (mst-configuration mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995
show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 996
show spanning-tree blockedports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 999
show spanning-tree bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1000
show spanning-tree counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001
show spanning-tree interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1002
show spanning-tree mst. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1003
show spanning-tree mst configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1005
show spanning-tree mst interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1006
show spanning-tree mst test information . . . . . . . . . . . . . . . . . . . . . . . . . . 1007
show spanning-tree root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1008
show spanning-tree topology status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1009
spanning-tree bpdufilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1010
spanning-tree bpduguard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1011
spanning-tree bpduguard rate-limit count (global) . . . . . . . . . . . . . . . . . 1012
spanning-tree bpduguard rate-limit count (interface) . . . . . . . . . . . . . . . 1013
spanning-tree bpduguard rate-limit default . . . . . . . . . . . . . . . . . . . . . . . 1014
spanning-tree bpduguard rate-limit enable / disable . . . . . . . . . . . . . . . . 1015
29 September 2015
23
Command Reference
spanning-tree bridge assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1016
spanning-tree cost. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1017
spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1018
spanning-tree guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1019
spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1020
spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021
spanning-tree loopguard default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1022
spanning-tree max-age. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023
spanning-tree max-hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024
spanning-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025
spanning-tree mst configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1026
spanning-tree portchannel guard misconfig . . . . . . . . . . . . . . . . . . . . . . . 1027
spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1028
spanning-tree portfast auto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1029
spanning-tree portfast bpdufilter default . . . . . . . . . . . . . . . . . . . . . . . . . . 1030
spanning-tree portfast bpduguard default . . . . . . . . . . . . . . . . . . . . . . . . . 1031
spanning-tree portfast <port type> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1032
spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033
spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1034
spanning-tree root. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1035
spanning-tree transmit hold-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1036
spanning-tree vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1037
switchport backup interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038
Chapter 22
24
Quality of Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1041
bandwidth guaranteed (Helix) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1091
bandwidth guaranteed (Trident-II) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1092
bandwidth percent (Arad) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1093
bandwidth percent (FM6000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1095
bandwidth percent (Petra) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1097
bandwidth percent (Trident) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1099
mc-tx-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1101
platform petraA traffic-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1102
priority (Arad) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1104
priority (FM6000). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1106
priority (Petra) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1108
priority (Trident) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1110
qos cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1112
qos dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1113
qos trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1114
qos map cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1115
qos map dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1116
qos map traffic-class to cos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1117
qos map traffic-class to dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118
qos map traffic-class to mc-tx-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1119
qos map traffic-class to tx-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1120
qos map traffic-class to uc-tx-queue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1121
qos random-detect ecn global-buffer (Helix) . . . . . . . . . . . . . . . . . . . . . . . 1122
29 September 2015
User Manual: Version 4.15.2F
Command Reference
qos random-detect ecn global-buffer (Trident) . . . . . . . . . . . . . . . . . . . . . 1124
qos rewrite cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1126
qos rewrite dscp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1127
random-detect ecn (Arad) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1128
random-detect ecn (Helix) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1130
random-detect ecn (Trident) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1132
shape rate (Interface – Arad) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1134
shape rate (Interface – FM6000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1135
shape rate (Interface – Helix) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1136
shape rate (Interface – Petra). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1137
shape rate (Interface – Trident). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1138
shape rate (Interface – Trident-II). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1139
shape rate (Tx-queue – Arad) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1140
shape rate (Tx-queue – FM6000). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1141
shape rate (Tx-queue – Helix) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1142
shape rate (Tx-queue – Petra) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1143
shape rate (Tx-queues – Trident) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1144
shape rate (Tx-queue – Trident-II) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1146
show platform petraA traffic-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1147
show qos interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1149
show qos interfaces random-detect ecn . . . . . . . . . . . . . . . . . . . . . . . . . . . 1150
show qos maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1151
show qos random-detect ecn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1152
show qos interfaces trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1153
tx-queue (Arad) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1154
tx-queue (FM6000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1155
tx-queue (Helix). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1156
tx-queue (Petra) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1157
tx-queue (Trident-II) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1158
uc-tx-queue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1159
Chapter 23
Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1161
User Manual: Version 4.15.2F
bandwidth (policy-map-class (control-plane) – Arad) . . . . . . . . . . . . . . . 1191
bandwidth (policy-map-class (control-plane) – FM6000). . . . . . . . . . . . . 1193
bandwidth (policy-map-class (control-plane) – Helix) . . . . . . . . . . . . . . . 1194
bandwidth (policy-map-class (control-plane) – Petra) . . . . . . . . . . . . . . . 1196
bandwidth (policy-map-class (control-plane) – Trident) . . . . . . . . . . . . . 1198
bandwidth (policy-map-class (control-plane) – Trident-II) . . . . . . . . . . . 1199
class (policy-map (control-plane) – Arad) . . . . . . . . . . . . . . . . . . . . . . . . . . 1201
class (policy-map (control-plane) – FM6000) . . . . . . . . . . . . . . . . . . . . . . . 1203
class (policy-map (control-plane) – Helix). . . . . . . . . . . . . . . . . . . . . . . . . . 1205
class (policy-map (control-plane) – Petra). . . . . . . . . . . . . . . . . . . . . . . . . . 1207
class (policy-map (control-plane) – Trident and Trident-II) . . . . . . . . . . 1209
class (policy-map (control-plane) – Trident-II). . . . . . . . . . . . . . . . . . . . . . 1211
class (policy-map (pbr)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1213
class (policy-map (qos) – FM6000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1215
class (policy-map (qos) – Helix) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1216
class (policy-map (qos) – Trident). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1217
29 September 2015
25
Command Reference
class (policy-map (qos) – Trident II) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1218
class-map type control-plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219
class-map type pbr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1220
class-map type qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1221
clear policy-map counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1222
match (class-map (control-plane) – Helix) . . . . . . . . . . . . . . . . . . . . . . . . . 1223
match (class-map (control-plane) – Trident) . . . . . . . . . . . . . . . . . . . . . . . 1224
match (class-map (control-plane) – Trident-II) . . . . . . . . . . . . . . . . . . . . . 1225
match (class-map (pbr)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1226
match (class-map (qos) – FM6000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1227
match (class-map (qos) – Helix) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1228
match (class-map (qos) – Trident) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1229
match (class-map (qos) – Trident II). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1230
match (policy-map (pbr)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1231
policy-map type control-plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1232
policy-map type pbr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1233
policy-map type qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1234
resequence (class-map (pbr)). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1235
resequence (policy-map (pbr)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1236
service-policy type pbr (Interface mode) . . . . . . . . . . . . . . . . . . . . . . . . . . 1237
service-policy type qos (Interface mode) . . . . . . . . . . . . . . . . . . . . . . . . . . 1238
set (policy-map-class (qos) – FM6000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239
set (policy-map-class (qos) – Helix) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1240
set (policy-map-class (qos) – Trident) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1241
set (policy-map-class (qos) – Trident II). . . . . . . . . . . . . . . . . . . . . . . . . . . . 1242
set nexthop (policy-map-class – pbr) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1243
shape (policy-map-class (control-plane) – Arad) . . . . . . . . . . . . . . . . . . . . 1244
shape (policy-map-class (control-plane) – FM6000) . . . . . . . . . . . . . . . . . 1246
shape (policy-map-class (control-plane) – Helix). . . . . . . . . . . . . . . . . . . . 1247
shape (policy-map-class (control-plane) – Petra). . . . . . . . . . . . . . . . . . . . 1249
shape (policy-map-class (control-plane) – Trident). . . . . . . . . . . . . . . . . . 1251
shape (policy-map-class (control-plane) – Trident-II). . . . . . . . . . . . . . . . 1252
show class-map type control-plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1254
show class-map type pbr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1255
show class-map type qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1256
show policy-map type control-plane. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1257
show policy-map type pbr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1258
show policy-map type qos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1259
show policy-map type qos counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1260
show policy-map interface control-plane . . . . . . . . . . . . . . . . . . . . . . . . . . 1261
show policy-map interface type qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1262
show policy-map interface type qos counters . . . . . . . . . . . . . . . . . . . . . . 1263
Chapter 24
26
IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265
arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1297
arp cache persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1298
arp timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1299
clear arp-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1300
29 September 2015
User Manual: Version 4.15.2F
Command Reference
clear ip arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1301
clear ip dhcp relay counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1302
clear ip dhcp snooping counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1303
clear ip nat translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1304
description (VRF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1305
ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1306
ip dhcp relay always-on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1307
ip dhcp relay information option (Global) . . . . . . . . . . . . . . . . . . . . . . . . . 1308
ip dhcp relay information option circuit-id . . . . . . . . . . . . . . . . . . . . . . . . 1309
ip dhcp smart-relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1310
ip dhcp smart-relay global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1312
ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1313
ip dhcp snooping information option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1314
ip dhcp snooping vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1315
ip hardware fib ecmp resilience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1316
ip helper-address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1317
ip icmp redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1318
ip load-sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1319
ip local-proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1320
ip nat destination static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1321
ip nat pool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1322
ip nat source dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1323
ip nat source static. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1324
ip nat translation low-mark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1326
ip nat translation max-entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1327
ip nat translation tcp-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1328
ip nat translation udp-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1329
ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1330
ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1331
ip routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1333
ip verify. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1334
platform trident forwarding-table partition . . . . . . . . . . . . . . . . . . . . . . . . 1335
platform trident routing-table partition . . . . . . . . . . . . . . . . . . . . . . . . . . . 1336
rd (VRF configuration mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1337
routing-context vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1338
show arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1339
show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1341
show ip arp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1342
show ip dhcp relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1344
show ip dhcp relay counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1345
show ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1346
show ip dhcp snooping counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1347
show ip dhcp snooping hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1348
show ip helper-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1349
show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1350
show ip interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1351
show ip nat access-list interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1352
show ip nat pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1353
show ip nat translations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1354
show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1355
User Manual: Version 4.15.2F
29 September 2015
27
Command Reference
show ip route age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1357
show ip route gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1358
show ip route host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1359
show ip route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1360
show ip route tag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1361
show platform trident forwarding-table partition. . . . . . . . . . . . . . . . . . . 1362
show routing-context vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1363
show vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1364
vrf definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1365
vrf forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1366
Chapter 25
28
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1367
clear ipv6 dhcp relay counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1380
clear ipv6 neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1381
ipv6 address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1382
ipv6 dhcp relay always-on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1383
ipv6 dhcp relay destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1384
ipv6 enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1385
ipv6 hardware fib aggregate-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1386
ipv6 hardware fib ecmp resilience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1387
ipv6 hardware fib nexthop-index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1388
ipv6 helper-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1389
ipv6 nd managed-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1390
ipv6 nd ns-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1391
ipv6 nd other-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1392
ipv6 nd prefix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1393
ipv6 nd ra dns-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1394
ipv6 nd ra dns-servers lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1395
ipv6 nd ra dns-suffix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1396
ipv6 nd ra dns-suffixes lifetime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1397
ipv6 nd ra hop-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1398
ipv6 nd ra interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1399
ipv6 nd ra lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1400
ipv6 nd ra mtu suppress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1401
ipv6 nd ra suppress. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1402
ipv6 nd reachable-time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1403
ipv6 nd router-preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1404
ipv6 neighbor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1405
ipv6 neighbor cache persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1406
ipv6 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1407
ipv6 unicast-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1409
ipv6 verify. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1410
show ipv6 dhcp relay counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1411
show ipv6 hardware fib aggregate-address . . . . . . . . . . . . . . . . . . . . . . . . 1412
show ipv6 helper-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1413
show ipv6 interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1414
show ipv6 nd ra internal state. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1415
show ipv6 neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1416
29 September 2015
User Manual: Version 4.15.2F
Command Reference
show ipv6 route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1417
show ipv6 route age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1418
show ipv6 route host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1419
show ipv6 route interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1420
show ipv6 route summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1421
show ipv6 route tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1422
Chapter 26
Open Shortest Path First – Version 2 . . . . . . . . . . . . . . . . . . . . . . . . . . 1423
User Manual: Version 4.15.2F
adjacency exchange-start threshold (OSPFv2). . . . . . . . . . . . . . . . . . . . . . 1453
area default-cost (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1454
area filter (OSPFv2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1455
area nssa (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1456
area nssa default-information-originate (OSPFv2) . . . . . . . . . . . . . . . . . . 1457
area nssa no-summary (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1459
area nssa translate type7 always (OSPFv2). . . . . . . . . . . . . . . . . . . . . . . . . 1460
area range (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1461
area stub (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1462
auto-cost reference-bandwidth (OSPFv2). . . . . . . . . . . . . . . . . . . . . . . . . . 1463
clear ip ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1464
compatible (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1465
default-information originate (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . 1466
distance ospf (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1467
ip ospf authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1468
ip ospf authentication-key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1469
ip ospf cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1470
ip ospf dead-interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1471
ip ospf hello-interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1472
ip ospf message-digest-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1473
ip ospf name-lookup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1474
ip ospf network point-to-point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1475
ip ospf priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1476
ip ospf retransmit-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1477
ip ospf shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1478
ip ospf transmit-delay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1479
log-adjacency-changes (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1480
max-lsa (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1481
max-metric router-lsa (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1482
maximum-paths (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1483
network area (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1484
no area (OSPFv2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1485
passive-interface default (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1486
passive-interface <interface> (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . 1487
point-to-point routes (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1488
redistribute (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1489
router-id (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1490
router ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1491
show ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1492
show ip ospf border-routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1494
29 September 2015
29
Command Reference
show ip ospf database database-summary . . . . . . . . . . . . . . . . . . . . . . . . . 1495
show ip ospf database <link state list> . . . . . . . . . . . . . . . . . . . . . . . . . . . 1496
show ip ospf database <link-state details> . . . . . . . . . . . . . . . . . . . . . . . . 1497
show ip ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1500
show ip ospf interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1501
show ip ospf lsa-log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1502
show ip ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1503
show ip ospf neighbor adjacency-changes . . . . . . . . . . . . . . . . . . . . . . . . . 1504
show ip ospf neighbor state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1505
show ip ospf neighbor summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1506
show ip ospf request-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1507
show ip ospf retransmission-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1508
show ip ospf spf-log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1509
shutdown (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1510
timers lsa arrival (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1511
timers throttle lsa all (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1512
Chapter 27
30
Open Shortest Path First – Version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . 1513
adjacency exchange-start threshold (OSPFv3). . . . . . . . . . . . . . . . . . . . . . 1536
area default-cost (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1537
area nssa (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1538
area nssa default-information-originate (OSPFv3) . . . . . . . . . . . . . . . . . . 1539
area nssa translate type7 always (OSPFv3). . . . . . . . . . . . . . . . . . . . . . . . . 1540
area range (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1541
area stub (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1542
clear ipv6 ospf force-spf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1543
default-information originate (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . 1544
default-metric (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1545
distance ospf intra-area (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1546
ipv6 ospf area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1547
ipv6 ospf cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1548
ipv6 ospf dead-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1549
ipv6 ospf hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1550
ipv6 ospf network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1551
ipv6 ospf priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1552
ipv6 ospf retransmit-interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1553
ipv6 ospf transmit-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1554
ipv6 router ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1555
log-adjacency-changes (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1556
max-metric router-lsa (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1557
maximum-paths (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1558
no area (OSPFv3). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1559
passive-interface (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1560
redistribute (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1561
router-id (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1562
show ipv6 ospf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1563
show ipv6 ospf border-routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1564
show ipv6 ospf database<link-state details> . . . . . . . . . . . . . . . . . . . . . . 1565
29 September 2015
User Manual: Version 4.15.2F
Command Reference
show ipv6 ospf database <link state list> . . . . . . . . . . . . . . . . . . . . . . . . . 1568
show ipv6 ospf database link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1570
show ipv6 ospf database link if-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1571
show ipv6 ospf database link if-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1572
show ipv6 ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1574
show ipv6 ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1575
show ipv6 ospf neighbor state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1576
show ipv6 ospf neighbor summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1577
shutdown (OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1578
Chapter 28
Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1579
User Manual: Version 4.15.2F
address-family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1600
aggregate-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1601
bgp advertise-inactive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1603
bgp client-to-client reflection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1604
bgp cluster-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1605
bgp confederation identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1606
bgp confederation peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1607
bgp default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1608
bgp enforce-first-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1610
bgp listen limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1611
bgp listen range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1612
bgp log-neighbor-changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1613
bgp redistribute-internal (BGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1614
clear ip bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1615
clear ip bgp neighbor *. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1617
clear ipv6 bgp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1618
clear ipv6 bgp neighbor *. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1620
distance bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1621
graceful-restart stalepath-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1622
graceful-restart-helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1623
ip as-path access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1624
ip as-path regex-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1625
ip community-list expanded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1626
ip community-list standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1627
ip extcommunity-list expanded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1628
ip extcommunity-list standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1629
maximum paths (BGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1630
neighbor activate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1631
neighbor allowas-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1632
neighbor default-originate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1633
neighbor description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1634
neighbor ebgp-multihop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1635
neighbor export-localpref . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1636
neighbor graceful-restart-helper. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1637
neighbor import-localpref . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1638
neighbor local-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1639
neighbor local-v6-addr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1640
29 September 2015
31
Command Reference
neighbor maximum-routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1641
neighbor next-hop-peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1642
neighbor next-hop-self . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1643
neighbor out-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1644
neighbor password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1645
neighbor peer-group (create) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1646
neighbor peer-group (neighbor assignment) . . . . . . . . . . . . . . . . . . . . . . . 1648
neighbor remote-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1649
neighbor remove-private-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1650
neighbor route-map (BGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1651
neighbor route-reflector-client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1652
neighbor send-community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1653
neighbor shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1654
neighbor soft-reconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1655
neighbor timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1656
neighbor transport connection-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1657
neighbor update-source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1658
neighbor weight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1659
network (BGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1660
no neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1661
redistribute (BGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1662
router-id (BGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1663
router bgp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1664
show bgp instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1665
show ip as-path access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1666
show ip bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1667
show ip bgp community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1668
show ip bgp neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1669
show ip bgp neighbors (route type). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1671
show ip bgp neighbors (route-type) community. . . . . . . . . . . . . . . . . . . . 1673
show ip bgp neighbors regexp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1674
show ip bgp paths. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1675
show ip bgp peer-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1676
show ip bgp regexp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1677
show ip bgp summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1678
show ip community-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1679
show ip extcommunity-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1680
show ipv6 bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1681
show ipv6 bgp community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1682
show ipv6 bgp neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1683
show ipv6 bgp neighbors (route type) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1684
show ipv6 bgp neighbors (route type) community. . . . . . . . . . . . . . . . . . 1685
show ipv6 bgp neighbors regexp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1687
show ipv6 bgp regexp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1688
show ipv6 bgp summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1689
shutdown (BGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1690
timers bgp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1691
vrf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1692
32
29 September 2015
User Manual: Version 4.15.2F
Command Reference
Chapter 29
Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1693
Chapter 30
IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1711
Chapter 31
Multiprotocol Label Switching (MPLS) . . . . . . . . . . . . . . . . . . . . . . . . . 1745
default-metric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1698
distance (RIP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1699
distribute-list (RIP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1700
ip rip v2-broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1702
network (RIP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1703
redistribute (RIP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1704
router rip. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1705
show ip rip database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1706
show ip rip neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1707
shutdown (RIP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1708
timers basic (RIP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1709
address-family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1719
isis enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1720
isis hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1721
isis hello-multiplier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1722
isis lsp-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1723
isis metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1724
isis network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1725
isis passive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1726
isis priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1727
is-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1728
log-adjacency-changes (IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1729
net . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1730
passive-interface (IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1731
redistribute (IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1732
router isis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1733
set-overload-bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1734
show isis database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1735
show isis interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1737
show isis neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1739
show isis summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1741
show isis topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1742
shutdown (IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1743
spf-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1744
User Manual: Version 4.15.2F
entry (Nexthop Group) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1755
ip decap-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1756
ip route nexthop-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1757
mpls ip. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1759
mpls static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1760
nexthop-group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1762
show mpls route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1763
show mpls route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1764
29 September 2015
33
Command Reference
show nexthop-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1765
size (Nexthop Group) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1766
ttl (Nexthop Group) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1767
tunnel decap-ip (Decap Group) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1768
tunnel-source (Nexthop Group). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1769
tunnel type (Decap Group) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1770
34
Chapter 32
BFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1771
Chapter 33
Multicast Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787
Chapter 34
IGMP and IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1811
bfd interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1777
bfd all-interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1778
ip ospf bfd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1779
ip pim bfd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1780
ip pim bfd-instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1781
neighbor fall-over bfd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1782
show bfd neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1783
vrrp bfd ip. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1785
clear ip mfib fastdrop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1795
clear ip mroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1796
ip mfib activity polling-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1797
ip mfib cache-entries unresolved max . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1798
ip mfib fastdrop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1799
ip mfib max-fastdrops. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1800
ip mfib packet-buffers unresolved max. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1801
ip multicast boundary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1802
ip multicast multipath none . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1804
ip multicast-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1805
show ip mfib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1806
show ip mfib software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1807
show ip mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1808
show ip mroute count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1809
clear ip igmp group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1828
clear ip igmp snooping counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1829
clear ip igmp statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1830
ip igmp host-proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1831
ip igmp host-proxy report-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1833
ip igmp last-member-query-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1834
ip igmp last-member-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1835
ip igmp profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1836
ip igmp query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1838
ip igmp query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1839
ip igmp router-alert. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1840
ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1841
29 September 2015
User Manual: Version 4.15.2F
Command Reference
ip igmp snooping filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1842
ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1843
ip igmp snooping querier address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1844
ip igmp snooping querier last-member-query-count . . . . . . . . . . . . . . . . 1845
ip igmp snooping querier last-member-query-interval . . . . . . . . . . . . . . 1846
ip igmp snooping querier max-response-time . . . . . . . . . . . . . . . . . . . . . . 1847
ip igmp snooping querier query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . 1848
ip igmp snooping querier startup-query-count . . . . . . . . . . . . . . . . . . . . . 1849
ip igmp snooping querier startup-query-interval . . . . . . . . . . . . . . . . . . . 1850
ip igmp snooping querier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1851
ip igmp snooping report-flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1852
ip igmp snooping report-flooding switch-port . . . . . . . . . . . . . . . . . . . . . 1853
ip igmp snooping restart query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . 1854
ip igmp snooping robustness-variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1855
ip igmp snooping vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1856
ip igmp snooping vlan immediate-leave. . . . . . . . . . . . . . . . . . . . . . . . . . . 1857
ip igmp snooping vlan max-groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1858
ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1859
ip igmp snooping vlan querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1860
ip igmp snooping vlan querier address. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1862
ip igmp snooping vlan querier last-member-query-count. . . . . . . . . . . . 1863
ip igmp snooping vlan querier last-member-query-interval . . . . . . . . . . 1864
ip igmp snooping vlan querier max-response-time . . . . . . . . . . . . . . . . . 1865
ip igmp snooping vlan querier query-interval. . . . . . . . . . . . . . . . . . . . . . 1866
ip igmp snooping vlan querier startup-query-count . . . . . . . . . . . . . . . . 1867
ip igmp snooping vlan querier startup-query-interval. . . . . . . . . . . . . . . 1868
ip igmp snooping vlan querier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1869
ip igmp snooping vlan report-flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1870
ip igmp snooping vlan report-flooding switch-port . . . . . . . . . . . . . . . . . 1871
ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1872
ip igmp startup-query-count. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1873
ip igmp startup-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1874
ip igmp static-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1875
ip igmp static-group acl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1876
ip igmp static-group range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1877
ip igmp version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1879
permit / deny . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1880
range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1881
show ip igmp groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1882
show ip igmp groups count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1883
show ip igmp host-proxy config-sanity. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1884
show ip igmp host-proxy interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1885
show ip igmp interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1886
show ip igmp profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1887
show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1888
show ip igmp snooping counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1889
show ip igmp snooping counters ethdev-pams. . . . . . . . . . . . . . . . . . . . . 1890
show ip igmp snooping groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1891
show ip igmp snooping groups count. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1894
show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1895
User Manual: Version 4.15.2F
29 September 2015
35
Command Reference
show ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1896
show ip igmp snooping querier counters . . . . . . . . . . . . . . . . . . . . . . . . . . 1897
show ip igmp snooping querier membership . . . . . . . . . . . . . . . . . . . . . . 1898
show ip igmp snooping report-flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . 1899
show ip igmp static-groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1900
show ip igmp static-groups acl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1901
show ip igmp static-groups group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1902
show ip igmp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1903
36
Chapter 35
Protocol Independent Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1905
Chapter 36
Multicast Source Discovery Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 1947
ip pim anycast-rp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1916
ip pim border-router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1917
ip pim bsr-border . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1918
ip pim bsr-candidate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1919
ip pim bsr-holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1921
ip pim dr-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1922
ip pim join-prune-interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1923
ip pim log-neighbor-changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1924
ip pim neighbor-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1925
ip pim query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1926
ip pim register-source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1927
ip pim rp-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1928
ip pim rp-candidate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1929
ip pim sparse-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1931
ip pim sparse-mode sg-expiry-timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1932
ip pim spt-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1933
ip pim spt-threshold group-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1934
ip pim ssm range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1935
show ip pim bsr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1936
show ip pim config-sanity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1937
show ip pim interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1938
show ip pim neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1939
show ip pim protocol counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1940
show ip pim register-source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1941
show ip pim rp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1942
show ip pim rp-candidate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1943
show ip pim rp-hash. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1944
show ip pim upstream joins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1945
clear ip msdp sa-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1958
ip msdp cache-sa-state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1959
ip msdp default-peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1960
ip msdp description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1961
ip msdp group-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1962
ip msdp keepalive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1963
ip msdp mesh-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1964
29 September 2015
User Manual: Version 4.15.2F
Command Reference
ip msdp originator-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1965
ip msdp peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1966
ip msdp rejected-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1967
ip msdp sa-filter in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1968
ip msdp sa-filter out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1969
ip msdp sa-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1970
ip msdp shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1971
ip msdp timer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1972
show ip msdp mesh-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1973
show ip msdp peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1974
show ip msdp pim sa-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1975
show ip msdp rpf-peer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1976
show ip msdp sa-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1977
show ip msdp sanity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1978
show ip msdp summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1979
Chapter 37
AVB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1981
Chapter 38
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1997
msrp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1988
mrp leave-all-timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1989
mrp leave-timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1990
msrp streams load-file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1991
show msrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1992
show msrp interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1993
show msrp streams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1995
User Manual: Version 4.15.2F
no snmp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2006
show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2007
show snmp chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2008
show snmp community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2009
show snmp contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2010
show snmp engineID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2011
show snmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2012
show snmp host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2013
show snmp location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2014
show snmp mib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2015
show snmp source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2016
show snmp trap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2017
show snmp user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2018
show snmp view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2019
snmp-server chassis-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2020
snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2021
snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2022
snmp-server enable traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2023
snmp-server engineID local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2024
snmp-server engineID remote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2025
snmp-server extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2026
29 September 2015
37
Command Reference
snmp-server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2027
snmp-server host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2028
snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2030
snmp-server source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2031
snmp-server user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2032
snmp-server view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2033
snmp-server vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2034
snmp trap link-status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2035
38
Chapter 39
Latency Analyzer (LANZ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2037
Chapter 40
VM Tracer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2067
clear queue-monitor length statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2048
max-connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2049
queue-monitor length (global configuration mode) . . . . . . . . . . . . . . . . . 2050
queue-monitor length threshold (Arad and Petra) . . . . . . . . . . . . . . . . . . 2051
queue-monitor length thresholds (FM6000). . . . . . . . . . . . . . . . . . . . . . . . 2052
queue-monitor length global-buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2053
queue-monitor length global-buffer log . . . . . . . . . . . . . . . . . . . . . . . . . . . 2054
queue-monitor length global-buffer thresholds . . . . . . . . . . . . . . . . . . . . 2055
queue-monitor length log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2056
queue-monitor streaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2057
show queue-monitor length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2058
show queue-monitor length all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2060
show queue-monitor length global-buffer . . . . . . . . . . . . . . . . . . . . . . . . . 2061
show queue-monitor length limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2062
show queue-monitor length drops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2063
show queue-monitor length tx-latency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2064
show queue-monitor length status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2065
shutdown (queue-monitor-streaming configuration) . . . . . . . . . . . . . . . 2066
allowed-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2075
autovlan disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2076
password (vmtracer mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2077
password (vmtracer-vxlan mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2078
show vmtracer all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2079
show vmtracer interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2080
show vmtracer session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2081
show vmtracer session vcenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2082
show vmtracer session vsm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2083
show vmtracer vm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2084
show vmtracer vm detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2085
show vmtracer vnic counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2086
show vmtracer vxlan segment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2087
show vmtracer vxlan vm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2089
url (vmtracer mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2090
url (vmtracer-vxlan mode). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2091
username (vmtracer mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2092
29 September 2015
User Manual: Version 4.15.2F
Command Reference
username (vmtracer-vxlan mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2093
vmtracer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2094
vmtracer session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2095
vxlan (vmtracer mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2096
Chapter 41
Path Tracer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2097
Chapter 42
MapReduce Tracer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2129
clear monitor reachability probe-statistics . . . . . . . . . . . . . . . . . . . . . . . . . 2109
destination ip (Monitor Reachability Probe Transmitter) . . . . . . . . . . . . 2110
destination port (Monitor Reachability) . . . . . . . . . . . . . . . . . . . . . . . . . . . 2111
hops (Monitor Reachability Probe Transmitter) . . . . . . . . . . . . . . . . . . . . 2112
ip protocol (Monitor Reachability Probe Transmitter) . . . . . . . . . . . . . . . 2113
monitor reachability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2114
preserve streams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2115
probe receiver max-streams. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2116
probe transmitter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2117
show monitor reachability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2118
show monitor reachability egress-streams . . . . . . . . . . . . . . . . . . . . . . . . . 2119
show monitor reachability ingress-streams . . . . . . . . . . . . . . . . . . . . . . . . 2120
show monitor reachability interface-ttl-statistics. . . . . . . . . . . . . . . . . . . . 2121
show monitor reachability probe-statistics . . . . . . . . . . . . . . . . . . . . . . . . . 2122
show monitor reachability probe-transmitter . . . . . . . . . . . . . . . . . . . . . . 2123
shutdown (Monitor Reachability) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2124
shutdown (Monitor Reachability Probe Transmitter). . . . . . . . . . . . . . . . 2125
source interface (Monitor Reachability Probe Transmitter). . . . . . . . . . . 2126
source port (Monitor Reachability Probe Transmitter). . . . . . . . . . . . . . . 2127
User Manual: Version 4.15.2F
clear monitor hadoop burst-counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2141
clear monitor hadoop job-history. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2142
cluster (Monitor Hadoop) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2143
description (Monitor Hadoop Cluster) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2144
interval (Monitor Hadoop Cluster) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2145
jobtracker (Monitor Hadoop Cluster) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2146
monitor hadoop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2148
show monitor hadoop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2149
show monitor hadoop cluster all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2150
show monitor hadoop cluster counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 2151
show monitor hadoop cluster history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2152
show monitor hadoop cluster history jobs . . . . . . . . . . . . . . . . . . . . . . . . . 2153
show monitor hadoop cluster jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2154
show monitor hadoop cluster jobs <job number> . . . . . . . . . . . . . . . . . 2155
show monitor hadoop cluster jobs counter . . . . . . . . . . . . . . . . . . . . . . . . 2156
show monitor hadoop cluster status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2157
show monitor hadoop cluster tasktracker . . . . . . . . . . . . . . . . . . . . . . . . . 2158
show monitor hadoop counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2159
show monitor hadoop history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2160
show monitor hadoop status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2161
29 September 2015
39
Command Reference
show monitor hadoop tasktracker all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2162
show monitor hadoop tasktracker all counters . . . . . . . . . . . . . . . . . . . . . 2163
show monitor hadoop tasktracker counters. . . . . . . . . . . . . . . . . . . . . . . . 2164
show monitor hadoop tasktracker jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2166
show monitor hadoop tasktracker running-tasks . . . . . . . . . . . . . . . . . . . 2168
show monitor hadoop tasktracker running-tasks cluster job task . . . . . 2171
show monitor hadoop tasktracker status . . . . . . . . . . . . . . . . . . . . . . . . . . 2173
show monitor hadoop traffic burst . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2176
shutdown (Monitor-Hadoop) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2179
shutdown (Monitor Hadoop Cluster) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2180
tasktracker (Monitor Hadoop Cluster) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2181
40
Chapter 43
sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2183
Chapter 44
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2201
clear sflow counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2189
platform petraA buffers mini-multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . . 2190
sflow destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2191
sflow enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2192
sflow polling-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2193
sflow run. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2194
sflow sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2195
sflow source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2196
sflow source-interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2197
show sflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2198
show sflow interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2200
bind interface (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2213
bind mode (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2214
bind vlan (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2215
clear openflow statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2216
controller (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2217
default-action (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2218
description (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2219
keepalive (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2220
openflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2221
profile (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2222
routing recirculation-interface (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . 2223
routing vlan (OpenFlow). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2224
shell-command allowed (OpenFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2225
show openflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2226
show openflow flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2227
show openflow ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2228
show openflow profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2229
show openflow queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2231
show openflow statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2232
shutdown (Openflow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2233
29 September 2015
User Manual: Version 4.15.2F
Command Reference
Chapter 45
DirectFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2235
User Manual: Version 4.15.2F
action drop (DirectFlow-flow mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2241
action mirror (DirectFlow-flow mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2242
action output (DirectFlow-flow mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2243
action set (DirectFlow-flow mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2244
directflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2245
flow (DirectFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2246
match (DirectFlow-flow mode). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2247
priority (DirectFlow-flow mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2249
show directflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2250
show directflow flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2251
shutdown (DirectFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2252
timeout (DirectFlow-flow mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2253
29 September 2015
41
Command Reference
42
29 September 2015
User Manual: Version 4.15.2F
Chapter 1
Overview
Arista Networks features switches with high density, non-blocking Ethernet ports that are controlled
through an extensible, Linux-based, modular network operating system. The intended audience for this
manual is network administrators who configure Arista switches. A working knowledge of network
administration is assumed.
Switch Platforms
A list of Arista switches and detailed information about each is available online here:
http://www.arista.com/en/products/switches
Recently released switches may not appear in the list, but can be found in the most recent Release Notes
(found under Active Releases here: https://www.arista.com/en/support/software-download).
Supported Features
For the complete supported features list in the latest EOS release, see
http://www.arista.com/support/supported-features.
For details on a specific release, please see the Release Notes (found under Active Releases here:
https://www.arista.com/en/support/software-download).
User Manual: Version 4.15.2F
29 September 2015
43
Chapter 1 Overview
44
29 September 2015
User Manual: Version 4.15.2F
Chapter 2
Initial Configuration and Recovery
This chapter describes initial configuration and recovery tasks. Subsequent chapters provide details
about features introduced in this chapter.
This chapter contains these sections:
•
•
•
•
2.1
Section 2.1: Initial Switch Access
Section 2.2: Connection Management
Section 2.3: Recovery Procedures
Section 2.4: Session Management Commands
Initial Switch Access
Arista Network switches provide two initial configuration methods:
2.1.1
•
Zero Touch Provisioning configures the switch without user interaction (Section 2.1.1).
•
Manual provisioning configures the switch through commands entered by a user through the CLI
(Section 2.1.2).
Zero Touch Provisioning
Zero Touch Provisioning (ZTP) configures a switch without user intervention by downloading a startup
configuration file (startup-config) or a boot script from a location specified by a DHCP server. Section
6.4.4 describes network tasks required to set up ZTP.
The switch enters ZTP mode when it boots if flash memory does not contain a file named
“startup-config.” It remains in ZTP mode until a user cancels ZTP mode or until the switch retrieves a
startup-config or a boot script. After downloading a file through ZTP, the switch reboots again, using the
retrieved file.
Security Considerations
The ZTP process cannot distinguish an approved DHCP server from a rogue DHCP server. For secure
provisioning, you must ensure that only approved DHCP servers are able to communicate with the
switch until after the ZTP process is complete. Arista also recommends validating the EOS image on
your ZTP server by confirming that its MD5 checksum matches the MD5 checksum that can be found
on the EOS download page of the Arista website. On a UNIX server, the md5sum command calculates
this checksum:
% md5sum EOS.swi
3bac45b96bc820eb1d10c9ee33108a25
User Manual: Version 4.15.2F
EOS.swi
29 September 2015
45
Initial Switch Access
Chapter 2 Initial Configuration and Recovery
To provision the switch through Zero Touch Provisioning:
Step 1 Mount the switch in its permanent location.
Step 2 Connect at least one management or Ethernet port to a network that can access the DHCP
server and configuration file.
Step 3 Provide power to the switch.
ZTP provisioning progress can be monitored through the console port. Section 2.1.2.1 provides
information for setting up the console port. Section 2.1.2.2 provides information for monitoring ZTP
progress and cancelling ZTP mode.
2.1.2
Manual Provisioning
Initial manual switch provisioning requires the cancellation of ZTP mode, the assignment of an IP
address to a network port, and the establishment of an IP route to a gateway. Initial provision is
performed through the serial console and Ethernet management ports.
•
The console port is used for serial access to the switch. These conditions may require serial access:
— management ports are not assigned IP addresses
— the network is inoperable
— the enable password is not available
•
2.1.2.1
The Ethernet management ports are used for out of band network management tasks. Before using
a management port for the first time, an IP address must be assigned to that port.
Console Port
The console port is a serial port located on the front of the switch. Figure 2-1 shows the console port on
the DCS-7050T-64 switch. Use a serial or RS-232 cable to connect to the console port. The accessory kit
also includes an RJ-45 to DB-9 adapter cable for connecting the switch.
Figure 2-1
Switch Ports
Port Settings
Use these settings when connecting to the console port:
•
•
•
•
•
46
9600 baud
no flow control
1 stop bit
no parity bits
8 data bits
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Initial Switch Access
Admin Username
The initial configuration provides one username, admin, that is not assigned a password. When using
the admin username without a password, you can only log into the switch through the console port.
After a password is assigned to the admin username, it can log into the switch through any port.
The username command assigns a password to the specified username.
Example
• This command assigns the password pxq123 to the admin username:
switch(config)#username admin secret pxq123
switch(config)#
New and altered passwords that are not saved to the startup configuration file, as described in Section
3.5.4: Saving the Running Configuration Settings, are lost when the switch is rebooted.
2.1.2.2
Cancelling Zero Touch Provisioning
Zero Touch Provisioning (ZTP) installs a startup-config file from a network location if flash memory does
not contain a startup-config when the switch reboots. Cancelling ZTP is required if the switch cannot
download a startup-config or boot script file.
When the switch boots without a startup-config file, it displays the following message through the
console port:
No startup-config was found.
The device is in Zero Touch Provisioning mode and is attempting to
download the startup-config from a remote system. The device will not
be fully functional until either a valid startup-config is downloaded
from a remote system or Zero Touch Provisioning is cancelled. To cancel
Zero Touch Provisioning, login as admin and type 'zerotouch cancel'
at the CLI.
localhost login:
User Manual: Version 4.15.2F
29 September 2015
47
Initial Switch Access
Chapter 2 Initial Configuration and Recovery
To cancel ZTP mode, log into the switch with the admin password, then enter the zerotouch cancel
command. The switch immediately boots without installing a startup-config file.
localhost login: admin
admin
localhost>Apr 15 21:28:21 localhost ZeroTouch: %ZTP-5-DHCP_QUERY: Sending DHCP request
on [ Ethernet10, Ethernet13, Ethernet14, Ethernet17, Ethernet18, Ethernet21,
E-thernet22, Ethernet23, Ethernet24, Ethernet7, Ethernet8, Ethernet9, Management1,
Management2 ]
Apr 15 21:28:51 localhost ZeroTouch: %ZTP-5-DHCP_QUERY_FAIL: Failed to get a valid DHCP
response
Apr 15 21:28:51 localhost ZeroTouch: %ZTP-5-RETRY: Retrying Zero Touch Provisioning
from the beginning (attempt 1)
Apr 15 21:29:22 localhost ZeroTouch: %ZTP-5-DHCP_QUERY: Sending DHCP request on [
Ethernet10, Ethernet13, Ethernet14, Ethernet17, Ethernet18, Ethernet21, Ethernet22,
Ethernet23, Ethernet24, Ethernet7, Ethernet8, Ethernet9, Management1, Management2 ]
localhost>zerotouch cancel
zerotouch cancel
localhost>Apr 15 21:29:39 localhost ZeroTouch: %ZTP-5-CANCEL: Cancelling Zero Touch
Provisioning
Apr 15 21:29:39 localhost ZeroTouch: %ZTP-5-RELOAD: Rebooting the system
Broadcast messagStopping sshd: [ OK ]
watchdog is not running
SysRq : Remount R/O
Restarting system
ø
Aboot 1.9.0-52504.EOS2.0
Press Control-C now to enter Aboot shell
Section 6.4.1 lists the remaining messages that the switch displays before providing a logon prompt. To
avoid entering ZTP mode on subsequent reboots, create a startup-config file as described by step 8 of
Section 2.1.2.3.
2.1.2.3
Ethernet Management Port
Arista switches provide one or more Ethernet management ports for configuring the switch and
managing the network out of band. Figure 2-1 shows the location of the Ethernet management ports on
a DCS-7050T-64 switch. Only one port is required to manage the switch.
You can access the Ethernet management port(s) remotely over a common network or locally through
a directly connected PC. Before you can access the switch through a remote connection, an IP address
and a static route to the default gateway are required. On a modular switch with dual supervisors, a
virtual IP address can also be configured to access the management port on whichever supervisor is
active.
Assigning a Virtual IP Address to Access the Active Ethernet Management Port
On modular switches with dual supervisors, this procedure assigns a virtual IP address which will
connect to the Ethernet management port of the active supervisor. (To assign a physical IP address to an
individual Ethernet management port, see Assigning an IP Address to a Specific Ethernet Management
Port below.)
Step 1 Connect a PC or terminal server to the console port.
Use the settings listed in Section 2.1.2.1 under Port Settings.
48
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Initial Switch Access
Step 2 Type admin at the login prompt to log into the switch. Initial login through the console port
does not require a password.
Arista EOS
switch login:admin
Last login: Fri Apr 9 14:22:18 on Console
switch>
Step 3 Type enable at the command prompt to enter Privileged EXEC mode. See Section 3.4.1: Mode
Types for information about Privileged EXEC mode.
switch>enable
switch#
Step 4 Type configure terminal (or config) to enter global configuration mode. See Section 3.4.1: Mode
Types for information about global configuration mode.
switch#configure terminal
switch(config)#
Step 5 Type interface management 0 to enter interface configuration mode for the virtual interface
which accesses management port 1 on the currently active supervisor.
switch(config)#interface management 0
switch(config-if-Ma0)#
Step 6 Type ip address, followed by the desired address, to assign a virtual IP address for access to the
active management port.
This command assigns IP address 10.0.2.5 to management port 0.
switch(config-if-Ma0)#ip address 10.0.2.5/24
Step 7 Type end at both the interface configuration and global configuration prompts to return to
Privileged EXEC mode.
switch(config-if-Ma0)#end
switch(config)#end
switch#
Step 8 Type write (or copy running-config startup-config) to save the new configuration to the
startup-config file. See Section 3.5.4: Saving the Running Configuration Settings.
switch# write
switch#
Assigning an IP Address to a Specific Ethernet Management Port
This procedure assigns an IP address to a specific Ethernet management port:
Step 1 Connect a PC or terminal server to the console port.
Use the settings listed in Section 2.1.2.1 under Port Settings.
Step 2 Type admin at the login prompt to log into the switch. The initial login does not require a
password.
Arista EOS
switch login:admin
Last login: Fri Apr 9 14:22:18 on Console
switch>
User Manual: Version 4.15.2F
29 September 2015
49
Initial Switch Access
Chapter 2 Initial Configuration and Recovery
Step 3 Type enable at the command prompt to enter Privileged EXEC mode. See Section 3.4.1: Mode
Types for information about Privileged EXEC mode.
switch>enable
switch#
Step 4 Type configure terminal (or config) to enter global configuration mode. See Section 3.4.1: Mode
Types for information about global configuration mode.
switch#configure terminal
Step 5 Type interface management 1 to enter interface configuration mode.
Any available management port can be used in place of management port 1.
switch(config)#interface management 1
switch(config-if-Ma1)#
Step 6 Type ip address, followed by the desired address, to assign an IP address to the port.
This command assigns the IP address 10.0.2.8 to management 1 port.
switch(config-if-Ma1)#ip address 10.0.2.8/24
Step 7 Type end at both the interface configuration and global configuration prompts to return to
Privileged EXEC mode.
switch(config-if-Ma1)#end
switch(config)#end
Step 8 Type write (or copy running-config startup-config) to save the new configuration to the
startup-config file. See Section 3.5.4: Saving the Running Configuration Settings.
switch# write
Configuring a Default Route to the Gateway
This procedure configures a default route to a gateway located at 10.0.2.1.
Step 1 Enter global configuration mode.
switch>enable
switch#configure terminal
Step 2 Create a static route to the gateway with the IP route command.
switch(config)#ip route 0.0.0.0/0 10.0.2.1
Step 3 Save the new configuration.
switch#write
switch#
50
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
2.2
Connection Management
Connection Management
The switch supports three connection methods:
•
•
•
console
SSH
Telnet
The switch always enables console and SSH. Telnet is disabled by default.
Management commands place the switch in a configuration mode for changing session connection
parameters.
Examples
• The management console command places the switch in console management mode:
switch(config)#management console
switch(config-mgmt-console)#
•
The management ssh command places the switch in SSH management mode:
switch(config)#management ssh
switch(config-mgmt-ssh)#
•
The management telnet command places the switch in Telnet management mode:
switch(config)#management telnet
switch(config-mgmt-telnet)#
•
The exit command returns the switch to global configuration mode.
switch(config-mgmt-ssh)#exit
switch(config)#
The idle-timeout commands shown below configure the idle timeout period for the connection type
being configured. The idle timeout is the interval that the connection waits after a user’s most recent
command before shutting down the connection. Automatic connection timeout is disabled by setting
the idle-timeout to zero, which is the default setting.
Examples
• This idle-timeout (SSH Management) command configures an ssh idle-timeout period of three
hours.
switch(config)#management ssh
switch(config-mgmt-ssh)#idle-timeout 180
•
This idle-timeout (Telnet Management) command disables automatic connection timeout for telnet
connections.
switch(config)#management telnet
switch(config-mgmt-telnet)#idle-timeout 0
The shutdown (Telnet Management) command enables and disables Telnet connections.
Examples
• These commands enable Telnet.
switch(config)#management telnet
switch(config-mgmt-telnet)#no shutdown
•
These commands disable Telnet.
switch(config)#management telnet
switch(config-mgmt-telnet)#shutdown
User Manual: Version 4.15.2F
29 September 2015
51
Recovery Procedures
2.3
Chapter 2 Initial Configuration and Recovery
Recovery Procedures
These sections describe switch recovery procedures:
•
•
•
•
Section 2.3.1: Removing the Enable Password from the Startup Configuration
Section 2.3.2: Reverting the Switch to the Factory Default Startup Configuration
Section 2.3.3: Restoring the Factory Default EOS Image and Startup Configuration
Section 2.3.4: Restoring the Configuration and Image from a USB Flash Drive
The first three procedures require Aboot Shell access through the console port. If the console port is not
accessible, use the last procedure in the list to replace the configuration file through the USB Flash Drive.
Chapter 6, starting on page 339 describes the switch booting process and includes descriptions of the
Aboot shell, Aboot boot loader, and required configuration files.
2.3.1
Removing the Enable Password from the Startup Configuration
The enable password controls access to Privileged EXEC mode. To prevent unauthorized disclosure, the
switch stores the enable password as an encrypted string that it generates from the clear-text password.
When the switch authentication mode is local and an enable password is configured, the CLI prompts
the user to enter the clear-text password after the user types enable at the EXEC prompt.
The startup-config file stores the encrypted enable password to ensure that the switch loads it when
rebooting. If the text version of the enable password is lost or forgotten, access to enable mode is
restored by removing the encrypted enable password from the startup configuration file.
This procedure restores access to enable mode without changing any other configuration settings.
Step 1 Access the Aboot shell:
Step a Power cycle the switch by successively removing and restoring access to its power source.
Step b Type Ctrl-C when prompted, early in the boot process.
Step c Enter the Aboot password, if prompted.
If the Aboot password is unknown, refer to Section 2.3.3: Restoring the Factory Default EOS
Image and Startup Configuration for instructions on reverting all flash directory contents
to the factory default, including the startup configuration and EOS image.
Step 2 Change the active directory to /mnt/flash directory.
Aboot#cd /mnt/flash
Step 3 Open the startup-config file in vi.
Aboot#vi startup-config
Step 4 Remove the enable password line.
This is an example of an enable password line:
enable secret 5 $1$dBXo2KpF$Pd4XYLpI0ap1ZaU7glG1w/
Step 5 Save the changes and exit vi.
Step 6 Exit Aboot. This boots the switch.
Aboot#exit
Refer to Section 4.2.1.4: Enable Command Authorization for information on the enable password.
52
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
2.3.2
Recovery Procedures
Reverting the Switch to the Factory Default Startup Configuration
The startup-config file contains configuration parameters that the switch uses during a boot. Parameters
that do not appear in startup-config are set to their factory defaults when the switch reloads. The process
requires the Aboot password if Aboot is password protected.
This procedure reverts EOS configuration settings to the default state through bypassing the
startup-config file during a switch boot.
Step 1 Access the Aboot shell through the console port:
Step a Type reload at the Privileged EXEC prompt.
Step b Type Ctrl-C when prompted, early in the boot process.
Step c Enter the Aboot password, if prompted.
If the Aboot password is unknown, refer to Section 2.3.3: Restoring the Factory Default EOS
Image and Startup Configuration for instructions on reverting all flash directory contents
to the factory default, including startup-config and EOS image.
Step 2 Change the active directory to /mnt/flash directory.
Aboot#cd /mnt/flash
Step 3 Rename the startup configuration file.
Aboot#mv startup-config startup-config.old
Step 4 Exit Aboot. This boots the switch
Aboot#exit
Step 5 Cancel Zero Touch Provisioning (ZTP). Refer to Section 2.1.2.2: Cancelling Zero Touch
Provisioning for instructions.
If ZTP is not cancelled, the switch either:
•
•
boots, using the startup-config file or boot script that it obtains from the network, or
remains in ZTP mode if the switch is unable to download a startup-config file or boot script.
Step 6 Configure the admin and enable passwords.
Refer to Section 4.2.1: Local Security File for information about creating usernames and
passwords.
switch>enable
switch#configure terminal
switch(config)#enable secret xyz1
switch(config)#username admin secret abc41
Step 7 Save the new running-config to the startup configuration file.
switch#write
Step 8 (Optional) Delete the old startup configuration file.
switch#delete startup-config.old
After ZTP is cancelled, the switch reboots, using the factory default settings. To avoid entering
ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.
User Manual: Version 4.15.2F
29 September 2015
53
Recovery Procedures
2.3.3
Chapter 2 Initial Configuration and Recovery
Restoring the Factory Default EOS Image and Startup Configuration
A fullrecover command removes all internal flash contents (including configuration files, EOS image
files, and user files), then restores the factory default EOS image and startup-config. A subsequent
installation of the current EOS image may be required if the default image is outdated. This process
requires Aboot shell access through the console port.
This procedure restores the factory default EOS image and startup configuration.
Step 1 Access the Aboot shell through the console port:
Step a Type reload at the Privileged EXEC prompt.
Step b Type Ctrl-C when prompted, early in the boot process.
Step c Enter the Aboot password, if prompted.
If the Aboot password is not known, enter an empty password three times, after which the
CLI displays:
Type "fullrecover" and press Enter to revert /mnt/flash to factory default
state, or just press Enter to reboot:
Type fullrecover and go to step 4.
Step 2 Type fullrecover at the Aboot prompt.
Aboot#fullrecover
Aboot displays this warning:
All data on /mnt/flash will be erased; type "yes" and press Enter to proceed,
or just press Enter to cancel:
Step 3 Type yes and press Enter.
The switch performs these actions:
•
•
•
erases the contents of /mnt/flash
writes new boot-config, startup-config, and EOS.swi files to /mnt/flash
returns to the Aboot prompt
Step 4 Exit Aboot. This boots the switch.
Aboot#exit
The serial console settings are restored to their default values (9600/N/8/1/N).
Step 5 Reconfigure the console port if non-default settings are required.
Step 6 Cancel Zero Touch Provisioning (ZTP). Refer to Section 2.1.2.2: Cancelling Zero Touch
Provisioning for instructions.
If ZTP is not cancelled, the switch either:
•
•
boots, using the startup-config file or boot script that it obtains from the network, or
remains in ZTP mode if the switch is unable to download a startup-config file or boot script.
After ZTP is cancelled, the switch reboots, using the factory default settings. To avoid entering
ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.
54
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
2.3.4
Recovery Procedures
Restoring the Configuration and Image from a USB Flash Drive
The USB flash drive port can be used to restore an original configuration when you cannot establish a
connection to the console port. This process removes the contents of the internal flash drive, restores
the factory default configuration, and installs a new EOS image from the USB flash drive.
This procedure restores the factory default configuration and installs an EOS image stored on a USB
flash drive.
Step 1 Prepare the USB flash drive:
Step a Verify the drive is formatted with MS-DOS or FAT file system.
Most USB drives are pre-formatted with a compatible file system.
Step b Create a text file named fullrecover on the USB flash drive.
The filename does not have an extension. The file may be empty.
Step c Create a text file named boot-config.
The last modified timestamp of the boot-config file on the USB flash must differ from the
timestamp of the boot-config file on the switch.
Step d Enter this line in the new boot-config file on the USB flash:
SWI=flash:EOS.swi
Step e Copy an EOS image file to the flash drive. Rename it EOS.swi if it has a different file name.
For best results, the flash drive should contain only these three files, because the procedure
copies all files and directories on the USB flash drive to the switch.
•
•
•
fullrecover
boot-config
EOS.swi
Step 2 Insert the USB flash drive into the USB flash port on the switch, as shown in Figure 2-1.
Step 3 Connect a terminal to the console port and configure it with the default terminal settings
(9600/N/8/1) to monitor progress messages on the console.
Step 4 Power up or reload the switch.
The switch erases internal flash contents and copies the files from the USB flash drive to internal
flash. The switch then boots automatically.
Step 5 Cancel Zero Touch Provisioning (ZTP). Refer to Section 2.1.2.2: Cancelling Zero Touch
Provisioning for instructions.
If ZTP is not cancelled, the switch either:
•
•
boots, using the startup-config file or boot script that it obtains from the network, or
remains in ZTP mode if the switch is unable to download a startup-config file or boot script.
After ZTP is cancelled, the switch reboots using the factory default settings. To avoid entering
ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.
User Manual: Version 4.15.2F
29 September 2015
55
Session Management Commands
2.4
56
Chapter 2 Initial Configuration and Recovery
Session Management Commands
Global Configuration Commands
• management api http-commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• management console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• management ssh. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• management telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• management xmpp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 61
Page 62
Page 63
Page 64
Page 65
Management Configuration Commands
• domain (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• idle-timeout (Console Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• idle-timeout (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• idle-timeout (Telnet Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• protocol http (API Management). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• protocol https (API Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• protocol https certificate (API Management). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• server (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• session privilege (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• shutdown (API Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• shutdown (Telnet Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• shutdown (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• switch-group (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• username (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• vrf (API Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• vrf (XMPP Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• xmpp send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• xmpp session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 57
Page 58
Page 59
Page 60
Page 66
Page 67
Page 68
Page 69
Page 70
Page 75
Page 76
Page 77
Page 78
Page 79
Page 80
Page 81
Page 82
Page 83
Display Commands
• show inventory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show xmpp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show xmpp status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show xmpp switch-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 71
Page 72
Page 73
Page 74
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
domain (XMPP Management)
The domain command configures the switch’s XMPP domain name. Only messages using a domain
matching the locally configured one are accepted by the XMPP client. The switch's domain name is used
if none is specified.
Management over XMPP is disabled by default. To enable it, you must provide the location of the server
along with the domain, username and password for the switch.
Artista recommends configureing the XMPP domain before the username, because it will provide
shortcuts for the switch-group and username so they can be configured without the domain attached
to it (eg. USERNAME instead of USERNAME@DOMAIN).
The no domain and default domain commands delete the domain name by removing the domain
command from running-config.
all
Command Mode
Mgmt-xmpp Configuration
Command Syntax
domain string
no domain
default domain
Parameters
•
string
domain name (text string)
Example
•
This command configures test.aristanetworks.com as the switch’s domain name.
switch(config)#management xmpp
test1(config-mgmt-xmpp)#server arista-xmpp
test1(config-mgmt-xmpp)#domain test.aristanetworks.com
test1(config-mgmt-xmpp)#username test1@test.aristanetworks.com password 0 arista
test1(config-mgmt-xmpp)#no shutdown
•
This command removes the domain name from the XMPP configuration.
switch(config-mgmt-xmpp)#no domain
switch(config-mgmt-xmpp)#
User Manual: Version 4.15.2F
29 September 2015
57
Session Management Commands
Chapter 2 Initial Configuration and Recovery
idle-timeout (Console Management)
The idle-timeout (Console Management) command configures the idle timeout period for console
connection sessions. The idle timeout is the interval that the connection waits after a user’s most recent
command before shutting down the connection. Automatic connection timeout is disabled by setting
the idle-timeout to zero, which is the default setting.
The no idle-timeout and default idle-timeout commands disables the automatic connection timeout by
removing the idle-timeout statement from running-config.
all
Command Mode
Mgmt-console
Command Syntax
idle-timeout idle_period
no idle-timeout
default idle-timeout
Parameters
•
idle_period
session idle timeout length. Options include:
— 0 Automatic connection timeout is disabled
— <1 to 86400> Automatic timeout period (minutes).
Example
•
These commands configure a console idle-timeout period of three hours, then return the switch to
global configuration mode.
switch(config)#management console
switch(config-mgmt-console)#idle-timeout 180
switch(config-mgmt-console)#exit
switch(config)#
•
These commands disable automatic connection timeout.
switch(config)#management console
switch(config-mgmt-console)#idle-timeout 0
switch(config-mgmt-console)#
58
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
idle-timeout (SSH Management)
The idle-timeout (SSH Management) command configures the idle timeout period for SSH connection
sessions. The idle timeout is the interval that the connection waits after a user’s most recent command
before shutting down the connection. Automatic connection timeout is disabled by setting the
idle-timeout to zero, which is the default setting.
The no idle-timeout and default idle-timeout commands disables the automatic connection timeout by
removing the idle-timeout statement from running-config.
all
Command Mode
Mgmt-ssh Configuration
Command Syntax
idle-timeout idle_period
no idle-timeout
default idle-timeout
Parameters
•
idle_period
session idle timeout length. Options include:
— 0 Automatic connection timeout is disabled
— <1 to 86400> Automatic timeout period (minutes).
Example
•
These commands configure an ssh idle-timeout period of three hours, then return the switch to
global configuration mode.
switch(config)#management ssh
switch(config-mgmt-ssh)#idle-timeout 180
switch(config-mgmt-ssh)#exit
switch(config)#
•
These commands disable automatic connection timeout.
switch(config)#management ssh
switch(config-mgmt-ssh)#idle-timeout 0
switch(config-mgmt-ssh)#
User Manual: Version 4.15.2F
29 September 2015
59
Session Management Commands
Chapter 2 Initial Configuration and Recovery
idle-timeout (Telnet Management)
The idle-timeout (Telnet Management) command configures the idle timeout period for Telnet
connection sessions. The idle timeout is the interval that the connection waits after a user’s most recent
command before shutting down the connection. Automatic connection timeout is disabled by setting
the idle-timeout to zero, which is the default setting.
The no idle-timeout and default idle-timeout commands disables the automatic connection timeout by
removing the idle-timeout statement from running-config.
all
Command Mode
Mgmt-telnet
Command Syntax
idle-timeout idle_period
no idle-timeout
default idle-timeout
Parameters
•
idle_period
session idle timeout length. Options include:
— 0 Automatic connection timeout is disabled
— <1 to 86400> Automatic timeout period (minutes).
Example
•
These commands configure a telnet idle-timeout period of three hours, then return the switch to
global configuration mode.
switch(config)#management telnet
switch(config-mgmt-telnet)#idle-timeout 180
switch(config-mgmt-telnet)#exit
switch(config)#
•
These commands disable automatic connection timeout.
switch(config)#management telnet
switch(config-mgmt-telnet)#idle-timeout 0
switch(config-mgmt-telnet)#
60
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
management api http-commands
The management api http-commands command places the switch in mgmt-api-http-cmds
configuration mode.
The no management api http-commands and default management api http-commands commands
delete mgmt-api-http-command configuration mode statements from running-config.
Mgmt-api-http-cmds configuration mode is not a group change mode; running-config is changed
immediately upon entering commands. Exiting mgmt-api-http-cmds configuration mode does not
affect running-config. The exit command returns the switch to global configuration mode.
all
Command Mode
Global Configuration
Command Syntax
management api http-commands
no management api http-commands
default management api http-commands
Commands Available in Mgmt-api-http-commands Configuration Mode
•
•
•
•
•
protocol http (API Management)
protocol https (API Management)
protocol https certificate (API Management)
shutdown (API Management)
vrf (API Management)
Example
•
This command places the switch in mgmt-api-http-cmds configuration mode.
switch(config)#management api http-commands
switch(config-mgmt-api-http-cmds)#
•
This command returns the switch to global management mode.
switch(config-mgmt-api-http-cmds)#exit
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
61
Session Management Commands
Chapter 2 Initial Configuration and Recovery
management console
The management console command places the switch in mgmt-console configuration mode to adjust
the idle timeout period for console connection sessions. The idle timeout period determines the
inactivity interval that terminates a connection session..
The no management console and default management console commands delete mgmt-console
configuration mode statements from running-config.
Mgmt-console configuration mode is not a group change mode; running-config is changed immediately
upon entering commands. Exiting mgmt-console configuration mode does not affect running-config.
The exit command returns the switch to global configuration mode.
all
Command Mode
Global Configuration
Command Syntax
management console
no management console
default management console
Commands Available in mgmt-console Configuration Mode
•
idle-timeout (Console Management)
Example
•
This command places the switch in mgmt-console configuration mode:
switch(config)#management console
switch(config-mgmt-console)#
•
This command returns the switch to global management mode:
switch(config-mgmt-console)#exit
switch(config)#
62
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
management ssh
The management ssh command places the switch in mgmt-ssh configuration mode to adjust SSH
session connection parameters.
The no management ssh and default management ssh commands delete the mgmt-ssh configuration
mode statements from running-config.
Mgmt-ssh configuration mode is not a group change mode; running-config is changed immediately
upon entering commands. Exiting mgmt-ssh configuration mode does not affect running-config. The
exit command returns the switch to global configuration mode.
all
Command Mode
Global Configuration
Command Syntax
management ssh
no management ssh
default management ssh
Commands Available in Mgmt-ssh Configuration Mode
•
•
•
•
•
•
•
•
•
•
•
•
•
authentication mode (Management-SSH)
cipher (Management-SSH)
fips restrictions (Management-SSH)
hostkey (Management-SSH)
idle-timeout (Management-SSH)
ip access group (Management-SSH)
ipv6 access group (Management-SSH)
key-exchange (Management-SSH)
login timeout (Management-SSH)
mac hmac (Management-SSH)
server-port (Management-SSH)
shutdown (Management-SSH)
vrf (Management-SSH)
Example
•
This command places the switch in mgmt-ssh configuration mode:
switch(config)#management ssh
switch(config-mgmt-ssh)#
•
This command returns the switch to global management mode:
switch(config-mgmt-ssh)#exit
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
63
Session Management Commands
Chapter 2 Initial Configuration and Recovery
management telnet
The management telnet command places the switch in mgmt-telnet configuration mode to adjust telnet
session connection parameters.
The no management telnet and default management telnet commands delete the mgmt-telnet
configuration mode statements from running-config.
Mgmt-telnet configuration mode is not a group change mode; running-config is changed immediately
upon entering commands. Exiting mgmt-telnet configuration mode does not affect running-config. The
exit command returns the switch to global configuration mode.
all
Command Mode
Global Configuration
Command Syntax
management telnet
no management telnet
default management telnet
Commands Available in mgmt-telnet Configuration Mode
•
•
•
•
•
idle-timeout (Management-Telnet)
ip access group (Management-Telnet)
ipv6 access group (Management-Telnet)
shutdown (Management-Telnet)
vrf (Management-Telnet)
Example
•
This command places the switch in mgmt-telnet configuration mode:
switch(config)#management telnet
switch(config-mgmt-telnet)#
•
This command returns the switch to global management mode:
switch(config-mgmt-telnet)#exit
switch(config)#
64
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
management xmpp
The management xmpp command places the switch in mgmt-xmpp configuration mode. Management
over XMPP is disabled by default. To enable XMPP, you must provide the location of the XMPP server
along with the username and password for the switch.
The no management xmpp and default management xmpp commands delete the mgmt-xmpp
configuration mode statements from running-config.
Mgmt-xmpp configuration mode is not a group change mode; running-config is changed immediately
upon entering commands. Exiting mgmt-xmpp configuration mode does not affect running-config. The
exit command returns the switch to global configuration mode.
all
Command Mode
Global Configuration
Command Syntax
management xmpp
no management xmpp
default management xmpp
Commands Available in Mgmt-xmpp Configuration Mode
•
•
•
•
•
•
•
domain (Management-xmpp)
server (Management-xmpp)
session (Management-xmpp)
shutdown (Management-xmpp)
switch-group (Management-xmpp)
username (Management-xmpp)
vrf (Management-xmpp)
Example
•
This command places the switch in mgmt-xmpp configuration mode:
switch(config)#management xmpp
switch(config-mgmt-xmpp)#
•
This command returns the switch to global management mode:
switch(config-mgmt-xmpp)#exit
switch(config-mgmt-xmpp)#
User Manual: Version 4.15.2F
29 September 2015
65
Session Management Commands
Chapter 2 Initial Configuration and Recovery
protocol http (API Management)
The protocol http command enables the hypertext transfer protocol (HTTP) server.
You can only have HTTP or HTTPS enabled at one time. Trying to enable both simultaneously generates
this error message:
% Cannot enable HTTP and HTTPS simultaneously
The no protocol http and default protocol http commands disable the HTTP server by removing the
protocol http statement from running-config.
all
Command Mode
Mgmt-API Configuration
Command Syntax
protocol http [TCP_PORT]
no protocol http
default protocol http
Parameters
•
TCP_PORT Port number to be used for the HTTP server. Options include:
— <no parameter> Specifies default port number 80.
— port <1 to 65535> Specifies HTTP server port number. Value ranges from 1 to 65535.
Related Commands
•
management api http-commands places the switch in Management-api configuration mode.
Examples
•
These commands enables the management API for the HTTP server.
switch(config)#management api http-commands
switch(config-mgmt-api-http-cmds)#
66
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
protocol https (API Management)
The protocol https command enables the HTTP secure server. The HTTP secure server is active by
default.
You can only have HTTP or HTTPS enabled at one time, if you try to enable them both you will recieve
the error message:
% Cannot enable HTTP and HTTPS simultaneously
The default protocol https command restores the default setting by removing the no protocol https
statement from running-config. The no protocol https command disables the HTTP secure server.
all
Command Mode
Mgmt-API Configuration
Command Syntax
protocol https [TCP_PORT]
no protocol https
default protocol https
Parameters
•
TCP_PORT Port number to be used for the HTTPS server. Options include:
— <no parameter> Specifies default port number 443.
— port <1 to 65535> Specifies HTTP server port number. Value ranges from 1 to 65535.
Related Commands
•
management api http-commands places the switch in Management-api configuration mode.
Examples
•
These commands enables service to the HTTP server. The no shutdown command allows access to
the service.
switch(config)#management api http-commands
switch(config-mgmt-api-http-cmds)#protocol https
switch(config-mgmt-api-http-cmds)# no shutdown
•
These commands specifies the port number that should be used for the HTTPS server. The no
shutdown command allows access to the service.
switch(config)#management api http-commands
switch(config-mgmt-api-http-cmds)#protocol https port 52
switch(config-mgmt-api-http-cmds)#no shutdown
User Manual: Version 4.15.2F
29 September 2015
67
Session Management Commands
Chapter 2 Initial Configuration and Recovery
protocol https certificate (API Management)
The protocol https certificate command configures the HTTP secure server to request an X.509
certificate from the client. The client then authenticates the certificate with a public key.
The no protocol https certificate and default protocol https certificate commands restore default
behavior by removing the protocol https certificate statement from running-config.
all
Command Mode
Mgmt-API Configuration
Command Syntax
protocol https certificate
no protocol https certificate
default protocol https certificate
Related Commands
•
management api http-commands places the switch in Management-api configuration mode.
Examples
•
These commands configure the HTTP secure server to request an X.509 certificate from the client
for authentication.
switch(config)#management api http-commands
switch(config-mgmt-api-http-cmds)#protocol https certificate
switch(config-mgmt-api-http-cmds)#
68
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
server (XMPP Management)
The server command adds a XMPP server to running-config. Multiple XMPP servers can be set up for
redundancy. For redundant configurations, the XMPP server location should be a DNS name and not a
raw IP address. The DNS server is responsible for returning the list of available XMPP servers, which
the client can go through until an accessible server is found.
User authentication is provided by the XMPP server. Command authorization can be provided by EOS
local configuration or TACACS+. The XMPP server should use the same authentication source as the
switches. RADIUS is not supported as an XMPP authorization mechanism.
The no server and default server commands remove the specified XMPP server from running-config.
all
Command Mode
Mgmt-xmpp Configuration
Command Syntax
server SERVER_NAME [SERVER_PORT]
no server
default server
Parameters
•
SERVER_NAME
XMPP server location. Options include:
— IP address in dotted decimal notation.
— a host name for the XMPP server.
•
SERVER_PORT
Server port. Options include:
— port <1 to 65535>
port 5222 is used.
where number ranges from 1 to 65535. If no port is specified, the default
Examples
•
This command configures the server hostname arista-xmpp to server port 1.
switch(config)#management xmpp
switch(config-mgmt-xmpp)#server arista-xmpp port 1
•
This command removes the XMPP server.
switch(config-mgmt-xmpp)# no server
User Manual: Version 4.15.2F
29 September 2015
69
Session Management Commands
Chapter 2 Initial Configuration and Recovery
session privilege (XMPP Management)
The session privilege command will place the user in EXEC mode. The initial privilege level is
meaningless by default. However, with the configuration of roles, users can add meaning to the
different privilege levels. By default, XMPP does not limit access to any command.
Level 1-15: Commands accessible from EXEC Mode.
If AAA is not configured and the switch is configured to connect to the XMPP client, any message
received is executed with privilege level 1 by default.
The no session privilege and default session privilege commands revert the list contents to none for the
specified privilege levels.
all
Command Mode
Mgmt-xmpp Configuration
Command Syntax
session privilege PRIV_LEVEL
no session privilege
default session privilege
Parameters
•
PRIV_LEVEL
Privilege levels of the commands. Value ranges from 0 and 15.
Examples
•
These commands authorizes configuration commands (privilege level config 5) for XMPP.
switch(config)#(config)#management xmpp
switch(config-mgmt-xmpp)#session privilege 5
switch(config-mgmt-xmpp)#
•
This command removes the privilege levels set for the XMPP session.
switch(config)#management xmpp
switch(config-mgmt-xmpp)#no session privilege
70
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
show inventory
The show inventory command displays the hardware components installed in the switch. Serial
numbers and a description is also provided for each component.
all
Command Mode
EXEC
Command Syntax
show inventory
Examples
•
This command displays the hardware installed in a DCS-7150S-52 switch.
switch>show inventory
System information
Model
Description
------------------------ ---------------------------------------------------DCS-7150S-52-CL
52-port SFP+ 10GigE 1RU + Clock
HW Version Serial Number Mfg Date
----------- -------------- ---------02.00
JPE13120702
2013-03-27
System
Slot
---1
2
has 2 power supply slots
Model
Serial Number
---------------- ---------------PWR-460AC-F
K192KU00241CZ
PWR-460AC-F
K192L200751CZ
System has 4 fan modules
Module Number of Fans
------- --------------1
1
2
1
3
1
4
1
Model
---------------FAN-7000-F
FAN-7000-F
FAN-7000-F
FAN-7000-F
Serial Number
---------------N/A
N/A
N/A
N/A
System has 53 ports
Type
Count
---------------- ---Management
1
Switched
52
System has 52 transceiver slots
Port Manufacturer
Model
Serial Number
---- ---------------- ---------------- ---------------1
Arista Networks SFP-10G-SR
XCW1225FD753
2
Arista Networks SFP-10G-SR
XCW1225FD753
<-------OUTPUT OMITTED FROM EXAMPLE-------->
51
Arista Networks SFP-10G-SR
XCW1225FD753
52
Arista Networks SFP-10G-SR
XCW1225FD753
Rev
---0002
0002
0002
0002
switch>
User Manual: Version 4.15.2F
29 September 2015
71
Session Management Commands
Chapter 2 Initial Configuration and Recovery
show xmpp neighbors
The show xmpp neighbors command displays all neighbors and their connection status. The XMPP
server keeps track of all relationships between its users.
all
Command Mode
EXEC
Command Syntax
show xmpp neighbors
Example
•
This command displays all the XMPP neighbors and their connection status.
switch#show xmpp neighbors
Neighbor
-----------------------------admin@test.aristanetworks.com
test1@test.aristanetworks.com
Neighbor
-----------------------------admin@test.aristanetworks.com
test1@test.aristanetworks.com
switch#
72
State
Last Seen Login Time
--------------- ------------------------present
0:01:40 ago
present
20:29:39 ago
Status Message
---------------------------------------Arista Networks DCS-7048T-4S
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
show xmpp status
The show xmpp status command displays the current XMPP connection status to the server.
The XMPP server keeps track of all relationships between its users. In order for two users to directly
communicate, this relationship must first be established and confirmed by the other party.
Switches automatically confirm requests from outside parties as long as they are a user from the same
domain name, for example when you chat with your switch from your own XMPP chat client.
all
Command Mode
EXEC
Command Syntax
show xmpp status
Example
•
This command displays the current XMPP connection status to the server.
switch# show xmpp status
XMPP Server: port 5222
Client username: test@test.aristanetworks.com
Default domain: test.aristanetworks.com
Connection status: connected
switch#
User Manual: Version 4.15.2F
29 September 2015
73
Session Management Commands
Chapter 2 Initial Configuration and Recovery
show xmpp switch-group
The show xmpp switch-group command displays the configured and active switch groups for the
switch.
all
Command Mode
EXEC
Command Syntax
show xmpp switch-group
Example
•
This command displays the configured and active switch groups.
switch#show xmpp switch-group
testroom@conference.test.aristanetworks.com
switch#
74
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
shutdown (API Management)
The shutdown command, in Mgmt-API mode, disables or enables management over API on the switch.
API is disabled by default.
The no shutdown command, in Mgmt-API mode, re-enables the management API access.
The default shutdown command, in Mgmt-API mode, disables the management API access and
removes the command from the from running-config.
all
Command Mode
Mgmt-API Configuration
Command Syntax
shutdown
no shutdown
default shutdown
Related Commands
•
management api http-commands places the switch in Management-API configuration mode.
Example
•
These commands disables API access to the HTTP server.
switch(config)#management api http-commands
switch(config-mgmt-api-http-cmds)# shutdown
switch(config-mgmt-api-http-cmds)#
•
These commands enables API access to the HTTP server.
switch(config)#management api http-commands
switch(config-mgmt-api-http-cmds)# no shutdown
switch(config-mgmt-api-http-cmds)#
User Manual: Version 4.15.2F
29 September 2015
75
Session Management Commands
Chapter 2 Initial Configuration and Recovery
shutdown (Telnet Management)
The shutdown command, in management-telnet mode, disables or enables Telnet on the switch. Telnet
is disabled by default. The management telnet command places the switch in management-telnet
mode.
•
•
To enable Telnet, enter no shutdown at the management-telnet prompt.
To disable Telnet, enter shutdown at the management-telnet prompt.
all
Command Mode
Management-Telnet Configuration
Command Syntax
shutdown
no shutdown
Example
•
These commands enable Telnet, then return the switch to global configuration mode.
switch(config)#management telnet
switch(config-mgmt-telnet)#no shutdown
switch(config-mgmt-telnet)#exit
switch(config)#
•
This command disables Telnet.
switch(config-mgmt-telnet)#shutdown
76
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
shutdown (XMPP Management)
The shutdown command, in mgmt-xmpp mode, disables or enables management over XMPP on the
switch. XMPP is disabled by default.
The no shutdown and default shutdown commands re-enable XMPP by removing the shutdown
command from running-config.
all
Command Mode
Mgmt-xmpp Configuration
Command Syntax
shutdown
no shutdown
default shutdown
Example
•
These commands enable management over XMPP, then return the switch to global configuration
mode.
switch(config-mgmt-xmpp)#no shutdown
switch(config-mgmt-xmpp)#exit
switch(config)#
•
This command disables management over XMPP.
switch(config-mgmt-xmpp)#shutdown
switch(config-mgmt-xmpp)#
User Manual: Version 4.15.2F
29 September 2015
77
Session Management Commands
Chapter 2 Initial Configuration and Recovery
switch-group (XMPP Management)
The switch-group command allows you to configure each switch to join specified chat rooms on
startup. In order for the switch to participate in a chat group, the switch has to be configured to belong
to the specified chatroom.
The no username and default username commands delete the specified username by removing the
corresponding username statement from running-config.
all
Command Mode
Mgmt-xmpp Configuration
Command Syntax
switch-group name SECURITY
no switch-group
default switch-group
Parameters
•
name
Group name text that the user enters at the login prompt to access the CLI.
Valid usernames begin with A-Z, a-z, or 0-9 and may also contain any of these characters:
@
+
•
#
{
SECURITY
$
}
%
[
^
]
&
;
*
<
(
>
)
,
.
_
~
=
|
password assignment.
— password pwd_txt name is protected by specified password. pwd_txt is a clear-text string.
— password 0 pwd_txt name is protected by specified password. pwd_txt is a clear-text string.
— password 7 pwd_txt name is protected by specified password. pwd_txt is encrypted string.
Guidelines
•
A switch group is an arbitrary grouping of switches within the network which belong to one chat
group.
•
In order to belong to one or more switch groups, the switch has to be manually assigned to it.
•
Switch groups are defined dynamically based on the configuration of all of the switches in the
network.
•
As per the multi-user chat XMPP standard (XEP-0045), switch groups have a full name of
GROUPNAME@conference.DOMAIN
•
All CLI commands allow either the full group name or the short name, which are appended the
@conference.DOMAIN
•
If the switch belongs to multiple chat rooms, you must configure each group with a separate
command.
Examples
•
These commands configures the switch-group to be part of the chatroom.
switch(config)#management xmpp
switch(config-mgmt-xmpp)#switch-group testroom@conference.test.aristanetworks.com
password 0 arista
•
Use the show xmpp switch-group to verify the active switch-group for the switch.
switch# show xmpp switch-group
testroom@conference.test.aristanetworks.com
78
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
username (XMPP Management)
The username command configures the switch's username and password on the XMPP server.
The no username and default username commands delete the specified username by removing the
corresponding username statement from running-config.
all
Command Mode
Mgmt-xmpp Configuration
Command Syntax
username name SECURITY
no username
default username
Parameters
•
name
username text that defines the XMPP username and password.
Valid usernames begin with A-Z, a-z, or 0-9 and may also contain any of these characters:
@
+
•
#
{
SECURITY
$
}
%
[
^
]
&
;
*
<
(
>
)
,
.
_
~
=
|
password assignment.
— password pwd_txt name specifies and unencrypted shared key. pwd_txt is a clear-text string.
— password 0 pwd_txt name specifies and unencrypted key. pwd_txt is a clear-text string.
— password 7 pwd_txt name specifies a hidden key. pwd_txt is encrypted string.
—
Guidelines
Encrypted strings entered through this parameter are generated elsewhere. The password 7 option
(SECURITY) is typically used to enter a list of username-passwords from a script.
Examples
•
These commands create the username and assigns it a password. The password is entered in clear
text because the parameter is set to 0.
switch(config)#management xmpp
switch(config-mgmt-xmpp)#server arista-xmpp
switch(config-mgmt-xmpp)#domain test.aristanetworks.com
switch(config-mgmt-xmpp)#username test1@test.aristanetworks.com password 0 arista
switch(config-mgmt-xmpp)#no shutdown
•
This command removes all usernames from the XMPP server.
switch(config-mgmt-xmpp)#no username
switch(config-mgmt-xmpp)#
User Manual: Version 4.15.2F
29 September 2015
79
Session Management Commands
Chapter 2 Initial Configuration and Recovery
vrf (API Management)
The vrf command places the switch in VRF configuration mode for the server. If the named VRF does
not already exist, this command creates it.
all
Command Mode
Mgmt-API Configuration
Command Syntax
vrf VRF_INSTANCE
Parameters
•
VRF_INSTANCE
specifies the VRF instance.
— default Instance is created in the default VRF.
— vrf_name Instance is created in the specified user-defined VRF.
Related Commands
•
management api http-commands places the switch in Management-api configuration mode.
Example
•
This command creates a VRF named management-vrf and places the switch in VRF configuration
mode for the server.
switch(config)#management api http-commands
switch(config-mgmt-api-http-cmds)#vrf management-vrf
switch(config-mgmt-api-http-cmds-vrf-management-vrf)#
80
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
vrf (XMPP Management)
The vrf command places the switch in VRF configuration mode for the XMPP server. If the named VRF
does not already exist, this command creates it.
The VRF configuration for the client is for the entire XMPP service, rather than per server. All servers
resolving on a particular hostname must be reachable in the same VRF.
all
Command Mode
Mgmt-xmpp Configuration
Command Syntax
vrf [VRF_INSTANCE]
Parameters
•
VRF_INSTANCE
specifies the VRF instance.
— default Instance is created in the default VRF.
— vrf_name Instance is created in the specified user-defined VRF.
Example
•
This command creates a VRF named management-vrf and places the switch in VRF configuration
mode for the server.
switch(config)#management xmpp
switch(config-mgmt-xmpp)#vrf management-vrf
switch(config-mgmt-xmpp)
User Manual: Version 4.15.2F
29 September 2015
81
Session Management Commands
Chapter 2 Initial Configuration and Recovery
xmpp send
The xmpp send command can be used to connect to the XMPP server and send messages to switches
or switch groups within the network.
Before switches can send messages to each other, they must friend each other. An easy way to have them
auto friend each other is to have them join the same chat room. The friendship between switches can
be verified by using the show xmpp neighbor command.
all
Command Mode
Privileged EXEC
Command Syntax
xmpp send to neighbor XMIT_TYPE content
Parameters
•
neighbor Options include switches or switch groups within the network that are connected as
friends in a chat room.
•
XMIT_TYPE
Transmission type. Valid options include:
— command Sends an XMPP command.
— message Sends an XMPP message.
•
content The command you want the friends within the chat room to display or execute.
Configuration Restrictions
•
Only enable-mode commands are allowed within the multi-switch CLI.
•
Changing into a different CLI mode and running several commands in that mode is not supported
(e.g. into configuration mode)
•
An external XMPP client (for example Adium) can be used to send multiple lines within a single
message. By sending multiple lines, it is possible to change into another CLI mode. After the
message is processed, the switch automatically return to the enable mode.
•
Commands that prompt for a response (like reload) are not supported.
•
Long commands, such as image file copies, may cause the switch XMPP client to momentarily stop
responding and disconnect. The switch should reconnect and the long command should complete.
•
Many command outputs display in a specific table format. To achieve the same visual feel as
through a terminal, use a monospace font, such as Courier, for the incoming messages.
Example
•
This command sends the switch in the chat room the request to execute the show version
command.
switch# xmpp send test2 command show version
message from user: test2@test.aristanetworks.com
-------------------------------------------------Hardware version:
04.40
Serial number:
JFL08432083
System MAC address: 001c.7301.7d69
Software image version: 4.12.3
Architecture:
i386
Internal build version: 4.12.3
Internal build ID:
f5ab5f57-9c26-4fe4-acaa-fb60fa55d01d
Uptime:
2 hours and 38 minutes
Total memory:
1197548 kB
Free memory:
182452 kB
82
29 September 2015
User Manual: Version 4.15.2F
Chapter 2 Initial Configuration and Recovery
Session Management Commands
xmpp session
The xmpp session command is similar to running SSH from the switch. The user is required to input
their username (default is to USER@DEFAULTDOMAIN) and password in order to connect to the
XMPP server. This command allows you to interact in the enable mode with a switch or switch group
over XMPP using the standard CLI, with access to help and tab completion. All commands are then
executed remotely and only the non-empty results are displayed on the screen.
all
Command Mode
Privileged EXEC
Command Syntax
xmpp session switchgroup
Parameters
•
switchgroup The option includes the switch group within the network that is connected as friends
in a chat room.
Configuration Restrictions
•
Only enable-mode commands are allowed within the multi-switch CLI.
•
Changing into a different CLI mode and running several commands in that mode is not supported
(e.g. into configuration mode)
•
An external XMPP client (for example Adium) can be used to send multiple lines within a single
message. By sending multiple lines, it is possible to change into another CLI mode. After the
message is processed, the switch automatically return to the enable mode.
•
Commands that prompt for a response (like reload) are not supported.
•
Long commands, such as image file copies, may cause the switch XMPP client to momentarily stop
responding and disconnect. The switch should reconnect and the long command should complete.
•
Many command outputs display in a specific table format. To achieve the same visual feel as
through a terminal, use a monospace font, such as Courier, for the incoming messages.
Example
•
This command displays the status of Ethernet 3 from test1, which is a member of the switch group
chat room.
switch# xmpp session all@test.aristanetworks.com
xmpp-all# show int Eth3 status
response from: test1@test.aristanetworks.com
-------------------------------------------------Port Name
Et3
bs3
switch#
User Manual: Version 4.15.2F
Status
connected
Vlan
in Po3
Duplex
a-full
29 September 2015
Speed
a-1000
Type
10GBASE-SR
83
Session Management Commands
84
Chapter 2 Initial Configuration and Recovery
29 September 2015
User Manual: Version 4.15.2F
Chapter 3
Command-Line Interface
The Extensible Operating System (EOS) provides the interface for entering commands that control the
switch and manage the network. This chapter describes the command-line interfaces (CLI) that access
the switch.
This chapter includes these sections:
•
•
•
•
•
•
•
•
•
3.1
Section 3.1: Accessing the EOS CLI
Section 3.2: Processing Commands
Section 3.3: Switch Platforms
Section 3.4: Command Modes
Section 3.5: Managing Switch Configuration Settings
Section 3.6: Other Command-Line Interfaces
Section 3.7: Common Criteria (CC)
Section 3.8: Directory Structure
Section 3.9: Command-Line Interface Commands
Accessing the EOS CLI
You can open an EOS CLI session through these connections:
•
•
•
•
Ethernet Management Ports
Console Port
Telnet Connections
Secure Shell (SSH)
Figure 3-1 displays the EOS CLI in a Secure Shell connection.
Figure 3-1
User Manual: Version 4.15.2F
EOS Command-Line Interface
29 September 2015
85
Processing Commands
Chapter 3 Command-Line Interface
3.2
Processing Commands
3.2.1
Command Execution
Command keywords are not case sensitive. The CLI accepts truncated keywords that uniquely
correspond to one command.
•
The command abbreviation con does not execute a command in Privileged EXEC mode because the
names of two commands begin with these letters: configure and connect.
switch#con
% Ambiguous command
•
The command abbreviation conf executes configure in Privileged EXEC mode because no other
command name begins with conf.
switch#conf
switch(config)#
3.2.2
Alias
The alias command creates an alias for a CLI command. Entering the alias in the CLI executes the
corresponding command.
Example
• This command makes srie an alias for the command show running-config interface ethernet 1-5
switch(config)#alias srie show running-config interface ethernet 1-5
switch(config)#srie
interface Ethernet1
switchport access vlan 33
storm-control broadcast level 1
spanning-tree portfast
spanning-tree bpduguard enable
interface Ethernet2
switchport access vlan 33
spanning-tree portfast
interface Ethernet3
switchport access vlan 33
spanning-tree portfast
spanning-tree bpduguard enable
interface Ethernet4
interface Ethernet5
shutdown
3.2.3
Cursor Movement Keystrokes
EOS supports these cursor movement keystrokes:
•
•
•
•
•
•
86
Ctrl-B or the Left Arrow key: Moves cursor to the left.
Ctrl-F or the Right Arrow key: Moves cursor to the right.
Ctrl-A: Moves cursor to beginning of line.
Ctrl-E: Moves cursor to end of line.
Esc-B: Moves cursor left one word.
Esc-F: Moves cursor right one word.
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
3.2.4
Processing Commands
History Substitution Keystrokes
The history buffer retains the last 20 entered commands. History substitution keystrokes that access
previously entered commands include:
•
Ctrl-P or the Up Arrow key: Recalls the most recent buffered commands. Repeat to recall older
commands.
•
Ctrl-N or the Down Arrow key: Recalls more recent commands after using the Ctrl-P or the Up
Arrow. Repeat to recall newer commands.
The show history command in Privileged EXEC mode displays the history buffer contents.
switch#show history
en
config
exit
show history
3.2.5
Command Lists and Syntax Assistance
EOS CLI uses widely followed conventions for providing command lists and syntax assistance. These
conventions are available in all command modes.
•
To display all commands available at this level, type a question mark (?):
switchName>?
clear
connect
disable
enable
exit
help
logout
no
ping
show
telnet
terminal
traceroute
•
To display a list of commands beginning with a specific character sequence, type the sequence
followed by a question mark.
switch#di?
diagnostic
•
Reset functions
Open a terminal connection
Turn off privileged commands
Turn on privileged commands
Exit from the EXEC
Description of the interactive help system
Exit from the EXEC
Negate a command or set its defaults
Send echo messages
Show running system information
Open a telnet connection
Configure the terminal
Trace route to destination
diff
dir
disable
To display a command’s keywords or arguments, type a question mark as an argument.
switch>ping ?
WORD Ping destination address or hostname
•
The switch accepts an address-mask or CIDR notation (address-prefix) in commands that require
an IP address and mask. For example, these commands are processed identically:
switch(config)#ip route 0.0.0.0 255.255.255.255 10.1.1.254
switch(config)#ip route 0.0.0.0/32 10.1.1.254
User Manual: Version 4.15.2F
29 September 2015
87
Processing Commands
•
Chapter 3 Command-Line Interface
The switch accepts an address-wildcard or CIDR notation in commands requiring an IP address and
wildcard. Wildcards use zeros to mask portions of the IP address and are found in some protocol
configuration statements, including OSPF. The switch processes these commands identically:
switch:network 10.255.255.1 0.0.0.255 area 15
switch:network 10.255.255.1/24 area 15
3.2.6
Regular Expressions
A regular expression is pattern of symbols, letters, and numbers that represent an input string for
matching an input string entered as a CLI parameter. The switch uses regular expression pattern
matching in several BGP commands.
Regular expressions use the following operands:
. (period)
matches any single character.
Example
1.3 matches 123, 133, and 1c3.
\ (backslash)
matches character or special character following the backslash.
Example
Example
^ (caret)
15\.5\.. matches 15.5.10.10
\. matches . (period)
it does not match 15.52.10.10
matches the character or null string at the beginning of a string.
Example
* (asterisk)
^read matches reader
^read does not match bread.
matches zero or more sequences of characters preceding the asterisk.
Example
+ (plus sign)
Example
$ (dollar sign)
Example
[ ] (brackets)
Example
12* matches 167, 1267, or 12267
it does not match 267
matches one or more sequences of characters preceding the plus sign.
46+ matches 2467 or 24667
it does not match 247
dollar sign matches the character or null string at the end of an input string.
read$ matches bread
but not reads
matches characters or a character range separated by a hyphen.
[0137abcr-y] matches 0, 1, 3, v
it does not match 2, 9, m, z
? (question mark) pattern matches zero or one instance. Entering Ctrl-V prior to the question
mark prevents the CLI from interpreting ? as a help command.
Example
| (pipe)
x1?x matches xx and x1x
pattern matches character patterns on either side of bar.
Example
()(parenthesis)
Example
Example
B(E|A)D matches BED and BAD. It does not match BD, BEAD, BEED, or EAD
nests characters for matching. Endpoints of a range are separated with a dash (-).
6(45)+ matches 645454523 it does not match 6443
([A-Za-z][0-9])+ matches C4 or x9
_ (underscore) Pattern replaces a long regular expression list by matching a comma (,) a space, or
the beginning or end of the input string.
Example
88
_rxy_ matches any of the following:
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Processing Commands
^rxy$
^rxy 23
21 rxy
,rxy,
rxy
,rxy.
3.2.7
Scheduling CLI Commands
The schedule command facilitates the periodic execution of a specified CLI command. Command
parameters configure the interval between consecutive execution instances and the maximum number
of files that can be created when the command requires log files. By default, periodic execution of the
following show tech-support command is enabled:
schedule tech-support interval 60 max-log-files 100 command show tech-support
Examples
• This command schedules the execution of a script file once every 12 hours. The log file option is set
to zero because the command does not generate output to std-out.
switch#schedule ms_1 interval 720 max-log-files 0 command bash
/mnt/flash/myscript.sh
The show schedule summary command displays the commands that are scheduled for periodic
execution.
switch(config)#show schedule summary
Name
Last
Interval Max log
time
(mins)
files
---------------- ----- -------- -------tech-support
16:13
60
100
ms_1
16:28
720
10
•
Log file location
----------------flash:/schedule/tech-support
flash:/schedule/ms_1
This command stores running-config contents to a log file once each hour, creating up to 24 log files.
switch#schedule backup-test interval 60 max-log-files 24 command show
running-config
3.2.8
Running Bash Shell Commands Automatically with Event Handlers
Event handlers execute a Linux Bash shell command in response to a specific system event. An event
handler consists of a Bash command, a trigger and a delay; when the trigger event occurs, the action is
scheduled to run after delay seconds.
To create an event handler, use the event-handler command. This creates a new event handler and
places the CLI in event handler configuration mode for that handler. Use the action bash command to
configure a Bash command to run when the handler is triggered, and the trigger command to specify
the trigger. Event handlers can be triggered by various events, including:
•
system booting
•
a change in a specified interface’s operational status or IP address
•
a change in the startup-config file
•
a state change in a virtual machine monitored by VM Tracer
To change the delay period between the trigger and the action, use the delay command.
User Manual: Version 4.15.2F
29 September 2015
89
Processing Commands
Chapter 3 Command-Line Interface
When an action is run, certain information is passed to it through environment variables. For the boot
trigger, no variables are set. For the interface triggers, the following variables are set and passed to the
action:
$INTF
interface name.
$OPERSTATE
current operational status of the specified interface.
$IP-PRIMARY
current primary IP address of the specified interface.
To execute more than one Bash command in response to a trigger, create a script containing the desired
commands and enter the file path to the script as the argument of the action bash command.
To display information about all event handlers or about a specific event handler, use the show
event-handler command.
The no event-handler command deletes an event handler.
Examples
• These commands create an event handler named “eth_4” which will send email to a specified
address when there is a change in the operational status of Ethernet interface 4:
switch(config)#event-handler eth_4
switch(config-event-eth_4)#action bash email x@yz.com -s "Et4 $OPERSTATE"
switch(config-event-eth_4)#trigger onintf ethernet 4 operstatus
switch(config-event-eth_4)#delay 60
switch(config-event-eth_4)#exit
switch(config)#
The above handler uses the $OPERSTATE variable to include the current operational state (“linkup”
or “linkdown”) in the subject of the email. Note that the action will only function if email has been
configured on the switch.
•
These commands create an event handler named “onStartup” which will execute a user-defined
script 60 seconds after the system boots.
switch(config)#event-handler onStartup
switch(config-event-onStartup)#action bash /mnt/flash/startupScript1
switch(config-event-onStartup)#trigger onboot
switch(config-event-onStartup)#delay 60
switch(config-event-onStartup)#exit
switch(config)#
The above handler will also be executed on exiting from event-handler configuration mode.
•
This command displays information about all event handlers configured on the system.
switch#show event-handler
Event-handler onStartup
Trigger: onBoot delay 60 seconds
Action: /mnt/flash/startupScript1
Last Trigger Activation Time: 1 minutes 51 seconds ago
Total Trigger Activations: 1
Last Action Time: 51 seconds ago
Total Actions: 1
switch#
•
This command deletes the event handler named “onStartup”.
switch(config)#no event-handler onStartup
switch(config)#
90
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
3.3
Switch Platforms
Switch Platforms
Features and CLI commands vary by switch platform. CLI options may also vary by switch platform for
commands that are available on all platforms. Command descriptions in this manual describe feature
availability and command parameters on the basis of switch platform, noting exceptions that exist
among models that use a common platform.
•
•
https://www.arista.com/en/products/switches lists the Arista switches and platforms upon which
they operate.
https://www.arista.com/en/support/product-documentation/supported-features lists Arista switch
feature availability by switch platform. For the latest features, also consult the Release Notes,
available here.
These sections describe the following topics:
•
•
•
•
•
3.3.1
Section 3.3.1: Viewing the Model Number
Section 3.3.2: Determining a Switch’s Operating Platform
Section 3.3.3: Modular System Platforms – 7500 and 7500E Series Switches
Section 3.3.4: Viewing Modules on 7300 Series Modular Switches
Section 3.3.5: Multi-Chip Devices
Viewing the Model Number
To view the switch’s model number through the CLI, enter show version.
Example
• This command displays the model number, serial number, system MAC address, and
manufacturing information of a DCS-7150S-64 switch.
switch>show version
Arista DCS-7150S-64-CL-F
Hardware version:
01.01
Serial number:
JPE13120819
System MAC address: 001c.7326.fd0c
Software image version: 4.13.2F
Architecture:
i386
Internal build version: 4.13.2F-1649184.4132F.2
Internal build ID:
eeb3c212-b4bd-4c19-ba34-1b0aa36e43f1
Uptime:
Total memory:
Free memory:
16 hours and 39 minutes
4017088 kB
1348228 kB
switch>
3.3.2
Determining a Switch’s Operating Platform
FM6000 Platforms
To determine the operating platform on switch, display platform command options from Global
Configuration command mode.
User Manual: Version 4.15.2F
29 September 2015
91
Switch Platforms
•
Chapter 3 Command-Line Interface
This command displays the operating platform of a switch operating on the FM6000 platform (7150
Series switches).
switch(config)#platform ?
fm6000 FM6000 chip
switch(config)#platform
Arad and Petra Platforms
The platform ? command displays the same options on Arad and Petra platform switches. Refer to
Section 3.3.1 to determine the switch’s model number.
•
Fixed system switches (DCS-7048 Series) operate on the Petra platform.
•
Modular switches (DCS-7500 Series) operate on Arad and Petra platforms. Section 3.3.3: Modular
System Platforms – 7500 and 7500E Series Switches describe platform usage on these switches.
Arad and Petra platform switch typically utilize multiple chips. Section 3.3.5 describe methods of
determining port distribution on multi-chip platforms.
Example
• These commands display platform options of a switch operating on either Petra or Arad platforms.
switch(config)#platform ?
arad
Arad switch chip
fe1600 Fe1600 chip
fe600
Fe600 fabric chip
petraA PetraA switch chip
ptp
Precision Time Protocol
sand
Sand platform
switch(config)#platform
Trident and Trident-II Platforms
The platform ? command returns trident on switches that operate on Trident or Trident-II platforms.
Trident-II platform switches include options that configure the forwarding and routing tables. To
determine the Trident platform that a switch uses, display platform trident options.
•
These commands indicate that the switch is operating on the Trident-II platform:
switch(config)#platform ?
ptp
Precision Time Protocol
trident Trident chip
switch(config)#platform trident ?
fabric
Fabric configuration
forwarding-table Forwarding table configuration
mmu
Trident MMU configuration
routing-table
Routing table configuration
switch(config)#platform trident
Fixed and Modular switches are available that operate on the Trident-II platform. Refer to Section 3.3.1
to determine the switch’s model number. Section 3.3.4: Viewing Modules on 7300 Series Modular
Switches displays the modules on a Trident-II platform modular switch.
Trident-II platform switches typically utilize multiple chips. Section 3.3.5 describe methods of
determining port distribution on multi-chip platforms.
92
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
3.3.3
Switch Platforms
Modular System Platforms – 7500 and 7500E Series Switches
Modular switch platforms depend on their installed modules along with the fabric and forwarding
software modes. The show module command displays the fabric modules in the switch. System
performance in switches containing both module types is based on first-generation fabric capabilities.
Best practice is to avoid switch configurations with mixed fabric modules.
These sections describe modular switch components and software modes that program their capacities.
3.3.3.1
Fabric Modules and Fabric Mode – 7500 and 7500E Series Switches
Each modular switch fabric module is categorized as first-generation or E-Series:
•
First-generation fabric modules support all basic switch functions.
•
E-Series fabric modules support faster fabric link speeds, greater internal table capacities, and
advanced encoding formatting.
Fabric mode determines the switch’s fabric performance capabilities. This mode must match the fabric
modules in the switch. Fabric mode settings include:
•
•
fe600: Supports first-generation fabric modules.
fe1600: Supports E-Series fabric modules.
E-series fabric modules can operate in fe600 mode, but are limited to first-generation fabric performance.
First-generation modules cannot operate in fe1600 mode. Switches containing both types of modules
must be set to fe600 mode. Best practice is to avoid switch configurations with mixed fabric modules.
When a switch reloads, fabric mode is determined by the following (in order of precedence):
1.
Switches reloading in petraA forwarding compability mode (Section 3.3.3.2) also reload in fe600
fabric mode.
2.
As specified by the platform sand fabric mode (7500 and 7500E Series) statement in running-config.
3.
The first fabric module that becomes operational as the switch reloads.
In switches with a homogeneous module set, the fabric mode matches its fabric modules. Switches
with a mixed set of modules are typically reloaded in fe600 mode because first generation modules
are usually operational before E-Series modules. However, the fabric mode in mixed module
switches that are reloading cannot be guaranteed in the absence of the first two conditions.
Example
• This command configures the switch to reload in fe1600 fabric mode to support E-series fabric
modules. After issuing this command, the switch should be reset only after exchanging all switch
fabric modules to E-series modules.
switch(config)#platform sand fabric mode fe1600
switch(config)#exit
switch#show platform sand compatibility
Configuration
Status
Forwarding mode
None
Arad
Fabric mode
Fe1600
Fe600
switch#
3.3.3.2
Linecard Modules and Forwarding Compatibility Mode – 7500 and 7500E Series
Each modular switch linecard module is categorized as first-generation or E-Series:
•
First-generation linecard modules support all basic switch functions.
User Manual: Version 4.15.2F
29 September 2015
93
Switch Platforms
•
Chapter 3 Command-Line Interface
E-Series linecard modules support provide faster data processing, greater internal table capacities,
and advanced encoding formatting.
The forwarding compatibility mode determines the switch’s performance capabilities when forwarding
data between linecard interfaces. Forwarding compatibility mode settings include:
•
•
PetraA: Supports first-generation linecard modules.
Arad: Supports E-Series linecard modules.
Forwarding compatibility mode determines the operational capacity of installed linecards. Table 3-1 lists
the affect of the forwarding compatibility mode on linecard module types.
Table 3-1
Linecard Module and Forwarding Mode Performance
Linecard Module Type
Forwarding Compatibility Mode
Linecard Operating Capacity
First-generation
petraA
First-generation performance capacity.
First-generation
arad
Linecard is powered-down.
E-Series
petraA
First-generation performance capacity.
E-Series
arad
E-series performance capacity.
Important Switches must contain E-Series fabric modules to operate at E-Series performance capacities.
The forwarding compatibility mode is configured by the platform sand forwarding mode (7500 and
7500E Series) command. This command may be required after exchanging a linecard for a different
module type or in switches containing first-generation and E-series linecards.
Without a platform sand forwarding mode command, forwarding compatibility mode is determined
by the first linecard that is operational after reloading the switch. In a switch that is reloaded with a
homogeneous module set, forwarding compatibility mode matches its linecards. Switches with a mixed
set of modules are typically reloaded in petraA mode because first generation modules are usually
operational before E-Series modules. However, forwarding compatibility mode in mixed module
switches that are reloading is not guaranteed without a platform sand forwarding mode command.
Example
• This command changes the forwarding software mode to support E-series linecard modules. This
command should be run only after exchanging all linecards to E-series modules.
switch(config)#platform sand forwarding mode arad
switch(config)#
3.3.3.3
Viewing Modules – 7500 and 7500E Series
The show module command displays the model number of all installed modules.
•
This command displays the modules of a 7504 switch that contains first-generation modules.
switch>show module
Module
Ports Card Type
--------- ----- -----------------------------------1
2
DCS-7500 Series Supervisor Module
2
1
Standby supervisor
3
48
48-port SFP+ 10GigE Linecard
4
48
48-port SFP+ 10GigE Linecard
5
48
48-port SFP+ 10GigE Linecard
6
48
48-port SFP+ 10GigE Linecard
Fabric1
0
DCS-7504 Fabric Module
Fabric2
0
DCS-7504 Fabric Module
Fabric3
0
DCS-7504 Fabric Module
94
29 September 2015
Model
--------------7500-SUP
Unknown
7548S-LC
7548S-LC
7548S-LC
7548S-LC
7504-FM
7504-FM
7504-FM
Serial No.
----------JSH11440327
Unknown
JSH10449938
JSH11091247
JSH11211614
JSH11520288
JSH11451230
JSH11451210
JSH11410115
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
•
Switch Platforms
Fabric4
Fabric5
Fabric6
0
0
0
DCS-7504 Fabric Module
DCS-7504 Fabric Module
DCS-7504 Fabric Module
7504-FM
7504-FM
7504-FM
Module
--------1
2
3
4
5
6
Fabric1
Fabric2
Fabric3
Fabric4
Fabric5
Fabric6
switch>
MAC addresses
Hw
Sw
-------------------------------------- ------- ------00:1c:73:03:06:ac - 00:1c:73:03:06:ac 07.06
4.12.1
4.12.1
00:1c:73:03:80:44 - 00:1c:73:03:80:73 06.00
00:1c:73:03:e4:34 - 00:1c:73:03:e4:63 07.10
00:1c:73:12:0b:3f - 00:1c:73:12:0b:6e 07.30
00:1c:73:12:b6:3f - 00:1c:73:12:b6:6e 08.00
05.03
05.03
05.02
05.02
05.02
05.02
JSH11380318
JSH11340955
JSH11410128
Status
------Active
Standby
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
This command displays modules of a 7504 switch that contains E-Series modules.
switch>show module
Module
Ports Card Type
--------- ----- -----------------------------------1
3
DCS-7500E-SUP Supervisor Module
3
72
48 port 10GbE SFP+ & 2x100G Linecard
4
72
48 port 10GbE SFP+ & 2x100G Linecard
5
72
48 port 10GbE SFP+ & 2x100G Linecard
Fabric1
0
DCS-7504-E Fabric Module
Fabric2
0
DCS-7504-E Fabric Module
Fabric3
0
DCS-7504-E Fabric Module
Fabric4
0
DCS-7504-E Fabric Module
Fabric5
0
DCS-7504-E Fabric Module
Fabric6
0
DCS-7504-E Fabric Module
Module
--------1
3
4
5
Fabric1
Fabric2
Fabric3
Fabric4
Fabric5
Fabric6
switch>
User Manual: Version 4.15.2F
MAC addresses
-------------------------------------00:1c:73:00:f4:cd - 00:1c:73:00:f4:ce
00:1c:73:00:9c:7b - 00:1c:73:00:9c:c2
00:1c:73:28:a0:57 - 00:1c:73:28:a0:9e
00:1c:73:00:9a:cb - 00:1c:73:00:9b:12
29 September 2015
Model
--------------7500E-SUP
7500E-72S-LC
7500E-72S-LC
7500S-72S-LC
7504E-FM
7504E-FM
7504E-FM
7504E-FM
7504E-FM
7504E-FM
Hw
Sw
------- ------00.00
4.12.3
00.00
00.00
02.07
00.00
00.00
00.00
00.00
00.00
00.00
Serial No.
----------JAS13060306
JAS12410019
JPE13041458
JAS12380089
JAS12370008
JAS12380012
JAS12370014
JAS12380008
JAS12380017
JAS12370009
Status
------Active
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
95
Switch Platforms
3.3.4
Chapter 3 Command-Line Interface
Viewing Modules on 7300 Series Modular Switches
7300 Series Modular switches operate on Trident-II platform. The show module command displays the
model number of all installed modules.
switch>show module
Module
Ports Card Type
--------- ----- -----------------------------------1
3
Supervisor 7300X SSD
3
128
32 port 40GbE QSFP+ LC
4
64
48 port 10GbE SFP+ & 4 port QSFP+ LC
5
64
48 port 10GbE SFP+ & 4 port QSFP+ LC
6
64
48 port 10GbE SFP+ & 4 port QSFP+ LC
Fabric1
0
7304X Fabric Module
Fabric2
0
7304X Fabric Module
Fabric3
0
7304X Fabric Module
Fabric4
0
7304X Fabric Module
Module
--------1
3
4
5
6
Fabric1
Fabric2
Fabric3
Fabric4
switch>
96
MAC addresses
-------------------------------------00:1c:73:36:4b:71 - 00:1c:73:36:4b:72
00:1c:73:58:d4:68 - 00:1c:73:58:d4:87
00:1c:73:36:05:61 - 00:1c:73:36:05:94
00:1c:73:36:0a:e1 - 00:1c:73:36:0b:14
00:1c:73:36:02:e1 - 00:1c:73:36:03:14
29 September 2015
Model
--------------DCS-7300-SUP-D
7300X-32Q-LC
7300X-64S-LC
7300X-64S-LC
7300X-64S-LC
7304X-FM
7304X-FM
7304X-FM
7304X-FM
Hw
Sw
------- ------01.01
4.13.3F
03.04
02.02
02.03
02.02
00.00
00.00
00.00
00.00
Serial No.
----------JAS13340024
JPE13440416
JAS13310113
JAS13340033
JAS13310103
JAS13320077
JAS13350043
JAS13350050
JAS13350056
Status
------Active
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
3.3.5
Switch Platforms
Multi-Chip Devices
Trident-II, Petra, and Arad platform switches and linecards utilize multiple chips, with Ethernet ports
evenly distributed among the chips. Creating multi-port data structures (including port channels) that
include ports from multiple chips protects against the failure of an individual chip on a device.
The following sections describe methods of determining port distribution on various switch platforms
Petra Fixed Switches
7048-Series switches are Petra platform devices that distribute ports among two PetraA chips. The show
platform petraA port-info routing command displays the ports that are controlled by each chip.
Example
• This command displays the following Ethernet port distribution on a DCS-7048-T switch:
— Petra0 chip controls Ethernet 1 through Ethernet 32
— Petra1 chip controls Ethernet 33 through Ethernt 52
switch#show platform petraA port-info routing
Petra0 Port Routing Information:
========================================================================
sys
fap
routing
intfName
port-id port-id intfType portType
v4 v6
========================================================================
CpuTm
2
0
Cpu
Tm
1 1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet1
29
2
Nif
Ethernet
1 1
Ethernet2
30
3
Nif
Ethernet
1 1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet31
59
32
Nif
Ethernet
1 1
Ethernet32
60
33
Nif
Ethernet
1 1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
RawPetra0/70
2118
70
Recycling Raw
1 1
Petra1 Port Routing Information:
========================================================================
sys
fap
routing
intfName
port-id port-id intfType portType
v4 v6
========================================================================
CpuTm
2
0
Cpu
Tm
1 1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet33
66
2
Nif
Ethernet
1 1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet52
85
21
Nif
Ethernet
1 1
L3SecondHop1Petra1
86
22
Recycling Ethernet
1 1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
RawPetra1/70
2118
70
Recycling Raw
1 1
switch#
Petra Modular Switches
Linecards on 7500-Series modular switches distribute Ethernet ports among multiple petraA chips. The
show platform petraA port-info routing command displays the ports that are controlled by each chip
on all PetraA linecards or on a single linecard.
Example
• This command displays the following Ethernet port distribution on linecard 4 of a DCS-7504 switch:
— Petra4/0 chip controls Ethernet 4/1 through Ethernet 4/8
— Petra4/1 chip controls Ethernet 4/9 through Ethernet 4/16
User Manual: Version 4.15.2F
29 September 2015
97
Switch Platforms
—
—
—
—
Chapter 3 Command-Line Interface
Petra4/2 chip controls Ethernet 4/17 through Ethernet 4/24
Petra4/3 chip controls Ethernet 4/25 through Ethernet 4/32
Petra4/4 chip controls Ethernet 4/33 through Ethernet 4/40
Petra4/5 chip controls Ethernet 4/41 through Ethernet 4/48
switch(s1)#show platform petra module 4 port-info routing
Petra4/0 Port Routing Information:
========================================================================
sys
fap
routing
intfName
port-id port-id intfType portType
v4 v6
========================================================================
CpuTm
2
0
Cpu
Tm
1 0
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet4/1
221
2
Nif
Ethernet
1 0
Ethernet4/2
222
3
Nif
Ethernet
1 0
Ethernet4/3
223
4
Nif
Ethernet
1 0
Ethernet4/4
224
5
Nif
Ethernet
1 0
Ethernet4/5
225
6
Nif
Ethernet
1 0
Ethernet4/6
226
7
Nif
Ethernet
1 0
Ethernet4/7
227
8
Nif
Ethernet
1 0
Ethernet4/8
228
9
Nif
Ethernet
1 0
<-------OUTPUT OMITTED FROM EXAMPLE-------->
RawPetra4/0/70
2118
70
Recycling Raw
1 0
Petra4/1 Port Routing Information:
========================================================================
sys
fap
routing
intfName
port-id port-id intfType portType
v4 v6
========================================================================
CpuTm
2
0
Cpu
Tm
1 0
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet4/9
253
2
Nif
Ethernet
1 0
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Petra4/5 Port Routing Information:
========================================================================
sys
fap
routing
intfName
port-id port-id intfType portType
v4 v6
========================================================================
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet4/41
381
2
Nif
Ethernet
1 0
Ethernet4/42
382
3
Nif
Ethernet
1 0
Ethernet4/43
383
4
Nif
Ethernet
1 0
Ethernet4/44
384
5
Nif
Ethernet
1 0
Ethernet4/45
385
6
Nif
Ethernet
1 0
Ethernet4/46
386
7
Nif
Ethernet
1 0
Ethernet4/47
387
8
Nif
Ethernet
1 0
Ethernet4/48
388
9
Nif
Ethernet
1 0
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(s1)#
Arad Modular Switches
7500-E Series linecards distribute Ethernet ports among multiple Arad chips. The show platform arad
port-info routing command displays the ports that are controlled by each chip on all Arad linecards.
Example
• This command displays the following Ethernet port distribution on the 7500E-72S-LC linecard that
is inserted as module 3 in a DCS-7508E switch:
— Arad3/0 chip: Ethernet 3/1– Ethernet 3/20
— Arad3/1 chip: Ethernet 3/21 – Ethernet 3/34 and Ethernet 3/49/1 – Ethernet 3/49/12
98
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Switch Platforms
— Arad3/2 chip: Ethernet 3/35 – Ethernet 3/48 and Ethernet 3/50/1 – Ethernet 3/50/12
switch#show platform arad mapping
Arad3/0
Port
SysPhyPort Voq (Fap,FapPort)
Xlge Serdes
---------------------------------------------------------------------------------------CpuTm
2
32
(0 , 0)
n/a
n/a
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet3/1
28
240
(0 , 2)
n/a
(16)
Ethernet3/2
29
248
(0 , 3)
n/a
(17)
Ethernet3/3
30
256
(0 , 4)
n/a
(18)
Ethernet3/4
31
264
(0 , 5)
n/a
(19)
Ethernet3/5
32
272
(0 , 6)
n/a
(20)
Ethernet3/6
33
280
(0 , 7)
n/a
(21)
Ethernet3/7
34
288
(0 , 8)
n/a
(22)
Ethernet3/8
35
296
(0 , 9)
n/a
(23)
Ethernet3/9
36
304
(0 , 10)
n/a
(24)
Ethernet3/10
37
312
(0 , 11)
n/a
(25)
Ethernet3/11
38
320
(0 , 12)
n/a
(26)
Ethernet3/12
39
328
(0 , 13)
n/a
(27)
Ethernet3/13
40
336
(0 , 14)
n/a
(4)
Ethernet3/14
41
344
(0 , 15)
n/a
(5)
Ethernet3/15
42
352
(0 , 16)
n/a
(6)
Ethernet3/16
43
360
(0 , 17)
n/a
(7)
Ethernet3/17
44
368
(0 , 18)
n/a
(0)
Ethernet3/18
45
376
(0 , 19)
n/a
(1)
Ethernet3/19
46
384
(0 , 20)
n/a
(2)
Ethernet3/20
47
392
(0 , 21)
n/a
(3)
<-------OUTPUT OMITTED FROM EXAMPLE-------->
RawArad3/0/56
2104 16848
(0 , 56)
n/a
n/a
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Arad3/1
Port
SysPhyPort Voq (Fap,FapPort)
Xlge Serdes
---------------------------------------------------------------------------------------<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet3/21
60
496
(1 , 2)
n/a
(16)
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet3/34
73
600
(1 , 15)
n/a
(13)
Ethernet3/49/1
74
608
(1 , 16)
n/a
(0)
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet3/49/12
85
696
(1 , 27)
n/a
(11)
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Arad3/2
Port
SysPhyPort Voq (Fap,FapPort)
Xlge Serdes
---------------------------------------------------------------------------------------<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet3/35
92
752
(2 , 2)
n/a
(16)
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet3/48
105
856
(2 , 15)
n/a
(13)
Ethernet3/50/1
106
864
(2 , 16)
n/a
(0)
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet3/50/12
117
952
(2 , 27)
n/a
(11)
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch#
Trident-II Fixed Switches
Trident-II platform devices distribute their ports among multiple Trident II chips. The show platform
trident system port command displays the ports that are controlled by each chip.
Example
• This command displays the following Ethernet port distribution on a DCS-7250QX-64-F switch:
User Manual: Version 4.15.2F
29 September 2015
99
Switch Platforms
—
—
—
—
Chapter 3 Command-Line Interface
Trident 0 chip controls Ethernet 1/1 through Ethernet 16/4
Trident 1 chip controls Ethernet 17/1 through Ethernet 32/4
Trident 2 chip controls Ethernet 33/1 through Ethernet 48/4
Trident 3 chip controls Ethernet 49/1 through Ethernet 64/4
switch#show platform trident system port
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Port
Intf
Chip
ModId
Logical
Physical
MMU
--------------------- ----------------- ----------- ------------- -------------- --Ethernet1/1
Linecard0/0
1
1
17
9
Ethernet1/2
Linecard0/0
1
2
18
10
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet16/3
Linecard0/0
1
60
107
98
Ethernet16/4
Linecard0/0
1
61
108
99
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet64/2
Linecard0/3
4
62
106
97
Ethernet64/3
Linecard0/3
4
63
107
98
Ethernet64/4
Linecard0/3
4
64
108
99
<-------OUTPUT OMITTED FROM EXAMPLE-------->
----------------------------------------------------------------------------------switch#
Trident-II Modular Switches
Linecards on 7300-Series modular switches distribute Ethernet ports among multiple Trident II chips.
The show platform trident system port command can display the ports that are controlled by each chip
on all linecards or on a single chip.
•
This command displays the following Ethernet port distribution on DCS-7304-F switch that
contains a 7300X-32Q-LC linecard as module 3:
— Trident 0 chip controls Ethernet 1/1 through Ethernet 16/4 (on module 3)
— Trident 1 chip controls Ethernet 17/1 through Ethernet 32/4 (on module 3)
switch#show platform trident system port
<-------OUTPUT OMITTED FROM EXAMPLE-------->
-----------------------------------------------------------------------------------Port
Intf
Chip
ModId
Logical
Physical
MMU
--------------------- ----------------- ----------- ------------- -------------- --Ethernet3/1/1
Linecard3/0
5
1
17
4
Ethernet3/2/1
Linecard3/0
5
2
21
5
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet3/16/3
Linecard3/0
5
51
111
102
Ethernet3/16/4
Linecard3/0
5
52
112
103
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ethernet3/32/3
Linecard3/1
6
63
111
102
Ethernet3/32/4
Linecard3/1
6
64
112
103
<-------OUTPUT OMITTED FROM EXAMPLE-------->
-----------------------------------------------------------------------------------<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch#
100
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
3.4
Command Modes
Command Modes
Command modes define the user interface state. Each mode is associated with commands that perform
a specific set of network configuration and monitoring tasks.
•
•
•
•
3.4.1
Section 3.4.1: Mode Types lists the available modes.
Section 3.4.2: Navigating Through Command Modes lists mode entry and exit commands.
Section 3.4.3: Command Mode Hierarchy describes the mode structure.
Section 3.4.4: Group-Change Configuration Modes describes editing aspects of these modes.
Mode Types
The switch includes these command modes:
•
EXEC: EXEC mode commands display system information, perform basic tests, connect to remote
devices, and change terminal settings. When logging into EOS, you enter EXEC mode.
EXEC mode prompt: switch>
•
Privileged EXEC: Privileged EXEC mode commands configure operating and global parameters.
The list of Privileged EXEC commands is a superset of the EXEC command set. You can configure
EOS to require password access to enter Privileged EXEC from EXEC mode.
Privileged EXEC mode prompt: switch#
•
Global Configuration: Global Configuration mode commands configure features that affect the
entire system, such as system time or the switch name.
Global Configuration mode prompt: switch(config)#
•
Interface Configuration: Interface configuration mode commands configure or enable Ethernet,
VLAN, and Port-Channel interface features.
Interface Configuration mode prompt: switch(config-if-Et24)#
•
Protocol specific mode: Protocol specific mode commands modify global protocol settings. Protocol
specific mode examples include ACL Configuration and Router BGP Configuration.
The prompt indicates the active command mode. For example, the Router BGP command prompt
is switch(config-router-bgp)#
3.4.2
Navigating Through Command Modes
To change the active command mode, perform one of these actions:
•
To enter EXEC mode, log into the switch.
•
To enter Privileged EXEC mode from EXEC, type enable (or en) followed, if prompted, by the
enable password:
switch>en
Password:
switch#
•
To enter Global Configuration mode from Privileged EXEC, type configure (or config):
switch#config
switch(config)#
Note EOS supports copy <url> running-config in place of the configure network command.
User Manual: Version 4.15.2F
29 September 2015
101
Command Modes
•
Chapter 3 Command-Line Interface
To enter Interface Configuration mode from Global Configuration, type interface and the name of
the interface to be modified:
switch(config)#interface Et24
switch(config-if-Et24)#
•
To enter a protocol specific configuration mode from Global Configuration, type the required
command for the desired mode.
switch(config)#router bgp 100
switch(config-router-bgp)#
•
To return one level from any configuration mode, type exit.
switch(config)#exit
switch#
•
To return to Privileged EXEC mode from any configuration mode, type end or Ctrl-Z.
switch(config-if-Et24)#<Ctrl-z>
switch#
•
To return to EXEC mode from Privileged EXEC mode, type disable (or dis).
switch#dis
switch>
•
To exit EOS and log out of the CLI, type exit from EXEC mode or Privileged EXEC mode.
switch#exit
login:
3.4.3
Command Mode Hierarchy
Command modes are hierarchical. The parent mode of a specified command mode is the mode that
contains the command that enters the specified mode.
Example
• EXEC mode contains the enable command, which enters Privileged EXEC mode. Therefore, EXEC
is the parent mode of Privileged EXEC.
Commands that are executable in a specified command mode include all commands available in the
specified mode plus all commands executable from its parent mode.
Example
• EXEC mode includes the ping command. EXEC mode is the parent mode of Privileged EXEC mode.
Therefore, Privileged EXEC mode includes ping.
Additionally, Privileged EXEC is the parent mode of Global Configuration mode. Therefore, Global
Configuration mode also includes ping.
Executing a configuration mode command from a child mode may change the active command mode.
Example
• Global Configuration mode contains interface ethernet and ip access-list commands, which enter
Interface Configuration and Access Control List (ACL) Configuration modes, respectively. When
the switch is in Interface Configuration mode, the ip access-list command is available and changes
the active mode to ACL Configuration.
switch(config)#interface ethernet 1
switch(config-if-Et1)#ip access-list master-list
switch(config-acl-master-list)#
102
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command Modes
The exit command changes the active command mode to its parent mode. When executed from
Privileged EXEC or EXEC modes, the exit command terminates the session.
Example
• This command exits Global Configuration mode to Privileged EXEC mode.
switch(config)#exit
switch#
•
This command terminates the user session.
switch#exit
3.4.4
Group-Change Configuration Modes
Group-change modes apply all changes made during an edit session only after exiting the mode.
Changes are stored when the user exits the mode, either through an exit or end command or through
a command that enters a different configuration mode.
The abort command discards all changes not previously applied.
Access Control List (ACL) and Multiple Spanning Tree (MST) configuration modes are examples of
group-change modes.
User Manual: Version 4.15.2F
29 September 2015
103
Managing Switch Configuration Settings
Chapter 3 Command-Line Interface
3.5
Managing Switch Configuration Settings
3.5.1
Verifying the Running Configuration Settings
running-config is the virtual file that stores the operating configuration. The show running-config
command displays the running-config. The command is supported in Privileged EXEC mode.
Example
• Type show running-config in Privileged EXEC mode. The response in the example is truncated to
display only the ip route configured in Section 2.1.2.1.
switch#show running-config
! Command: show running-config
<-------OUTPUT OMITTED FROM EXAMPLE-------->
!
ip route 0.0.0.0/0 192.0.2.1
!
<-------OUTPUT OMITTED FROM EXAMPLE-------->
end
switch#
3.5.2
Verifying Settings for the Current Mode
To display only the lines of running-config that affect the current mode, use the active option of the
show (various configuration modes) command. This command option is available in all configuration
modes except global configuration.
Example
• Type show active to display the content of running-config that affects the current mode. To include
default settings in the display, type show active all.
switch(config-router-ospf3)#show active all
ipv6 router ospf 9
router-id 0.0.0.0
default-metric 10
distance ospf intra-area 10
area 0.0.0.200 default-cost 10
area 0.0.0.200
no log-adjacency-changes
timers spf 5
switch(config-router-ospf3)#
To display any comments associated with the current mode, use the comment option of the show
(various configuration modes) command.
Example
• Type show comment to display any comments attached to the current mode.
switch(config-router-ospf3)#show comment
Comment for router-ospf3:
Consult Thomas Morton before making changes to the OSPF configuration.
switch(config-router-ospf3)#
3.5.3
Adding a Comment to a Configuration Mode
To add a comment to most switch configuration modes, use the comment (various configuration
modes) command. Comments cannot be modified, but can be replaced by entering the comment
command again and entering new text. Comments cannot be added to global configuration mode
104
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Managing Switch Configuration Settings
To append to an existing comment, enter ! followed by additional comment text. To display comments
for the active mode, use the comment option of the show (various configuration modes) command. The
no comment and default comment commands remove the comment from running-config.
Examples
• To add a comment to the active configuration mode, enter comment, then type the comment text.
To end comment editing, type EOF on a separate line (case sensitive) and press enter.
switch(config-router-ospf3)#comment
Enter TEXT message. Type 'EOF' on its own line to end.
Consult Thomas Morton before making changes to the OSPF configuration.
EOF
switch(config-router-ospf3)#
•
To append to an existing comment, enter ! followed by additional comment text.
switch(config-router-ospf3)#!x2735
switch(config-router-ospf3)#show comment
Comment for router-ospf3:
Consult Thomas Morton before making changes to the OSPF configuration.
x2735
switch(config-router-ospf3)#
3.5.4
Saving the Running Configuration Settings
startup-config is the file, stored in internal flash memory, that the switch loads when it boots.
Configuration changes that are not saved to startup-config are lost the next time the switch is booted.
The write and copy running-config startup-config commands store the operating configuration to
startup-config. Both commands are supported in Privileged EXEC mode.
Example
• These equivalent commands save the current operating configure to the startup-config file.
switch#write
switch#copy running-config startup-config
The show startup-config command displays the startup configuration file. The command is supported
in Privileged EXEC mode.
Example
• Type show startup-config to display the startup configuration file. The response in the example is
truncated to display only the ip route configured in Admin Username (page 47).
switch#show startup-config
! Command: show startup-config
! Startup-config last modified at
!
Wed Feb 19 08:34:31 2014 by admin
<-------OUTPUT OMITTED FROM EXAMPLE-------->
!
ip route 0.0.0.0/0 192.0.2.1
!
<-------OUTPUT OMITTED FROM EXAMPLE-------->
end
switch#
User Manual: Version 4.15.2F
29 September 2015
105
Other Command-Line Interfaces
3.6
Chapter 3 Command-Line Interface
Other Command-Line Interfaces
EOS can access other CLIs that provide switch commands, files, and services. .
•
•
3.6.1
Section 3.6.1: Aboot Command-Line Interface describes the boot-loader CLI
Section 3.6.2: Bash Shell describes the Bash shell CLI.
Aboot Command-Line Interface
Aboot is the switch boot loader. It reads a configuration file from the internal flash or a USB flash drive
and attempts to boot a software image. The switch opens an Aboot shell if the switch does not find a
software image, the configuration is corrupted, or the user terminates the boot process. The Aboot shell
provides a CLI for manually booting a software image, recovering the internal flash to its default factory
state, running hardware diagnostics, and managing files.
See Section 6.1: Boot Loader – Aboot for more information about Aboot.
3.6.2
Bash Shell
The switch provides a Linux Bash shell for accessing the underlying Linux operating system and
extensions. The Bash shell is accessible in all command modes except EXEC. Section 3.4.1: Mode Types
describes EOC command modes.
•
To enter the Bash, type bash at the prompt.
switch#bash
Arista Networks EOS shell
[admin@Switch ~]$
•
To exit the Bash, type logout, exit, or Ctrl-D at the Bash prompt.
[admin@Switch ~]$ logout
switch#
106
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
3.7
Common Criteria (CC)
Common Criteria (CC)
EOS firmware supports U.S. Federal Information Processing Standards (FIPS) and Common Criteria
(CC) security requirements. These are enhanced security options for some Arista models.
CC consists of specifications and guidelines for the evaluation of information security products. It is
used internationally to ensure that these products meet the security standards necessary for
government deployments.
The primary elements of CC are Protection Profiles and Evaluation Assurance Levels. Protection Profiles
define the standard security requirements for a product type. Evaluation Assurance Levels describe the
thoroughness of the testing done to evaluate the product on a scale of 1-7, with one being the least
thorough evaluation and seven being the most thorough. A higher Evaluation Assurance Level
indicates that the product has undergone more testing, but does not necessarily correlate to a higher
level of security.
United States non-military governmental security requirements for computer systems are detailed in
Federal Information Processing Standards (FIPS).
Refer to the Arista Networks website for additional information at:
http://www.arista.com
User Manual: Version 4.15.2F
29 September 2015
107
Directory Structure
3.8
Chapter 3 Command-Line Interface
Directory Structure
EOS operates from a flash drive root mounted as the /mnt/flash directory on the switch. The EOS CLI
supports these file and directory commands:
•
•
•
•
•
•
•
•
•
•
delete: Delete a file or directory tree.
copy: Copy a file.
more: Display the file contents.
diff: Compares the contents of files located at specified URLs.
rename: Rename a file
cd: Change the current working directory.
dir: Lists directory contents, including files and subdirectories.
mkdir: Create a directory.
rmdir: Remove a directory.
pwd: Display the current working directory.
Switch directory files are accessible through the Bash shell and Aboot. When entering the Bash shell
from the switch, the working directory is located in /home and has the name of the user name from
which Bash was entered.
Example
• These commands were entered from the user name john:
switch#bash
[john@switch ~]$ pwd
/home/john
[john@switch ~]$
In this instance, the working directory is /home/john
When a flash drive is inserted in the USB flash port (see Figure 2-1), flash drive contents are accessible
through /mnt/usb1.
When entering Aboot, the working directory is the root directory of the boot.
108
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
3.9
Command-Line Interface Commands
Command-Line Interface Commands
Mode Navigation Commands
• alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• bash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• configure (configure terminal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• configure network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• daemon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 112
Page 113
Page 116
Page 117
Page 119
Page 122
Page 123
Page 124
Page 127
File Transfer Commands
• ip ftp client source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ip http client source-interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ip ssh client source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ip tftp client source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 130
Page 131
Page 132
Page 133
File Management Commands
• copy running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 118
• dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 121
• pwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 145
Modular Switch Platform Commands
• platform sand fabric mode (7500 and 7500E Series) . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 141
• platform sand forwarding mode (7500 and 7500E Series) . . . . . . . . . . . . . . . . . . . . . . Page 143
• show platform sand compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 158
CLI Scheduling Commands
• schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 147
• show schedule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 159
• show schedule summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 160
Common Criteria Commands
• boot test memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• entropy source hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• fips restrictions (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• hostkey client strict-checking (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• known-hosts (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• local (SSH Management-Tunnel) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• logging source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• logging trap system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• log-level (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• management security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• remote (SSH Management-Tunnel) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• secret hash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• send log message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• server-alive count-max (SSH Management-Tunnel). . . . . . . . . . . . . . . . . . . . . . . . . . .
• server-alive interval (SSH Management-Tunnel) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show management ssh hostkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• shutdown (SSH Management-Tunnel) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Manual: Version 4.15.2F
29 September 2015
Page 114
Page 125
Page 128
Page 129
Page 134
Page 135
Page 136
Page 137
Page 138
Page 139
Page 140
Page 146
Page 149
Page 150
Page 151
Page 152
Page 155
Page 162
Page 163
109
Command-Line Interface Commands
•
Chapter 3 Command-Line Interface
tunnel (SSH Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 168
Event Handler Commands
• action bash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• event-handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show event-handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• trigger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 111
Page 120
Page 126
Page 154
Page 167
Terminal Parameter Commands
• terminal length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 165
• terminal monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 166
Display and Comment Commands
• comment (various configuration modes) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show (various configuration modes). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
110
29 September 2015
Page 115
Page 153
Page 156
Page 161
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
action bash
The action bash command specifies a Bash shell command to be run when an event handler is triggered.
When an event handler is triggered, execution of the associated shell command is delayed by a
configurable period set by the delay command. Only a single Bash command may be configured for an
event handler, but the command may have multiple arguments. If more than one Bash command must
be executed in response to a trigger, create a script containing the desired commands and enter the file
path to the script as the argument of the action bash command.
To specify the event that will trigger the action, use the trigger command.
If the event handler uses an onIntf trigger, the following environment variables are passed to the action
and can be used as arguments to the Bash command:
$INTF
interface name.
$OPERSTATE
current operational status of the specified interface.
$IP-PRIMARY
current primary IP address of the specified interface.
all
Command Mode
Event-Handler Configuration
Command Syntax
action bash command
Parameters
•
command
Bash shell command to be executed when the event handler is triggered.
Example
•
This command configures the event handler “onStartup” to run a script on the flash drive.
switch(config-handler-onStartup)#action bash /mnt/flash/myScript1
switch(config-handler-onStartup)#
•
This command configures the event handler “eth_4” to send email to the specified address when
there is a change in the operational status of Ethernet interface 4.
switch(config-event-eth_4)#action bash email x@yz.com -s "Et4 $OPERSTATE"
switch(config-event-eth_4)#
The above action uses the $OPERSTATE variable to include the current operational state (“linkup”
or “linkdown”) in the subject of the email. Note that the action will only function if email has been
configured on the switch.
User Manual: Version 4.15.2F
29 September 2015
111
Command-Line Interface Commands
Chapter 3 Command-Line Interface
alias
The alias command creates an alias for a CLI command. Entering the alias in the CLI executes the
corresponding command. Once created, an alias is accessible in all modes and all user sessions, but is
subject to all the restrictions of the original command.
When using a command alias, no tokens may precede the alias except the no and default keywords.
However, an alias can incorporate positional parameters.
In online help, aliases are preceded by an asterisk (*) in this format:
*alias_name=command_name
The no alias and default alias commands remove the specified alias.
all
Command Mode
Global Configuration
Command Syntax
alias alias_name command_name
no alias alias_name
default alias alias_name
Parameters
•
alias_name the string which is to be substituted for the original command. The string can include
letters, numbers, and punctuation, but no spaces. If the alias_name string is identical to an existing
command, the alias will supercede the original command.
•
command_name the command which is to be executed when the alias is entered in the CLI. If the
original command requires additional parameters, they must be included in the command_name
string in the following manner:
Positional parameters are of the form “%n” and must be whitespace-delimited. The first parameter
is represented by “%1” and any additional parameters must be numbered sequentially. When
executing the alias a value must be entered for each parameter or the CLI will display the error “%
incomplete command”.
Examples
•
This command makes e an alias for the command enable.
switch(config)#alias e enable
•
This command makes srie an alias for the command show running-config interface ethernet 1-6.
switch(config)#alias srie show running-config interface ethernet 1-6
•
These commands make ss an alias for the command show interfaces ethernet <range> status with
a positional parameter for the port range, then use the alias to display the status of ports 4/1-4/5.
switch(config)#alias ss show interfaces ethernet %1 status
switch(config)#ss 4/1-4/5
Port
Name
Status
Vlan
Duplex Speed
Et4/1
connected
in Po1
full 10000
Et4/2
notconnect
in Po1
full 10000
Et4/3
notconnect
1
full 10000
Et4/4
notconnect
1
full 10000
Et4/5
notconnect
1
full 10000
112
29 September 2015
Type
10GBASE-SRL
10GBASE-SRL
10GBASE-SRL
10GBASE-SRL
10GBASE-SRL
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
bash
The bash command starts the Linux Bash shell. The Bash shell gives you access to the underlying Linux
operating system and system extensions.
To exit the Bash, type logout, exit, or Ctrl-D at the Bash prompt.
all
Command Mode
Privileged EXEC
Command Syntax
bash
Examples
•
This command starts the Bash shell.
switch#bash
Arista Networks EOS shell
[admin@switch ~]$
•
This command, executed within Bash, exits the Bash shell.
[admin@switch ~]$ logout
switch#
User Manual: Version 4.15.2F
29 September 2015
113
Command-Line Interface Commands
Chapter 3 Command-Line Interface
boot test memory
The boot test memory command enables the user to set the number of iterations for a boot memory test.
In order to ensure proper operation of the switch, software and hardware checks are run continuously
on and by the switch. By default the cryptographic libraries run tests to verify that they are operating
correctly, EOS software processes are continually monitored and hardware health is monitored for
proper functionality. Additionally, a check must be enabled for an in-kernel memory check of the Linux
subsystem.
The no boot test memory and default boot test memory commands revert to the default setting by
removing the corresponding boot test memory command from running-config.
all
Command Mode
Global Configuration
Command Syntax
boot test memory iterations
no boot test memory
default boot test memory
Parameters
•
iterations Specified number of times until a condition is met. Two iterations of the memory test are
the minimum for Common Criteria mode operation. Value ranges from 1 to 17.
Examples
•
This command enables two iterations of the memory test that are required for common criteria
mode operation.
switch(config)#boot test memory 2
switch(config)#
114
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
comment (various configuration modes)
The comment command adds a comment for the active configuration mode to running-config.
Comments cannot be modified, but can be replaced by entering the comment command again and
entering new text. To append to an existing comment, enter ! followed by additional comment text. To
display comments, use the comment option of the show (various configuration modes) command.
The no comment and default comment commands remove the comment from running-config.
Comments cannot be added to the global configuration mode through the EOS..
all
Command Mode
All configuration modes except Global Configuration
Command Syntax
comment comment_text EOF
no comment
default comment
! comment_text
Parameters
•
comment_text To create a comment, enter a message when prompted. The message may span
multiple lines.
•
EOF To append to an existing comment, enter ! followed by additional comment text. To end
comment editing, type EOF on its own line (case sensitive) and press enter.
Example
•
This command adds a comment to the active configuration mode.
switch(config-sg-radius-RAD-SV1)#comment
Enter TEXT message. Type 'EOF' on its own line to end.
Consult Thomas Morton before making changes to the RADIUS configuration.
EOF
switch(config-sg-radius-RAD-SV1)#
•
This command appends a line to the comment for the active configuration mode.
switch(config-sg-radius-RAD-SV1)#! x3452
switch(config-sg-radius-RAD-SV1)#
User Manual: Version 4.15.2F
29 September 2015
115
Command-Line Interface Commands
Chapter 3 Command-Line Interface
configure (configure terminal)
The configure command places the switch in Global Configuration mode to configure features that
affect the entire system. This mode also provides access to Interface Configuration mode and
protocol-specific modes. The command may also be entered as configure terminal.
The configure network command refers the user to Arista’s copy <url> running-config command for
configuring the switch from a local file or network location.
all
Command Mode
Privileged EXEC
Command Syntax
configure
configure terminal
Example
•
These commands place the switch in Global Configuration mode.
switch>enable
switch#configure
switch(config)#
116
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
configure network
The configure network command refers the user to Arista’s copy <url> running-config command for
configuring the switch from a local file or network location.
all
Command Mode
Privileged EXEC
Command Syntax
configure network
Example
•
This is the output of the configure network command.
switch#configure network
%% Please use copy <url> running-config
switch#
User Manual: Version 4.15.2F
29 September 2015
117
Command-Line Interface Commands
Chapter 3 Command-Line Interface
copy running-config
The current operating configuration of the switch is stored in a virtual file called running-config. The
copy running-config command saves the contents of the running-config virtual file to a new location.
all
Command Mode
Privileged EXEC
Command Syntax
copy running-config DESTINATION
Parameters
•
DESTINATION
destination for the contents of the running-config file. Values include:
— startup-config
the configuration file that the switch loads when it boots.
The copy running-config startup-config and write commands are equivalent.
— file:
— flash:
— url
a file in the switch file directory.
a file in flash memory.
any valid URL.
The copy running-config url and write network url commands are equivalent.
Examples
•
This command copies running-config to the startup-config file.
switch#copy running-config startup-config
switch#
•
This command copies running-config to a file called rc20110617 in the dev subdirectory of the switch
directory.
switch#copy running-config file:dev/rc20110617
switch#
118
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
daemon
The daemon command accesses daemon configuration mode for adding or removing external daemons
and scripts, which are then managed by ProcMgr.
The no daemon and default daemon commands delete the deamon by removing the corresponding
daemon command from running-config.
all
Command Mode
Global Configuration
Command Syntax
daemon daemon_name
no daemon daemon_name
default daemon daemon_name
Parameters
•
daemon_name
label that references the daemon configuration mode.
Examples
•
These commands enters daemon configuration mode and initiates the daemon script.
switch(config)#daemon process1
switch(config-daemon-process1)#command process-script -i -m
switch(config-daemon-process1)#
User Manual: Version 4.15.2F
29 September 2015
119
Command-Line Interface Commands
Chapter 3 Command-Line Interface
delay
The delay command specifies the time in seconds the system will delay between a triggering event and
the execution of an event handler action. The default delay is 20 seconds.
all
Command Mode
Event-Handler Configuration
Command Syntax
delay seconds
Parameters
•
seconds
number of seconds to delay before executing the action. The default is 20.
Example
•
This command configures the event handler Eth5 to delay 10 seconds before executing.
switch(config-handler-Eth5)#delay 10
switch(config-handler-Eth5)#
120
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
dir
The dir command displays a list of files on a file system.
all
Command Mode
Privileged EXEC
Command Syntax
dir [SCOPE][FILE TYPE]
Parameters
•
SCOPE
the files to display. Options include
— <no parameter> lists normal files in current directory.
— /all list all files, including hidden files
— /recursive list files recusively
•
FILE TYPE
The options include:
— <no parameter> lists undeleted files
— all_filesystems list files on all filesystems including deleted files, undeleted files, and files
with errors
— extensions directory or file name
— file directory or file name
— flash directory or file name
— supervisor-peer directory or file name
— system directory or file name
— usb1 directory or file name
Example
•
This command displays the flash directory.
switch# dir flash:
Directory of flash:/
-rwx
-rwx
-rwx
-rwx
-rwx
-rwx
-rwx
drwx
-rwx
drwx
drwx
-rwx
293409892
221274543
271453650
135168
26
8570
5642
4096
12
4096
4096
5970
Oct 23
Sep 6
Sep 4
Dec 31
Oct 23
Sep 10
Sep 20
Oct 23
Oct 23
Oct 23
Sep 6
Oct 23
08:55
13:37
19:13
1979
13:51
12:22
10:35
13:59
13:56
14:59
14:50
13:53
EOS-4.11.0.swi
EOS-4.7.5.swi
EOS_4.10.1-SSO.swi
FSCK0000.REC
boot-config
cfg_sso_mst
config.reset
debug
kernel-params
persist
schedule
startup-config
switch#
User Manual: Version 4.15.2F
29 September 2015
121
Command-Line Interface Commands
Chapter 3 Command-Line Interface
disable
The disable command exchanges the session’s current command mode with the specified privilege
level.
all
Command Mode
Privileged EXEC
Command Syntax
disable [PRIVILEGE_LEVEL]
Parameters
•
PRIVILEGE_LEVEL Session’s new privilege level. Value ranges from 0 to 15. Levels 2 through 15
place the switch in Privileged EXEC mode. Values of 0 or 1 leave the switch in EXEC mode.
— <no parameter> Session is assigned default level of 1.
— <0 to 15> Specifies session level.
Restrictions
New privilege level must be less than the session’s current level.
Examples
•
This command exits Privileged EXEC mode level of 15 to enter EXEC mode level 1.
switch# disable
switch>
122
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
enable
The enable command places the switch in Privileged EXEC mode. If an enable password is set, the CLI
displays a password prompt when a user enters the enable command. If the user enters an incorrect
password three times, the CLI displays the EXEC mode prompt.
To set a local enable password, use the enable secret command.
all
Command Mode
EXEC
Command Syntax
enable [PRIVILEGE_LEVEL]
Parameters
•
PRIVILEGE_LEVEL Session’s privilege level. Values range from 0 to 15. Values of 0 or 1 places the
switch in EXEC mode. Any level above 1 leaves the switch in Privileged EXEC mode.
— <no parameter> Session is assigned default level of 15.
— <0 to 15> Specifies session level.
Example
•
This command places the switch in Privileged EXEC mode with the default privilege level of 15.
switch>enable
switch#
User Manual: Version 4.15.2F
29 September 2015
123
Command-Line Interface Commands
Chapter 3 Command-Line Interface
end
The end command exits to Privileged Exec mode from any Configuration mode. If the switch is in a
group-change mode (such as ACL-Configuration mode or MST-Configuration mode), the end
command also saves all pending changes made in that mode to running-config.
all
Command Mode
all configuration modes
Command Syntax
end
Example
•
This command exits to Privileged Exec mode.
switch(config-if-Et25)#end
switch#
124
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
entropy source hardware
The entropy source hardware command specifies that the switch must use its hardware-based random
number generator from a physical process.
Entropy is a measure of randomness in a system. An entropy source is a device that gathers quantum
randomness from a physical system.
The no entropy source hardware and default entropy source hardware commands disable the
hardware-based random number generator.
all
Command Mode
Mgmt-security Configuration
Command Syntax
memory source hardware
no memory source hardware
default memory source hardware
Examples
•
This command enables the hardware random number generator.
switch(config)#management security
switch(config-mgmt-security)#entropy source hardware
•
Use the following command to verify that entropy generation is enabled.
switch#show management security
CPU Version: 03.02
Hardware Version: 04.00
Security Chip Version: R5H30211
Hardware Entropy Generation is enabled
User Manual: Version 4.15.2F
29 September 2015
125
Command-Line Interface Commands
Chapter 3 Command-Line Interface
event-handler
An event handler executes a Linux Bash shell command in response to a specific system event. An event
handler consists of a Bash command, a trigger and a delay; when the trigger event occurs, the action is
scheduled to run after delay seconds.
The event-handler command places the switch in event-handler configuration mode for the specified
event handler. If the named event handler does not already exist, this command creates it.
Event-handler configuration mode is a group change mode that configures event handlers.
Changes made in a group change mode are saved by leaving the mode through the exit command or
by entering another configuration mode.
These commands are available in event-handler configuration mode:
•
•
•
action bash
delay
trigger
The no event-handler and default event-handler commands delete the specified event handler by
removing it from running config.
all
Command Mode
Global Configuration
Command Syntax
event-handler name
no event-handler name
default event-handler name
Parameters
•
name name of the event handler to be configured. If the named event handler does not already
exist, this command will create it.
Example
•
This command places the switch in event-handler configuration mode for an event handler called
“Eth_5”.
switch(config)#event-handler Eth_5
switch(config-handler-Eth_5)#
126
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
exit
The exit command places the switch in the parent of the command mode from which the exit command
was entered.
•
When used in Global configuration, the switch enters Privileged EXEC mode.
•
When used in EXEC or Privileged EXEC mode, the exit command terminates the user session.
•
When the command is used in a group-change mode (such as ACL-Configuration mode or
MST-Configuration mode), the exit command also applies all pending changes made in that mode.
all
Command Mode
all
Command Syntax
exit
Example
•
This command exits Global Configuration mode to Privileged EXEC mode.
switch(config)#exit
switch#
•
This command terminates the user session.
switch#exit
User Manual: Version 4.15.2F
29 September 2015
127
Command-Line Interface Commands
Chapter 3 Command-Line Interface
fips restrictions (SSH Management)
The fips restrictions command enables the switch to use FIPS-validated encryption algorithms to fulfill
Common Criteria requirements.
The no fips restrictions and default fips restrictions commands restore default behavior by removing
the fips restrictions statement from running-config.
all
Command Mode
Mgmt-ssh Configuration
Command Syntax
fips restrictions
no fips restrictions
default fips restrictions
Examples
•
These commands configure the switch to use FIPS-validated encryption algorithms to fulfill the
Common Criteria requirements.
switch(config)#management ssh
switch(config-mgmt-ssh)#fips restrictions
128
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
hostkey client strict-checking (SSH Management)
The hostkey client strict-checking command specifies how host keys are checked during the
connection and authentication phase. By default strict host key checking is disabled. When disabled the
SSH client verifies the incoming host key against the keys in the known hosts list. If the host key does
not match an existing known host entry for the remote server, the connection is rejected. If the known
host list does not contain a host key for the for the remote server, the SSH client automatically accepts
the host and adds its host key to the known host list.
When strict host key checking is enabled, the SSH client connects only to known hosts with valid SSH
host keys that are stored in the known hosts list. Host keys not listed in the known host list are rejected.
The no hostkey client strict-checking and default hostkey client strict-checking commands revert to
its default by removing the corresponding hostkey client strict-checking command from
running-config.
all
Command Mode
Mgmt-ssh Configuration
Command Syntax
hostkey client strict-checking
no hostkey client strict-checking
default hostkey client strict-checking
Examples
•
These commands specify how host keys are checked during the connection and authentication
phase.
switch(config)#management ssh
switch(config-mgmt-ssh)# hostkey client strict-checking
User Manual: Version 4.15.2F
29 September 2015
129
Command-Line Interface Commands
Chapter 3 Command-Line Interface
ip ftp client source-interface
By default, the FTP (File Transfer Protocol) source IP address is selected by the switch (the IP address of
the source interface if one is assigned). The ip ftp client source-interface command allows the user to
override the default FTP source address.
The ip ftp client source-interface and ip ftp source-interface commands are functionally equivalent. In
each case, ip ftp client source-interface is stored in running-config
The no ip ftp client source-interface and default ip ftp client source-interface commands restore
default behavior by removing the ip ftp client source-interface statement from running-config.
all
Command Mode
Global Configuration
Command Syntax
ip ftp [client] source-interface INTERFACE
no ip ftp [client] source-interface
default ip ftp [client] source-interface
Parameters
•
client
•
INTERFACE Interface providing the IP address. Options include:
—
—
—
—
—
Parameter has no functional effect.
ethernet e_num Ethernet interface specified by e_num.
loopback l_num Loopback interface specified by l_num.
management m_num Management interface specified by m_num.
port-channel p_num Port-channel interface specified by p_num.
vlan v_num VLAN interface specified by v_num.
Examples
•
These commands configure the 10.10.121.15 as the source IP address the switch uses when
communicating with FTP servers.
switch(config)#interface ethernet 17
switch(config-if-Et17)#ip address 10.10.121.15/24
! IP configuration will be ignored while interface Ethernet17 is not a routed port.
switch(config-if-Et17)#ip ftp client source-interface ethernet 17
switch(config-if-Et17)#
130
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
ip http client source-interface
The ip http client source-interface command specifies the source IP address for hypertext transfer
protocol (HTTP) connections. By default, the source IP address is selected by the switch when this
command is not configured or when the specified interface is not assigned an IP address.
The no ip http client source-interface and default ip http client source-interface commands restore
default behavior by removing the ip http client source-interface statement from running-config.
all
Command Mode
Global Configuration
Command Syntax
ip http client source-interface INTERFACE
no ip http client source-interface
default ip http client source-interface
Parameters
•
INTERFACE Interface providing the IP address. Options include:
—
—
—
—
—
ethernet e_num Ethernet interface specified by e_num.
loopback l_num Loopback interface specified by l_num.
management m_num Management interface specified by m_num.
port-channel p_num Port-channel interface specified by p_num.
vlan v_num VLAN interface specified by v_num.
Examples
•
These commands configure the 10.15.17.9 as the source IP address the switch uses when
communicating with http servers.
switch(config)#interface vlan 10
switch(config-if-Vl10)#ip address 10.15.17.9/24
switch(config-if-Vl10)#ip http client source-interface vlan 10
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
131
Command-Line Interface Commands
Chapter 3 Command-Line Interface
ip ssh client source-interface
The ip ssh client source-interface command specifies the source IP address for secure shell (SSH)
connections. By default, the source IP address is selected by the switch when this command is not
configured or when the specified interface is not assigned an IP address.
The ip ssh client source-interface and ip ssh source-interface commands are functionally equivalent.
In each case, ip ssh client source-interface is stored in running-config
The no ip ssh client source-interface and default ip ssh client source-interface commands restore
default behavior by removing the ip ssh client source-interface statement from running-config.
all
Command Mode
Global Configuration
Command Syntax
ip ssh [client] source-interface INTERFACE
no ip ssh [client] source-interface
default ip ssh [client] source-interface
Parameters
•
client
•
INTERFACE Interface providing the IP address. Options include:
—
—
—
—
—
Parameter has no functional effect.
ethernet e_num Ethernet interface specified by e_num.
loopback l_num Loopback interface specified by l_num.
management m_num Management interface specified by m_num.
port-channel p_num Port-channel interface specified by p_num.
vlan v_num VLAN interface specified by v_num.
Examples
•
These commands configure the 10.17.17.9 as the source IP address the switch uses when
communicating with ssh servers.
switch(config)#interface vlan 10
switch(config-if-Vl10)#ip address 10.15.17.9/24
switch(config-if-Vl10)#ip ssh client source-interface vlan 10
switch(config)#
132
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
ip tftp client source-interface
The ip tftp client source-interface command specifies the source IP address for Trivial File Transfer
Protocol (TFTP) connections. By default, the source IP address is selected by the switch when this
command is not configured or when the specified interface is not assigned an IP address.
The ip tftp client source-interface and ip tftp source-interface commands are functionally equivalent.
In each case, ip tftp client source-interface is stored in running-config
The no ip tftp client source-interface and default ip tftp client source-interface commands restore
default behavior by removing the ip tftp client source-interface statement from running-config.
all
Command Mode
Global Configuration
Command Syntax
ip tftp [client] source-interface INTERFACE
no ip tftp [client] source-interface
default ip tftp [client] source-interface
Parameters
•
client
•
INTERFACE Interface providing the IP address. Options include:
—
—
—
—
—
Parameter has no functional effect.
ethernet e_num Ethernet interface specified by e_num.
loopback l_num Loopback interface specified by l_num.
management m_num Management interface specified by m_num.
port-channel p_num Port-channel interface specified by p_num.
vlan v_num VLAN interface specified by v_num.
Examples
•
These commands configure the 10.15.17.9 as the source IP address the switch uses when
communicating with tftp servers.
switch(config)#interface vlan 10
switch(config-if-Vl10)#ip address 10.15.17.9/24
switch(config-if-Vl10)#ip tftp client source-interface vlan 10
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
133
Command-Line Interface Commands
Chapter 3 Command-Line Interface
known-hosts (SSH Management)
The known-hosts command configures the MD5 fingerprint of the SSH server’s host key. The local SSH
client uses this fingerprint to authenticate the server, which should return a matching fingerprint.
Note: the fingerprint must be re-entered after a system reboot.
The no known-hosts and default known-hosts commands revert the specified list configuration to its
default by removing the corresponding known-hosts command from running-config. By default, there
is no fingerprint configured and the SSH server will not be authenticated.
all
Command Mode
Mgmt-ssh Configuration
Command Syntax
known-hosts SERVER ALGRORITHM key_string
no known-hosts
default known-hosts
Parameters
•
SERVER
Location of SSH server. Options include:
— ip_address IP address of the SSH server
— hostname Hostname of the SSH server
•
ALGORITHM connection type of sessions for which authentication list is used
— dsa
— rsa
•
Fingerprint was created using DSA (Digital Signature Algorithm).
Fingerprint was created using RSA encryption.
key_string MD5 fingerprint string (Base-64).
Examples
•
This command configures an entry for a server called “tacplus” that is connected to by an SSH
tunnel:
switch(config-mgmt-ssh)#known-hosts tacplus rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDxBBRbatWBM7ubC7TQMECNcHVqxhTEo4kRl
8cbw8dAtVUtQUlhBJJBRul8cqTv6lVnw7Rl5+05kuROGHDVNx3mbXwnyWBVhgorw7
RvNEwW46SW280XaD1NcCCJM42sJk+xO6qAIRj3L7WhobDU05HR9JrrmKZcBxR5VTK
L0a7zOOM2NrVOi/Uf6fJ1m0NktxDlJQJnoqdxupc5fkxqOdAURLtuP5H+pRyPEXrB
zTk1O07EaNG6ZhMgTBjxISSNKR48dM0WRXjc+6loVpAqDvdkDa4kDmsRb9QRuzNpI
XYrhzOQXf+nDIbdrVta77oPuwwb3M35OStFFaUB4/nilCs3
switch(config-mgmt-ssh)#
134
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
local (SSH Management-Tunnel)
The local command specifies the local binding on the switch for an SSH Tunnel.
The no local and default local commands remove the local command from the configuration.
all
Command Mode
Mgmt-SSH-Tunnel
Command Syntax
local port port_number
no local
default local
Parameters
•
port_number
port number. Value ranges from 1 to 32767.
Example
•
This command enables a tunnel named “test”. This tunnel will bind to local port 49 on the switch.
switch(config)#management ssh
switch(config-mgmt-ssh)#
switch(config-mgmt-ssh)#tunnel test
switch(config-mgmt-ssh-tunnel-Test)#local port 49
User Manual: Version 4.15.2F
29 September 2015
135
Command-Line Interface Commands
Chapter 3 Command-Line Interface
logging host
The logging host command specifies a remote host to receive syslog messages generated by the switch.
Running-config can contain multiple logging host statements.
A Common Criteria compliant switch must connect to a syslog audit server to record syslog messages
generated. The syslog server being connected to must implement RFC 5424 to be considered capable of
using the syslog protocol.
The default port for syslog is 514. The host must be localhost and the protocol TCP for SSH Tunneling.
The no logging host and default logging host commands clear the specified method list by removing
the corresponding logging host command from running-config.
all
Command Mode
Global Configuration
Command Syntax
logging [VRF_INSTANCE] host syslog_host [PORT] [PROT_TYPE]
no logging [VRF_INSTANCE] host syslog_host
default logging [VRF_INSTANCE] host syslog_host
Parameters
•
VRF_INSTANCE
specifies the VRF instance being modified.
— <no parameter> changes are made to the default VRF.
— vrf vrf_name changes are made to the specified user-defined VRF.
•
syslog_host
•
PORT
remote syslog server location. Valid formats include hostname or IPv4 address.
Remote syslog server port that handles syslog traffic. Options include:
— <no parameter> Default port number 514.
— <1 to 65535> Port number.
•
PROT_TYPE
Specifies the transport protocol for packets. Options include:
— <no parameter> Packets transported by User Datagram Protocol (UDP).
— protocol tcp Packets transported by TCP.
— protocol udp Packets transported by User Datagram Protocol (UDP).
Examples
•
This command logs system messages to a host with an IP address of 172.1.1.63.
switch(config)#logging host 172.1.1.63
switch(config)#
•
A Common Criteria compliant switch must connect to a syslog audit server to record syslog
messages generated. The syslog server on the switch should be configured as follows:
switch(config)#logging
switch(config)#logging
switch(config)#logging
switch(config)#logging
switch(config)#
136
host
trap
trap
trap
localhost protocol tcp
informational
system tag ntpd contain clock_step
system tag sshd
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
logging source-interface
The logging source-interface command specifies a local interface as the source for UDP packets sent to
a syslog server (a process known as “source spoofing”).
Important Source spoofing cannot be used with TCP, and is therefore incompatible with all TCP syslog usage
including Common Criteria remote logging.
The no logging source-interface and default logging source-interface commands restore the default
source address for syslog packets by removing the corresponding logging source-interface command
from running-config.
all
Command Mode
Global Configuration
Command Syntax
logging source-interface INTERFACE
no logging source-interface
default logging source-interface
Parameters
•
INTERFACE Interface providing the source address of outgoing UDP packets sent to the logging
server. Values include:
—
—
—
—
—
ethernet interface Ethernet interface specified by interface.
loopback interface Loopback interface specified by interface.
management interface Management interface specified by interface.
port-channel interface Port-channel interface specified by interface.
vlan interface VLAN interface specified by interface.
Related Commands
•
The logging host command specifies the transport protocol used to communicate with the remote
syslog server. Source spoofing is only supported when communicating with the syslog server using
UDP; to use source spoofing, use the logging host command to specify UDP as the transport
protocol.
Example
•
These commands configure packets sent to a syslog server at 198.l62.3.5 to use the IP address of
Ethernet port 5 as their source address.
switch(config)#logging host 198.162.3.5 protocol udp
switch(config)#logging source-interface ethernet 5
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
137
Command-Line Interface Commands
Chapter 3 Command-Line Interface
logging trap system
The logging trap system command configures remote logging of system messages. Specifying a severity
level logs only those messages with a severity at or above that level to the remote server. To configure
the IP address of the remote syslog server, use the logging host command; to enable logging, use the
logging on command.
The no logging trap system and default logging trap system commands restore remote logging defaults
by removing the corresponding logging trap system command from running-config.
all
Command Mode
Global Configuration
Command Syntax
logging trap system [FACILITY] [SEVERITY] [PROGRAM] [TEXT]
no logging trap system [FACILITY] [SEVERITY] [PROGRAM] [TEXT]
default logging trap system [FACILITY] [SEVERITY] [PROGRAM] [TEXT]
The TEXT parameter, when present, is always last. All other parameters can be placed in any
order.
Parameters
•
FACILITY
Defines the appropriate facility.
— <no parameter> Specifies default facility.
— facility <facility-name> Specifies named facility.
•
SEVERITY
Specifies minimum severity level to be logged. Options include:
— <no parameter>
— severity <level>
Specifies default severity level.
Minimum severity level for remote logging.
Valid level options include:
 0 or emergencies System is unusable
 1 or alerts Immediate action needed
 2 or critical Critical conditions
 3 or errors Error conditions
 4 or warnings Warning conditions
 5 or notifications Normal but significant conditions
 6 or informational Informational messages
 7 or debugging Debugging messages
•
PROGRAM
Filters packets based on program name. Options include:
— <no parameter>
— tag program-name
•
TEXT
All tags or program names.
Specific tag or program name.
Specifies log message text. Options include:
— <no parameter> Specify text contained in log message.
— contain reg-expression Specify text contained in log message.
Examples
•
This command enables the logging of system informational messages to a remote server.
switch(config)#logging trap informational
switch(config)#
138
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
log-level (SSH Management)
The log-level command configures the verbosity level that is used when logging messages from SSH.
The no log-level and default log-level commands revert the verbosity level to its default by removing
the corresponding log-level command from running-config.
all
Command Mode
Mgmt-ssh Configuration
Command Syntax
log-level MESSAGE_LEVEL
no log-level
default log-level
Parameters
•
MESSAGE_LEVEL Specifies level of detail in debug messages. The higher the number, the more
detail that is logged. Higher levels include all lower levels.
—
—
—
—
—
—
—
—
—
debug production logging levels
debug1 informational logging levels
debug2 higher logging levels
debug3 extended higher logging levels
error non-fatal errors
fatal severe errors likely to terminate SSH
info informational messages
quiet only fatal errors
verbose debugging messages about the progress of SSH
Examples
•
This command configures the switch to log SSH messages of level “error.”
switch(config)#management ssh
switch(config-mgmt-ssh)#log-level error
switch(config-mgmt-ssh)#
User Manual: Version 4.15.2F
29 September 2015
139
Command-Line Interface Commands
Chapter 3 Command-Line Interface
management security
The management security command places the switch in mgmt-security configuration mode.
The no management security and default management security commands delete all mgmt-security
configuration mode statements from running-config.
Mgmt-security configuration mode is not a group change mode; running-config is changed immediately
upon entering commands. Exiting mgmt-security configuration mode does not affect running-config.
The exit command returns the switch to global configuration mode.
all
Command Mode
Global Configuration
Command Syntax
management security
no management security
default management security
Example
•
This command places the switch in mgmt-security configuration mode:
switch(config)#management security
switch(config-mgmt-security)#
•
This command returns the switch to global management mode:
switch(config-mgmt-security)#exit
switch(config)#
140
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
platform sand fabric mode (7500 and 7500E Series)
The platform sand fabric mode command specifies the fabric mode under which the switch operates
after the next system reload. The command has no operational effect until the switch reloads.
The fabric mode determines the modular switch’s fabric performance capabilities and must be
compatibile with the installed fabric modules. Fabric mode settings include:
•
•
fe600: Supports first-generation fabric modules.
fe1600: Supports E-Series fabric modules.
Important Switches that reload in petraA forwarding compatibility mode (platform sand forwarding mode (7500
and 7500E Series)) also reload in fe600 fabric mode regardless of the presence of a platform sand fabric
mode statement in running-config.
The switch’s fabric mode setting must match the capabilities of its installed fabric modules. Reloading
the switch in a different mode may be required after exchanging fabric modules for a different module
type. The show module command displays the fabric modules in the switch.
Each fabric module is categorized as first-generation or E-Series:
•
First-generation fabric modules support all basic switch functions.
•
E-Series fabric modules support faster fabric link speeds, greater internal table capacities, and
advanced encoding formatting.
E-series fabric modules can operate in fe600 mode, but are limited to first-generation fabric performance.
First-generation modules cannot operate in fe1600 mode. Switches containing both types of modules
must be set to fe600 mode. Best practice is to avoid switch configurations with mixed fabric modules.
When a switch reloads, fabric mode is determined by the following (in order of precedence):
1.
Switches reloading in petraA forwarding compability mode also reload in fe600 fabric mode .
2.
As specified by the platform sand fabric mode statement in running-config.
3.
The first fabric module that becomes operational as the switch reloads.
In switches with a homogeneous module set, the fabric mode matches its fabric modules. Switches
with a mixed set of modules are typically reloaded in fe600 mode because first generation modules
are usually operational before E-Series modules. However, the fabric mode in mixed module
switches that are reloading cannot be guaranteed in the absence of the first two conditions.
The no platform sand fabric mode and default platform sand fabric mode commands remove the
platform sand fabric mode command from running-config.
Petra, Arad (7500 and 7500E series)
Command Mode
Global Configuration
Command Syntax
platform sand fabric mode [MODE_SETTING]
no platform sand fabric mode
default platform sand fabric mode
Parameters
•
MODE_SETTING
Specifies the switch’s fabric mode. Options include:
— fe16000 E-Series fabric mode.
— fe600 First-generation fabric mode.
User Manual: Version 4.15.2F
29 September 2015
141
Command-Line Interface Commands
Chapter 3 Command-Line Interface
Examples
•
This command configures the switch to reload in fe1600 fabric mode to support E-series fabric
modules. After issuing this command, the switch should be reset only after exchanging all switch
fabric modules to E-series modules.
switch(config)#platform sand fabric mode fe1600
switch(config)#exit
switch#show platform sand compatibility
Configuration
Status
Forwarding mode
None
Arad
Fabric mode
Fe1600
Fe600
switch#
142
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
platform sand forwarding mode (7500 and 7500E Series)
The platform sand forwarding mode command specifies the forwarding compatibility mode under
which the switch operates after the next system reload. The command has no operational effect until
the switch reloads.
Forwarding compatibility mode specifies switch forwarding capabilities and configures performance
capacity of installed linecards. Forwarding compatibility modes settings include:
•
•
petraA: Supports first-generation fabric modules.
arad: Supports E-Series fabric modules.
Important Switches that reload in petraA forwarding compatibility mode also reload in fe600 fabric mode
regardless of the presence of a platform sand fabric mode (7500 and 7500E Series) statement in
running-config.
This command may be required after exchanging a linecard for a different module type or in switches
containing first-generation and E-series linecards. The show module command displays the linecard
modules in the switch.
Each modular switch linecard module is categorized as first-generation or E-Series:
•
First-generation linecards support all basic switch functions.
•
E-Series linecards support provide faster data processing, greater internal table capacities, and
advanced encoding formatting.
The forwarding compatibility mode determines the operational capacity of installed linecards. Table 3-2
lists the affect of the forwarding compatibility mode on all linecard module types.
Table 3-2
Linecard Module and Forwarding Mode Performance
Linecard Module Type
Forwarding
Software Mode
Linecard Operating Capacity
First-generation
petraA
Linecard performs at first-generation performance capacity.
First-generation
arad
Linecard is powered-down.
E-Series
petraA
Linecard performs at first-generation performance capacity.
E-Series
arad
Linecard performs at E-series performance capacity.
Important Linecards operate at E-Series performance capacities only on switches that contain E-Series fabric
modules and have a fabric mode seting of fe1600 fabric mode (platform sand fabric mode (7500 and
7500E Series)).
Without a platform sand forwarding mode command, forward compatibility mode is determined by
the first linecard that becomes operational after reloading the switch. In a switch that is reloaded with
a homogeneous module set, forwarding compatibility mode matches its linecards. Switches with a
mixed set of modules are typically reloaded in petraA mode because first generation modules are
usually operational before E-Series modules. However, forwarding compatibility mode in mixed
module switches that are reloading is not guaranteed without a platform sand forwarding mode
command.
The no platform sand forwarding mode and default platform sand forwarding mode commands
restore the platform sand forwarding mode command from running-config.
User Manual: Version 4.15.2F
29 September 2015
143
Command-Line Interface Commands
Chapter 3 Command-Line Interface
Petra, Arad (7500 and 7500E series)
Command Mode
Global Configuration
Command Syntax
platform sand forwarding mode [MODE_SETTING]
no platform sand forwarding mode
default platform sand forwarding mode
Parameters
•
MODE_SETTING
Specifies the switch’s software forwarding mode. Options include:
— arad the switch supports E-Series linecard capabilities.
— petraA the switch supports first-generation linecard capabilities.
Examples
•
This command changes the forwarding software mode to support E-series linecard modules. This
command should be run only after exchanging all linecards to E-series modules.
switch(config)#platform sand forwarding mode arad
switch(config)#
144
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
pwd
The pwd command displays the working directory.
all
Command Mode
Privileged EXEC
Command Syntax
pwd
Examples
•
This command shows that the working is Flash.
switch# pwd
flash:/
switch#
User Manual: Version 4.15.2F
29 September 2015
145
Command-Line Interface Commands
Chapter 3 Command-Line Interface
remote (SSH Management-Tunnel)
The remote command provides a SSH tunneling feature to transparently secure TCP connections to
remote servers. This feature can accept any TCP connection that goes to the CPU on the switch and
establish a standard SSH tunnel to a remote host. This has a twofold advantage:
•
TCP based services do not need to perform any encryption within their own protocol.
•
The connection is secure against replay attacks, manipulation and eavesdropping via SSHv2
Common Criteria compliant encryption.
In order to support this the server the switch will connect on will need to support the following:
•
The SSH Server will need to have TCP forwarding allowed for the user account the SSH Tunnel will
connect to. On OpenSSH?fs sshd implementation this is the “AllowTcpForwarding” option.
•
Public key login for users. The SSH Tunneling feature does not support password based login and
uses the switches SSH keys instead to perform authentication.
•
As an additional Common Criteria requirement the switch needs to know the hostkey it is
connecting to in advance to prevent attacks where the connection is intercepted. To do this, enter
the hostkey in either the management ssh mode for the main vrf or a vrf submodE.
The no remote and default remote commands remove the remote command from the configuration.
all
Command Mode
Mgmt-SSH-Tunnel
Command Syntax
remote host_addr host_port
no remote
default remote
Parameters
•
host_addr
IP address or host name.
•
host_port
port number. Value ranges from 1 to 32767.
Example
•
The following commands will configure and enable a tunnel named “bar”. This tunnel will bind to
local port 49 on the switch. The tunnel will then connect to a server named “tacplus” with a SSH
server listening on the standard port 22. The user account on tacplus that the tunnel connects to will
be called “authuser”. From that connection the tunnel will bind to port 49 on the tacplus server.
switch(config-mgmt-ssh)#tunnel bar
switch(config-mgmt-ssh-tunnel-bar)#local port 49
switch(config-mgmt-ssh-tunnel-bar)#ssh-server tacplus user authuser port 22
switch(config-mgmt-ssh-tunnel-bar)#remote host localhost port 49
146
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
schedule
The schedule command facilitates the periodic execution of a specified CLI command. Command
parameters configure the start time of periodic execution, the interval between consecutive execution
instances, and the maximum number of files that can be created. By default, periodic execution of the
following show tech-support command is enabled:
schedule tech-support interval 60 max-log-files 100 command show tech-support
Text that the CLI normally displays as a result of executing the scheduled command through the CLI is
stored in log files at flash:/schedule/<sched_name>. Empty log files are created for commands that do
not generate CLI text.
The no schedule and default schedule commands disable execution of the specified command by
removing the corresponding schedule statement from running-config.
all
Command Mode
Global Configuration
Command Syntax
schedule sched_name interval PERIOD max-log-files num_files command cli_name
no schedule sched_name
default schedule sched_name
Parameters
•
sched_name
•
PERIOD
include:
label associated with the scheduled command.
start time for execution and interval between consecutive execution instances. Options
— at hh:mm:ss interval <1 to 1440> The command is executed at the next hh:mm:ss and
repeated every interval seconds.
— at hh:mm:ss once The command is executed at the next hh:mm:ss and not repeated.
— at hh:mm:ss mm/dd/yyyy interval <1 to 1440> The command is executed at hh:mm:ss on
mm/dd/yyyy and repeated every interval seconds.
— at hh:mm:ss mm/dd/yyyy once The command is executed at hh:mm:ss on mm/dd/yyyy and not
repeated.
— at hh:mm:ss yyyy-mm-dd interval <1 to 1440> The command is executed at hh:mm:ss on
yyyy-mm-dd and repeated every interval seconds.
— at hh:mm:ss yyyy-mm-dd once The command is executed at hh:mm:ss on yyyy-mm-dd and
not repeated.
— interval <1 to 1440> The command is executed immediately and repeated every interval
seconds.
— now interval <1 to 1440> The command is executed immediately and repeated every
interval seconds.
•
num_files
10000.
•
cli_name
maximum number of log files command generates for command output. Range is 1 to
name of the CLI command.
Guidelines
Log files created by the command are stored in the flash:/schedule/<sched_name>/ directory.
User Manual: Version 4.15.2F
29 September 2015
147
Command-Line Interface Commands
Chapter 3 Command-Line Interface
Examples
•
This command schedules the execution of a script file once every 12 hours, beginning at noon. The
log file option is set to the option minimum of one because the command does not generate output
to the CLI.
switch(config)#schedule ms_1 at 12:00:00 interval 720 max-log-files 1 command bash
/mnt/flash/myscript.sh
The show schedule summary command displays the commands that are scheduled for periodic
execution.
switch(config)#show schedule summary
Name
Last
Interval Max log
time
(mins)
files
---------------- ----- -------- -------tech-support
16:13
60
100
ms_1
16:28
720
1
•
Log file location
----------------flash:/schedule/tech-support
flash:/schedule/ms_1
This command stores running-config contents to a log file once each hour, beginning immediately,
and creating up to 24 log files.
switch(config)#schedule backup-test interval 60 max-log-files 24 command show
running-config
148
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
secret hash
The secret hash command enables the default hash function used for encrypting passwords.
The no secret hash and default secret hash commands reverts the default hash setting to its default
value of MD5 by deleting the secret hash command from running-config.
all
Command Mode
Mgmt-Defaults
Command Syntax
secret hash ENCRYPT_TYPE
no secret hash
default secret hash
Parameters
•
ENCRYPT_TYPE
encryption level of the password parameter. Settings include:
— md5 the password is entered as an MD5-encrypted string.
— sha512 the password is entered as an SHA-512-encrypted string.
Example
•
These commands enable SHA-512 as the default hash function used for encrypting passwords.
switch(config)# management defaults
switch(config-mgmt-defaults)# secret hash sha512
User Manual: Version 4.15.2F
29 September 2015
149
Command-Line Interface Commands
Chapter 3 Command-Line Interface
send log message
The send log message command allows the user to manually send a syslog message with an optional
severity level attribute. This feature is usually used for debugging purposes.
all
Command Mode
Privileged EXEC
Command Syntax
send log [CONDITION] message message_text
Parameters
•
CONDITION
The severity of level value. Options include:
— level condition_name









•
Severity level to be included in the message. Values include:
alerts Immediate action needed (severity level = 1)
critical Critical conditions (severity level = 2)
debugging Debugging messages (severity level = 7)
emergencies System is unusable (severity level = 0)
errors Error conditions (severity level = 3)
informational Informational messages (severity level = 6)
notifications Normal but significant conditions (severity level = 5)
warnings Warning conditions (severity level = 4)
<0 to 7> Severity level value
message_text
The description of the event log message.
Example
•
This command generates an alerts-level syslog message reading “test message from console.”
switch# send log level alerts message test message from console
switch# show logging alerts
Dec 23 16:52:56 switch Cli: %SYS-1-LOGMSG_ALERT: Message from admin on con0
(0.0.0.0): test message from console
switch#
150
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
server-alive count-max (SSH Management-Tunnel)
The server-alive count-max command sets the maximum number of server-alive messages that can be
lost before the server is declared dead. Note: These packets are sent inside the tunnel and have the same
properties of not being replayable or readable.
The no server-alive count-max and default server-alive count-max commands remove the server-alive
count-max command from running-config.
all
Command Mode
Mgmt-SSH-Tunnel
Command Syntax
server-alive count-max max_packet_lost
no server-alive count-max
default server-alive count-max
Parameters
•
max_packet_lost the maximum number of keep-alive messages that are sent to the Secure Shell
server. Value ranges from 1 to 1000; default value is 3.
Example
•
This command sets the rate to 600 keep-alive packets that can be lost before the connection is
declared dead.
switch(config)#management ssh
switch(config-mgmt-ssh-tunnel)test
switch(config-mgmt-ssh-tunnel-test)#server-alive count-max 10
switch(config-mgmt-ssh-tunnel-test)#
User Manual: Version 4.15.2F
29 September 2015
151
Command-Line Interface Commands
Chapter 3 Command-Line Interface
server-alive interval (SSH Management-Tunnel)
The server-alive interval command specifies an interval for sending keepalive messages to the Secure
Shell server. The time value is given in seconds.
The no server-alive interval and default server-alive interval commands remove the server-alive
interval command from running-config.
all
Command Mode
Mgmt-SSH-Tunnel
Command Syntax
server-alive interval keep_alive_period
no server-alive interval
default server-alive interval
Parameters
•
keep_alive_period
keepalive period (seconds). Value ranges from 1 to 1000. Default value is 10.
Example
•
These commands set the server-alive interval to 15 and the server-alive maximum count to 3. If the
server becomes unresponsive, SSH will disconnect after approximately 45 seconds.
switch(config)#management ssh
switch(config-mgmt-ssh-tunnel)test
switch(config-mgmt-ssh-tunnel-test)#server-alive count-max 3
switch(config-mgmt-ssh-tunnel-test)#server-alive interval 15
switch(config-mgmt-ssh-tunnel-test)#
152
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
show (various configuration modes)
The show command, when executed within a configuration mode, can display data in running-config
for the active configuration mode.
all
Command Mode
All configuration modes except Global Configuration
Command Syntax
show [DATA_TYPE]
Parameters
•
DATA_TYPE
—
—
—
—
Specifies display contents. Values include:
active Displays running-config settings for the configuration mode.
active all Displays running-config plus defaults for the configuration mode.
active all detail Displays running-config plus defaults for the configuration mode.
comment Displays comment entered for the configuration mode.
Related Commands
The show commands in ACL-configuration mode and MST-configuration mode include the active and
comment options along with additional mode-specific options.
Example
•
This command shows the server-group-TACACS+ configuration commands in running-config.
switch(config-sg-tacacs+-TAC-GR)#show active
server TAC-1
server 10.1.4.14
switch(config-sg-tacacs+-TAC-GR)#
User Manual: Version 4.15.2F
29 September 2015
153
Command-Line Interface Commands
Chapter 3 Command-Line Interface
show event-handler
The show event-handler command displays the contents and activation history of a specified event
handler or all event handlers.
all
Command Mode
Privileged EXEC
Command Syntax
show event-handler [handler_name]
Parameters
•
handler_name optional name of an event handler to display. If no parameter is entered, the
command displays information for all event handlers configured on the system.
Example
•
This command displays information about an event handler called “eth_5”.
switch#show event-handler eth_5
Event-handler eth_5
Trigger: onIntf Ethernet5 on operstatus delay 20 seconds
Action: /mnt/flash/myScript1
Last Trigger Activation Time: Never
Total Trigger Activations: 0
Last Action Time: Never
Total Actions: 0
switch#
154
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
show management ssh hostkey
The show management ssh hostkey command to display the public key authentication.
all
Command Mode
EXEC
Command Syntax
show management ssh hostkey ALGORITHM
Parameters
•
ALGORITHM the public key in a public/private keypair is used.
— dsa public the default authentication list. Note: It is a violation of Common Criteria policy to
use the DSA algorithm.
— rsa public the authentication list for SSH logins.
Example
•
After a switch is configured to a hardware source of entropy and FIPS algorithms, the RSA key pair
used on the switch for SSH access must be regenerated. Regeneration of the key will securely
zeroize the old key pair and generate a new one. This command regenerates the key pair.
switch#reset ssh hostkey rsa
This command displays the new public key.
switch#show management ssh hostkey rsa public
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwGXvEQ40NMSGpNqQ44mzFc6STteWp3FmAK+l9TJYsK9cr
ekmuwkar8ImLdgc9U/XQvkCZ4RiVQM3yJ+RP21S8azN90OTa2EReCgi2og0oUMGbjDlUFzwBnr5neeORd
OE1CDZ4d/9DwI5dCVcrQtnwL6TLO/aEPNBg/iL+maBKf00HgIoFow6xeFE1EigQBixrsyW3jau187oI+b
SAhzzHjKRT+3Wd4jT9OVc57EfH3dNmB2RPAvVqGv/x9nea1v+N2dlGk7jzpUjkx76p6LtZbNRZ/xZqFLb
awLfRK4fmnqS9eNJ/4iBkS9FSrglcbj2yP96YKAv5Zky4rp8yNrVgw==chassisAddr=00:1c:73:1b:c
1:e0
switch#
User Manual: Version 4.15.2F
29 September 2015
155
Command-Line Interface Commands
Chapter 3 Command-Line Interface
show module
The show module command displays information that identifies the supervisor, fabric, and linecard
modules in a modular switch, including model number, serial number, hardware version number,
software version (supervisors only), MAC address (supervisors and linecards), and operational status.
7500 Series, 7500E Series, 7300 Series
Command Mode
EXEC
Command Syntax
show module [MODULE_NAME]
Parameters
•
MODULE_NAME
—
—
—
—
—
—
Specifies modules for which data is displayed. Options include:
<no parameter> All modules (identical to all option).
fabric fab_num Specified fabric module. Number range varies with switch model.
linecard line_num Linecard module. Number range varies with switch model.
supervisor super_num Supervisor module. Number range varies with switch model.
mod_num Supervisor (1 to 2) or linecard (3 to 18) module.
all All modules.
Related Commands
•
show version displays model and serial numbers of modular system components.
Example
This command displays information about all installed modules on a DCS-7504 switch.
switch#show module
Module
Ports Card Type
--------- ----- -----------------------------------1
2
DCS-7500 Series Supervisor Module
2
1
Standby supervisor
3
48
48-port SFP+ 10GigE Linecard
4
48
48-port SFP+ 10GigE Linecard
5
48
48-port SFP+ 10GigE Linecard
6
48
48-port SFP+ 10GigE Linecard
Fabric1
0
DCS-7504 Fabric Module
Fabric2
0
DCS-7504 Fabric Module
Fabric3
0
DCS-7504 Fabric Module
Fabric4
0
DCS-7504 Fabric Module
Fabric5
0
DCS-7504 Fabric Module
Fabric6
0
DCS-7504 Fabric Module
Module
--------1
2
3
4
5
6
Fabric1
Fabric2
Fabric3
Fabric4
Fabric5
Fabric6
switch#
156
Model
--------------7500-SUP
Unknown
7548S-LC
7548S-LC
7548S-LC
7548S-LC
7504-FM
7504-FM
7504-FM
7504-FM
7504-FM
7504-FM
MAC addresses
Hw
Sw
-------------------------------------- ------- ------00:1c:23:03:06:ac - 00:1c:23:03:06:ac 07.06
4.12.1
4.12.1
00:1c:23:03:80:44 - 00:1c:23:03:80:73 06.00
00:1c:23:03:e4:34 - 00:1c:23:03:e4:63 07.10
00:1c:23:12:0b:3f - 00:1c:23:12:0b:6e 07.30
00:1c:23:12:b6:3f - 00:1c:23:12:b6:6e 08.00
05.03
05.03
05.02
05.02
05.02
05.02
29 September 2015
Serial No.
----------JSH11440327
Unknown
JSH10315938
JSH11665247
JSH11834614
JSH11060688
JSH11244430
JSH11892120
JSH11941115
JSH11661618
JSH11757555
JSH11847728
Status
------Active
Standby
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
•
Command-Line Interface Commands
This command displays information about all installed modules on a DCS-7304 switch.
switch#show module
Module
Ports Card Type
--------- ----- -----------------------------------1
3
Supervisor 7300X SSD
3
128
32 port 40GbE QSFP+ LC
4
64
48 port 10GbE SFP+ & 4 port QSFP+ LC
5
64
48 port 10GbE SFP+ & 4 port QSFP+ LC
6
64
48 port 10GbE SFP+ & 4 port QSFP+ LC
Fabric1
0
7304X Fabric Module
Fabric2
0
7304X Fabric Module
Fabric3
0
7304X Fabric Module
Fabric4
0
7304X Fabric Module
Module
--------1
3
4
5
6
Fabric1
Fabric2
Fabric3
Fabric4
switch#
User Manual: Version 4.15.2F
MAC addresses
-------------------------------------00:1c:73:36:4b:71 - 00:1c:73:36:4b:72
00:1c:73:58:d4:68 - 00:1c:73:58:d4:87
00:1c:73:36:05:61 - 00:1c:73:36:05:94
00:1c:73:36:0a:e1 - 00:1c:73:36:0b:14
00:1c:73:36:02:e1 - 00:1c:73:36:03:14
29 September 2015
Model
--------------DCS-7300-SUP-D
7300X-32Q-LC
7300X-64S-LC
7300X-64S-LC
7300X-64S-LC
7304X-FM
7304X-FM
7304X-FM
7304X-FM
Hw
Sw
------- ------01.01
4.13.3F
03.04
02.02
02.03
02.02
00.00
00.00
00.00
00.00
Serial No.
----------JAS13340024
JPE13440416
JAS13310113
JAS13340033
JAS13310103
JAS13320077
JAS13350043
JAS13350050
JAS13350056
Status
------Active
Ok
Ok
Ok
Ok
Ok
Ok
Ok
Ok
157
Command-Line Interface Commands
Chapter 3 Command-Line Interface
show platform sand compatibility
The show sand platform compatibility command displays the fabric and forwarding modes. These
modes determine switch forwarding capabilities and programs performance capacity of installed
linecards
sinformation that identifies the supervisor, fabric, and linecard modules in the modular switch,
including model number, serial number, hardware version number, software version (supervisors only),
MAC address (supervisors and linecards), and operational status.
Petra, Arad (7500 and 7500E series)
Command Mode
Privileged EXEC
Command Syntax
show platform sand compatibility
Related Commands
•
•
platform sand fabric mode (7500 and 7500E Series) specifes the fabric software mode.
platform sand forwarding mode (7500 and 7500E Series) specifes the forwarding software mode.
Example
•
This command indicates that the switch is in Fe600 fabric mode and PetraA forwarding mode.
switch#show platform sand compatibility
Configuration
Status
Forwarding mode
None
PetraA
Fabric mode
None
Fe600
switch#
158
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
show schedule
The show schedule command displays logging output on the terminal during the current terminal
session. This command affects only the local monitor. The no terminal monitor command disables direct
monitor display of logging output for the current terminal session.
all
Command Mode
Privileged EXEC
Command Syntax
show schedule schedule_name
Parameters
•
schedule_name
label associated with the scheduled command.
Example
•
This command displays logging to the local monitor during the current terminal session.
switch#show schedule tech-support
CLI command "show tech-support" is scheduled, interval is 60 minutes
Maximum of 100 log files will be stored
100 log files currently stored in flash:/schedule/tech-support
Start Time
------------------Jan 19 2011 00:00
Jan 19 2011 04:00
...
User Manual: Version 4.15.2F
Size
----14 kB
14 kB
Filename
-------tech-support_2011-01-19.0000.log.gz
tech-support_2011-01-19.0100.log.gz
29 September 2015
159
Command-Line Interface Commands
Chapter 3 Command-Line Interface
show schedule summary
The show schedule summary command displays the list of active scheduled commands.
all
Command Mode
Privileged EXEC
Command Syntax
show schedule summary
Example
•
This command displays the list of active scheduled commands.
switch#show schedule summary
Name
Last
Interval
time
(mins)
------------- ------ ------tech-support
00:00
60
Et45-counters 00:05
5
Memfree
00:10
10
160
Max log
files
-------100
100
100
29 September 2015
Log file location
---------------------------------flash:/schedule/tech-support
flash:/schedule/Et45-counters
flash:/schedule/Memfree
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
show version
The show version command displays information that identifies the switch, including its model
number, serial number, and system MAC address. The command also provides hardware and software
manufacturing information, along with the available memory and elapsed time from the most recent
reload procedure.
all
Command Mode
EXEC
Command Syntax
show version [INFO_LEVEL]
Parameters
•
INFO_LEVEL
Specifies information the command displays. Options include
— <no parameter> Model and serial numbers, manufacturing data, uptime, and memory.
— detail Data listed <no parameter> option plus version numbers of internal components.
Related Commands
•
show module displays model and serial numbers of modular system components.
Examples
•
This command displays the switch’s model number, serial number, hardware and software
manufacturing information, uptime, and memory capacity,
switch>show version
Arista DCS-7150S-64-CL-F
Hardware version:
01.01
Serial number:
JPE13120819
System MAC address: 001c.7326.fd0c
Software image version: 4.13.2F
Architecture:
i386
Internal build version: 4.13.2F-1649184.4132F.2
Internal build ID:
eeb3c212-b4bd-4c19-ba34-1b0aa36e43f1
Uptime:
Total memory:
Free memory:
1 hour and 36 minutes
4017088 kB
1473280 kB
switch>
User Manual: Version 4.15.2F
29 September 2015
161
Command-Line Interface Commands
Chapter 3 Command-Line Interface
shutdown (SSH Management-Tunnel)
The shutdown command, in Mgmt-SSH-Tunnel mode, disables or enables management SSH on the
switch. Management SSH is disabled by default.
The no shutdown command, in Mgmt-SSH-Tunnel mode, re-enables the management SSH access.
The default shutdown command, in Mgmt-SSH-Tunnel mode, disables the management SSH access
and removes the corresponding no shutdown command from the from running-config.
all
Command Mode
Mgmt-SSH-Tunnel
Command Syntax
shutdown
no shutdown
default shutdown
Example
•
These commands disables the SSH management access.
switch(config)#management ssh
switch(config-mgmt-ssh)# shutdown
switch(config-mgmt-ssh)#
•
These commands enables the SSH management access.
switch(config)#management ssh
switch(config-mgmt-ssh)# no shutdown
switch(config-mgmt-ssh)#
162
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
ssh
The ssh command establishes an SSH connection to an IPv4 server and optionally specifies additional
parameters for the connection.
all
Command Mode
EXEC
Command Syntax
ssh [VRF_INST] [CIPHER] [LOG_NAME] [MAC_CRYPT] [KEX] [KEY] [PORT] [VERSION] SERVER
The VRF_INST parameter, when present, is always first. The SERVER parameter is always last.
All other parameters can be placed in any order.
Parameters
•
VRF_INST
specifies the VRF instance.
— <no parameter> changes are made to the default VRF.
— vrf vrf_name changes are made to the specified user-defined VRF.
•
CIPHER
Cipher specification for encryption. Options include:
— -c cipher_1 cipher_2 ... cipher_n
 3des
Specifies the encryption algorithm 3des(v1)
 3des-cbc
Specifies triple DES (112 bit)
 aes128-cbc
Specifies advanced Encryption Standard (128 bit, CBC mode)
 aes128-ctr
Specifies advanced Encryption Standard (128 bit, counter mode)
 aes192-cbc Specifies advanced Encryption Standard (192 bit, CBC mode)
 aes192-ctr
Specifies advanced Encryption Standard (192 bit, counter mode)
 aes256-cbc
Specifies advanced Encryption Standard (256 bit, CBC mode)
 aes256-ctr
Specifies advanced Encryption Standard (256 bit, counter mode)
 arcfour
Specifies arcfour stream cipher (RC4 like)
 arcfour128
Specifies arcfour stream cipher (RFC 4345, 128 bit)
 arcfour256
Specifies arcfour stream cipher (RFC 4345, 256 bit)
 blowfish
Specifies blowfish block cipher (64 bit)
 blowfish-cbc
Specifies blowfish block cipher (128 bit, CBC mode)
 cast128-cbc
Specifies CAST-128 (RFC 2144, 128 bit, CBC mode)
 des
Specifies the encryption algorithm des(v1)
•
LOG_NAME
— -l login
•
MAC_CRYPT
Login name. Options include:
Name of a user during login
MAC specification for encryption. Options include:
— -m mac_crypt_1 mac_crypt_2 ... crypt_n
 hmac-md5
Hash Message Authentication Code MD5
 hmac-md5-96
Hash Message Authentication Code MD5 for use in ESP and AH
 hmac-ripemd160
Hash Message Authentication Code RIPEMD-160
 hmac-sha1
Hash Message Authentication Code SHA-1
 hmac-sha1-96 Hash Message Authentication Code SHA-1 for use in ESP and AH
•
KEX
Limits the message authentication codes from all of the available options to the set specified.
— -o KexAlgorithms kex_1 kex_2 ... kex_n
 diffie-hellman-group-exchange-sha1
Negotiated Group Exchange with SHA-1
 diffie-hellman-group-exchange-sha256
Negotiated Group Exchange with SHA-256
 diffie-hellman-group1-sha1
Oakley Group 1 with SHA-1
 diffie-hellman-group14-sha1
Oakley Group 14 with SHA-1
•
KEY Limits the key-exchange methods from all of the available options to the set specified.
Options include:
User Manual: Version 4.15.2F
29 September 2015
163
Command-Line Interface Commands
Chapter 3 Command-Line Interface
— -o StrictHostKeyChecking yes
hostkey before connecting.
— -o StrictHostKeyChecking no
•
PORT
Specifies that SSH will ignore remote servers hostkey.
Options include:
— -p <1 to 65535>
•
Specifies that SSH will automatically check remote servers
VERSION
Specifies the port number of the server.
Protocol version to force. Options include:
— -v <1 to 2> When the SSH supports SSH1, the protocol version is 1.99. Otherwise, the
protocol version is 2.
•
SERVER
Options include:
— ip_address
— hostname
Specifies the IPv4 address of the server.
Specifies the host name of the server
Example
•
This command instructs the server to use the Oakley Group 14 Diffie-Hellman method with an
SHA-1 hash for key exchange.
switch(config)#management ssh
switch(config-mgmt-ssh)#key-exchange diffie-hellman-group14-sha1
For Common Criteria
•
The following set of commands will put the SSH server and SSH Tunnels on the switch into a
Common Criteria approved mode:
switch(config)#management ssh
switch(config-mgmt-ssh)#cipher aes128-cbc aes256-cbc
switch(config-mgmt-ssh)#key-exchange diffie-hellman-group14-sha1
switch(config-mgmt-ssh)#mac hmac-sha1
switch(config-mgmt-ssh)#hostkey server rsa
switch(config-mgmt-ssh)#hostkey client strict-checking
switch(config-mgmt-ssh)#log-level verbose
164
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
terminal length
The terminal length command overrides automatic pagination and sets pagination length for all show
commands on a terminal. If the output of a show command is longer than the configured terminal
length, the output will be paused after each screenful of output, prompting the user to continue.
To disable pagination for an SSH session, set terminal length to 0. By default, all console sessions have
pagination disabled.
The no terminal length and default terminal length commands restore automatic pagination by
removing the terminal length command from running-config.
The pagination setting is persistent if configured from Global Configuration mode. If configured from
EXEC mode, the setting applies only to the current CLI session. Pagination settings may also be
overridden when you adjust the size of the SSH terminal window, but can be reconfigured by running
the terminal length command again.
all
Command Mode
EXEC
Command Syntax
terminal length lines
no terminal length
default terminal length
Parameters
•
lines number of lines to be displayed at a time. Values range from 0 through 32767. A value of 0
disables pagination.
Example
•
This command sets the pagination length for the current terminal session to 10 lines.
switch#terminal length 10
Pagination set to 10 lines.
•
This command configures the switch to paginate terminal output automatically based on screen
size for the current terminal session.
switch#no terminal length
•
These commands disable pagination globally.
switch#configure
switch(config)#terminal length 0
Pagination disabled.
User Manual: Version 4.15.2F
29 September 2015
165
Command-Line Interface Commands
Chapter 3 Command-Line Interface
terminal monitor
The terminal monitor command enables the display of logging output on the terminal during the
current terminal session. This command affects only the local monitor. The no terminal monitor
command disables direct monitor display of logging output for the current terminal session.
all
Command Mode
Privileged EXEC
Command Syntax
terminal monitor
no terminal monitor
default terminal monitor
Example
•
This command enables the display of logging to the local monitor during the current terminal
session.
switch#terminal monitor
switch#
166
29 September 2015
User Manual: Version 4.15.2F
Chapter 3 Command-Line Interface
Command-Line Interface Commands
trigger
The trigger command specifies what event will trigger the event handler. Handlers can be triggered
either by the system booting or by a change in a specified interface’s IP address or operational status.
To specify the action to be taken when the handler is triggered, use the action bash command.
all
Command Mode
Event-Handler Configuration
Command Syntax
trigger EVENT
Parameters
•
EVENT
event which will trigger the configuration mode event handler. Values include:
— onboot triggers when the system reboots, or when you exit event-handler configuration
mode. This option takes no further arguments, and passes no environment variables to the
action triggered.
— onintf INTERFACE CHANGE
— on-startup-config
— vm-tracer vm
•
INTERFACE
—
—
—
—
—
•
triggers when a change is made to the specified interface.
triggers when a change is made to the startup-config file.
triggers when a virtual machine monitored by VM Tracer changes state.
the triggering interface. Values include:
ethernet number Ethernet interface specified by number.
loopback number loopback interface specified by number.
management number management interface specified by number.
port-channel number channel group interface specified by number.
vlan numver VLAN interface specified by number.
CHANGE
the change being watched for in the triggering interface. Values include:
— ip triggers when the IPv4 address of the specified interface is changed.
— ip6 triggers when the IPv6 address of the specified interface is changed.
— operstatus triggers when the operational status of the specified interface changes.
Examples
•
This command configures the event handler “Eth5” to be triggered when there is a change in the
operational status or IP address of Ethernet interface 5.
switch(config-handler-Eth5)#trigger onIntf Ethernet 5 operstatus ip
switch(config-handler-Eth5)#
•
This command configures the event handler “onStartup” to be triggered when the system boots, or
on exiting event-handler configuration mode.
switch(config-handler-onStartup)#trigger onboot
switch(config-handler-onStartup)#
User Manual: Version 4.15.2F
29 September 2015
167
Command-Line Interface Commands
Chapter 3 Command-Line Interface
tunnel (SSH Management)
The tunnel command places the switch in SSH tunnel configuration mode. EOS provides a SSH
Tunneling feature to transparently secure TCP connections to remote servers. This feature can accept
any TCP connection that goes to the CPU on the switch and establish a standard SSH tunnel to a remote
host. This has a twofold advantage:
•
•
TCP based services do not need to perform any encryption within their own protocol.
The connection is secure against replay attacks, manipulation and eavesdropping via SSHv2
Common Criteria compliant encryption.
The no tunnel and default tunnel commands disable Management-ssh-tunnel mode on the switch by
removing all Management-ssh-tunnel configuration mode commands from running-config.
Management-ssh-tunnel configuration mode is not a group change mode; running-config is changed
immediately upon entering commands. Exiting SSH configuration mode does not affect running-config.
The exit command returns the switch to global configuration mode.
all
Command Mode
Mgmt-ssh Configuration
Command Syntax
tunnel tunnel_name
no tunnel
default tunnel
Parameters
•
tunnel_name
SSH Tunnel or SSH VRF name.
Commands Available in Management-ssh-tunnel Configuration Mode
•
•
•
•
•
•
local (SSH Management-Tunnel)
remote (SSH Management-Tunnel)
server-alive count-max (SSH Management-Tunnel)
server-alive interval (SSH Management-Tunnel)
shutdown (SSH Management-Tunnel)
ssh-server user (SSH Management-Tunnel)
Example
•
These commands place the switch in management-ssh-tunnel mode and create a management SSH
tunnel called “foo”.
switch(config)#management ssh
switch(config-mgmt-ssh)#tunnel foo
switch(config-mgmt-ssh)#
168
29 September 2015
User Manual: Version 4.15.2F
Chapter 4
AAA Configuration
This chapter describes authentication, authorization, and accounting configuration tasks and contains
these sections:
•
•
•
•
•
•
•
Section 4.1: Authorization, Authentication, and Accounting Overview
Section 4.2: Configuring the Security Services
Section 4.3: Server Groups
Section 4.4: Role Based Authorization
Section 4.5: Activating Security Services
Section 4.6: TACACS+ Configuration Examples
Section 4.7: AAA Commands
4.1
Authorization, Authentication, and Accounting Overview
4.1.1
Methods
The switch controls access to EOS commands by authenticating user identity and verifying user
authorization. Authentication, authorization, and accounting activities are conducted through three
data services – a local security database, TACACS+ servers, and RADIUS servers. Section 4.2:
Configuring the Security Services describes these services.
4.1.2
Configuration Statements
Switch security requires two steps:
1.
Configuring security service parameters.
The switch provides configuration commands for each security service:
•
•
•
A local file supports authentication through username and enable secret commands.
TACACS+ servers provide security services through tacacs-server commands.
RADIUS servers provide security services through radius-server commands.
Section 4.2: Configuring the Security Services describes security service configuration commands.
2.
Activating authentication, authorization, and accounting services.
EOS provides aaa authorization, aaa authentication, and aaa accounting commands to select the
primary and backup services. Section 4.5: Activating Security Services provides information on
implementing a security environment.
User Manual: Version 4.15.2F
29 September 2015
169
Configuring the Security Services
4.1.3
Chapter 4 AAA Configuration
Encryption
The switch uses clear-text passwords and server access keys to authenticate users and communicate
with security systems. To prevent accidental disclosure of passwords and keys, running-config stores
their corresponding encrypted strings. The encryption method depends on the type of password or key.
Commands that configure passwords or keys can accept the clear-text password or an encrypted string
that was generated by the specified encryption algorithm with the clear-text password as the seed.
4.2
Configuring the Security Services
The switch can access three security data services to authenticate users and authorize switch tasks: a
local file, TACACS+ servers, and RADIUS Servers.
4.2.1
Local Security File
The local file uses passwords to provide these authentication services:
•
•
•
authenticate users as they log into the switch
control access to configuration commands
control access to the switch root login
The local file contains username-password combinations to authenticate users. Passwords also
authorize access to configuration commands and the switch root login.
4.2.1.1
Passwords
The switch recognizes passwords as clear text and encrypted strings.
•
clear-text passwords are the text that a user enters to access the CLI, configuration commands, or
the switch root login.
•
Encrypted strings are MD5-encrypted strings generated with the clear text as the seed. The local
file stores passwords in this format to avoid unauthorized disclosure. When a user enters the
clear-text password, the switch generates the corresponding secure hash and compares it to the
stored version. The switch cannot recover the clear text from which an encrypted string is
generated.
Valid passwords contain the characters A-Z, a-z, 0-9 and any of these punctuation characters:
!
{
4.2.1.2
@
}
#
[
$
]
%
;
ˆ
:
&
<
*
>
(
,
)
.
?
_
/
=
˜
+
\
Usernames
Usernames control access to the EOS and all switch commands. The switch is typically accessed through
an SSH login, using a previously defined username-password combination. To create a new username
or modify an existing username, use the username command.
Valid usernames begin with A-Z, a-z, or 0-9 and may also contain any of these characters:
@
+
#
;
$
<
%
>
^
,
&
.
*
~
|
_
=
The default username is admin, which is described in Admin Username.
170
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
Configuring the Security Services
Examples
• These equivalent commands create the username john and assign it the password x245. The
password is entered in clear text because the encrypt-type parameter is omitted or zero.
switch(config)#username john secret x245
switch(config)#username john secret 0 x245
•
This command creates the username john and assigns it to the text password that corresponds to the
encrypted string $1$sU.7hptc$TsJ1qslCL7ZYVbyXNG1wg1. The string was generated by an
MD5-encryption program using x245 as the seed.
switch(config)#username john secret 5 $1$sU.7hptc$TsJ1qslCL7ZYVbyXNG1wg1
The username is authenticated by entering x245 when the CLI prompts for a password.
•
This command creates the username jane without securing it with a password. It also removes a
password if the jane username exists.
switch(config)#username jane nopassword
•
This command removes the username william from the local file.
switch(config)#no username william
4.2.1.3
Logins by Unprotected Usernames
The default switch configuration allows usernames that are not password protected to log in only from
the console. The aaa authentication policy local command configures the switch to allow unprotected
usernames to log in from any port. To reverse this setting to the default state, use no aaa authentication
policy local allow-nopassword-remote-login.
Warning Allowing remote access to accounts without passwords is a severe security risk. Arista Networks
recommends assigning strong passwords to all usernames.
Examples
• This command configures the switch to allow unprotected usernames to log in from any port.
switch(config)#aaa authentication policy local allow-nopassword-remote-login
•
This command configures the switch to allow unprotected usernames to log in only from the
console port.
switch(config)#no aaa authentication policy local allow-nopassword-remote-login
4.2.1.4
Enable Command Authorization
The enable command controls access to Privileged EXEC and all configuration command modes. The
enable password authorizes users to execute the enable command. When the enable password is set,
the CLI displays a password prompt when a user attempts to enter Privileged EXEC mode.
main-host>enable
Password:
main-host#
If an incorrect password is entered three times in a row, the CLI displays the EXEC mode prompt.
If no enable password is set, the CLI does not prompt for a password when a user attempts to enter
Privileged EXEC mode.
To set the enable password, use the enable secret command.
User Manual: Version 4.15.2F
29 September 2015
171
Configuring the Security Services
Chapter 4 AAA Configuration
Examples
• These equivalent commands assign xyrt1 as the enable password.
switch(config)#enable secret xyrt1
switch(config)#enable secret 0 xyrt1
•
This command assigns the enable password to the clear text (12345) corresponding to the encrypted
string $1$8bPBrJnd$Z8wbKLHpJEd7d4tc5Z/6h/. The string was generated by an MD5-encryption
program using 12345 as the seed.
switch(config)#enable secret 5 $1$8bPBrJnd$Z8wbKLHpJEd7d4tc5Z/6h/
•
This command deletes the enable password.
switch(config)#no enable secret
4.2.1.5
Root Account Password
The root account accesses the root directory in the underlying Linux shell. When it is not password
protected, you can log into the root account only through the console port. After you assign a password
to the root account, you can log into it through any port.
To set the password for the root account, use the aaa root command.
Examples
• These equivalent commands assign f4980 as the root account password.
switch(config)#aaa root secret f4980
switch(config)#aaa root secret 0 f4980
•
This command assigns the text (ab234) that corresponds to the encrypted string of
$1$HW05LEY8$QEVw6JqjD9VqDfh.O8r.b. as the root password.
switch(config)#aaa root secret 5 $1$HW05LEY8$QEVw6JqjD9VqDfh.O8r.b
•
This command removes the password from the root account.
switch(config)#aaa root nopassword
•
This command disables the root login.
switch(config)#no aaa root
4.2.2
TACACS+
Terminal Access Controller Access-Control System Plus (TACACS+), derived from the TACACS protocol
defined in RFC 1492, is a network protocol that provides centralized user validation services. TACACS+
information is maintained on a remote database. EOS support of TACACS+ services requires access to
a TACACS+ server.
TACACS+ manages multiple network access points from a single server. The switch defines a TACACS+
server connection by its address and port, allowing the switch to conduct multiple data streams to a
single server by addressing different ports on the server.
These sections describe steps that configure access to TACACS+ servers. Configuring TACACS+ access
is most efficiently performed when TACACS+ is functioning prior to configuring switch parameters.
4.2.2.1
Configuring TACACS+ Parameters
TACACS+ parameters define settings for the switch to communicate with TACACS+ servers. A set of
values can be configured for individual TACACS+ servers that the switch accesses. Global parameters
define settings for communicating with servers for which parameters are not individually configured.
172
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
Configuring the Security Services
The switch supports these TACACS+ parameters:
Encryption key
The encryption key is code that the switch and the TACACS+ server share to facilitate communications.
•
•
The tacacs-server host command defines the encryption key for a specified server.
The tacacs-server key command defines the global encryption key.
Examples
• This command configures the switch to communicate with the TACACS+ server assigned the host
name TAC_1 using the encryption key rp31E2v.
switch(config)#tacacs-server host TAC_1 key rp31E2v
•
This command configures cv90jr1 as the global encryption key.
switch(config)#tacacs-server key 0 cv90jr1
•
This command assigns cv90jr1 as the global key, using the corresponding encrypted string.
switch(config)#tacacs-server key 7 020512025B0C1D70
Session Multiplexing
The switch supports multiplexing sessions on a single TCP connection.
•
•
The tacacs-server host command configures the multiplexing option for a specified server.
There is no global multiplexing setting.
Example
• This command configures the switch to communicate with the TACACS+ server at 10.12.7.9 and
indicates the server supports session multiplexing on a TCP connection.
switch(config)#tacacs-server host 10.12.7.9 single-connection
Timeout
The timeout is the period the switch waits for a successful connection to, or response from, the
TACACS+ server. The default is 5 seconds.
•
•
The tacacs-server host command defines the timeout for a specified server.
The tacacs-server timeout command defines the global timeout.
Examples
• This command configures the switch to communicate with the TACACS+ server assigned the host
name TAC_1 and configures the timeout period as 20 seconds.
switch(config)#tacacs-server host TAC_1 timeout 20
•
This command configures 40 seconds as the period that the server waits for a response from a
TACACS+ server before issuing an error.
switch(config)#tacacs-server timeout 40
Port
The port specifies the port number through which the switch and the servers send information. The
TACACS+ default port is 49.
•
•
The tacacs-server host command specifies the port number for an individual TACACS+ server.
The global TACACS+ port number cannot be changed from the default value of 49.
User Manual: Version 4.15.2F
29 September 2015
173
Configuring the Security Services
Chapter 4 AAA Configuration
Example
• This command configures the switch to communicate with the TACACS+ server at 10.12.7.9
through port 54.
switch(config)#tacacs-server host 10.12.7.9 port 54
4.2.2.2
TACACS+ Status
To display the TACACS+ servers and their interactions with the switch, use the show tacacs command.
Example
• This command lists the configured TACACS+ servers.
switch(config)#show tacacs
server1: 10.1.1.45
Connection opens: 15
Connection closes: 6
Connection disconnects: 6
Connection failures: 0
Connection timeouts: 2
Messages sent: 45
Messages received: 14
Receive errors: 2
Receive timeouts: 2
Send timeouts: 3
Last time counters were cleared: 0:07:02 ago
To reset the TACACS+ status counters, use the clear aaa counters tacacs+ command.
Example
• This command clears all TACACS+ status counters.
switch(config)#clear aaa counters tacacs
4.2.3
RADIUS
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides
centralized authentication, authorization, and accounting services for computers connecting to and
using network resources. RADIUS is used to manage access to the Internet, internal networks, wireless
networks, and integrated email services.
These sections describe steps that configure RADIUS server access. Configuring RADIUS parameters is
most efficiently performed when RADIUS is functioning prior to configuring switch parameters.
4.2.3.1
RADIUS Vendor-Specific Attribute-Value Pairs
RADIUS servers and client companies extend basic RADIUS functionality through vendor specific
attributes. A dictionary file includes a list of RADIUS attribute-value pairs that Arista switches use to
perform AAA operations through the RADIUS server.
Arista switches use the following attribute values:
Arista Vendor number: 30065
Attribute: Arista-AVPair 1 string
Acceptable string values for Arista-AVPair include:
•
•
174
"shell:priv-lvl=<privilege level of a user, 0-15>"
"shell:roles=<list of roles for a user>"
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
Configuring the Security Services
Example
• This is a sample dictionary file that idenifies Arista RADIUS vendor-specific attribute value pairs.
#
# dictionary.arista
#
VENDOR
Arista
30065
#
Standard Attribute
BEGIN-VENDOR
Arista
ATTRIBUTE
Arista-AVPair
END-VENDOR
Arista
4.2.3.2
1
string
Configuring RADIUS Defaults
RADIUS policies specify settings for the switch to communicate with RADIUS servers. A set of values
can be configured for individual RADIUS servers that the switch accesses. Global parameters define
settings for communicating with servers for which parameters are not individually configured.
The switch defines these RADIUS parameters:
Encryption key
The encryption key is the key shared by the switch and RADIUS servers to facilitate communications.
•
•
The radius-server host command defines the encryption key for a specified server.
The radius-server key command specifies the global encryption key.
Examples
• This command configures the switch to communicate with the RADIUS server assigned the host
name RAD-1 using the encryption key rp31E2v.
switch(config)#radius-server host RAD-1 key rp31E2v
•
This command configures cv90jr1 as the global encryption key.
switch(config)#radius-server key 0 cv90jr1
•
This command assigns cv90jr1 as the key by specifying the corresponding encrypted string.
switch(config)#radius-server key 7 020512025B0C1D70
Timeout
The timeout is the period that the switch waits for a successful connection to, or response from, a
RADIUS server. The default period is 5 seconds.
•
•
The radius-server host command defines the timeout for a specified server.
The radius-server timeout command defines the global timeout.
Examples
• This command configures the switch to communicate with the RADIUS server assigned the host
name RAD-1 and configures the timeout period as 20 seconds.
switch(config)#radius-server host RAD-1 timeout 20
•
This command configures 50 seconds as the period that the server waits for a response from a
RADIUS server before issuing an error.
switch(config)#radius-server timeout 50
Retransmit
Retransmit is the number of times the switch attempts to access the RADIUS server after the first server
timeout expiry. The default value is 3 times.
User Manual: Version 4.15.2F
29 September 2015
175
Configuring the Security Services
•
•
Chapter 4 AAA Configuration
The radius-server host command defines the retransmit for a specified server.
The radius-server retransmit command defines the global retransmit value.
Examples
• This command configures the switch to communicate with the RADIUS server assigned the host
name RAD-1 and configures the retransmit value as 2.
switch(config)#radius-server host RAD-1 retransmit 2
•
This command configures the switch to attempt five RADIUS server contacts after the initial
timeout. If the timeout parameter is set to 50 seconds, then the total period that the switch waits for
a response is ((5+1)*50) = 300 seconds.
switch(config)#radius-server retransmit 5
Deadtime
Deadtime is the period when the switch ignores a non-responsive RADIUS server, or a server that does
not answer retransmit attempts after timeout expiry. Deadtime is disabled if a value is not specified.
•
•
The radius-server host command defines the deadtime for a specified server.
The radius-server deadtime command defines the global deadtime setting.
Examples
• This command configures the switch to communicate with the RADIUS server assigned the host
name RAD-1 and configures the deadtime period as 90 minutes.
switch(config)#radius-server host RAD-1 deadtime 90
•
This command programs the switch to ignore a server for two hours if the server does not respond
to a request during the timeout-retransmit period.
switch(config)#radius-server deadtime 120
Port
The port specifies the port number through which the switch and servers send information.
•
•
The radius-server host command specifies the port numbers for an individual RADIUS server.
The global RADIUS port numbers cannot be changed from the default values of 1812 for an
authorization port and 1813 for an accounting port.
Example
• These commands configure the switch to communicate with the RADIUS server named RAD-1
through port number 1850 for authorization and port number 1851 for accounting.
switch(config)#radius-server host RAD-1 auth-port 1850
switch(config)#radius-server host RAD-1 acct-port 1851
To remove the configuration for this server, use no radius-server host command and specify the
hostname or IP address with both the authorization and accounting port numbers.
4.2.3.3
RADIUS Status
The show radius command displays configured RADIUS servers and their interactions with the switch.
176
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
Configuring the Security Services
Example
• This command lists the configured RADIUS servers.
switch(config)#show radius
server1: 10.1.1.45
Messages sent: 24
Messages received: 20
Requests accepted: 14
Requests rejected: 8
Requests timeout: 2
Requests retransmitted: 1
Bad responses: 1
Last time counters were cleared: 0:07:02 ago
To reset the RADIUS status counters, use the clear aaa counters radius command.
Example
• This command clears all RADIUS status counters.
switch(config)#clear aaa counters radius
User Manual: Version 4.15.2F
29 September 2015
177
Server Groups
4.3
Chapter 4 AAA Configuration
Server Groups
A server group is a collection of servers that are associated with a single label. Subsequent authorization
and authentication commands access all servers in a group by invoking the group name. The switch
supports TACACS+ and RADIUS server groups.
The aaa group server commands create server groups and place the switch in server group mode to
assign servers to the group. Commands that reference an existing group place the switch in group
server mode to modify the group.
These commands create named server groups and enter the appropriate command mode for the
specified group:
•
•
aaa group server radius
aaa group server tacacs+
The server (server-group-RADIUS configuration mode) and server (server-group-RADIUS
configuration mode) commands add servers to the configuration mode server group. Servers must be
previously configured with a radius-server host or tacacs-server host command before they are added
to a group.
Examples
• This command creates the TACACS+ server group named TAC-GR and enters server group
configuration mode for the new group.
switch(config)#aaa group server tacacs+ TAC-GR
switch(config-sg-tacacs+-TAC-GR)#
•
These commands add two servers to the TAC-GR server group. To add servers to this group, the
switch must be in sg-tacacs+-TAC-GR configuration mode.
The CLI remains in server group configuration mode after adding the TAC-1 server (port 49) and
the server located at 10.1.4.14 (port 151) to the group.
switch(config-sg-tacacs+-TAC-GR)#server TAC-1
switch(config-sg-tacacs+-TAC-GR)#server 10.1.4.14 port 151
switch(config-sg-tacacs+-TAC-GR)#
•
This command exits server group mode.
switch(config-sg-tacacs+-TAC-GR)#exit
switch(config)#
•
This command creates the RADIUS server group named RAD-SV1 and enters server group
configuration mode for the new group.
switch(config)#aaa group server radius RAD-SV1
switch(config-sg-radius-RAD-SV1)#
•
These commands add two servers to the RAD-SV1 server group. To add servers to this group, the
switch must be in sg-radius-RAD-SV1 configuration mode.
The CLI remains in server group configuration mode after adding the RAC-1 server (authorization
port 1812, accounting port 1813) and the server located at 10.1.5.14 (authorization port 1812,
accounting port 1850) to the group.
switch(config-sg-radius-RAD-SV1)#server RAC-1
switch(config-sg-radius-RAD-SV1)#server 10.1.5.14 acct-port 1850
switch(config-sg-radius-RAD-SV1)#
178
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
4.4
Role Based Authorization
Role Based Authorization
Role based authorization is a method of restricting access to CLI command through the assignment of
profiles, called roles, to user accounts. Each role consists of rules that permit or deny access to a set of
commands within specified command modes.
All roles are accessible to the local security file through a username parameter and to remote users
through RADIUS servers. Each role can be applied to multiple user accounts. Only one role may be
applied to a user.
4.4.1
Role Types
The switch defines two types of roles: user-defined and built-in:
•
•
User-defined roles are created and edited through CLI commands.
Built-in roles are supplied with the switch and are not user-editable.
Built-in roles supplied by the switch are network-operator and network-admin.
4.4.2
Role Structure
A role is an ordered list of rules that restricts access to specified commands from users on whom it is
applied. Roles consist of deny and permit rules. Each rule references a set of command modes and
contains a regular expression that specifies one or more CLI commands. Commands are compared
sequentially to the rules within a role until a rule’s regular expression matches the command.
•
•
•
Commands that match a regular expression in a permit rule are executed.
Commands that match a regular expression in a deny rule are disregarded.
Commands that do not match a regular expression are evaluated against the next rule in the role.
Upon its entry on the CLI, a command is compared to the first rule of the role. Commands that match
the rule are executed (permit rule) or disregarded (deny rule). Commands that do not match the rule
are compared to the next rule. This process continues until the command either matches a rule or the
rule list is exhausted. The switch disregards commands not matching any rule.
4.4.3
Role Rules
Role rules consist of four components: sequence number, filter type, mode expression, and command
expression:
Sequence number
The sequence number designates a rule’s placement in the role. Sequence numbers range in value from
1 to 256. Rule commands that do not include a sequence number append the rule at the end of the list,
deriving its sequence number by adding 10 to the sequence number of the last rule in the list.
Example
• These rules have sequence numbers 10 and 20.
10 deny mode exec command reload
20 deny mode config command (no |default )?router
Filter type
The filter type specifies the disposition of matching commands. Filter types are permit and deny.
Commands matching permit rules are executed. Commands matching deny rules are disregarded.
User Manual: Version 4.15.2F
29 September 2015
179
Role Based Authorization
Chapter 4 AAA Configuration
Example
• These rules are deny and permit rules, respectively.
10 deny mode exec command reload
20 permit mode config command interface
Mode expression
The mode expression specifies the command mode under which the command expression is effective.
The mode expression may be a regular expression or a designated keyword. Rules support the following
mode expressions:
•
•
•
•
•
•
exec EXEC and Privileged EXEC modes.
config Global configuration mode.
config-all All configuration modes, including global configuration mode.
short_name Short key name of a command mode (exact match).
long_name Long key name of a command mode (regular expression match of one or more modes).
<no parameter> All command modes.
The prompt command parameters configures the CLI to display a configuration mode’s key name:
•
•
%P
%p
long key name.
short key name.
Example
• These commands use the prompt command to display short key name (if) and long key name
(if-Et1) for interface-ethernet 1.
switch(config)#prompt switch%p
switch(config)#interface ethernet 1
switch(config-if)#exit
switch(config)#prompt switch%P
switch(config)#interface ethernet 1
switch(config-if-Et1)#
The command supports the use of regular expressions to reference multiple command modes. Section
3.2.6 describes regular expressions.
Example
• These regular expressions correspond to the listed command modes:
if-Vlan(1|2)
matches interface-Vlan 1 or interface-Vlan 2.
if
matches all interface modes.
acl-text1
matches ACL configuration mode for text1 ACL.
Command Expression
The command expression is a regular expression that corresponds to one or more CLI commands.
Section 3.2.6 describes regular expressions.
Examples
• These regular expressions correspond to the specified commands:
reload
reload command
(no |default )?router
commands that enter routing protocol configuration modes.
(no |default )?(ip|mac) access-list
commands that enter ACL configuration modes
(no |default )?(ip|mac) access-group
commands that bind ACLs to interfaces.
lacp|spanning-tree
LACP and STP commands
.*
all commands
180
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
Role Based Authorization
4.4.4
Creating and Modifying Roles
4.4.4.1
Built-in Role
The switch provides the following two built-in roles:
•
network-operator
modes are denied.
•
network-admin
Allows all commands in EXEC (Privileged) modes. Commands in all other
Allows all CLI commands in all modes.
The network-admin is typically assigned to the admin user to allow it to run any command.
Built-in roles are not editable.
Example
• These show role commands display the contents of the built-in roles.
switch(config)#show role network-operator
The default role is network-operator
role: network-operator
10 deny mode exec command bash|\|
20 permit mode exec command .*
switch(config)#show role network-admin
The default role is network-operator
role: network-admin
10 permit command .*
switch(config)#
4.4.4.2
Managing Roles
Creating and Opening a Role
Roles are created and modified in role configuration mode. To create a role, enter the role command
with the role’s name. The switch enters role configuration mode. If the command is followed by the
name of an existing role, subsequent commands edit that role.
Example
• This command places the switch in role configuration mode to create a role named sysuser.
switch(config)#role sysuser
switch(config-role-sysuser)#
Saving Role Changes
Role configuration mode is a group-change mode; changes are saved by exiting the mode.
Example
• These commands create a role, then adds a deny rule to the role. Because the changes are not yet
saved, the role remains empty, as shown by show role.
switch(config)#role sysuser
switch(config-role-sysuser)#deny mode exec command reload
switch(config-role-sysuser)#show role sysuser
The default role is network-operator
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
181
Role Based Authorization
Chapter 4 AAA Configuration
To save all current changes to the role and exit role configuration mode, type exit.
switch(config-role-sysuser)#exit
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
10 deny mode exec command reload
switch(config)#
Important After exiting role mode, running-config must be saved to startup-config to preserve role changes
past system restarts.
Discarding Role Changes
The abort command exits role configuration mode without saving pending changes.
Example
• These commands enter role configuration mode to add deny rules, but discard the changes before
saving them to the role.
switch(config)#role sysuser
switch(config-role-sysuser)#deny mode exec command reload
switch(config-role-sysuser)#abort
switch(config)#show role sysuser
The default role is network-operator
switch(config)#
4.4.4.3
Modifying Roles
Adding Rules to a Role
The deny (Role) command adds a deny rule to the configuration mode role. The permit (Role)
command adds a permit rule to the configuration mode role.
To append a rule to the end of a role, enter the rule without a sequence number while in role
configuration mode. The new rule’s sequence number is derived by adding 10 to the last rule’s sequence
number.
Examples
• These commands enter the first three rules into a new role.
switch(config)#role sysuser
switch(config-role-sysuser)#deny mode exec command reload
switch(config-role-sysuser)#deny mode config command (no |default )?router
switch(config-role-sysuser)#permit command .*
switch(config-role-sysuser)#exit
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
10 deny mode exec command reload
20 deny mode config command (no |default )?router
30 permit command .*
switch(config)#
Inserting a Rule
To insert a rule into a role, enter the rule with a sequence number between the existing rules’ numbers.
182
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
Role Based Authorization
Example
• This command inserts a rule between the first two rules by assigning it the sequence number 15.
switch(config)#role sysuser
switch(config-role-sysuser)#15 deny mode config-all command lacp
switch(config-role-sysuser)#exit
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
10 deny mode exec command reload
15 deny mode config-all command lacp|spanning-tree
20 deny mode config command (no |default )router
30 permit command .*
switch(config)#
Deleting a Rule
To remove a rule from the current role, perform one of these commands:
•
•
•
•
Enter no, followed by the sequence number of the rule to be deleted.
Enter no, followed by the rule be deleted.
Enter default, followed by the sequence number of the rule to be deleted.
Enter default, followed by the rule to be deleted.
Example
• These equivalent commands remove rule 30 from the list.
switch(config-role-sysuser)#no 30
switch(config-role-sysuser)#default 30
switch(config-role-sysuser)#no permit command .*
switch(config-role-sysuser)#default permit command .*
This role results from entering one of the preceding commands.
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
10 deny mode exec command reload
15 deny mode config-all command lacp|spanning-tree
20 deny mode config command (no |default )router
switch(config)#
Redistributing Sequence Numbers
Sequence numbers determine the order of the rules in a role. After a list editing session where existing
rules are deleted and new rules are inserted between existing rules, the sequence number distribution
may not be uniform. Redistributing rule numbers changes adjusts the sequence number of rules to
provide a constant difference between adjacent rules. The resequence (Role) command adjusts the
sequence numbers of role rules.
User Manual: Version 4.15.2F
29 September 2015
183
Role Based Authorization
Chapter 4 AAA Configuration
Example
• The resequence command renumbers rules in the sysuser role. The sequence number of the first
rule is 100; subsequent rules numbers are incremented by 20.
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
10 deny mode exec command reload
20 deny mode config-all command lacp|spanning-tree
25 deny mode config command (no |default )?router
30 permit command .*
switch(config)#role sysuser
switch(config-role-sysuser)#resequence 100 20
switch(config-role-sysuser)#exit
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
100 deny mode exec command reload
120 deny mode config-all command lacp|spanning-tree
140 deny mode config command (no |default )?router
160 permit command .*
switch(config)#
4.4.5
Assigning a Role to a User Name
Roles are assigned to local users through the username command and to remote users through RADIUS
servers. Each user is assigned one role. Each role can be assigned to multiple local and remote users.
4.4.5.1
Default Roles
Users that are not explicitly assigned a role are assigned the default role. The aaa authorization policy
local default-role command designates the default role. The network-operator built-in role is the
default role when the aaa authorization policy local default-role is not configured.
Examples
• These commands assign sysuser as the default role, then displays the name of the default role.
switch(config)#aaa authorization policy local default-role sysuser
switch(config)#show role
The default role is sysuser
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config)#
•
These commands restore network-operator as the default role by deleting the aaa authorization
policy local default-role statement from running-config, then displays the default role name.
switch(config)#no aaa authorization policy local default-role
switch(config)#show role
The default role is network-operator
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config)#
4.4.5.2
Local Security File (Username command)
Roles are assigned to users with the username command’s role parameter. A user name whose
running-config username statement does not include a role parameter is assigned the default role.
184
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
Role Based Authorization
The role parameter function in a command creating a user name is different from its function in a
command editing an existing name.
Assigning a Role to a New User Name
A username command creating a user name explicitly assigns a role to the user name by including the
role parameter; commands without a role parameter assigns the default role to the user name.
Example
• These commands create two user names. The first user is assigned a role; the second user assumes
the default role.
switch(config)#username FRED secret 0 axced role sysuser1
switch(config)#username JANE nopassword
switch(config)#show running-config
<-------OUTPUT OMITTED FROM EXAMPLE-------->
!
username FRED role sysuser1 secret 5 $1$dhJ6vrPV$PFOvJCX/vcqyIHV.vd.l20
username JANE nopassword
!
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config)#
Editing the Role of an Existing User Name
The role of a previously configured user name may be edited by a username command without altering
its password. The role assignment of a user name is not changed by username commands that do not
include a role parameter.
Examples
• These commands assign a role to a previously configured user name.
switch(config)#username JANE role sysuser2
switch(config)#show running-config
<-------OUTPUT OMITTED FROM EXAMPLE-------->
!
username FRED role sysuser1 secret 5 $1$dhJ6vrPV$PFOvJCX/vcqyIHV.vd.l20
username JANE role sysuser2 nopassword
!
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config)#
•
These commands reverts a user name to the default role by removing its role assignment.
switch(config)#no username FRED role
switch(config)#show running-config
<-------OUTPUT OMITTED FROM EXAMPLE-------->
!
username FRED secret 5 $1$dhJ6vrPV$PFOvJCX/vcqyIHV.vd.l20
username JANE role sysuser2 nopassword
!
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config)#
Displaying the Role Assignments
The show user-account command displays role assignment of the configured users. The show aaa
sessions command displays roles of users that are currently logged into the switch.
User Manual: Version 4.15.2F
29 September 2015
185
Role Based Authorization
Chapter 4 AAA Configuration
Example
• This command displays the configured users and their role assignments.
switch(config)#show user-account
user: FRED
role: <unknown>
privilege level: 1
user: JANE
role: sysuser2
privilege level: 1
user: admin
role: network-admin
privilege level: 1
switch(config)#
•
This command displays information about the active AAA login sessions.
switch(config)# show aaa session
Session Username Roles
---------------- -----------2
admin
network-operator
4
Fred
sysadmin
6
Jane
sysuser2
9
admin
network-admin
10
max
network-admin
4.4.5.3
TTY
-----ttyS0
telnet
ssh
ssh
telnet
State
----E
E
E
E
E
Duration
-------0:01:21
0:02:01
0:00:52
0:00:07
0:00:07
Auth
Remote Host
------------- -----------local
local
sf.example.com
group radius ny.example.com
local
bj.example.com
local
sf.example.com
Radius Servers
A role can be assigned to a remote user authenticated through a RADIUS server. Roles are assigned
through the vendor specific attribute-value (AV) pair named Arista-AVPair. The switch extracts the
remote user's role upon a successful authentication when RADIUS authentication is enabled.
Example
• This file extract is sample FreeRadius server code that includes the AV pair that assigns roles to three
remote users.
# Sample RADIUS server users file
"Jane"
Cleartext-Password := "Abc1235"
Arista-AVPair = "shell:roles=sysuser2",
Service-Type = NAS-Prompt-User
"Mary"
Cleartext-Password := "xYz$2469"
Arista-AVPair = "shell:roles=sysadmin",
Service-Type = NAS-Prompt-User
"Fred"
Cleartext-Password := "rjx4#222"
Arista-AVPair = "shell:roles=network-operator",
Service-Type = NAS-Prompt-User
The aaa authentication login command selects the user authentication service (Section 4.5.1.2).
Example
• This command configures the switch to authenticate users through all RADIUS servers.
switch(config)#aaa authentication login default group radius
switch(config)#
186
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
4.5
Activating Security Services
Activating Security Services
After configuring the access databases, aaa authentication, aaa authorization, and aaa accounting
commands designate active and backup services for handling access requests.
These sections describe the methods of selecting the database that the switch uses to authenticate users
and authorize access to network resources.
4.5.1
Authenticating Usernames and the Enable Password
Service lists specify the services the switch uses to authenticates usernames and the enable password.
4.5.1.1
Service List Description
Service list elements are service options, ordered by their priority.
Important When the local file is one of the service list elements, any attempts to locally authenticate a username
that is not included in the local file will result in the switch continuing to the next service list element.
Example
• This is an example service list for username authentication:
1. Location_1 server group – specifies a server group (Section 4.3: Server Groups).
2. Location_2 server group – specifies a server group (Section 4.3: Server Groups).
3. TACACS+ servers – specifies all hosts for which a tacacs-server host command exists.
4. Local file – specifies the local file.
5. None – specifies that no authentication is required – all access attempts succeed.
To authenticate a username, the switch checks Location_1 server group. If a server in the group
is available, the switch authenticates the username through that group. Otherwise, it continues
through the list until it finds an available service or utilizes option 5, which allows the access
attempt to succeed without authentication.
4.5.1.2
Configuring Service Lists
Service lists are incorporated into these aaa authentication commands to specify services the switch
uses to authenticate usernames and the enable password.
•
•
aaa authentication login specifies services the switch uses to authenticates usernames.
aaa authentication enable specifies services the switch uses to authenticates the enable password.
Examples
• This command configures the switch to authenticate usernames through the TAC-1 server group.
The local database is the backup method if TAC-1 servers are unavailable.
switch(config)#aaa authentication login default group TAC-1 local
•
This command configures the switch to authenticate usernames through all TACACS+ servers,
then all RADIUS servers if the TACACS+ servers are not available. If the RADIUS servers are
unavailable, the switch does not authenticate any login attempts.
switch(config)#aaa authentication login default group tacacs+ group radius none
•
This command configures the switch to authenticate the enable password through all TACACS+
servers, then through the local database if the TACACS+ servers are unavailable.
switch(config)#aaa authentication enable default group TACACS+ local
User Manual: Version 4.15.2F
29 September 2015
187
Activating Security Services
4.5.2
Chapter 4 AAA Configuration
Authorization
Authorization commands control EOS shell access, CLI command access, and configuration access
through the console port. The switch also supports role based authorization, which allows access to
specified CLI commands by assigning command profiles (or roles) to usernames. Section 4.4 describes
role based authorization.
During the exec authorization process, TACACS+ server responses may include attribute-value (AV)
pairs. The switch recognizes the mandatory AV pair named priv-lvl=x (where x is between 0 and 15).
By default, a TACACS+ server that sends any other mandatory AV pair is denied access to the switch.
The receipt of optional AV pairs by the switch has no affect on decisions to permit or deny access to the
TACACS+ server. The tacacs-server policy command programs the switch to allow access to TACACS+
servers that send unrecognized mandatory AV pairs.
Authorization to switch services is configured by these aaa authorization commands
•
•
To specify the method of authorizing the opening of an EOS shell, enter aaa authorization exec.
To specify the method of authorizing CLI commands, enter aaa authorization commands.
Examples
• This command specifies that TACACS+ servers authorize users attempting to open a CLI shell.
switch(config)#aaa authorization exec default group tacacs+
switch(config)#
•
This command programs the switch to authorize configuration commands (privilege level 15)
through the local file and to deny command access to users not listed in the local file.
switch(config)#aaa authorization commands 15 default local
switch(config)#
•
This command programs the switch to permit all commands entered on the CLI.
switch(config)#aaa authorization commands all default none
switch(config)#
•
This command configures the switch to permit access to TACACS+ servers that send unrecognized
mandatory AV pairs.
switch(config)#tacacs-server policy unknown-mandatory-attribute ignore
switch(config)#
All commands are typically authorized through aaa authorization commands. However, the no aaa
authorization config-commands command disables the authorization of configuration commands. In
this state, authorization to execute configuration commands can be managed by controlling access to
Global Configuration commands. The default setting authorizes configuration commands through the
policy specified for all other commands.
•
To enable the authorization of configuration commands with the policy specified for all other
commands, enter aaa authorization config-commands.
•
To require authorization of commands entered on the console, enter aaa authorization console.
By default, EOS does not verify authorization of commands entered on the console port.
Examples
• This command disables the authorization of configuration commands.
switch(config)#no aaa authorization config-commands
switch(config)#
•
This command enables the authorization of configuration commands.
switch(config)#aaa authorization config-commands
switch(config)#
188
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
•
Activating Security Services
This command configures the switch to authorize commands entered on the console, using the
method specified through a previously executed aaa authorization command.
switch(config)#aaa authorization console
switch(config)#
4.5.3
Accounting
The accounting service collects information for billing, auditing, and reporting. The switch supports
TACACS+ and RADIUS accounting by reporting user activity to either the TACACS+ server or RADIUS
server in the form of accounting records.
The switch supports two types of accounting:
•
EXEC: Provides information about user CLI sessions.
•
Commands: Command authorization for all commands, including configuration commands that
are associated with a privilege level.
The accounting mode determines when accounting notices are sent. Mode options include:
•
•
start-stop: a start notice is sent when a process begins; a stop notice is sent when it ends.
stop-only: a stop accounting record is generated after a process successfully completes.
Accounting is enabled by the aaa accounting command.
Examples
• This command configures the switch to maintain start-stop accounting records for all commands
executed by switch users and submits them to all TACACS+ hosts.
switch(config)#aaa accounting commands all default start-stop group tacacs+
switch(config)#
•
This command configures the switch to maintain stop accounting records for all user EXEC sessions
performed through the console and submits them to all TACACS+ hosts.
switch(config)#aaa accounting exec console stop group tacacs+
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
189
TACACS+ Configuration Examples
4.6
Chapter 4 AAA Configuration
TACACS+ Configuration Examples
These sections describe two sample TACACS+ host configurations.
4.6.1
Single Host Configuration
The single host configuration consists of a TACACS+ server with these attributes:
•
•
•
•
IP address: 10.1.1.10
encryption key: example_1
port number: 49 (global default)
timeout: 5 seconds (global default)
The switch authenticates the username and enable command against all TACACS+ servers which, in
this case, is one host. If the TACACS+ server is unavailable, the switch authenticates with the local file.
Step 1 This step configures TACACS+ server settings – port number and timeout are global defaults.
switch(config)#tacacs-server host 10.1.1.10 key example_1
Step 2 This step configures the login authentication service.
switch(config)#aaa authentication login default group tacacs+ local
Step 3 This step configures the enable command password authentication service.
switch(config)#aaa authentication enable default group tacacs+ local
4.6.2
Multiple Host Configuration
The multiple host configuration consists of three TACACS+ servers at these locations:
•
•
•
IP address 10.1.1.2 – port 49
IP address 13.21.4.12 – port 4900
IP address – 16.1.2.10 – port 49
The configuration combines the servers into these server groups:
•
•
Bldg_1 group consists of the servers at 10.1.1.2 and 13.21.4.12
Bldg_2 group consists of the servers at 16.1.2.10
All servers use these global TACACS+ defaults:
•
•
encryption key – example_2
timeout – 10 seconds
The switch authenticates these access methods:
•
•
username access against Bldg_1 group then, if they are not available, against the local file.
enable command against Bldg_2 group, then Bldg_1 group, then against the local file.
Step 1 TACACS+ Host commands:
These commands configure the IP address and ports for the three TACACS+ servers. The port
for the first and third server is default 49.
switch(config)#tacacs-server host 10.1.1.12
switch(config)#tacacs-server host 13.21.4.12 port 4900
switch(config)#tacacs-server host 16.1.2.10
190
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
TACACS+ Configuration Examples
Step 2 Global Configuration Commands:
These commands configure the global encryption key and timeout values.
switch(config)#tacacs-server key example_2
switch(config)#tacacs-server timeout 10
Step 3 Group Server Commands:
The aaa group server commands create the server groups and place the CLI in server group
configuration mode, during which the servers are placed in the group. The port number must
be included if it is not the default port, as in the line that adds 192.168.1.1.
switch(config)#aaa group server tacacs+
switch(config-sg-tacacs+-Bldg_1)#server
switch(config-sg-tacacs+-Bldg_1)#server
switch(config-sg-tacacs+-Bldg_1)#exit
switch(config)#aaa group server tacacs+
switch(config-sg-tacacs+-Bldg_2)#server
switch(config-sg-tacacs+-Bldg_2)#exit
switch(config)#
Bldg_1
10.1.1.2
192.168.1.1 port 4900
Bldg_2
192.168.2.2
Step 4 Login and enable configuration authentication responsibility commands:
These commands configure the username and enable command password authentication
services.
switch(config)#aaa authentication login default group Bldg_1 local
switch(config)#aaa authentication enable default group Bldg_1 group Bldg_2
local
User Manual: Version 4.15.2F
29 September 2015
191
AAA Commands
4.7
192
Chapter 4 AAA Configuration
AAA Commands
Local Security File Commands
• aaa root. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• enable secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• username sshkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show privilege. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show user-account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 208
Page 213
Page 243
Page 245
Page 232
Page 236
Page 237
Accounting, Authentication, and Authorization Commands
• aaa accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa accounting dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa accounting system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa authentication policy local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa authentication policy log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa authorization commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa authorization config-commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa authorization console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa authorization exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa authorization policy local default-role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• clear aaa counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• clear aaa counters radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• clear aaa counters tacacs+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show aaa. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show aaa counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show aaa method-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show aaa sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 194
Page 195
Page 196
Page 197
Page 198
Page 199
Page 200
Page 201
Page 202
Page 203
Page 204
Page 205
Page 209
Page 210
Page 211
Page 228
Page 229
Page 230
Page 231
Server (RADIUS and TACACS+) Configuration Commands
• ip radius source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• radius-server deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• radius-server timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ip tacacs source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• tacacs-server key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• tacacs-server policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• tacacs-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show tacacs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 214
Page 218
Page 219
Page 221
Page 222
Page 223
Page 233
Page 215
Page 238
Page 240
Page 241
Page 242
Page 235
Server Group Configuration Commands
• aaa group server radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• aaa group server tacacs+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• server (server-group-RADIUS configuration mode) . . . . . . . . . . . . . . . . . . . . . . . . . .
• server (server-group-TACACS+ configuration mode) . . . . . . . . . . . . . . . . . . . . . . . . .
Page 206
Page 207
Page 226
Page 227
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
Role Based Authorization Configuration Commands
• role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• deny (Role) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• permit (Role) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• no <sequence number> (Role) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• resequence (Role) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Manual: Version 4.15.2F
29 September 2015
Page 225
Page 212
Page 217
Page 216
Page 224
Page 234
193
AAA Commands
Chapter 4 AAA Configuration
aaa accounting
The aaa accounting command configures accounting method lists for a specified authorization type.
Each list consists of a prioritized list of methods. The accounting module uses the first available listed
method for the authorization type.
The no aaa accounting and default aaa accounting commands clear the specified method list by
removing the corresponding aaa accounting command from running-config.
all
Command Mode
Global Configuration
Command Syntax
aaa accounting TYPE CONNECTION MODE [METHOD_1] [METHOD_2] ... [METHOD_N]
no aaa accounting TYPE CONNECTION
default aaa accounting TYPE CONNECTION
Parameters
•
TYPE
authorization type for which the command specifies a method list. Options include:
— EXEC records user authentication events.
— COMMANDS ALL records all entered commands.
— COMMANDS level records entered commands of the specified level (ranges from 0 to 15).
•
CONNECTION connection type of sessions for which method lists are reported. Options include:
— console
— default
•
console connection.
all connections not covered by other command options.
MODE accounting mode that defines when accounting notices are sent. Options include:
— none no notices are sent.
— start-stop a start notice is sent when a process begins; a stop notice is sent when it ends.
— stop-only a stop accounting record is generated after a process successfully completes.
•
METHOD_X server groups (methods) to which the switch can send accounting records. The
switch sends the method list to the first listed group that is available.
Parameter value is not specified if MODE is set to none. If MODE is not set to none, the command
must provide at least one method. Each method is composed of one of the following:
—
—
—
—
group name the server group identified by name.
group radius server group that includes all defined RADIUS hosts.
group tacacs+ server group that includes all defined TACACS+ hosts.
logging log all accounting messages to syslog.
Examples
•
This command configures the switch to maintain start-stop accounting records for all commands
executed by switch users and submits them to all TACACS+ hosts.
switch(config)#aaa accounting commands all default start-stop group tacacs+
switch(config)#
•
This command configures the switch to maintain stop accounting records for all user EXEC sessions
performed through the console and submits them to all TACACS+ hosts.
switch(config)#aaa accounting exec console stop group tacacs+
switch(config)#
194
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
aaa accounting dot1x
The aaa accounting system command enables the accounting of requested 802.1X services for network
access.
The no aaa accounting system and default aaa accounting system commands disable the specified
method list by removing the corresponding aaa accounting system command from running-config.
all
Command Mode
Global Configuration
Command Syntax
aaa accounting dot1x default MODE [METHOD_1] [METHOD_2] ... [METHOD_N]
no aaa accounting dot1x default
default aaa accounting dot1z default
Parameters
•
MODE accounting mode that defines when accounting notices are sent. Options include:
— start-stop
•
a start notice is sent when a process begins; a stop notice is sent when it ends.
METHOD_X server groups (methods) to which the switch can send accounting records. The
switch sends the method list to the first listed group that is available.
Parameter value is not specified if MODE is set to none. If MODE is not set to none, the command
must provide at least one method. Each method is composed of one of the following:
— group name the server group identified by name.
— group radius server group that includes all defined RADIUS hosts.
— logging server group that includes all defined TACACS+ hosts.
Examples
•
This example configures IEEE 802.1x accounting on the switch.
switch(config)#aaa accounting dot1x default start-stop group radius
switch(config)#
•
This example disables IEEE 802.1x accounting on the switch.
switch(config)#no aaa accounting dot1x default
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
195
AAA Commands
Chapter 4 AAA Configuration
aaa accounting system
The aaa accounting system command performs accounting for all system-level events.
The no aaa accounting system and default aaa accounting system commands clear the specified
method list by removing the corresponding aaa accounting system command from running-config.
all
Command Mode
Global Configuration
Command Syntax
aaa accounting system default MODE [METHOD_1] [METHOD_2] ... [METHOD_N]
no aaa accounting system default
default aaa accounting system default
Parameters
•
MODE accounting mode that defines when accounting notices are sent. Options include:
— none no notices are sent.
— start-stop a start notice is sent when a process begins; a stop notice is sent when it ends.
— stop-only a stop accounting record is generated after a process successfully completes.
•
METHOD_X server groups (methods) to which the switch can send accounting records. The
switch sends the method list to the first listed group that is available.
Parameter value is not specified if MODE is set to none. If MODE is not set to none, the command
must provide at least one method. Each method is composed of one of the following:
—
—
—
—
group name the server group identified by name.
group radius server group that includes all defined RADIUS hosts.
group tacacs+ server group that includes all defined TACACS+ hosts.
logging server group that includes all defined TACACS+ hosts.
Examples
•
This command configures AAA accounting to not use any accounting methods.
switch(config)#aaa accounting system default none
switch(config)#
•
This command configures the switch to maintain stop accounting records for all user EXEC sessions
performed through the console and submits them to all TACACS+ hosts.
switch(config)#aaa accounting exec console stop group tacacs+
switch(config)#
196
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
aaa authentication enable
The aaa authentication enable command configures the service list that the switch references to
authorize access to Privileged EXEC command mode.
The list consists of a prioritized list of service options. Available service options include:
•
•
•
•
•
a named server group
all defined TACACS+ hosts
all defined RADIUS hosts
local authentication
no authentication
The switch authorizes access by using the first listed service option that is available. When the local file
is a service list element, attempts to locally authenticate a username that is not in the local file result in
the switch continuing to the next service list element.
When the list is not configured, it is set to local.
The no aaa authentication enable and default aaa authentication enable commands revert the list
configuration as local by removing the aaa authentication enable command from running-config.
all
Command Mode
Global Configuration
Command Syntax
aaa authentication enable default METHOD_1 [METHOD_2] ... [METHOD_N]
no aaa authentication enable default
default aaa authentication enable default
Parameters
•
METHOD_X authentication service method list. The command must provide at least one
method. Each method is composed of one of the following:
—
—
—
—
—
group name the server group identified by name.
group radius a server group that consists of all defined RADIUS hosts.
group tacacs+ a server group that consists of all defined TACACS+ hosts.
local local authentication.
none users are not authenticated; all access attempts succeed.
Example
•
This command configures the switch to authenticate the enable password through all configured
TACACS+ servers. Local authentication is the backup if TACACS+ servers are unavailable.
switch(config)#aaa authentication default enable group TACACS+ local
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
197
AAA Commands
Chapter 4 AAA Configuration
aaa authentication login
The aaa authentication login command configures service lists the switch references to authenticate
usernames. Service lists consist of service options ordered by usage priority. The switch authenticates
usernames through the first available service option. Supported service options include:
•
•
•
•
•
a named server group
all defined TACACS+ hosts
all defined RADIUS hosts
local authentication
no authentication
When the local file is a service list element, attempts to locally authenticate a username that is not in the
local file result in the switch continuing to the next service list element.
The switch supports a console list for authenticating usernames through the console and a default list
for authenticating usernames through all other connections.
•
•
When the console list is not configured, the console connection uses the default list.
When the default list is not configured, it is set to local.
The no aaa authentication login and default aaa authentication login commands revert the specified
list configuration to its default by removing the corresponding aaa authentication login command from
running-config.
all
Command Mode
Global Configuration
Command Syntax
aaa authentication login CONNECTION SERVICE_1 [SERVICE_2] ... [SERVICE_N]
no aaa authentication login CONNECTION
default aaa authentication login CONNECTION
Parameters
•
•
CONNECTION connection type of sessions for which authentication list is used
— default
— console
the default authentication list.
the authentication list for console logins.
SERVICE_X
an authentication service. Settings include:
—
—
—
—
—
group name identifies a previously defined server group.
group radius a server group that consists of all defined RADIUS hosts.
group tacacs+ a server group that consists of all defined TACACS+ hosts.
local local authentication.
none the switch does not perform authentication. All access attempts succeed.
Examples
•
This command configures the switch to authenticate usernames through the TAC-1 server group.
The local database is the backup method if TAC-1 servers are unavailable.
switch(config)#aaa authentication login default group TAC-1 local
switch(config)#
•
This command configures the switch to authenticate usernames through all TACACS+ servers,
then all RADIUS servers if the TACACS+ servers are not available. If the RADIUS servers are also
unavailable, the switch allows access to all login attempts without authentication.
switch(config)#aaa authenticatio login default group tacacs+ group radius none
switch(config)#
198
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
aaa authentication policy local
The aaa authentication policy local allow-nopassword-remote-login command permits usernames
without passwords to log in from any port. The default switch setting only allows unprotected
usernames to log in from the console.
The no aaa authentication policy local allow-nopassword-remote-login and default aaa authentication
policy local allow-nopassword-remote-login commands return the switch to the default setting of
denying unprotected usernames to log in except from the console.
all
Command Mode
Global Configuration
Command Syntax
aaa authentication policy local allow-nopassword-remote-login
no aaa authentication policy local allow-nopassword-remote-login
default aaa authentication policy local allow-nopassword-remote-login
Examples
•
This command configures the switch to allow unprotected usernames to log in from any port.
switch(config)#aaa authentication policy local allow-nopassword-remote-login
switch(config)#
•
This command configures the switch to allow unprotected usernames to log in only from the
console port.
switch(config)#no aaa authentication policy local allow-nopassword-remote-login
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
199
AAA Commands
Chapter 4 AAA Configuration
aaa authentication policy log
The aaa authentication policy log command configure TACACS+ for remote AAA services.
A Common Criteria compliant AAA setup with EOS requires the use of TACACS+ as the AAA solution.
For security it must be run inside of an SSH Tunnel. The remote TACACS+ server being connected to
must implement TACACS+ protocol version 1.78 or greater to be considered Common Criteria
compliant.
The no aaa authentication policy log and default aaa authentication policy log commands return the
switch to the default setting of denying unprotected usernames to log in except from the console.
all
Command Mode
Global Configuration
Command Syntax
aaa authentication policy LOGIN_TYPE log
no aaa authentication policy LOGIN_TYPE log
default aaa authentication policy LOGIN_TYPE log
Parameters
•
MODE accounting mode that defines when accounting notices are sent. Options include:
— on-failure a notice is sent when a process begins; a stop notice is sent when it ends.
— on-success a record is generated after a process successfully completes.
Examples
To configure TACACS+ on the switch run all of the following commands.
•
Configure the server and keys:
switch(config)#tacacs-server host HOST key TACACS_KEY
•
Configure user authentication:
switch(config)#aaa authentication login default group tacacs+ local
switch(config)#aaa authentication enable default group tacacs+ local
•
Configure authentication policy to log successful and failed login attempts:
switch(config)#aaa authentication policy on-success log
switch(config)#aaa authentication policy on-failure log
200
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
aaa authorization commands
The aaa authorization commands command configures the service list that authorizes CLI command
access. All switch commands are assigned a privilege level that corresponds to the lowest level
command mode from which it can be executed:
•
•
Level 1: Commands accessible from EXEC mode.
Level 15: Commands accessible from any mode except EXEC.
Command usage is authorized for each privilege level specified in the command.
The list consists of a prioritized list of service options. The switch authorizes access by using the first
listed service option that is available. The available service options include:
•
•
•
•
•
a named server group
all defined TACACS+ hosts
all defined RADIUS hosts
local authorization
no authorization
The list is set to none for all unconfigured privilege levels, allowing all CLI access attempts to succeed.
The no aaa authorization commands and default aaa authorization commands commands revert the
list contents to none for the specified privilege levels.
all
Command Mode
Global Configuration
Command Syntax
aaa authorization commands PRIV default SERVICE_1 [SERVICE_2] ... [SERVICE_N]
no aaa authorization commands PRIV default
default aaa authorization commands PRIV default
Parameters
•
PRIV
Privilege levels of the commands. Options include:
— level numbers from 0 and 15. Number, range, comma-delimited list of numbers and ranges.
— all commands of all levels.
•
SERVICE_X
—
—
—
—
Authorization service. Command must list at least one service. Options include:
group name the server group identified by name.
group tacacs+ a server group that consists of all defined TACACS+ hosts.
local local authorization.
none the switch does not perform authorization. All access attempts succeed.
Examples
•
This command authorizes configuration commands (privilege level 15) through the local file. The
switch denies command access to users not listed in the local file.
switch(config)#aaa authorization commands 15 default local
switch(config)#
•
This command authorizes all commands entered on the CLI.
switch(config)#aaa authorization commands all default none
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
201
AAA Commands
Chapter 4 AAA Configuration
aaa authorization config-commands
The aaa authorization config-commands command enables authorization of commands in any
configuration mode, such as global Configuration and all interface configuration modes. Commands
are authorized through the policy specified by the aaa authorization commands setting. Authorization
is enabled by default, so issuing this command has no effect unless running-config contains the no aaa
authorization config-commands command.
The no aaa authorization config-commands command disables configuration command authorization.
When configuration command authorization is disabled, running-config contains the no aaa
authorization config-commands command. The default aaa authorization config-commands
command restores the default setting by removing the no aaa authorization config-commands from
running-config.
all
Command Mode
Global Configuration
Command Syntax
aaa authorization config-commands
no aaa authorization config-commands
default aaa authorization config-commands
Example
•
This command disables the authorization of configuration commands.
switch(config)#no aaa authorization config-commands
switch(config)#
•
This command enables the authorization of configuration commands.
switch(config)#aaa authorization config-commands
switch(config)#
202
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
aaa authorization console
The aaa authorization console command configures the switch to authorize commands entered
through the console. By default, commands entered through the console do not require authorization.
The no aaa authorization console and default aaa authorization console commands restore the default
setting.
all
Command Mode
Global Configuration
Command Syntax
aaa authorization console
no aaa authorization console
default aaa authorization console
Example
•
This command configures the switch to authorize commands entered on the console, using the
method specified through a previously executed aaa authorization command.
switch(config)#aaa authorization console
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
203
AAA Commands
Chapter 4 AAA Configuration
aaa authorization exec
The aaa authorization exec command configures the service list that the switch references to authorize
access to open an EOS CLI shell.
The list consists of a prioritized list of service options. The switch authorizes access by using the first
listed service option to which the switch can connect. When the switch cannot communicate with an
entity that provides a specified service option, it attempts to use the next option in the list.
The available service options include:
•
•
•
•
•
a named server group
all defined TACACS+ hosts
all defined RADIUS hosts
local authentication
no authentication
When the list is not configured, it is set to none, allowing all CLI access attempts to succeed.
The no aaa authorization exec and default aaa authorization exec commands set the list contents to
none.
all
Command Mode
Global Configuration
Command Syntax
aaa authorization exec default METHOD_1 [METHOD_2] ... [METHOD_N]
no aaa authorization exec default
default aaa authorization exec default
Parameters
•
METHOD_X
authorization service (method). The switch uses the first listed available method.
The command must provide at least one method. Each method is composed of one of the following:
—
—
—
—
—
group name the server group identified by name.
group radius a server group that consists of all defined RADIUS hosts.
group tacacs+ a server group that consists of all defined TACACS+ hosts.
local local authentication.
none the switch does not perform authorization. All access attempts succeed.
Guidelines
During the exec authorization process, the TACACS+ server response may include attribute-value (AV)
pairs. The switch recognizes priv-lvl=x (where x is an integer between 0 and 15), which is a mandatory
AV pair. A TACACS+ server that sends any other mandatory AV pair is denied access to the switch. The
receipt of optional AV pairs by the switch has no affect on decisions to permit or deny access to the
TACACS+ server.
Example
•
This command specifies that the TACACS+ servers authorize users that attempt to open an EOS
CLI shell.
switch(config)#aaa authorization exec default group tacacs+
switch(config)#
204
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
aaa authorization policy local default-role
The aaa authorization policy local command specifies the name of the default role. A role is a data
structure that supports local command authorization through its assignment to user accounts. Roles
consist of permit and deny rules that define authorization levels for specified commands. Applying a
role to a username authorizes the user to execute commands specified by the role.
The default role is assigned to the following users:
•
•
local or remote users assigned to a role that is not configured.
local users to whom a role is not assigned.
When the default-role is not specified, network-operator is assigned to qualified users as the default
role. The network-operator role authorizes assigned users access to all CLI commands in EXEC and
Privileged EXEC modes.
The no aaa authentication policy local default-role and default aaa authentication policy local
default-role commands remove the authentication policy local default-role statement from
running-config. Removing this statement restores network-operator as the default role.
all
Command Mode
Global Configuration
Command Syntax
aaa authorization policy local default-role role_name
no aaa authorization policy local default-role
default aaa authorization policy local default-role
Parameters
•
role_name
Name of the default role.
Related Commands
The role command places the switch in role configuration mode for creating and editing roles.
Examples
•
This command configures the sysuser as the default role.
switch(config)#aaa authorization policy local default-role sysuser
switch(config)#
•
This command restores network-operator as the default role.
switch(config)#no aaa authorization policy local default-role
switch(config)#
•
This command displays the contents of the network-operator role.
switch#show role network-operator
The default role is network-operator
role: network-operator
10 deny mode exec command bash|\|
20 permit mode exec command .*
switch#
User Manual: Version 4.15.2F
29 September 2015
205
AAA Commands
Chapter 4 AAA Configuration
aaa group server radius
The aaa group server radius command enters the server-group-radius configuration mode for the
specified group name. The command creates the specified group if it was not previously created.
Commands are available to add servers to the group.
A server group is a collection of servers that are associated with a single label. Subsequent authorization
and authentication commands access all servers in a group by invoking the group name. Server group
members must be previously configured with a radius-server host command.
The no aaa group server radius and default aaa group server radius commands delete the specified
server group from running-config.
all
Command Mode
Global Configuration
Command Syntax
aaa group server radius group_name
no aaa group server radius group_name
default aaa group server radius group_name
Parameters
•
group_name name (text string) assigned to the group. Cannot be identical to a name already
assigned to a TACACS+ server group.
Commands Available in server-group-radius Configuration Mode
•
server (server-group-RADIUS configuration mode)
Related Commands
•
aaa group server tacacs+
Example
•
This command creates the RADIUS server group named RAD-SV1 and enters server group
configuration mode for the new group.
switch(config)#aaa group server radius RAD-SV1
switch(config-sg-radius-RAD-SV1)#
206
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
aaa group server tacacs+
The aaa group server tacacs+ command enters server-group-tacacs+ configuration mode for the
specified group name. The command creates the specified group if it was not previously created.
Commands are available to add servers to the group.
A server group is a collection of servers that are associated with a single label. Subsequent authorization
and authentication commands access all servers in a group by invoking the group name. Server group
members must be previously configured with a tacacs-server host command.
The no aaa group server tacacs+ and default aaa group server tacacs+ commands delete the specified
server group from running-config.
all
Command Mode
Global Configuration
Command Syntax
aaa group server tacacs+ group_name
no aaa group server tacacs+ group_name
default aaa group server tacacs+ group_name
Parameters
•
group_name name (text string) assigned to the group. Cannot be identical to a name already
assigned to a RADIUS server group.
Commands Available in server-group-tacacs+ Configuration Mode
•
server (server-group-TACACS+ configuration mode)
Related Commands
•
aaa group server radius
Example
•
This command creates the TACACS+ server group named TAC-GR and enters server group
configuration mode for the new group.
switch(config)#aaa group server tacacs+ TAC-GR
switch(config-sg-tacacs+-TAC-GR)#
User Manual: Version 4.15.2F
29 September 2015
207
AAA Commands
Chapter 4 AAA Configuration
aaa root
The aaa root command specifies the password security level for the root account and can assign a
password to the account.
The no aaa root and default aaa root commands disable the root account by removing the aaa root
command from running-config. The root account is disabled by default.
all
Command Mode
Global Configuration
Command Syntax
aaa root SECURITY_LEVEL [ENCRYPT_TYPE] [password]
no aaa root
default aaa root
Parameters
•
SECURITY_LEVEL
password assignment level. Settings include
— secret the root account is assigned to the password.
— nopassword the root account is not password protected.
•
ENCRYPT_TYPE encryption level of the password parameter. This parameter is present only
when SECURITY_LEVEL is secret. Settings include:
—
—
—
—
•
<no parameter> the password is entered as clear text.
0 the password is entered as clear text. Equivalent to <no parameter>.
5 the password is entered as an md5 encrypted string.
sha512 the password is entered as an sha512 encrypted string.
password text that authenticates the username. The command includes this parameter only if
SECURITY_LEVEL is secret.
— password must be in clear text if ENCRYPT_TYPE specifies clear text.
— password must be an appropriately encrypted string if ENCRYPT_TYPE specifies encryption.
Encrypted strings entered through this parameter are generated elsewhere.
Examples
•
These equivalent commands assign f4980 as the root account password.
switch(config)#aaa root secret f4980
switch(config)#aaa root secret 0 f4980
•
This command assigns the text (ab234) that corresponds to the encrypted string of
$1$HW05LEY8$QEVw6JqjD9VqDfh.O8r.b. as the root password.
switch(config)#aaa root secret 5 $1$HW05LEY8$QEVw6JqjD9VqDfh.O8r.b
switch(config)#
•
This command removes the password from the root account.
switch(config)#aaa root nopassword
switch(config)#
•
This command disables the root login.
switch(config)#no aaa root
switch(config)#
208
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
clear aaa counters
The clear aaa counters command resets the counters that track the number of service transactions
performed by the switch since the last time the counters were reset. The show aaa counters command
displays the counters reset by the clear aaa counters command.
all
Command Mode
Privileged EXEC
Command Syntax
clear aaa counters [SERVICE_TYPE]
Example
•
These commands display the effect of the clear aaa counters command on the aaa counters.
switch#clear aaa counters
switch#show aaa counters
Authentication
Successful:
Failed:
Service unavailable:
0
0
0
Authorization
Allowed:
Denied:
Service unavailable:
1
0
0
Accounting
Successful:
Error:
Pending:
0
0
0
Last time counters were cleared: 0:00:44 ago
User Manual: Version 4.15.2F
29 September 2015
209
AAA Commands
Chapter 4 AAA Configuration
clear aaa counters radius
The clear aaa counters radius command resets the counters that track the statistics for the RADIUS
servers that the switch access. The show radius command displays the counters reset by the clear aaa
counters radius command.
all
Command Mode
Privileged EXEC
Command Syntax
clear aaa counters radius
Example
•
These commands display the effect of the clear aaa counters radius command on the RADIUS
counters.
switch#show radius
RADIUS server
: radius/10
Connection opens:
204
Connection closes:
0
Connection disconnects:
199
Connection failures:
10
Connection timeouts:
2
Messages sent:
1490
Messages received:
1490
Receive errors:
0
Receive timeouts:
0
Send timeouts:
0
Last time counters were cleared: never
switch#clear aaa counters radius
switch#show radius
RADIUS server
: radius/10
Connection opens:
0
Connection closes:
0
Connection disconnects:
0
Connection failures:
0
Connection timeouts:
0
Messages sent:
0
Messages received:
0
Receive errors:
0
Receive timeouts:
0
Send timeouts:
0
Last time counters were cleared: 0:00:03 ago
switch#
210
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
clear aaa counters tacacs+
The clear aaa counters tacacs+ command resets the counters that track the statistics for the TACACS+
servers that the switch access. The show tacacs command displays the counters reset by the clear aaa
counters tacacs+ command.
all
Command Mode
Privileged EXEC
Command Syntax
clear aaa counters tacacs+
Example
•
These commands display the effect of the clear aaa counters tacacs+ command on the tacacs+
counters.
switch#show tacacs
TACACS+ server
: tacacs/49
Connection opens:
15942
Connection closes:
7
Connection disconnects:
1362
Connection failures:
0
Connection timeouts:
0
Messages sent:
34395
Messages received:
34392
Receive errors:
0
Receive timeouts:
2
Send timeouts:
0
Last time counters were cleared: never
TACACS+ source-interface: Enabled
TACACS+ outgoing packets will be sourced with an IP address associated with the
Loopback0 interface
switch#clear aaa counters tacacs+
switch#show tacacs
TACACS+ server
: tacacs/49
Connection opens:
0
Connection closes:
0
Connection disconnects:
0
Connection failures:
0
Connection timeouts:
0
Messages sent:
0
Messages received:
0
Receive errors:
0
Receive timeouts:
0
Send timeouts:
0
Last time counters were cleared: 0:00:03 ago
switch#
TACACS+ source-interface: Enabled
TACACS+ outgoing packets will be sourced with an IP address associated with the
Loopback0 interface
switch#
User Manual: Version 4.15.2F
29 September 2015
211
AAA Commands
Chapter 4 AAA Configuration
deny (Role)
The deny command adds a deny rule to the configuration mode role. Deny rules prohibit access of
specified commands from usernames to which the role is applied. Sequence numbers determine rule
placement in the role. Commands are compared sequentially to rules within a role until it matches a
rule. A command’s authorization is determined by the first rule it matches. Sequence numbers for
commands without numbers are derived by adding 10 to the number of the role’s last rule.
Deny rules use regular expression to denote commands. A mode parameter specifies command modes
from which commands are restricted. Modes are denoted either by predefined keywords, a command
mode’s short key, or a regular expression that specifies the long key of one or more command modes.
The no deny and default deny commands remove the specified rule from the configuration mode role.
The no <sequence number> (Role) command also removes the specified rule from the role.
all
Command Mode
Role Configuration
Command Syntax
[SEQ_NUM] deny [MODE_NAME] command command_name
no deny [MODE_NAME] command command_name
default deny [MODE_NAME] command command_name
Parameters
•
SEQ_NUM
Sequence number assigned to the rule. Options include:
— <no parameter> Number is derived by adding 10 to the number of the role’s last rule.
— <1 – 256> Number assigned to entry.
•
MODE_NAME
—
—
—
—
—
—
•
Command mode from which command access is prohibited. Values include:
<no parameter> All command modes
mode short_name Exact match of a mode’s short key name.
mode long_name Regular expression matching long key name of one or more modes.
mode config Global configuration mode.
mode config-all All configuration modes, including global configuration mode.
mode exec EXEC and Privileged EXEC modes.
command_name
Regular expression that denotes the name of one or more commands.
Guidelines
These CLI prompt format commands program the prompt to display the following mode keys:
— %p
— %P
short mode key.
long mode key.
Deny statements are saved to running-config only upon exiting role configuration mode.
Related Commands
The role command places the switch in role configuration mode.
Example
•
These commands append a deny rule at the end of the sysuser role that restricts access to the reload
command from EXEC and Privileged EXEC mode.
switch(config)#role sysuser
switch(config-mode-sysuser)#deny mode exec command reload
switch(config-mode-sysuser)#
212
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
enable secret
The enable secret command creates a new enable password or changes an existing password.
The no enable secret and default enable secret commands delete the enable password by removing the
enable secret command from running-config.
all
Command Mode
Global Configuration
Command Syntax
enable secret [ENCRYPT_TYPE] password
no enable secret
default enable secret
Parameters
•
ENCRYPT_TYPE
—
—
—
—
•
encryption level of the password parameter. Settings include:
<no parameter> the password is entered as clear text.
0 the password is entered as clear text. Equivalent to <no parameter>.
5 the password is entered as an md5 encrypted string.
sha512 the password is entered as an sha512 encrypted string.
password
text that authenticates the username.
— password must be in clear text if ENCRYPT_TYPE specifies clear text.
— password must be an appropriately encrypted string if ENCRYPT_TYPE specifies encryption.
Encrypted strings entered through this parameter are generated elsewhere.
Examples
•
These equivalent commands assign xyrt1 as the enable password.
switch(config)#enable secret xyrt1
switch(config)#enable secret 0 xyrt1
•
This command assigns the enable password to the clear text (12345) that corresponds to the
encrypted string $1$8bPBrJnd$Z8wbKLHpJEd7d4tc5Z/6h/. The string was generated by an
MD5-encryption program using 12345 as the seed.
switch(config)#enable secret 5 $1$8bPBrJnd$Z8wbKLHpJEd7d4tc5Z/6h/
switch(config)#
•
This command deletes the enable password.
switch(config)#no enable secret
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
213
AAA Commands
Chapter 4 AAA Configuration
ip radius source-interface
The ip radius source-interface command specifies the interface from which the IPv4 address is derived
for use as the source for outbound RADIUS packets. When a source interface is not specified, the switch
selects an interface.
The no ip radius source-interface and default ip radius source-interface commands remove the ip
radius source-interface command from running-config.
all
Command Mode
Global Configuration
Command Syntax
ip radius [VRF_INST] source-interface INT_NAME
no ip radius [VRF_INST] source-interface
default ip radius [VRF_INST] source-interface
Parameters
•
VRF_INST
specifies the VRF instance used to communicate with the specified server.
— <no parameter> switch communicates with the server using the default VRF.
— vrf vrf_name switch communicates with the server using the specified user-defined VRF.
•
INT_NAME
—
—
—
—
—
Interface type and number. Options include:
interface ethernet e_num Ethernet interface specified by e_num.
interface loopback l_num Loopback interface specified by l_num.
interface management m_num Management interface specified by m_num.
interface port-channel p_num Port-Channel Interface specified by p_num.
interface vlan v_num VLAN interface specified by v_num.
Example
•
This command configures the source address for outbound RADIUS packets as the IPv4 address
assigned to the loopback interface.
switch(config)#ip radius source-interface loopback 0
switch(config)#
214
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
ip tacacs source-interface
The ip tacacs source-interface command specifies the interface from which the IPv4 address is derived
for use as the source for outbound TACACS+ packets. When a source interface is not specified, the
switch selects an interface.
The no ip tacacs source-interface and default ip tacacs source-interface commands remove the ip
tacacs source-interface command from running-config.
all
Command Mode
Global Configuration
Command Syntax
ip tacacs [VRF_INST] source-interface INT_NAME
no ip tacacs [VRF_INST] source-interface
default ip tacacs [VRF_INST] source-interface
Parameters
•
VRF_INST
specifies the VRF instance used to communicate with the specified server.
— <no parameter> switch communicates with the server using the default VRF.
— vrf vrf_name switch communicates with the server using the specified user-defined VRF.
•
INT_NAME
—
—
—
—
—
Interface type and number. Options include:
interface ethernet e_num Ethernet interface specified by e_num.
interface loopback l_num Loopback interface specified by l_num.
interface management m_num Management interface specified by m_num.
interface port-channel p_num Port-Channel Interface specified by p_num.
interface vlan v_num VLAN interface specified by v_num.
Example
•
This command configures the source address for outbound TACACS+ packets as the IPv4 address
assigned to the loopback interface.
switch(config)#ip tacacs source-interface loopback 0
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
215
AAA Commands
Chapter 4 AAA Configuration
no <sequence number> (Role)
The no <sequence number> command removes the rule with the specified sequence number from the
configuration mode role. The default <sequence number> command also removes the specified rule.
all
Command Mode
Role Configuration
Command Syntax
no sequence_num
default sequence_num
Parameters
•
sequence_num
sequence number of rule to be deleted. Values range from 1 to 256.
Guidelines
Role statement changes are saved to running-config only upon exiting role configuration mode.
Related Commands
The role command places the switch in role configuration mode.
Example
•
These commands display the rules in the sysuser role, removes rule 30 from the role, then displays
the edited role.
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
10 deny mode exec command reload
20 deny mode config command (no |default )?router
30 deny mode config command (no |default )?(ip|mac) access-list
40 deny mode if command (no |default )?(ip|mac) access-group
50 deny mode config-all command lacp|spanning-tree
60 permit command .*
switch(config)#role sysuser
switch(config-role-sysuser)#no 30
switch(config-role-sysuser)#exit
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
10 deny mode exec command reload
20 deny mode config command (no |default )?router
40 deny mode if command (no |default )?(ip|mac) access-group
50 deny mode config-all command lacp|spanning-tree
60 permit command .*
switch(config)#
216
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
permit (Role)
The permit command adds a permit rule to the configuration mode role. Permit rules authorize access
to specified commands for usernames to which the role is applied. Sequence numbers determine rule
placement in the role. Commands are compared sequentially to rules within a role until it matches a
rule. A command’s authorization is determined by the first rule it matches. Sequence numbers for
commands without numbers are derived by adding 10 to the number of the role’s last rule.
Permit rules use regular expression to denote commands. A mode parameter specifies command modes
in which commands are authorized. Modes are denoted either by predefined keywords, a command
mode’s short key, or a regular expression that specifies the long key of one or more command modes.
The no deny and default deny commands remove the specified rule from the configuration mode role.
The no <sequence number> (Role) command also removes the specified rule from the role.
all
Command Mode
Role Configuration
Command Syntax
[SEQ_NUM] permit [MODE_NAME] command command_name
no permit [MODE_NAME] command command_name
default permit [MODE_NAME] command command_name
Parameters
•
SEQ_NUM
Sequence number assigned to the rule. Options include:
— <no parameter> Number is derived by adding 10 to the number of the role’s last rule.
— <1 – 256> Number assigned to entry.
•
MODE_NAME
—
—
—
—
—
—
•
Command mode in which command access is authorized. Values include:
<no parameter> All command modes
mode short_name Exact match of a mode’s short key name.
mode long_name Regular expression matching long key name of one or more modes.
mode config Global configuration mode.
mode config-all All configuration modes, including global configuration mode.
mode exec EXEC and Privileged EXEC modes.
command_name
Regular expression that denotes the name of one or more commands.
Guidelines
These CLI prompt format commands program the prompt to display the following mode keys:
— %p
— %P
short mode key.
long mode key.
Permit statements are saved to running-config only upon exiting role configuration mode.
Related Commands
The role command places the switch in role configuration mode.
Example
•
These commands append a permit rule at the end of the sysuser role that authorizes all commands
from VLAN 1 or VLAN 2 interface configuration modes.
switch(config)#role sysuser
switch(config-mode-sysuser)#permit mode if-Vl(1|2) command .*
switch(config-mode-sysuser)#
User Manual: Version 4.15.2F
29 September 2015
217
AAA Commands
Chapter 4 AAA Configuration
radius-server deadtime
The radius-server deadtime command defines global deadtime period, when the switch ignores a
non-responsive RADIUS server. A non-responsive server is one that failed to answer any attempt to
retransmit after a timeout expiry. Deadtime is disabled if a value is not configured.
The no radius-server deadtime and default radius-server deadtime commands restore the default
global deadtime period of three minutes by removing the radius-server deadtime command from
running-config.
all
Command Mode
Global Configuration
Command Syntax
radius-server deadtime dead_interval
no radius-server deadtime
default radius-server deadtime
Parameters
•
dead_interval period that the switch ignores non-responsive servers (minutes). Value ranges from
1 to 1000. Default is 3.
Related Commands
•
radius-server host
Example
•
This command programs the switch to ignore a server for two hours if it fails to respond to a request
during the period defined by timeout and retransmit parameters.
switch(config)#radius-server deadtime 120
switch(config)#
218
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
radius-server host
The radius-server host command sets parameters for communicating with a specific RADIUS server.
These values override global settings when the switch communicates with the specified server.
A RADIUS server is defined by its server address, authorization port, and accounting port. Servers with
different address-authorization port-accounting port combinations have separate configurations.
The no radius-server host and default radius-server commands remove settings for the RADIUS server
configuration at the specified address-authorization port-accounting port location by deleting the
corresponding radius-server host command from running-config.
all
Command Mode
Global Configuration
Command Syntax
radius-server host ADDR [VRF_INST][AUTH][ACCT][TIMEOUT][DEAD][RETRAN][ENCRYPT]
no radius-server host [ADDR][VRF_INST][AUTH][ACCT]
default radius-server host [ADDR][VRF_INST][AUTH][ACCT]
Parameters
•
ADDR
RADIUS server location. Options include:
— ipv4_addr
— host_name
•
VRF_INST
server’s IPv4 address.
server’s DNS host name (FQDN).
specifies the VRF instance used to communicate with the specified server.
— <no parameter> switch communicates with the server using the default VRF.
— vrf vrf_name switch communicates with the server using the specified user-defined VRF.
•
AUTH
Authorization port number.
— <no parameter>
— auth-port number
•
ACCT
default port of 1812.
number ranges from 1 to 65535.
Accounting port number.
— <no parameter> default port of 1813.
— acct-port number number ranges from 1 to 65535.
•
TIMEOUT
timeout period (seconds). Ranges from 1 to 1000.
— <no parameter> assigns global timeout value (see radius-server timeout).
— timeout number assigns number as the timeout period. Ranges from 1 to 1000.
•
DEAD
period (minutes) when the switch ignores a non-responsive RADIUS server.
— <no parameter>
— deadtime number
•
RETRAN
assigns global deadtime value (see radius-server deadtime).
specifies deadtime, where number ranges from 1 to 1000.
attempts to access RADIUS server after the first timeout expiry.
— <no parameter> assigns global retransmit value (see radius-server retransmit).
— retransmit number specifies number of attempts, where number ranges from 1 to 100.
•
ENCRYPT
—
—
—
—
encryption key that switch and server use to communicate.
<no parameter> assigns global encryption key (see radius-server key).
key key_text where key_text is in clear text.
key 5 key_text where key_text is in clear text.
key 7 key_text where key_text is provide in an encrypted string.
User Manual: Version 4.15.2F
29 September 2015
219
AAA Commands
Chapter 4 AAA Configuration
Examples
•
This command configures the switch to communicate with the RADIUS server located at 10.1.1.5.
The switch uses the global timeout, deadtime, retransmit, and key settings to communicate with this
server, and communicates through port 1812 for authorization and 1813 for accounting.
switch(config)#radius-server host 10.1.1.5
switch(config)#
•
This command configures the switch to communicate with the RADIUS server assigned the host
name RAD-1. Communication for authorization is through port 1850; communication for
accounting is through port 1813 (the default).
switch(config)#radius-server host RAD-1 auth-port 1850
switch(config)#
220
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
radius-server key
The radius-server key command defines the global encryption key the switch uses when
communicating with any RADIUS server for which a key is not defined.
The no radius-server key and default radius-server key commands remove the global key from
running-config.
all
Command Mode
Global Configuration
Command Syntax
radius-server key [ENCRYPT_TYPE] encrypt_key
no radius-server key
default radius-server key
Parameters
•
ENCRYPT_TYPE
encryption level of encrypt_key.
— <no parameter> encryption key is entered as clear text.
— 0 encryption key is entered as clear text. Equivalent to <no parameter>.
— 7 encrypt_key is an encrypted string.
•
encrypt_key
shared key that authenticates the username.
— encrypt_key must be in clear text if ENCRYPT_TYPE specifies clear text.
— encrypt_key must be an encrypted string if ENCRYPT_TYPE specifies an encrypted string.
Encrypted strings entered through this parameter are generated elsewhere.
Related Commands
•
radius-server host
Examples
•
This command configures cv90jr1 as the global encryption key.
switch(config)#radius-server key 0 cv90jr1
switch(config)#
•
This command assigns cv90jr1 as the key by specifying the corresponding encrypted string.
switch(config)#radius-server key 7 020512025B0C1D70
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
221
AAA Commands
Chapter 4 AAA Configuration
radius-server retransmit
The radius-server retransmit command defines the global retransmit count, which specifies the number
of times the switch attempts to access the RADIUS server after the first timeout expiry.
The no radius-server retransmit and default radius-server retransmit commands restore the global
retransmit count to its default value of three by deleting the radius-server retransmit command from
running-config.
all
Command Mode
Global Configuration
Command Syntax
radius-server retransmit count
no radius-server retransmit
default radius-server retransmit
Parameters
•
count
retransmit attempts after first timeout expiry. Settings range from 1 to 100. Default is 3.
Related Commands
•
radius-server host
Example
•
This command configures the switch to attempt five RADIUS server contacts after the initial
timeout. If the timeout parameter is set to 50 seconds, then the total period that the switch waits for
a response is ((5+1)*50) = 300 seconds.
switch(config)#radius-server retransmit 5
switch(config)#
222
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
radius-server timeout
The radius-server timeout command defines the global timeout the switch uses when communicating
with any RADIUS server for which a timeout is not defined.
The no radius-server timeout and default radius-server timeout commands restore the global timeout
default period of five seconds by removing the radius-server timeout command from running-config.
all
Command Mode
Global Configuration
Command Syntax
radius-server timeout time_period
no radius-server timeout
default radius-server timeout
Parameters
•
time_period
timeout period (seconds). Range from 1 to 1000. Default is 5.
Related Commands
•
•
•
•
radius-server host
radius-server key
radius-server deadtime
radius-server retransmit
Example
•
This command configures the switch to wait 50 seconds for a RADIUS server response before
issuing an error.
switch(config)#radius-server timeout 50
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
223
AAA Commands
Chapter 4 AAA Configuration
resequence (Role)
The resequence command assigns sequence numbers to rules in the configuration mode role.
Command parameters specify the number of the first rule and the numeric interval between
consecutive rules.
The maximum sequence number is 256.
all
Command Mode
Role Configuration
Command Syntax
resequence start_num inc_num
Parameters
•
•
start_num sequence number assigned to the first rule. Value ranges from 1 to 256. Default is 10.
inc_num numeric interval between consecutive rules. Value ranges from 1 to 256. Default is 10.
Guidelines
Role statement changes are saved to running-config only upon exiting role configuration mode.
Related Commands
The role command places the switch in role configuration mode.
Example
•
The resequence command renumbers the rules in the sysuser role, starting the first rule at 15 and
incrementing subsequent lines by 5.
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
10 deny mode exec command reload
20 deny mode config command (no |default )?router
40 deny mode if command (no |default )?(ip|mac) access-group
50 deny mode config-all command lacp|spanning-tree
60 permit command .*
switch(config)#role sysuser
switch(config-role-sysuser)#resequence 15 5
switch(config-role-sysuser)#exit
switch(config)#show role sysuser
The default role is network-operator
role: sysuser
15 deny mode exec command reload
20 deny mode config command (no |default )?router
25 deny mode if command (no |default )?(ip|mac) access-group
30 deny mode config-all command lacp|spanning-tree
35 permit command .*
switch(config)#role sysuser
224
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
role
The role command places the switch in role configuration mode, which is a group change mode that
modifies a role. A role is a data structure that supports local command authorization through its
assignment to user accounts. Roles consist of permit and deny rules that define authorization levels for
specified commands. Applying a role to a username authorizes the user to execute commands specified
by the role.
The role command specifies the name of the role that subsequent commands modify and creates a role
if it references a nonexistent role. All changes in a group change mode edit session are pending until the
session ends:
•
The exit command saves pending changes to running-config and returns the switch to global
configuration mode. Changes are also saved by entering a different configuration mode.
•
The abort command discards pending changes, returning the switch to global configuration mode.
The no role and default role commands delete the specified role by removing the role and its statements
from running-config.
all
Command Mode
Global Configuration
Command Syntax
role role_name
no role role_name
default role role_name
Parameters
•
role_name
Name of role.
Commands Available in Role configuration mode:
•
•
•
•
deny (Role)
permit (Role)
no <sequence number> (Role)
resequence (Role)
Related Commands
•
show role
Examples
•
This command places the switch in role configuration mode to modify the speaker role.
switch(config)#role speaker
switch(config-role-speaker)#
•
This command saves changes to speaker role, then returns the switch to global configuration mode.
switch(config-role-speaker)#exit
switch(config)#
•
This command discards changes to speaker, then returns the switch to global configuration mode.
switch(config-role-speaker)#abort
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
225
AAA Commands
Chapter 4 AAA Configuration
server (server-group-RADIUS configuration mode)
The server (server-group-RADIUS configuration mode) command adds the specified RADIUS server
to the configuration mode group. Servers must be configured with the radius-server host command
before adding them to the server group.
A RADIUS server is defined by its server address, authorization port, and accounting port. A group can
contain multiple servers with the same IP address that have different authorization or accounting ports.
The no server and default server commands remove the specified server from the group.
all
Command Mode
Server-Group-RADIUS Configuration
Command Syntax
server LOCATION [VRF_INST][AUTH][ACCT]
no server LOCATION [VRF_INST][AUTH][ACCT]
default server LOCATION [VRF_INST][AUTH][ACCT]
Parameters
•
LOCATION
RADIUS server location. Options include:
— ipv4_addr
— host_name
•
VRF_INST
server’s IPv4 address.
server’s DNS host name (FQDN).
specifies the VRF instance used to communicate with the specified server.
— <no parameter> switch communicates with the server using the default VRF.
— vrf vrf_name switch communicates with the server using the specified user-defined VRF.
•
AUTH
Authorization port number.
— <no parameter>
— auth-port number
•
ACCT
default port of 1812.
number ranges from 1 to 65535.
Accounting port number.
— <no parameter> default port of 1813.
— acct-port number number ranges from 1 to 65535.
Related Commands
The aaa group server radius command places the switch in server-group-radius configuration mode.
Example
•
These commands add two servers to the RAD-SV1 server group.
switch(config)#aaa group server radius RAD-SV1
switch(config-sg-radius-RAD-SV1)#server RAC-1
switch(config-sg-radius-RAD-SV1)#server 10.1.5.14 acct-port 1851
switch(config-sg-radius-RAD-SV1)#
226
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
server (server-group-TACACS+ configuration mode)
The server (server-group-TACACS+ configuration mode) command adds the specified TACACS+
server to the configuration mode group. Servers must be configured with the tacacs-server host
command before adding them to the server group.
A TACACS+ server is defined by its server address and port number. Servers with different address-port
combinations have separate statements in running-config.
The no server and default server commands remove the specified server from the group.
all
Command Mode
Server-Group-TACACS+ Configuration
Command Syntax
server LOCATION [VRF_INST] [PORT]
no server LOCATION [VRF_INST] [PORT]
default server LOCATION [VRF_INST] [PORT]
Parameters
•
LOCATION
TACACS+ server location. Options include:
— ipv4_addr
— ipv6_addr
— host_name
•
VRF_INST
server’s IPv4 address.
server’s IPv6 address.
server’s DNS host name (FQDN).
specifies the VRF instance used to communicate with the specified server.
— <no parameter> switch communicates with the server using the default VRF.
— vrf vrf_name switch communicates with the server using the specified user-defined VRF.
•
PORT
TCP connection port number.
— <no parameter> default port of 49.
— port number number ranges from 1 to 65535.
Related Commands
The aaa group server tacacs+ command places the switch in server-group-radius configuration mode.
Example
•
These commands add two servers to the TAC-GR server group with default port number 49.
switch(config)#aaa group server tacacs+ TAC-GR
switch(config-sg-tacacs+-TAC-GR)#server TAC-1
switch(config-sg-tacacs+-TAC-GR)#server 10.1.4.14
switch(config-sg-tacacs+-TAC-GR)#
User Manual: Version 4.15.2F
29 September 2015
227
AAA Commands
Chapter 4 AAA Configuration
show aaa
The show aaa command displays the user database. The command displays the encrypted enable
password first, followed by a table of usernames and their corresponding encrypted password.
The command does not display unencrypted passwords.
all
Command Mode
Privileged EXEC
Command Syntax
show aaa
Example
•
This command configures the switch to authenticate the enable password through all configured
TACACS+ servers. Local authentication is the backup if TACACS+ servers are unavailable.
switch#show aaa
Enable password (encrypted): $1$UL4gDWy6$3KqCPYPGRvxDxUq3qA/Hs/
Username Encrypted passwd
-------- ---------------------------------admin
janis
$1$VVnDH/Ea$iwsfnrGNO8nbDsf0tazp9/
thomas
$1$/MmXTUil$.fJxLfcumzppNSEDVDWq9.
switch#
228
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
show aaa counters
The show aaa counters command displays the number of service transactions performed by the switch
since the last time the counters were reset.
all
Command Mode
Privileged EXEC
Command Syntax
show aaa counters
Example
•
This command displays the number of authentication, authorization, and accounting transactions.
switch#show aaa counters
Authentication
Successful:
Failed:
Service unavailable:
30
0
0
Authorization
Allowed:
Denied:
Service unavailable:
188
0
0
Accounting
Successful:
Error:
Pending:
0
0
0
Last time counters were cleared: never
switch#
User Manual: Version 4.15.2F
29 September 2015
229
AAA Commands
Chapter 4 AAA Configuration
show aaa method-lists
The show aaa method-lists command displays all the named method lists defined in the specified
authentication, authorization, and accounting (AAA) service.
all
Command Mode
Privileged EXEC
Command Syntax
show aaa method-lists SERVICE_TYPE
Parameters
•
SERVICE_TYPE
—
—
—
—
the service type of the method lists that the command displays.
accounting accounting services.
authentication authentication services.
authorization authorization services.
all accounting, authentication, and authorization services.
Example
•
This command configures the named method lists for all AAA services.
switch#show aaa method-lists all
Authentication method lists for LOGIN:
name=default methods=group tacacs+, local
Authentication method list for ENABLE:
name=default methods=local
Authorization method lists for COMMANDS:
name=privilege0-15 methods=group tacacs+, local
Authentication method list for EXEC:
name=exec methods=group tacacs+, local
Accounting method lists for COMMANDS:
name=privilege0-15 default-action=none
Accounting method list for EXEC:
name=exec default-action=none
switch#
230
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
show aaa sessions
The show aaa sessions command displays information about active AAA login sessions. Information
includes username, roles, TTY, state of the session (pending or established), duration, authentication
method, and if available, remote host and remote username.
all
Command Mode
Privileged EXEC
Command Syntax
show aaa sessions
Example
•
This command displays information about the active AAA login sessions.
# show aaa session
Session Username Roles
---------------- -----------2
admin
network-admin
4
joe
sysadmin
6
alice
sysadmin
7
bob
sysadmin
8
kim
network-admin1
9
admin
network-admin
10
max
network-admin
User Manual: Version 4.15.2F
TTY
-----ttyS0
telnet
ssh
ssh
ssh
ssh
telnet
State
----E
E
E
E
E
E
E
29 September 2015
Duration
-------0:01:21
0:02:01
0:00:52
0:00:48
0:00:55
0:00:07
0:00:07
Auth
Remote Host
------------- -----------local
local
sf.example.com
group radius ny.example.com
group radius la.example.com
group radius de.example.com
local
bj.example.com
local
sf.example.com
231
AAA Commands
Chapter 4 AAA Configuration
show privilege
The show privilege command displays the current privilege level for the CLI session.
all
Command Mode
EXEC
Command Syntax
show privilege
Example
•
This command displays the current privilege level.
switch>show privilege
Current privilege level is 15
switch>
232
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
show radius
The show radius command displays statistics for the RADIUS servers that the switch accesses.
all
Command Mode
EXEC
Command Syntax
show radius
Example
•
This command displays statistics for connected TACACS+ servers.
switch>show radius
RADIUS server
: radius/10
Connection opens:
204
Connection closes:
0
Connection disconnects:
199
Connection failures:
10
Connection timeouts:
2
Messages sent:
1490
Messages received:
1490
Receive errors:
0
Receive timeouts:
0
Send timeouts:
0
Last time counters were cleared: never
switch>
User Manual: Version 4.15.2F
29 September 2015
233
AAA Commands
Chapter 4 AAA Configuration
show role
The show role command displays the name of the default role and the contents of the specified roles.
Commands that do not specify a role display the rules in all built-in and configured roles.
all
Command Mode
Privileged EXEC
Command Syntax
show role [ROLE_LIST]
Parameters
•
ROLE_LIST Roles that the command displays. Options include:
— <no parameter> Command displays all roles.
— role_name Name of role displayed by command.
Related Commands
The role command places the switch in role configuration mode, which is used to create new roles or
modify existing roles.
Example
•
This command displays the contents of all user-defined and built-in roles.
switch#show role
The default role is network-operator
role: network-admin
10 permit command .*
role: network-operator
10 deny mode exec command bash|\|
20 permit mode exec command .*
role: sysuser
15 deny mode exec command reload
20 deny mode config command (no |default )?router
25 deny mode if command (no |default )?(ip|mac) access-group
30 deny mode config-all command lacp|spanning-tree
35 permit command .*
40 deny mode exec command .*
50 permit mode exec command show|clear (counters|platform)|configure
switch#
234
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
show tacacs
The show tacacs command displays statistics for the TACACS+ servers that the switch accesses.
all
Command Mode
EXEC
Command Syntax
show tacacs
Example
•
This command displays statistics for connected TACACS+ servers.
switch>show tacacs
TACACS+ server
: tacacs/49
Connection opens:
15942
Connection closes:
7
Connection disconnects:
1362
Connection failures:
0
Connection timeouts:
0
Messages sent:
34395
Messages received:
34392
Receive errors:
0
Receive timeouts:
2
Send timeouts:
0
Last time counters were cleared: never
TACACS+ source-interface: Enabled
TACACS+ outgoing packets will be sourced with an IP address associated with the
Loopback0 interface
switch>
User Manual: Version 4.15.2F
29 September 2015
235
AAA Commands
Chapter 4 AAA Configuration
show user-account
The show user-account command displays the names, roles, and privilege levels of users that are listed
in running-config. The ssh public-key is also listed for names for which an SSH key is configured.
all
Command Mode
Privileged EXEC
Command Syntax
show user-account
Example
•
This command displays the usernames that are configured on the switch.
switch#show user-account
user: FRED
role: <unknown>
privilege level: 1
ssh public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjUg2VDiBX7In0q
HtN5PyHOWtYvIoeZsxF5YmesQ/rh++mbpT504dL7So+Bpr9T/0qIj+zilat8fX/JlO42+3pjfkHY/+lsT
2EPNjGTK7uJv1wSGmhc3+90dNmJtr5YVlJFjjQ5m+5Pa+PGe3z4JIV1lY2NhLrV2fXtbciLdjnj6FAlhX
jiLt51DJhG13uUxGBJe0+NlGvpEsTJVJvMdJuS6weMi+xSXc9yQimVD2weJBHsYFnghST2j0pAyF2S7/E
OU13pY42RztDSs42nMNNrutPT0q5Z17aAKvhpd0dDlc+qIwrCrXbeIChHem7+0N8/zA3alBK4eKSFSZBd
3Pb admin@switch
switch#
user: JANE
role: sysuser2
privilege level: 1
user: admin
role: network-admin
privilege level: 1
236
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
show users
The show users command displays the usernames that are currently logged into the switch.
all
Command Mode
Privileged EXEC
Command Syntax
show users
Example
•
This command displays the users that are logged into the switch.
switch#show users
Line
User
1 vty 2
john
2 vty 4
jane
* 3 vty 6
ted
Host(s)
idle
idle
idle
Idle
1d
21:33:00
00:00:01
Location
10.22.6.113
10.22.26.26
10.17.18.71
switch#
User Manual: Version 4.15.2F
29 September 2015
237
AAA Commands
Chapter 4 AAA Configuration
tacacs-server host
The tacacs-server host command sets communication parameters for communicating with a specific
TACACS+ server. These values override global settings when the switch communicates with the
specified server.
A TACACS+ server is defined by its server address and port number. Servers with different
combinations of address-port-VRF-multiplex settings have separate statements in running-config.
The no tacacs-server host and default tacacs-server host commands remove settings for the TACACS+
server configuration at the specified address-port-VRF combination by deleting the corresponding
tacacs-server host command from running-config.
all
Command Mode
Global Configuration
Command Syntax
tacacs-server host SERVER_ADDR [MULTIPLEX][VRF_INST][PORT][TIMEOUT][ENCRYPT]
no tacacs-server host [SERVER_ADDR][MULTIPLEX][VRF_INST][PORT]
default tacacs-server host [SERVER_ADDR][MULTIPLEX][VRF_INST][PORT]
Parameters
•
•
SERVER_ADDR
TACACS+ server location. Options include:
— ipv4_addr
— ipv6_addr
— host_name
server’s IPv4 address.
server’s IPv6 address.
server’s DNS host name (FQDN).
MULTIPLEX
TACACS+ server support of multiplex sessions on a TCP connection.
— <no parameter> server does not support multiplexing.
— single-connection server supports session multiplexing.
•
VRF_INST
specifies the VRF instance used to communicate with the specified server.
— <no parameter> switch communicates with the server using the default VRF.
— vrf vrf_name switch communicates with the server using the specified user-defined VRF.
•
PORT
port number of the TCP connection.
— <no parameter> default port of 49.
— port number port number ranges from 1 to 65535.
•
TIMEOUT
timeout period (seconds).
— <no parameter> assigns the globally configured timeout value (see tacacs-server timeout).
— timeout number timeout period (seconds). number ranges from 1 to 1000.
•
ENCRYPT
—
—
—
—
encryption key the switch and server use to communicate. Settings include
<no parameter> assigns the globally configured encryption key (see tacacs-server key).
key key_text where key_text is in clear text.
key 5 key_text where key_text is in clear text.
key 7 key_text where key_text is an encrypted string.
Examples
•
This command configures the switch to communicate with the TACACS+ server located at 10.1.1.5.
The switch uses the global timeout, encryption key, and port settings.
switch(config)#tacacs-server host 10.1.1.5
switch(config)#
238
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
•
AAA Commands
This command configures the switch to communicate with the TACACS+ server assigned the host
name TAC_1. The switch defines the timeout period as 20 seconds and the encryption key as rp31E2v.
switch(config)#tacacs-server host TAC_1 timeout 20 key rp31E2v
switch(config)#
•
This command configures the switch to communicate with the TACACS+ server located at
10.12.7.9, indicates that the server supports multiplexing sessions on the same TCP connection, and
that access is through port 54.
switch(config)#tacacs-server host 10.12.7.9 single-connection port 54
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
239
AAA Commands
Chapter 4 AAA Configuration
tacacs-server key
The tacacs-server key command defines the global encryption key the switch uses when
communicating with any TACACS+ server for which a key is not defined.
The no tacacs-server key and default tacacs-server key commands remove the global key from
running-config.
all
Command Mode
Global Configuration
Command Syntax
tacacs-server key [ENCRYPT_TYPE] encrypt_key
no tacacs-server key
default tacacs-server key
Parameters
•
ENCRYPT_TYPE
encryption level of encrypt_key.
— <no parameter> encryption key is entered as clear text.
— 0 encryption key is entered as clear text. Equivalent to <no parameter>.
— 7 encrypt_key is an encrypted string.
•
encrypt_key
shared key that authenticates the username.
— encrypt_key must be in clear text if ENCRYPT_TYPE specifies clear text.
— encrypt_key must be an encrypted string if ENCRYPT_TYPE specifies an encrypted string.
Encrypted strings entered through this parameter are generated elsewhere.
Related Commands
•
tacacs-server host
Examples
•
This command configures cv90jr1 as the encryption key.
switch(config)#tacacs-server key 0 cv90jr1
switch(config)#
•
This command assigns cv90jr1 as the key by specifying the corresponding encrypted string.
switch(config)#tacacs-server key 7 020512025B0C1D70
switch(config)#
240
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
tacacs-server policy
The tacacs-server policy command programs the switch to permit access to TACACS+ servers that send
mandatory attribute-value (AV) pairs that the switch does not recognize. By default, the switch denies
access to TACACS+ servers when it received unrecognized AV pairs from the server.
The switch recognizes the following manadatory AV pairs:
•
priv-lvl=x
where x is an integer between 0 and 15.
The no tacacs-server policy and default tacacs-server policy commands restore the switch default of
denying access to servers from which it receives unrecognized mandatory AV pair by deleting the
tacacs-server policy statement from running-config.
all
Command Mode
Global Configuration
Command Syntax
tacacs-server policy unknown-mandatory-attribute ignore
no tacacs-server policy unknown-mandatory-attribute ignore
default tacacs-server policy unknown-mandatory-attribute ignore
Example
•
This command configures the switch to permit access to TACACS+ servers that send unrecognized
mandatory AV pairs.
switch(config)#tacacs-server policy unknown-mandatory-attribute ignore
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
241
AAA Commands
Chapter 4 AAA Configuration
tacacs-server timeout
The tacacs-server timeout command defines the global timeout the switch uses when communicating
with any TACACS+ server for which a timeout is not defined.
The no tacacs-server timeout and default tacacs-server timeout commands restore the global timeout
default period of five seconds by removing the tacacs-server timeout command from running-config.
all
Command Mode
Global Configuration
Command Syntax
tacacs-server timeout time_period
no tacacs-server timeout
default tacacs-server timeout
Parameters
•
time_period
timeout period (seconds). Settings range from 1 to 1000. Default is 5.
Related Commands
•
tacacs-server host
Example
•
This command configures the switch to wait 20 seconds for a TACACS+ server response before
issuing an error.
switch(config)#tacacs-server timeout 20
switch(config)#
242
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
username
The username command adds a username to the local file and assigns a password to a username. If the
command specifies an existing username, the command replaces the password in the local file. The
command can define a username without a password or remove the password from a username.
The no username and default username commands delete the specified username by removing the
corresponding username statement from running-config.
The no username role command assigns the default role assignment to the specified username
statement by editing the corresponding username statement in running-config. The default username
role command reverts the specified username to its default role by editing the corresponding username
statement in running-config. For the admin username, this restores network-admin as its role.
all
Command Mode
Global Configuration
Command Syntax
username name [PRIVILEGE_LEVEL] SECURITY [ROLE_USER]
no username name [role]
default username name [role]
All parameters except name can be placed in any order.
Parameters
•
name
username text that the user enters at the login prompt to access the CLI.
Valid usernames begin with A-Z, a-z, or 0-9 and may also contain any of these characters:
@
+
•
#
;
$
<
%
>
^
,
&
.
*
~
|
_
=
PRIVILEGE_LEVEL user’s initial session privilege level. This parameter is used when an
authorization command includes the local option.
— <no parameter> the privilege level is set to 1.
— privilege rank where rank is an integer between 0 and 15.
•
SECURITY
—
—
—
—
—
•
password assignment option.
nopassword name is not password protected.
secret password name is protected by specified password (clear-text string).
secret 0 password name is protected by specified password (clear-text string).
secret 5 password name is protected by specified password. (md5 encrypted string).
secret sha5 password name is protected by specified password (sha512 encrypted string).
ROLE_USER
specifies the role for performing command authorization. Options include:
— <no parameter> user is assigned default role (aaa authorization policy local default-role).
— role role_name specifies role assigned to the user.
Guidelines
Encrypted strings entered through this parameter are generated elsewhere. The secret 5 option
(SECURITY) is typically used to enter a list of username-passwords from a script.
The SECURITY parameter is mandatory for unconfigured usernames. For previously configured
users, the command can specify a PRIVILEGE_LEVEL or ROLE without a SECURITY setting.
admin is a reserved username that is provided by the intial configuration. The admin username
cannot be deleted, but its parameters are editable. The initial admin configuration is:
username admin privilege 1 role network-admin nopassword
User Manual: Version 4.15.2F
29 September 2015
243
AAA Commands
Chapter 4 AAA Configuration
Examples
•
These equivalent commands create the username john and assigns it the password x245. The
password is entered in clear text because the ENCRYPTION parameter is either omitted or zero.
switch(config)#username john secret x245
switch(config)#username john secret 0 x245
•
This command creates the username john and assigns it to the text password that corresponds to the
encrypted string $1$sU.7hptc$TsJ1qslCL7ZYVbyXNG1wg1. The string was generated by an
MD5-encryption program using x245 as the seed.
switch(config)#username john secret 5 $1$sU.7hptc$TsJ1qslCL7ZYVbyXNG1wg1
switch(config)#
A user authenticates the username john by entering x245 when the CLI prompts for a password.
•
This command creates the username jane without securing it with a password. It also removes a
password if the jane username exists.
switch(config)#username jane nopassword
switch(config)#
•
This command removes the username william from the local file.
switch(config)#no username william
switch(config)#
244
29 September 2015
User Manual: Version 4.15.2F
Chapter 4 AAA Configuration
AAA Commands
username sshkey
The username sshkey command configures an ssh key for the specified username. Command options
allow the key to be entered directly into the CLI or referenced from a file.
The specified username must be previously configured through a username command.
The no username sshkey and default username sshkey commands delete the sshkey for the specified
username by removing the corresponding username sshkey command from running-config.
The no username sshkey role and default username sshkey role commands perform the following:
•
delete the sshkey for the specified username by removing the corresponding username sshkey
command from running-config.
•
delete the role assignment from the specified username by editing the corresponding username
statement in running-config.
all
Command Mode
Global Configuration
Command Syntax
username name sshkey KEY
no username name sshkey [role]
default username name sshkey [role]
Parameters
•
name
username text that the user enters at the login prompt to access the CLI.
Valid usernames begin with A-Z, a-z, or 0-9 and may also contain any of these characters:
@
+
•
KEY
#
;
$
<
%
>
^
,
&
.
*
~
|
_
=
SSH key. Options include:
— key_text username is associated with ssh key specified by key_text string.
— file key_file username is associated with ssh key in the specified file.
Example
•
These commands create the username john, assign it the password x245, then associate it to the SSH
key listed in the file named john-ssh.
switch(config)#username john secret x245
switch(config)#username john sshkey file john-ssh
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
245
AAA Commands
246
Chapter 4 AAA Configuration
29 September 2015
User Manual: Version 4.15.2F
Chapter 5
Administering the Switch
This chapter describes administrative tasks that are typically performed only after initially configuring
the switch or after recovery procedures.
This chapter includes these sections:
•
•
•
•
•
•
5.1
Section 5.1: Managing the Switch Name
Section 5.2: Managing the System Clock
Section 5.3: Synchronizing the Time Settings
Section 5.4: Managing Display Attributes
Section 5.5: Event Monitor
Section 5.6: Switch Administration Commands
Managing the Switch Name
These sections describe how to configure the switch’s domain and host name.
•
•
5.1.1
Section 5.1.1: Assigning a Name to the Switch describes the assigning of an FQDN to the switch.
Section 5.1.2: Specifying DNS Addresses describes the adding of name servers to the configuration.
Assigning a Name to the Switch
A fully qualified domain name (FQDN) labels the switch and defines its organization ID in the Domain
Name System hierarchy. The switch’s FQDN consists of a host name and domain name.
The host name is uniquely associated with one device within an IP-domain. The default host name is
localhost. You can configure the prompt to display the host name, as described in Section 5.4.2: Prompt.
•
To assign a host name to the switch, use the hostname command. To return the switch’s host name
to the default value of localhost, use the no hostname command.
•
To specify the domain location of the switch, use the ip domain-name command.
Example
• This command assigns the string main-host as the switch’s host name.
switch(config)#hostname main-host
main-host(config)#
•
This command configures aristanetworks.com as the switch’s domain name.
switch(config)#ip domain-name aristanetworks.com
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
247
Managing the Switch Name
•
Chapter 5 Administering the Switch
This procedure configures sales1.samplecorp.org as the switch’s FQDN.
switch(config)#ip domain-name samplecorp.org
switch(config)#
•
This running-config extract contains the switch’s host name and IP-domain name.
switch#show running-config
! Command: show running-config
! device: switch (DCS-7150S-64-CL, EOS-4.13.2F)
!
<-------OUTPUT OMITTED FROM EXAMPLE-------->
vlan 3-4
!
username john secret 5 $1$a7Hjept9$TIKRX6ytkg8o.ENja.na50
!
hostname sales1
ip name-server 172.17.0.22
ip domain-name samplecorp.org
!
<-------OUTPUT OMITTED FROM EXAMPLE-------->
end
switch#
5.1.2
Specifying DNS Addresses
The Domain Name Server (DNS) maps FQDN labels to IP addresses and provides addresses for
network devices. Each network requires at least one server to resolve addresses. The configuration file
can list a maximum of three server addresses.
To add name servers to the configuration, use the ip name-server command. Each command can add
one to three servers. The switch disregards any attempt to add a fourth server to the configuration. All
server addresses must be in a single VRF. If servers have been previously configured in a different VRF
they must be removed before adding a new server to the configuration.
Example
• This code performs these actions:
— adds three names servers to the configuration in the default VRF
— attempts to add a fourth server, resulting in an error message
— displays the configuration file.
switch(config)#ip name-server 10.1.1.24 10.1.1.25 172.17.0.22
switch(config)#ip name-server 10.15.3.28
% Maximum number of nameservers reached. '10.15.3.28' not added
switch(config)#show running-config
! device: Switch (EOS-4.11.2-1056939.EOS4112)
!
username david secret 5 $1$a7Hjept9$TIKRX6ytkg8o.ENja.na50
!
hostname Switch
ip name-server 10.1.1.24
ip name-server 10.1.1.25
ip name-server 172.17.0.22
ip domain-name aristanetworks.com
<-------OUTPUT OMITTED FROM EXAMPLE-------->
The switch assigns source IP addresses to outgoing DNS requests. To force the switch to use a single,
user-defined source interface for all requests, use the ip domain lookup command.
248
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Managing the Switch Name
Example
• This command forces the switch to use VLAN 5 as the source interface for DNS requests originating
from the default VRF.
switch(config)#ip domain lookup source-interface Vlan5
switch(config)#
•
This command forces the switch to use VLAN 10 as the source interface for DNS requests
originating from VRF “purple.”
switch(config)#ip domain lookup vrf purple source-interface Vlan10
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
249
Managing the System Clock
5.2
Chapter 5 Administering the Switch
Managing the System Clock
The switch uses the system clock for displaying the time and time-stamping messages. The system clock
is set to Coordinated Universal Time (UTC). The switch calculates local time based on the time zone
setting. Time-stamps and time displays are in local time.
5.2.1
Configuring the Time Zone
The time zone setting is used by the switch to convert the system time (UTC) to local time. To specify
the time zone, use the clock timezone command.
Examples
• These commands configure the switch for the United States Central Time Zone.
switch(config)#clock timezone US/Central
switch(config)#show clock
Mon Jan 14 18:42:49 2013
timezone is US/Central
switch(config)#
•
To view the predefined time zone labels, enter clock timezone with a question mark.
switch(config)#clock timezone ?
Africa/Abidjan
Africa/Accra
<-------OUTPUT OMITTED FROM EXAMPLE-------->
WET
WET timezone
Zulu
Zulu timezone
switch(config)#clock timezone
•
This command displays all time zone labels that start with America.
switch(config)#clock timezone AMERICA?
America/Adak
America/Anchorage
<-------OUTPUT OMITTED FROM EXAMPLE-------->
America/Yellowknife
switch(config)#clock timezone AMERICA
5.2.2
Setting the System Clock Manually
The clock set command manually configures the system clock time and date, in local time. NTP servers
override time that is manually entered.
Example
• This command manually sets the switch time.
switch#clock set 08:15:24 14 Jan 2013
Mon Jan 14 08:15:25 2013
timezone is US/Central
5.2.3
Displaying the Time
To display the local time and configured time zone, enter the show clock command.
Example
• This command displays the switch time.
switch(config)>show clock
Mon Jan 14 16:32:46 2013
timezone is America/Los_Angeles
250
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
5.3
Synchronizing the Time Settings
Synchronizing the Time Settings
The switch supports time updates through an NTP and PTP server or through CLI commands, and can
be configured as an NTP server itself.
5.3.1
Network Time Protocol (NTP)
Network Time Protocol (NTP) servers synchronize time settings of systems running an NTP client. The
switch supports NTP versions 1 through 4. The default is version 4.
After configuring the switch to synchronize with an NTP server, it may take up to ten minutes for the
switch to set its clock. The running-config lists NTP servers that the switch is configured to use.
5.3.1.1
Configuring the NTP Server
The ntp server command adds a server to the list or modifies the parameters of a previously listed
address. When the system contains multiple NTP servers, the prefer keyword determines the primary
NTP server; otherwise, the switch selects servers in their order in running-config file. All NTP servers
must be in the same VRF. Servers are added in the default VRF if no VRF is specified.
Example
• These commands add three NTP servers, designating the second server as the primary.
switch(config)#ntp server local-NTP
switch(config)#ntp server 172.16.0.23 Prefer
switch(config)#ntp server 172.16.0.25
5.3.1.2
Configuring the NTP Source
The ntp source command configures an interface as the source of NTP packets. That interface’s IP
address is then used as the source address for all NTP packets unless a server-specific source is
configured using the source option of the ntp server command. For an ntp source command to take
effect, the specified interface and the NTP server must both belong to the same VRF.
Example
• This command configures VLAN interface 25 as the source of NTP update packets.
switch(config)#ntp source vlan 25
switch(config)#
5.3.1.3
Configuring the Switch as an NTP Server
To configure the switch to accept NTP requests on all interfaces, use the ntp serve all command to
enable NTP server mode globally on the switch. To configure an individual interface to accept or deny
NTP requests, use the ntp serve command. Interface level settings override the global settings, and
changing the settings at either the global or interface level also causes the switch to re-synchronize with
its upstream NTP server. NTP server mode is disabled by default.
Example
• This command configures the switch to act as an NTP server, accepting NTP requests.
switch(config)# ntp serve all
switch(config)#
•
These commands configure Ethernet interface 5 to accept NTP requests regardless of global
settings.
switch(config)#interface ethernet 5
switch(config-if-Et5)#ntp serve
switch(config-if-Et5)#
User Manual: Version 4.15.2F
29 September 2015
251
Synchronizing the Time Settings
5.3.1.4
Chapter 5 Administering the Switch
Configuring NTP Authentication
The switch can be configured to synchronize its clock using NTP packets only from an authenticated
source. NTP authentication is disabled by default.
To configure the switch to authenticate NTP packets, create one or more authentication keys using the
ntp authentication-key command, specify which keys are trusted by using the ntp trusted-key
command, and use the ntp authenticate command to enable NTP authentication. The NTP server must
be configured to use the same authentication key and key ID number.
Example
• These commands configure the switch to authenticate NTP packets using key 328 with the plaintext
password “timeSync.”
switch(config)# ntp authentication-key 328 md5 timeSync
switch(config)# ntp trusted key 328
switch(config)# ntp authenticate
switch(config)#
5.3.1.5
Viewing NTP Settings and Status
To display the status of Network Time Protocol (NTP) on the switch, use the show ntp status command.
To display the status of connections to NTP servers, use the show ntp associations command. Note that
for IPv4 addresses, the reference ID is the IPv4 address of the NTP server. For IPv6 addresses, the
reference ID is the first four octets of the MD5 hash of the NTP server’s IP address.
Example
• This command displays the status of the switch’s NTP connection.
switch#show ntp status
unsynchronised
time server re-starting
polling server every 64 s
switch #
•
This command displays data about the NTP servers in the configuration.
switch#show ntp associations
remote
refid
st t when poll reach
delay
offset jitter
==============================================================================
moose.aristanet 66.187.233.4
2 u
9
64 377
0.118 9440498
0.017
172.17.2.6
.INIT.
16 u
- 1024
0
0.000
0.000
0.000
*LOCAL(0)
.LOCL.
10 l
41
64 377
0.000
0.000
0.000
switch#
5.3.2
Precision Time Protocol (PTP)
The Precision Time Protocol (PTP) enhances the accuracy of real-time clocks in networked devices by
providing sub-microsecond clock synchronization. Inbound clock signals are organized into a
master-slave hierarchy. PTP identifies the switch port that is connected to the device with the most
precise clock. This clock is referred to as the master clock. All the other devices on the network
synchronize their clocks with the master and are referred to as slaves.
The master clock sends out a sync message every second. The slave clock sends a delay request message
to the master clock noting the time it was sent in order to measure and eliminate packet delays. The
master clock then replies with the time stamp the delay message was received. The slave clock then
computes the master clock time compensated for delays and finalizes synchronization. Constantly
exchanged timing messages ensure continued synchronization.
252
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
5.3.2.1
Synchronizing the Time Settings
Enable PTP
The following PTP commands are required to enable PTP on a device:
•
•
Set the PTP Mode
Enable PTP on An Interface
Set the PTP Mode
To specify the Precision Time Protocol (PTP), use the ptp mode command. PTP mode options include:
•
boundary The device acts as a boundary clock, and both runs and participates in the best master
clock algorithm.
•
disabled
•
end-to-end transparent The device acts as an end-to-end transparent clock, synchronizing all
ports to a connected master clock and updating the time interval field of forwarded PTP packets
using switch residence time.
•
peer-to-peer transparent The device acts as a peer-to-peer transparent clock, synchronizing all
ports to a connected master clock and updating the time interval field of forwarded PTP packets
using switch residence time and inbound path delays.
•
generalized Precision Time Protocol (gPTP) The device runs generalized Precision Time Protocol
(gPTP), participating in the best master clock algorithm but also updating the interval field of
forwarded PTP packets using switch residence time and inbound path delays.
PTP is disabled, and the device forwards all PTP packets as normal traffic.
Example
• This command configures the device as a PTP boundary clock.
switch(config)# ptp mode boundary
switch(config)#
Enable PTP on An Interface
To enable PTP on a specific interface on the device, use the ptp enable command.
Example
• This command enables PTP on Ethernet interface 5.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp enable
5.3.2.2
Configuring PTP Global Options
The following PTP global commands are optional:
•
•
•
•
•
•
Configure the PTP Domain
Configure the Offset Hold Time
Set the PTP Priority 1
Set the PTP Priority 2
Configure the Source IP
Configure the TTL for the PTP Packets
Configure the PTP Domain
To set the domain number to use for the clock, use the ptp domain command.
•
The ptp domain command configures the domain 1 to use with a clock.
switch(config)# ptp domain 1
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
253
Synchronizing the Time Settings
Chapter 5 Administering the Switch
Configure the Offset Hold Time
To set the PTP offset hold time, use the ptp hold-ptp-time command.
•
The ptp hold-ptp-time command configures the PTP offset hold time to 600 seconds.
switch(config)# ptp hold-ptp-time 600
switch(config)#
Set the PTP Priority 1
To set the priority 1 value, use the ptp priority1 command. Lower values take precedence.
•
The ptp priority1 command configures the priority 1 value of 120 to use when advertising the clock.
switch(config)# ptp priority1 120
switch(config)#
Set the PTP Priority 2
To set the priority 2 value for the clock, use the ptp priority2 command.
•
The ptp priority2 command configures the priority 2 value of 128.
switch(config)# ptp priority2 128
switch(config)#
Configure the Source IP
To set the source IP address for all PTP packets, use the ptp source ip command.
•
The ptp source ip command configures the source IP address of 10.0.2.1 for all PTP packets.
switch(config)# ptp source ip 10.0.2.1
switch(config)#
Configure the TTL for the PTP Packets
To set the time to live (ttl) of the PTP packets, use the ptp ttl command.
•
The ptp ttl command configures the time to live (ttl) of 64 for the PTP packets.
switch(config)# ptp ttl 64
switch(config)#
5.3.2.3
Configuring PTP Interface Options
The following PTP interface commands are optional:
•
•
•
•
•
•
•
•
Set the PTP Announcement Interval
Set the PTP Timeout Interval
Configure the PTP Delay Mechanism
Set the Delay Request Interval
Set the Peer Delay Request Interval
Set the Peer Link Propagation Threshold
Set the Interval for Sending Synchronization Messages
Set the PTP Transport Type
Set the PTP Announcement Interval
To set the interval between PTP announcement messages before a timeout occurs, use the ptp announce
interval command.
254
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
•
Synchronizing the Time Settings
The ptp announce interval command configures the interval between PTP announcement
messages before a timeout occurs.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp announce interval 1
switch(config-if-Et5)#
Set the PTP Timeout Interval
To set the time for sending timeout messages, use the ptp announce timeout command. The range is 2
to 10 seconds. The default is 3 (8 seconds).
•
The ptp announce timeout command specifies the time for announcing timeout messages.
switch(config-if-Et5)# ptp announce timeout 5
switch(config-if-Et5)#
Configure the PTP Delay Mechanism
To set the delay in the boundary clock, use the ptp delay-mechanism command.
•
The ptp delay-mechanism command configures the delay in boundary clock mode.
switch(config-if-Et5)# ptp delay-mechanism p2p
switch(config-if-Et5)#
Set the Delay Request Interval
To set the time for the slave devices to send delay request messages, use the ptp delay-req interval
command.
•
The ptp delay-req interval command sets the time the slave devices to send delay request messages
to the master state to 3.
switch(config-if-Et5)# ptp delay-request interval 3
switch(config-if-Et5)#
Set the Peer Delay Request Interval
To set the minimum interval between the PTP peer delay-request messages, use the ptp pdelay-req
interval command.
•
The ptp pdelay-req interval command configures the interval between Precision Time Protocol
(PTP) peer delay-request messages to 3.
switch(config-if-Et5)# ptp pdelay-request interval 3
switch(config-if-Et5)#
Set the Peer Link Propagation Threshold
To set the delay threshold for which the peer will be considered unable to run generalized Precision
Time Protocol (gPTP), use the ptp pdelay-neighbor-threshold command.
•
The ptp pdelay-neighbor-threshold command sets the link propagation delay threshold on
Ethernet interface 5 to 200000 nanoseconds..
switch(config-if-Et5)# ptp pdelay-neighbor-threshold 200000
switch(config-if-Et5)#
Set the Interval for Sending Synchronization Messages
To set the interval for sending synchronization messages, use the ptp sync interval command.
•
The ptp sync interval command configures the time for sending synchronization messages to 3.
switch(config-if-Et5)# ptp sync interval 3
switch(config-if-Et5)#
User Manual: Version 4.15.2F
29 September 2015
255
Synchronizing the Time Settings
Chapter 5 Administering the Switch
Set the PTP Transport Type
To set the PTP transport type , use the ptp transport command.
•
The ptp transport command configures the PTP transport type for a specific interface.
switch(config-if-Et5)# ptp transport ipv4
switch(config-if-Et5)#
5.3.2.4
Viewing PTP Settings and Status
The following commands display the status of the switch PTP server connections:
•
•
•
•
•
•
•
•
Show General PTP Information
Show PTP Clock and Offset
Show PTP Parent Information
Show PTP Clock Properties
Show PTP Information for all Interfaces
Show PTP Interface Counters
Show PTP Foreign Master
Show PTP Source IP
Show General PTP Information
To display general Precision Time Protocol (PTP) information, use the show ptp command.
The show ptp command displays PTP summary and port status information.
switch#show ptp
PTP Mode: gptp - Generalized PTP Clock
Clock Identity: 2001:0DB8:73:ff:ff:26:fd:90
Grandmaster Clock Identity: 2001:0DB8:96:ff:fe:6c:ed:02
Number of slave ports: 1
Number of master ports: 6
Slave port: Ethernet33
Mean Path Delay (nanoseconds): 718
Steps Removed: 1
Neighbor Rate Ratio: 1.00000007883
Rate Ratio: 1.00000007883
Interface State
AS
Time Since Last
Neighbor
Capable Changed
Rate Ratio
--------- -------- ------- ------------------ ----------Et1
Disabled No
Never
1.0
Et2
Disabled No
Never
1.0
Et3
Disabled No
Never
1.0
Et4
Disabled No
Never
1.0
Et5
Disabled No
Never
1.0
Et6
Disabled No
Never
1.0
Et7
Master
Yes
0:21:08
1.00000009
<-------OUTPUT OMITTED FROM EXAMPLE-------->
256
29 September 2015
Mean Path
Delay (ns)
----------0
0
0
0
0
0
420
Residence
Time (ms)
--------0
0
0
0
0
0
0
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Synchronizing the Time Settings
Show PTP Clock and Offset
The show ptp clock command displays the local PTP clock and offset.
switch#show ptp clock
PTP Mode: Boundary Clock
Clock Identity: 0x00:1c:73:ff:ff:1e:83:24
Clock Domain: 1
Number of PTP ports: 24
Priority1: 128
Priority2: 128
Clock Quality:
Class: 248
Accuracy: 0x30
OffsetScaledLogVariance: 0xffff
Offset From Master: 0
Mean Path Delay: 0
Steps Removed: 0
switch#
Show PTP Parent Information
The show ptp parent command displays the PTP clock’s parent and grandmaster identity and
configuration.
switch# show ptp parent
Parent Clock:
Parent Clock Identity: 0x00:1c:73:ff:ff:00:72:40
Parent Port Number: 0
Parent IP Address: N/A
Observed Parent Offset (log variance): N/A
Observed Parent Clock Phase Change Rate: N/A
Grandmaster Clock:
Grandmaster Clock Identity: 0x00:1c:73:ff:ff:00:72:40
Grandmaster Clock Quality:
Class: 248
Accuracy: 0x30
OffsetScaledLogVariance: 0xffff
Priority1: 128
Priority2: 128
switch#
Show PTP Clock Properties
The show ptp time-property command displays PTP clock properties.
switch# show ptp time-property
Current UTC offset valid: False
Current UTC offset: 0
Leap 59: False
Leap 61: False
Time Traceable: False
Frequency Traceable: False
PTP Timescale: False
Time Source: 0x0
switch#
User Manual: Version 4.15.2F
29 September 2015
257
Synchronizing the Time Settings
Chapter 5 Administering the Switch
Show PTP Information for all Interfaces
The show ptp interface command displays PTP information for specified interfaces.
switch# show ptp interface
Interface Ethernet1
PTP: Disabled
Port state: Disabled
Sync interval: 1.0 seconds
Announce interval: 2.0 seconds
Announce interval timeout multiplier: 3
Delay mechanism: end to end
Delay request message interval: 32.0 seconds
Transport mode: ipv4
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Interface Ethernet5
PTP: Disabled
Port state: Disabled
Sync interval: 8.0 seconds
Announce interval: 2.0 seconds
Announce interval timeout multiplier: 5
Delay mechanism: peer to peer
Peer delay request message interval: 8.0 seconds
Peer Mean Path Delay: 0
Transport mode: ipv4
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch#
Show PTP Interface Counters
The show ptp interface counters command displays PTP interface counters for specified interfaces.
switch# show ptp interface ethernet 5 counters
Interface Ethernet5
Announce messages sent: 0
Announce messages received: 0
Sync messages sent: 0
Sync messages received: 0
Follow up messages sent: 0
Follow up messages received: 0
Delay request messages sent: 0
Delay request messages received: 0
Delay response messages sent: 0
Delay response messages received: 0
Peer delay request messages sent: 0
Peer delay request messages received: 0
Peer delay response messages sent: 0
Peer delay response messages received: 0
Peer delay response follow up messages sent: 0
Peer delay response follow up messages received: 0
switch#
Show PTP Foreign Master
The show ptp foreign-master-record command displays information about foreign masters (PTP
sources not designated as the switch’s master from which the switch has received sync packets).
switch# show ptp clocks foreign-masters-record
No Foreign Master Records
switch#
258
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Synchronizing the Time Settings
Show PTP Source IP
The show ptp source ip command displays PTP IP source information.
switch#show ptp source ip
PTP source IP: 10.0.2.1
switch#
User Manual: Version 4.15.2F
29 September 2015
259
Managing Display Attributes
5.4
Chapter 5 Administering the Switch
Managing Display Attributes
Display commands control the content of the banner and the command line prompt.
5.4.1
Banners
The switch can display two banners:
•
Login banner: The login banner precedes the login prompt. One common use for a login banner is
to warn against unauthorized network access attempts.
•
motd banner: The message of the day (motd) banner is displayed after a user logs into the switch.
This output displays both banners in bold:
This is a login banner
switch login: john
Password:
Last login: Mon Jan 14 09:24:36 2013 from adobe-wrks.aristanetworks.com
This is an motd banner
switch>
These commands create the login and motd banner shown earlier in this section.
switch(config)#banner login
Enter TEXT message. Type 'EOF' on its own line to end.
This is a login banner
EOF
switch(config)#banner motd
Enter TEXT message. Type 'EOF' on its own line to end.
This is an motd banner
EOF
switch(config)#
To create a banner:
Step 1 Enter global configuration mode.
switch#config
switch(config)#
Step 2 Enter banner edit mode by typing the desired command:
•
•
To create a login banner, type banner login.
To create a motd banner, type banner motd.
The switch responds with instructions on entering the banner text.
switch(config)#banner login
Enter TEXT message. Type 'EOF' on its own line to end.
Step 3 Enter the banner text.
This is the first line of banner text.
This is the second line of banner text.
Step 4 Press Enter to place the cursor on a blank line after completing the banner text.
Step 5 Exit banner edit mode by typing EOF.
EOF
switch(config)#
260
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
5.4.2
Managing Display Attributes
Prompt
The prompt provides an entry point for EOS commands. The prompt command configures the contents
of the prompt. The no prompt command returns the prompt to the default of %H%P.
Characters allowed in the prompt include A-Z, a-z, 0-9, and these punctuation marks:
!@#$%ˆ&*()-=+fg[];:<>,.?/˜n
The prompt supports these control sequences:
•
•
•
•
•
•
•
•
•
•
•
%s – space character
%t – tab character
%% – percent character
%H – host name
%D – time and date
%D{f_char} – time and date, format specified by the BSD strftime (f_char) time conversion function.
%h – host name up to the first ‘.’
%P – extended command mode
%p – command mode
%r – redundancy status on modular systems (has no effect on a fixed system)
%R – extended redundancy status on modular systems – includes status and slot number (has no
effect on a fixed system)
Example
• This command creates a prompt that displays system 1 and the command mode.
host-name.dut103(config)#prompt system%s1%P
system 1(config) #
•
This command creates a prompt that displays the command mode.
host-name.dut103(config)#prompt %p
(config)#
•
These equivalent commands create the default prompt.
% prompt %H%P
host-name.dut103(config)#
% no prompt
host-name.dut103(config)#
User Manual: Version 4.15.2F
29 September 2015
261
Event Monitor
5.5
Chapter 5 Administering the Switch
Event Monitor
The event monitor writes system event records to local files for access by SQLite database commands.
5.5.1
Description
The event monitor receives notifications for changes to the mac table, route table, and arp table. These
changes are logged to a fixed-size circular buffer. The size of this buffer is configurable, but it does not
grow dynamically. Buffer contents can be stored to permanent files to increase the event monitor
effective capacity. The permanent file size and the number of permanent files is configurable. The buffer
is stored at a fixed location on the switch. The location of the permanent files is configurable and can be
in any switch file directory, including flash (/mnt/flash).
Specific event monitor queries are available through CLI commands. For queries not available through
specific commands, manual queries are supported through other CLI commands. When the user issues
a query command, the relevant events from the circular buffer and permanent files are written to and
accessed from a temporary SQLite database file. The database keeps a separate table for each logging
type (mac, arp, route). When the monitor receives notification of a new event, the database file is
deleted, then recreated.
5.5.2
Configuring the Event Monitor
Enabling the Event Monitor
The event-monitor <log enable> command enables the event monitor and specifies the types of events
that are logged. The event monitor is an event logging service that records system events to a local
database. The event monitor records these events:
•
•
•
•
•
arp changes to the ARP table (IP address to MAC address mappings).
IGMP snooping changes to the IGMP snooping table.
mac changes to the MAC address table (MAC address to port mappings).
mroute changes to the IP multicast routing table.
route changes to the IP routing table.
By default, the event monitor is enabled and records each type of event. The no event-monitor all
disables the event monitor. The no event-monitor command, followed by a log type parameter, disables
event recording for the specified type.
Example
• This command disables the event monitor for all types of events.
switch(config)#no event-monitor all
•
This command enables the event monitor for routing table changes.
switch(config)#event-monitor route
The event-monitor clear command removes the contents of the event monitor buffer. If event monitor
backup is enabled, this command removes the contents from all event monitor backup files.
Example
• This command clears the contents of the event monitor buffer.
switch#event-monitor clear
switch(config)#
262
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Event Monitor
Configuring the Buffer
The event-monitor buffer max-size command specifies the size of the event monitor buffer. The event
monitor buffer is a fixed-size circular data structure that receives event records from the event monitor.
When event monitor backup is enabled, the buffer is copied to a backup file before each rollover. Buffer
size ranges from 6 Kb to 50 Kb. The default size is 32 Kb.
Example
• This command configures a buffer size of 48 Kb.
switch(config)#event-monitor buffer max-size 48
switch(config)#
Configuring Permanent Files
The event-monitor backup path command enables storage of the event monitor buffer to permanent
switch files and specifies the path/name of these files. The command references file location either from
the flash drive root directory where the CLI operates (/mnt/flash) or from the switch root directory (/).
The event monitor buffer is circular – after the buffer is filled, new data replaces older data at the
beginning of the buffer. The buffer is copied into a new backup file after each buffer writing cycle before
the switch starts re-writing the buffer.
Example
• These commands configure the switch to store the event monitor buffer in sw-event.log, then
display the new file in the flash directory.
switch(config)#event-monitor backup path sw-event.log
switch(config)#dir
Directory of flash:/
-rwx
-rwx
-rwx
-rwx
-rwx
-rwx
-rwx
245761935
245729161
25
14
2749
418884
13
Jan 18
Jan 17
Jan 5
Jun 20
Nov 22
Jan 18
Nov 9
04:18
06:57
08:59
2011
2011
13:55
2011
EOS-4.9.0.swi
EOS-4.9.0f.swi
boot-config
boot-extensions
startup-config
sw-event.log.0
zerotouch-config
931745792 bytes total (190517248 bytes free)
switch(config)#
The event-monitor backup max-size command specifies the quantity of event monitor backup files the
switch maintains. The switch appends a extension number to the file name when it creates a new file.
After every 500 events, the switch deletes the oldest backup file if the file limit is exceeded.
Example
• These commands configure the switch to back up the event buffer to a series of files named
sw-event.log. The switch can store a maximum of four files.
switch(config)#event-monitor backup path sw-event.log
switch(config)#event-monitor backup max-size 4
switch(config)#
The first five files that the switch creates to store event monitor buffer contents are:
sw-event.log.0
sw-event.log.1
sw-event.log.2
sw-event.log.3
sw-event.log.4
User Manual: Version 4.15.2F
29 September 2015
263
Event Monitor
Chapter 5 Administering the Switch
The switch deletes sw-event.log.0 the first time it verifies the number of existing backup files after
the creation of sw-event.log.4.
5.5.3
Querying the Event Monitor
These CLI commands perform SQL-style queries on the event monitor databse:
•
•
•
The show event-monitor arp command displays ARP table events.
The show event-monitor mac command displays MAC address table events.
The show event-monitor route command displays routing table events.
Example
• This command displays all events triggered by MAC address table events.
switch#show event-monitor mac
% Writing 0 Arp, 0 Route, 1 Mac events to the database
2012-01-19 13:57:55|1|08:08:08:08:08:08|Ethernet1|configuredStaticMac|added|0
For other database queries, the show event-monitor sqlite command performs an SQL-style query on
the database, using the statement specified in the command.
Example
• This command displays all entries from the route table.
switch#show event-monitor sqlite select * from route;
2012-01-19 13:53:01|16.16.16.0/24||||removed|0
2012-01-19 13:53:01|16.16.16.17/32||||removed|1
2012-01-19 13:53:01|16.16.16.18/32||||removed|2
2012-01-19 13:53:01|16.16.16.240/32||||removed|5
2012-01-19 13:53:01|16.16.16.0/32||||removed|6
2012-01-19 13:53:01|16.16.16.255/32||||removed|7
2012-01-19 13:53:01|192.168.1.0/24||||removed|8
2012-01-19 13:53:01|192.168.1.5/32||||removed|9
2012-01-19 13:53:01|192.168.1.6/32||||removed|10
5.5.4
Accessing Event Monitor Database Records
The event-monitor interact command replaces the CLI prompt with an SQLite prompt. The event
monitor buffer and all backup logs are synchronized into a single SQLite file and loaded for access from
the prompt.
•
•
To access help from the SQLite prompt, enter .help
To exit SQLite and return to the CLI prompt, enter .quit or .exit
The event-monitor sync command combines the event monitor buffer and all backup logs and
synchronizes them into a single SQLite file. The data can be accessed through SQLite or by using the
show event-monitor commands described above.
Examples
• This command replaces the EOS CLI prompt with an SQLite prompt.
switch#event-monitor interact
sqlite>
•
This command exits SQLite and returns to the EOS CLI prompt.
sqlite> .quit
switch#
264
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
•
Event Monitor
This command synchronizes the buffer and backup logs into a single SQLite file.
switch(config)#event-monitor sync
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
265
Switch Administration Commands
5.6
Chapter 5 Administering the Switch
Switch Administration Commands
Switch Name Configuration Commands
• hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ip domain lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ipv6 host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show hostname. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ip domain-name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 282
Page 283
Page 284
Page 285
Page 286
Page 287
Page 324
Page 325
Page 326
Page 327
Banner Configuration Commands
• banner login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 268
• banner motd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 269
• show banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 316
Prompt Configuration Command
• prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 296
Event Manager Commands
• no event-monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• event-monitor <log enable> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• event-monitor backup max-size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• event-monitor backup path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• event-monitor buffer max-size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• event-monitor clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• event-monitor interact. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• event-monitor sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show event-monitor arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show event-monitor mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show event-monitor route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show event-monitor sqlite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 274
Page 275
Page 276
Page 277
Page 278
Page 279
Page 280
Page 281
Page 318
Page 320
Page 321
Page 323
Email Configuration Command
• email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 273
System Clock Commands
• clock set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 271
• clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 272
• show clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 317
NTP Configuration Commands
• ntp authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ntp authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ntp serve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ntp serve all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ntp source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ntp trusted-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ntp associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ntp status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
266
29 September 2015
Page 288
Page 289
Page 290
Page 291
Page 292
Page 294
Page 295
Page 328
Page 329
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
PTP Configuration Commands
• clear ptp interface counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp announce interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp announce timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp delay-mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp delay-req interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp forward-v1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp hold-ptp-time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp pdelay-neighbor-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp pdelay-req interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp priority1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp priority2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp source ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp sync interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp sync timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ptp ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ptp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ptp clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ptp foreign-master-record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ptp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ptp interface counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ptp parent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ptp source ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show ptp time-property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Manual: Version 4.15.2F
29 September 2015
Page 270
Page 298
Page 299
Page 300
Page 301
Page 302
Page 303
Page 304
Page 305
Page 306
Page 307
Page 308
Page 309
Page 310
Page 311
Page 312
Page 313
Page 314
Page 315
Page 330
Page 331
Page 332
Page 333
Page 334
Page 335
Page 336
Page 337
267
Switch Administration Commands
Chapter 5 Administering the Switch
banner login
The banner login command configures a message that the switch displays before login and password
prompts. The login banner is available on console, telnet, and ssh connections.
The no banner login and default banner login commands delete the login banner.
all
Command Mode
Global Configuration
Command Syntax
banner login
no banner login
default banner login
Parameters
•
banner_text To configure the banner, enter a message when prompted. The message may span
multiple lines. Banner text supports the following keywords:
— $(hostname)
•
EOF
displays the switch’s host name.
To end the banner editing session, type EOF on its own line and press enter.
Examples
•
These commands create a two-line login banner.
switch(config)#banner login
Enter TEXT message. Type 'EOF' on its own line to end.
This is a login banner for $(hostname).
Enter your login name at the prompt.
EOF
switch(config)#
This output displays the login banner.
This is a login banner for switch.
Enter your login name at the prompt.
switch login: john
Password:
Last login: Mon Jan 14 09:05:23 2013 from adobe-wrks.aristanetworks.com
switch>
268
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
banner motd
The banner motd command configures a “message of the day” (motd) that the switch displays after a
user logs in. The motd banner is available on console, telnet, and ssh connections.
The no banner motd and default banner motd commands delete the motd banner.
all
Command Mode
Global Configuration
Command Syntax
banner motd
no banner motd
default banner motd
Parameters
•
banner_text To configure the banner, enter a message when prompted. The message may span
multiple lines. Banner text supports this keyword:
— $(hostname)
•
EOF
displays the switch’s host name.
To end the banner editing session, type EOF on its own line and press enter.
Examples
•
These commands create an motd banner.
switch(config)#banner motd
Enter TEXT message. Type 'EOF' on its own line to end.
This is an motd banner for $(hostname)
EOF
switch(config)#
This output displays the motd banner.
switch login: john
Password:
Last login: Mon Jan 14 09:17:09 2013 from adobe-wrks.aristanetworks.com
This is an motd banner for Switch
switch>
User Manual: Version 4.15.2F
29 September 2015
269
Switch Administration Commands
Chapter 5 Administering the Switch
clear ptp interface counters
The clear ptp interface counters command resets the Precision Time Protocol (PTP) packet counters.
Arad, FM6000
Command Mode
Privileged EXEC
Command Syntax
clear ptp interface [INTERFACE_NAME] counters
Parameters
•
INTERFACE_NAME
—
—
—
—
—
—
—
Interface type and numbers. Options include:
<no parameter> Display information for all interfaces.
ethernet e_range Ethernet interface range specified by e_range.
loopback l_range Loopback interface specified by l_range.
management m_range Management interface range specified by m_range.
port-channel p_range Port-Channel Interface range specified by p_range.
vlan v_range VLAN interface range specified by v_range.
vxlan vx_range VXLAN interface range specified by vx_range.
Valid parameter formats include number, number range, or comma-delimited list of numbers and
ranges.
Example
•
This command clears all PTP counters.
switch# clear ptp counters
switch#
270
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
clock set
The clock set command sets the system clock time and date. If the switch is configured with an NTP
server, NTP time synchronizations override manually entered time settings.
Time entered by this command is local, as configured by the clock timezone command.
all
Command Mode
Privileged EXEC
Command Syntax
clock set hh:mm:ss date
Parameters
•
hh:mm:ss is the current time (24-hour notation).
•
date is the current date. Date formats include:
— mm/dd/yy
example: 05/15/2012
— Month day year example: May 15 2012
— day month year example: 15 May 2012
Example
•
This command manually sets the switch time.
switch#clock set 08:15:24 14 Jan 2013
Mon Jan 14 08:15:25 2013
timezone is US/Central
User Manual: Version 4.15.2F
29 September 2015
271
Switch Administration Commands
Chapter 5 Administering the Switch
clock timezone
The clock timezone command specifies the UTC offset that converts system time to local time. The
switch uses local time for time displays and to time-stamp system logs and messages.
The no clock timezone and default clock timezone commands delete the timezone statement from
running-config, setting local time to UTC.
all
Command Mode
Global Configuration
Command Syntax
clock timezone zone_name
no clock timezone
default clock timezone
Parameters
•
zone_name
the time zone. Settings include a list of predefined time zone labels.
Examples
•
This command configures the switch for the United States Central Time Zone.
switch(config)#clock timezone US/Central
switch(config)#show clock
Fri Jan 11 18:42:49 2013
timezone is US/Central
switch(config)#
•
To view the predefined time zone labels, enter clock timezone with a question mark.
switch(config)#clock timezone ?
Africa/Abidjan
Africa/Addis_Ababa
Africa/Asmara
Africa/Bamako
Africa/Accra
Africa/Algiers
Africa/Asmera
Africa/Bangui
<-------OUTPUT OMITTED FROM EXAMPLE-------->
W-SU
WET
Zulu
W-SU timezone
WET timezone
Zulu timezone
switch(config)#clock timezone
•
This command displays all time zone labels that start with America.
switch(config)#clock timezone AMERICA?
America/Adak
America/Anchorage
America/Anguilla
America/Antigua
America/Araguaina
America/Argentina/Buenos_Aires
<-------OUTPUT OMITTED FROM EXAMPLE-------->
America/Virgin
America/Winnipeg
America/Yellowknife
America/Whitehorse
America/Yakutat
switch(config)#clock timezone AMERICA
272
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
email
The email command places the switch in email client configuration mode. If you configure a from-user
and an outgoing SMTP server on the switch, you can then use an email address as an output modifier
to a show command and receive the output as email.
all
Command Mode
Global Configuration
Command Syntax
email
Example
•
This command places the switch in email client configuration mode.
switch(config)#email
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
273
Switch Administration Commands
Chapter 5 Administering the Switch
no event-monitor
The no event-monitor and default event-monitor commands remove the specified event-monitor
configuration statements from running-config, returning the switch to the specified default state.
•
no event-monitor <with no parameters> restores all default setting states:
— event monitor is enabled.
— buffer backup is disabled.
•
no event-monitor backup disables the backup.
To disable the event monitor, enter the no event-monitor all command (event-monitor <log enable>).
all
Command Mode
Global Configuration
Command Syntax
no event-monitor [PARAMETER]
default event-monitor [PARAMETER]
Parameters
•
PARAMETER
the event monitor property that is returned to the default state.
— <no parameter> all event monitor properties.
— backup event monitor buffer backup is disabled.
Example
•
This command removes all event monitor configuration statements from running-config.
switch(config)#no event-monitor
switch(config)#
274
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
event-monitor <log enable>
The event-monitor <log enable> command enables the event monitor and specifies the types of events
that are logged. The event monitor is an event logging service that records system events to a local
database. The event monitor records these events:
•
•
•
•
•
arp changes to the ARP table (IP address to MAC address mappings).
IGMP snooping changes to the IGMP snooping table.
mac changes to the MAC address table (MAC address to port mappings).
mroute changes to the IP multicast routing table.
route changes to the IP routing table.
The database maintains a separate table for each event type.
By default, the event monitor is enabled and records each type of event.
•
The no event-monitor all command disables the event monitor.
•
The no event-monitor command, followed by a log type parameter, disables event recording for the
specified type.
•
The event-monitor and default event-monitor commands enable the specified event logging type
by removing the corresponding no event-monitor command from running-config.
The no event-monitor and default event-monitor commands, without a LOG_TYPE parameter, restore
the default event monitor settings by deleting all event monitor related commands from running-config.
all
Command Mode
Global Configuration
Command Syntax
event-monitor LOG_TYPE
no event-monitor LOG_TYPE
default event-monitor LOG_TYPE
Parameters
•
LOG_TYPE
—
—
—
—
—
—
specifies the event logging type. Options include:
all all event logging types.
arp changes to ARP table.
igmpsnooping changes to IGMP snooping table.
mac changes to MAC address table.
mroute changes to multicast routing table.
route changes to IP routing table.
Related Commands
•
no event-monitor
Examples
•
This command disables the event monitor for all types of events.
switch(config)#no event-monitor all
switch(config)#
•
This command enables the event monitor for routing table changes.
switch(config)#event-monitor route
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
275
Switch Administration Commands
Chapter 5 Administering the Switch
event-monitor backup max-size
The event-monitor backup max-size command specifies the quantity of event monitor backup files the
switch maintains. Values range from 1 to 200 files with a default of ten files.
The event-monitor backup path command specifies the path/name of these files. The switch appends
an extension to the file name that tracks the creation order of backup files. When the quantity of files
exceeds the configured limit, the switch deletes the oldest file.
The no event-monitor backup max-size and default event-monitor backup max-size command restores
the default maximum number of backup files the switch can store to ten by removing the corresponding
event-monitor backup max-size command from running-config.
all
Command Mode
Global Configuration
Command Syntax
event-monitor backup max-size file_quantity
no event-monitor backup max-size
default event-monitor backup max-size
Parameters
•
file_quantity
maximum number of backup files. Value ranges from 1 to 200. Default is 10.
Examples
•
These commands configure the switch to back up the event buffer to a series of files named
sw-event.log. The switch can store a maximum of four files.
switch(config)#event-monitor backup path sw-event.log
switch(config)#event-monitor backup max-size 4
switch(config)#
The first five files that the switch creates to store event monitor buffer contents are:
sw-event.log.0
sw-event.log.1
sw-event.log.2
sw-event.log.3
sw-event.log.4
The switch deletes sw-event.log.0 the first time it verifies the number of existing backup files after
the creation of sw-event.log.4.
276
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
event-monitor backup path
The event-monitor backup path command enables the storage of the event monitor buffer to switch
files and specifies the path/name of these files. The command references the file location either from the
flash drive root directory (/mnt/flash) where the CLI operates or from the switch root directory (/).
The event monitor buffer is circular – after the buffer is filled, new data is written to the beginning of
the buffer, replacing old data. At the conclusion of each buffer writing cycle, it is copied into a new
backup file before the switch starts re-writing the buffer. The switch appends a extension number to the
file name when it creates a new file. After every 500 events, the switch deletes the oldest backup file if
the file limit specified by the event-monitor backup max-size command is exceeded.
running-config can contain a maximum of one event-monitor backup path statement. Subsequent
event-monitor backup path commands replace the existing statement in running-config, changing the
name of the file where event monitor backup files are stored.
The no event-monitor backup path and default event-monitor backup path commands disable the
storage of the event monitor buffer to switch files by deleting the event-monitor backup path command
from running-config.
all
Command Mode
Global Configuration
Command Syntax
event-monitor backup path URL_FILE
no event-monitor backup path
default event-monitor backup path
Parameters
•
URL_FILE
path and file name of the backup file
— path_string specified path is appended to /mnt/flash/
— file: path_string specified path is appended to /
— flash: path_string specified path is appended to /mnt/flash/
Examples
•
These commands configure the switch to store the event monitor buffer in sw-event.log, then
display the new file in the flash directory.
switch(config)#event-monitor backup path sw-event.log
switch(config)#dir
Directory of flash:/
-rwx
-rwx
-rwx
-rwx
-rwx
-rwx
-rwx
245761935
245729161
25
14
2749
418884
13
Jan 18
Jan 17
Jan 5
Jun 20
Nov 22
Jan 18
Nov 9
04:18
06:57
08:59
2011
2011
13:55
2011
EOS-4.9.0.swi
EOS-4.9.0f.swi
boot-config
boot-extensions
startup-config
sw-event.log.0
zerotouch-config
931745792 bytes total (190517248 bytes free)
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
277
Switch Administration Commands
Chapter 5 Administering the Switch
event-monitor buffer max-size
The event-monitor buffer max-size command specifies the size of the event monitor buffer. The event
monitor buffer is a fixed-size circular data structure that receives event records from the event monitor.
When event monitor backup is enabled (event-monitor backup path), the buffer is copied to a backup
file before each rollover.
Buffer size ranges from 6 Kb to 50 Kb. The default size is 32 Kb.
The no event-monitor buffer max-size and default event-monitor buffer max-size commands restore
the default buffer size of 32 Kb by removing the event-monitor buffer max-size command from
running-config.
all
Command Mode
Global Configuration
Command Syntax
event-monitor buffer max-size buffer_size
no event-monitor buffer max-size
default event-monitor buffer max-size
Parameters
•
buffer_size
buffer capacity (Kb). Values range from 6 to 50. Default value is 32.
Example
•
This command configures a buffer size of 48 Kb.
switch(config)#event-monitor buffer max-size 48
switch(config)#
278
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
event-monitor clear
The event-monitor clear command removes the contents of the event monitor buffer. If event monitor
backup is enabled, this command removes the contents from all event monitor backup files.
all
Command Mode
Privileged EXEC
Command Syntax
event-monitor clear
Example
•
This command clears the contents of the event monitor buffer.
switch#event-monitor clear
switch#
User Manual: Version 4.15.2F
29 September 2015
279
Switch Administration Commands
Chapter 5 Administering the Switch
event-monitor interact
The event-monitor interact command replaces the CLI prompt with an SQLite prompt. The event
monitor buffer and all backup logs are synchronized into a single SQLite file and loaded for access from
the prompt.
•
•
To access help from the SQLite prompt, enter .help
To exit SQLite and return to the CLI prompt, enter .quit or .exit
all
Command Mode
Privileged EXEC
Command Syntax
event-monitor interact
Examples
•
This command replaces the EOS CLI prompt with an SQLite prompt.
switch#event-monitor interact
sqlite>
•
This command exits SQLite and returns to the EOS CLI prompt.
sqlite> .quit
switch#
280
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
event-monitor sync
The event-monitor buffer sync command combines the event monitor buffer and all backup logs and
synchronizes them into a single SQLite file, which is stored at /tmp/eventmon.db
all
Command Mode
Privileged EXEC
Command Syntax
event-monitor sync
Example
•
This command synchronizes the buffer and backup logs into a single SQLite file.
switch(config)#event-monitor sync
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
281
Switch Administration Commands
Chapter 5 Administering the Switch
hostname
The hostname command assigns a text string as the switch’s host name. The default host name is
localhost.
The prompt displays the host name when appropriately configured through the prompt command.
The no hostname and default hostname commands return the switch’s host name to the default value
of localhost.
all
Command Mode
Global Configuration
Command Syntax
hostname string
no hostname
default hostname
Parameters
•
string
host name assigned to the switch.
Example
•
This command assigns the string main-host as the switch’s host name.
switch(config)#hostname main-host
main-host(config)#
The prompt was previously configured to display the host name.
282
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ip domain lookup
The ip domain lookup command specifies the source interface for all DNS requests sent from the
specified VRF.
The no ip domain lookup and default ip domain lookup commands return the switch to its default
state, in which the switch selects source IP addresses for each DNS request from the specified VRF.
all
Command Mode
Global Configuration
Command Syntax
ip domain lookup [VRF_INSTANCE] source-interface INTF_NAME
no ip domain lookup [VRF_INSTANCE] source-interface
default ip domain lookup [VRF_INSTANCE] source-interface
Parameters
•
VRF_INSTANCE
specifies the VRF instance being modified.
— <no parameter> changes are made to the default VRF.
— vrf vrf_name changes are made to the specified VRF.
•
INTF_NAME
—
—
—
—
—
name of source interface to be used for DNS requests. Options include:
ethernet e_num Ethernet interface specified by e_num.
loopback l_num Loopback interface specified by l_num.
management m_num Management interface specified by m_num.
port-channel p_num Port-channel interface specified by p_num.
vlan v_num VLAN interface specified by v_num.
Examples
•
This command specifies VLAN 5 as the source interface for DNS requests originating from the
default VRF.
switch(config)#ip domain lookup source-interface Vlan5
switch(config)#
•
This command specifies VLAN 10 as the source interface for DNS requests originating from VRF
“purple.”
switch(config)#ip domain lookup vrf purple source-interface Vlan10
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
283
Switch Administration Commands
Chapter 5 Administering the Switch
ip domain-name
The ip domain-name command configures the switch’s domain name. The switch uses this name to
complete unqualified host names.
The no ip domain-name and default ip domain-name commands delete the domain name by removing
the ip domain-name command from running-config.
all
Command Mode
Global Configuration
Command Syntax
ip domain-name string
no ip domain-name
default ip domain-name
Parameters
•
string
domain name (text string)
Example
•
This command configures aristanetworks.com as the switch’s domain name.
switch(config)#ip domain-name aristanetworks.com
switch(config)#
284
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ip host
The ip host command associates a hostname to an IPv4 address. This command supports local
hostname resolution based on local hostname-IP address maps. Multiple hostnames can be mapped to
an IP address. IPv4 and IPv6 addresses can be mapped to the same hostname (to map an IPv6 address
to a hostname, use the ipv6 host command). The show hosts command displays the local hostname-IP
address mappings.
The no ip host and default ip host commands removes hostname-IP address maps by deleting the
corresponding ip host command from running-config, as specified by command parameters:
•
•
•
no parameters: command removes all hostname-IP address maps.
hostname parameter: command removes all IP address maps for the specified hostname.
hostname and IP address parameters: command removes specified hostname-IP address maps.
all
Command Mode
Global Configuration
Command Syntax
ip host hostname hostadd_1 [hostadd_2] ... [hostadd_X]
no ip host [hostname] [hostadd_1] [hostadd_2] [hostadd_X]
default ip host [hostname] [hostadd_1] [hostadd_2] [hostadd_X]
Parameters
•
•
hostname hostname (text).
hostadd_N IPv4 address associated with hostname (dotted decimal notation).
Related Commands
•
•
ipv6 host
show hosts
Examples
•
This command associates the hostname test_lab with the IP addresses 10.24.18.5 and 10.24.16.3.
switch(config)#ip host test_lab 10.24.18.5 10.24.16.3
•
This command removes all IP address maps for the hostname production_lab.
switch(config)#no ip host production_lab
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
285
Switch Administration Commands
Chapter 5 Administering the Switch
ip name-server
The ip name-server command adds name server addresses to running_config. The switch uses name
servers for name and address resolution. The switch can be configured with up to three name servers.
Although a command can specify multiple name server addresses, running_config stores each address
in a separate statement. Name server addresses can be IPv4 and IPv6; each command can specify both
address types.
Attempts to add a fourth server generate an error message. All name server addresses must be
configured in the same VRF. When name servers were previously configured in a VRF, they must all be
removed before adding new name server entries.
The no ip name-server and default ip name-server commands remove specified name servers from
running_config. Commands that do not list an address remove all name servers.
all
Command Mode
Global Configuration
Command Syntax
ip name-server [VRF_INSTANCE] SERVER_1 [SERVER_2] [SERVER_3]
no ip name-server [VRF_INSTANCE] [SERVER_1] [SERVER_2] [SERVER_3]
default ip name-server [VRF_INSTANCE] [SERVER_1] [SERVER_2] [SERVER_3]
Parameters
•
VRF_INSTANCE
specifies the VRF instance containing the addresses.
— <no parameter> default VRF.
— vrf vrf_name a user-defined VRF.
•
SERVER_X
— ipv4_addr
— ipv6_addr
IP address of the name server (dotted decimal notation). Options include:
(A.B.C.D)
(A:B:C:D:E:F:G:H)
A command can contain both (IPv4 and IPv6) address types.
Guidelines
All configured name server addresses must come from the same VRF. To use a user defined VRF for
connection to a name server, first remove any name servers configured in the default VRF.
Examples
•
This command adds two name servers to the configuration.
switch(config)#ip name-server 172.0.14.21 3:4F21:1902::
switch(config)#
•
This command attempts to add a name server when the configuration already lists three servers.
switch(config)#ip name-server 172.1.10.22
% Maximum number of nameservers reached. '172.1.10.22' not added
switch(config)#
286
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ipv6 host
The ipv6 host command associates a hostname to an IPv6 address. This command supports local
hostname resolution based on local hostname-IP address maps. Multiple hostnames can be mapped to
an IPv6 address. IPv4 and IPv6 addresses can be mapped to the same hostname (to map IPv4 addresses
to a hostname, use the ip host command). The show hosts command displays the local hostname-IP
address mappings.
The no ipv6 host and default ipv6 host commands remove hostname-IP address maps by deleting the
corresponding ipv6 host command from running-config, as specified by command parameters:
•
•
•
no parameters: command removes all hostname-IPv6 address maps.
hostname parameter: command removes all IPv6 address maps for the specified hostname.
hostname and IP address parameters: command removes specified hostname-IP address maps.
all
Command Mode
Global Configuration
Command Syntax
ipv6 host hostname hostadd_1 [hostadd_2] ... [hostadd_X]
no ipv6 host [hostname] [hostadd_1] [hostadd_2] [hostadd_X]
default ipv6 host [hostname] [hostadd_1] [hostadd_2] [hostadd_X]
Parameters
•
•
hostname hostname (text).
hostadd_N IPv6 addresses associated with hostname (dotted decimal notation).
Related Commands
•
•
ip host
show hosts
Example
•
This command associates the hostname support_lab with the IPv6 address
2001:0DB8:73:ff:ff:26:fd:90.
switch(config)#ipv6 host support_lab 2001:0DB8:73:ff:ff:26:fd:90
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
287
Switch Administration Commands
Chapter 5 Administering the Switch
ntp authenticate
The ntp authenticate command enables the authentication of incoming NTP packets. When
authentication is enabled, NTP packets will be used to synchronize time on the switch only if they
include a trusted authentication key. Authentication keys are created on the switch using the ntp
authentication-key command, and the ntp trusted-key command is used to specify which keys are
trusted. NTP authentication is disabled by default.
The no ntp authenticate and default ntp authenticate commands disable NTP authentication on the
switch by removing the corresponding ntp authenticate command from running-config.
all
Command Mode
Global Configuration
Command Syntax
ntp authenticate
no ntp authenticate
default ntp authenticate
Examples
•
This command enables NTP authentication on the switch.
switch(config)#ntp authenticate
switch(config)#
•
This command disables NTP authentication on the switch.
switch(config)#no ntp authenticate
switch(config)#
288
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ntp authentication-key
The ntp authentication-key command creates an authentication key for use in authenticating incoming
NTP packets. For the key to be used in authentication:
•
It must be configured as a trusted key using the ntp trusted-key command.
•
NTP authentication must be enabled on the switch using the ntp authenticate command.
•
The same key must be configured on the NTP server.
The no ntp authentication-key and default ntp authentication-key commands remove the specified
authentication key by removing the corresponding ntp authentication-key command from
running-config.
all
Command Mode
Global Configuration
Command Syntax
ntp authentication-key key_id ENCRYPT_TYPE password_text
no ntp authentication-key key_id
default ntp authentication-key key_id
Parameters
•
key_id
key ID number. Value ranges from 1 to 65534.
•
ENCRYPT_TYPE
— md5
— sha1
•
encryption method. Values include:
key_text is MD5 encrypted.
key_text is SHA-1 encrypted.
password_text
the authentication-key password.
Example
•
This command creates an NTP authentication key with ID 234 and password “timeSync” using MD5
encryption.
switch(config)#ntp authentication-key 234 md5 timeSync
Running-config stores the password as plain text.
•
This command removes NTP authentication key 234.
switch(config)#no ntp authentication-key 234
User Manual: Version 4.15.2F
29 September 2015
289
Switch Administration Commands
Chapter 5 Administering the Switch
ntp serve
The ntp serve command configures the command mode interface to accept incoming NTP requests
regardless of the global setting.
The no ntp serve command configures the command mode interface to refuse incoming NTP requests
regardless of the global setting. The default ntp serve command configures the command mode
interface to follow the global setting.
Using this command also causes the switch to re-synchronize with its upstream NTP server.
all
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Interface-VXLAN Configuration
Command Syntax
ntp serve
no ntp serve
default ntp serve
Example
•
These commands configure Ethernet interface 5 to accept incoming NTP requests regardless of
global settings.
switch(config)#interface ethernet 5
switch(config-if-Et5)#ntp serve
switch(config-if-Et5)#
•
These commands configure Ethernet interface 5 to deny incoming NTP requests regardless of
global settings.
switch(config)#interface ethernet 5
switch(config-if-Et5)#no ntp serve
switch(config-if-Et5)#
•
These commands configure Ethernet interface 5 to use global settings in responding to incoming
NTP requests.
switch(config)#interface ethernet 5
switch(config-if-Et5)#default ntp serve
switch(config-if-Et5)#
290
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ntp serve all
The ntp serve all command configures the switch to act as an NTP server by accepting incoming NTP
requests.
Using this command also causes the switch to re-synchronize with its upstream NTP server.
Individual interfaces can be configured separately to accept or deny NTP requests by using the ntp
serve command, and these settings override the global setting.
all
Command Mode
Global Configuration
Command Syntax
ntp serve all
no ntp serve all
default ntp serve all
Example
•
This command configures the switch to accept incoming NTP requests.
switch(config)#ntp serve all
switch(config)#
•
This command configures the switch to deny incoming NTP requests.
switch(config)#no ntp serve all
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
291
Switch Administration Commands
Chapter 5 Administering the Switch
ntp server
The ntp server command adds a Network Time Protocol (NTP) server to running-config. If the
command specifies a server that already exists in running-config, it will modify the server settings. The
switch synchronizes the system clock with an NTP server when running-config contains at least one
valid NTP server.
The switch supports NTP versions 1 through 4. The default is version 4.
The prefer option specifies the primary server, giving it higher priority for synchronizing time. If
running-config contains multiple servers with identical priority, the switch uses the first listed server.
The no ntp server and default ntp server commands remove the specified NTP server from
running-config. To remove an NTP server configured in a user-defined VRF, include the VRF name in
the no ntp server command.
all
Command Mode
Global Configuration
Command Syntax
ntp server [VRF_INSTANCE] SERVER_NAME [PREFERENCE][NTP_VERSION][IP_SOURCE][burst]
[iburst][AUTH_KEY][MAX_POLL_INT] [MIN_POLL_INT]
no ntp [server [VRF_INSTANCE] SERVER_NAME]
default ntp [server [VRF_INSTANCE] SERVER_NAME]
All parameters except VRF_INSTANCE and SERVER_NAME can be placed in any order.
Parameters
•
VRF_INSTANCE
the VRF instance to be used for connection to the specified server.
— <no parameter> connects using the default VRF.
— vrf vrf_name connects using the specified user-defined VRF.
•
SERVER_NAME
NTP server location. Options include:
— IP address in dotted decimal notation
— an FQDN host name
•
PREFERENCE
indicates priority of this server when the switch selects a synchronizing server.
— <no parameter> server has no special priority.
— prefer server has priority when the switch selects a synchronizing server.
•
NTP_VERSION specifies the NTP version. Settings include:
— <no parameter> sets NTP version to 4 (default).
— version number, where number ranges from 1 to 4.
•
IP_SOURCE specifies the source interface for NTP updates for the specified NTP server. This option
overrides global settings created by the ntp source command. Options include:
—
—
—
—
—
—
•
292
<no parameter> sets the source interface to the global default.
source ethernet e_num Ethernet interface specified by e_num.
source loopback l_num loopback interface specified by l_num.
source management m_num management interface specified by m_num.
source port-channel p_num port-channel interface specified by p_num.
source vlan v_num VLAN interface specified by v_num.
burst indicates that when the NTP server is reached, the switch sends packets to the server in bursts
of eight instead of the usual one. Recommended only for local servers. Off by default.
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
•
iburst indicates that the switch sends packets to the server in bursts of eight instead of the usual one
until the server is reached. Recommended for general use to speed synchronization. Off by default.
•
AUTH_KEY
the authentication key to use in authenticating NTP packets from the server.
— <no parameter> no authentication key is specified.
— key <1 to 65534> switch will use the specified key to authenticate NTP packets from the
server.
•
MAX_POLL_INT specifies the maximum polling interval for the server (as the base-2 logarithm of
the interval in seconds). Settings include:
— <no parameter> sets the maximum polling interval to 10 (1,024 seconds, the default).
— maxpoll number, where number is the base-2 logarithm of the interval in seconds. Values range
from 3 (8 seconds) to 17 (131,072 seconds, approximately 36 hours).
•
MIN_POLL_INT specifies the minimum polling interval for the server (as the base-2 logarithm of
the interval in seconds). Settings include:
— <no parameter> sets the minimum polling interval to 6 (64 seconds, the default).
— minpoll number where number is the base-2 logarithm of the interval in seconds. Values
range from 3 (8 seconds) to 17 (131,072 seconds, approximately 36 hours).
Guidelines
To configure multiple parameters for a single server, include them all in a single ntp server command.
Using the command again for the same server overwrites parameters previously configured in
running-config.
All NTP servers must use the same VRF. If no VRF is specified, the server is configured in the default
VRF. To use a user defined VRF for connection to an NTP server, first use the no ntp server command to
remove any NTP servers configured in the default VRF.
When specifying a source interface, choose an interface in the same VRF as the server. If the source
interface is not in the same VRF, the source data will be included in running-config but will not be added
to NTP packets.
An NTP server may be configured using an invalid or inactive VRF, but the status of the NTP server will
remain inactive until the VRF is active.
Examples
•
This command configures the switch to update its time with the NTP server at address 172.16.0.23
and designates it as a preferred NTP server.
switch(config)#ntp server 172.16.0.23 prefer
•
This command configures the switch to update its time through an NTP server named local-nettime.
switch(config)#ntp server local-nettime
•
This command configures the switch to update its time through a version 3 NTP server.
switch(config)#ntp server 171.18.1.22 version 3
•
These commands reconfigure the switch to access the above NTP servers through VRF “magenta”.
switch(config)#no ntp server 172.16.0.23
switch(config)#no ntp server local-nettime
switch(config)#no ntp server 171.18.1.22
switch(config)#ntp server vrf magenta 172.16.0.23 prefer
switch(config)#ntp server vrf magenta local-nettime
switch(config)#ntp server vrf magenta 171.18.1.22 version 3
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
293
Switch Administration Commands
Chapter 5 Administering the Switch
ntp source
The ntp source command configures an interface as the source of NTP updates. That interface’s IP
address is then used as the source address for all NTP packets sent to all destinations unless a
server-specific source interface has been specified using the source option of the ntp server command.
The no ntp source and default ntp source commands remove the ntp source command from
running-config.
all
Command Mode
Global Configuration
Command Syntax
ntp source [VRF_INSTANCE] INT_PORT
no ntp source
default ntp source
Parameters
•
VRF_INSTANCE
the VRF instance to be used for connection to the specified server.
— <no parameter> connects using the default VRF.
— vrf vrf_name connects using the specified user-defined VRF.
•
INT_PORT
—
—
—
—
—
the interface port that specifies the NTP source. Settings include:
ethernet e_range Ethernet interface list.
loopback l_range loopback interface list.
management m_range management interface list.
port-channel c_range port channel interface list.
vlan v_range VLAN interface list.
Examples
•
This command configures VLAN interface 25 as the source of NTP update packets.
switch(config)#ntp source vlan 25
switch(config)#
•
This command removes the NTP source command from the configuration.
switch(config)#no ntp source
switch(config)#
294
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ntp trusted-key
The ntp trusted-key command specifies which authentication keys will be trusted for authentication of
NTP packets. A packet with a trusted key will be used to update the local time if authenticated.
The no ntp trusted-key and default ntp trusted-key commands remove the specified authentication
keys from the trusted key list by removing the corresponding ntp trusted-key command from
running-config.
all
Command Mode
Global Configuration
Command Syntax
ntp trusted-key key_list
no ntp trusted-key
default ntp trusted-key
Parameters
•
key_list specified one or more keys. Formats include a number (1 to 65534), number range, or
comma-delimited list of numbers and ranges.
Examples
•
This command configures the switch to trust authentication keys 234 and 237 for authentication of
NTP packets.
switch(config)#ntp trusted-key 234,237
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
295
Switch Administration Commands
Chapter 5 Administering the Switch
prompt
The prompt command specifies the contents of the CLI prompt. Characters allowed in the prompt
include A-Z, a-z, 0-9, and these punctuation marks:
!@#$%ˆ&*()-=+fg[];:<>,.?/˜n
The prompt supports these control sequences:
•
•
•
•
•
•
•
•
•
•
•
%s – space character
%t – tab character
%% – percent character
%D – time and date
%D{f_char} – time and date, format specified by the BSD strftime (f_char) time conversion function.
%H – host name
%h – host name up to the first ‘.’
%P – extended command mode
%p – command mode
%r1 – redundancy status on modular systems
%R2 – extended redundancy status on modular systems – includes status and slot number
Table 5-1 displays Command Mode and Extended Command Mode prompts for various modes.
Table 5-1
Command Mode Prompt Examples
Command Mode
Command Mode Prompt
Extended Command Mode Prompt
Exec
>
>
Privileged Exec
#
#
Global Configuration
(config)#
(config)#
Ethernet Interface Configuration
(config-if)#
(config-if-ET15)#
VLAN Interface Configuration
(config-if)#
(config-if-Vl24)#
Port Channel Interface Configuration
(config-if)#
(config-if-Po4)#
Management Interface Configuration
(config-if)#
(config-if-Ma1)
Access List Configuration
(config-acl)#
(config-acl-listname)#
OSPF Configuration
(config-router)#
(config-router-ospf)#
BGP Configuration
(config-router)#
(config-router-bgp)#
The no prompt and default prompt commands return the prompt to the default of %H%R%P.
all
Command Mode
Global Configuration
Command Syntax
prompt p_string
no prompt
default prompt
Parameters
•
1.
2.
296
p_string
prompt text (character string). Elements include letters, numbers, and control sequences.
When logged into a fixed system or a supervisor on a modular system, this option has no effect.
When logged into a fixed system, this option has no effect.
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
Examples
•
This command creates a prompt that displays system 1 and the command mode.
host-name.dut103(config)#prompt system%s1%P
system 1(config) #
•
This command creates a prompt that displays the command mode.
host-name.dut103(config)#prompt %p
(config)#
•
These equivalent commands create the default prompt.
% prompt %H%P
host-name.dut103(config)#
% no prompt
host-name.dut103(config)#
User Manual: Version 4.15.2F
29 September 2015
297
Switch Administration Commands
Chapter 5 Administering the Switch
ptp announce interval
The ptp announce interval command configures the interval between PTP announcement messages
before a timeout occurs on the configuration mode interface. The no ptp announce interval command
resets the timeout interval to its default of 1.
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port Channel Configuration
Command Syntax
ptp announce interval log_interval
no ptp announce interval
default ptp announce interval
Parameters
•
log_interval The number of log seconds between PTP announcement message (base 2 log
(seconds)). Value ranges from 0 to 4; default value is 1.
Examples
•
These commands set the interval between PTP announcements on interface Ethernet 5 to 2.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp announce interval 1
switch(config-if-Et5)#
•
These commands reset the PTP announcement interval on interface Ethernet 5 to the default value
of 1.
switch(config)# interface ethernet 5
switch(config-if-Et5)# no ptp announce interval
switch(config-if-Et5)#
298
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ptp announce timeout
The ptp announce timeout command specifies the time for announcing timeout messages. The range is
2 to 10 log seconds. The default is 3 (8 seconds). The no ptp announce timeout command disables the
feature.
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port Channel Configuration
Command Syntax
ptp announce timeout log_interval
no ptp announce timeout
default ptp announce timeout
Parameters
•
log_interval
The range is 2 to 10 log seconds (base 2 log (seconds)). The default is 3 (8 seconds).
Examples
•
These commands set the timeout interval for PTP announcements on interface Ethernet 5 to 5 log
seconds.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp announce timeout 5
switch(config-if-Et5)#
•
These commands reset the PTP timeout interval on interface Ethernet 5 to the default value of 3 (8
seconds).
switch(config)# interface ethernet 5
switch(config-if-Et5)# no ptp announce timeout
switch(config-if-Et5)#
User Manual: Version 4.15.2F
29 September 2015
299
Switch Administration Commands
Chapter 5 Administering the Switch
ptp delay-mechanism
The ptp delay-mechanism command configures the delay mechanism in boundary clock mode. The no
ptp delay-mechanism command disables the feature.
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port Channel Configuration
Command Syntax
ptp delay-mechanism MECH_TYPE
no ptp delay-mechanism
default ptp delay-mechanism
Parameters
•
MECH_TYPE
— e2e
— p2p
The delay mechanism. Options include:
The delay request or response mechanism used in the boundary clock mode.
The peer-to-peer mechanism used in the boundary clock mode.
Examples
•
This command sets the delay mechanism to p2p in the boundary clock mode.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp delay-mechanism p2p
switch(config-if-Et5)#
•
This command sets the delay mechanism to e2e in the boundary clock mode.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp delay-mechanism e2e
switch(config-if-Et5)#
•
This command removes the delay mechanism configuration from Ethernet 5.
switch(config)# interface ethernet 5
switch(config-if-Et5)# no ptp delay-mechanism e2e
switch(config-if-Et5)#
300
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ptp delay-req interval
The ptp delay-req interval command specifies the time in log seconds recommended to the slave
devices to send delay request messages. You must enable PTP on the switch first and configure the
source IP address for PTP communication. The no ptp delay-req interval command resets the interval
to its default of 5 (32 seconds).
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port Channel Configuration
Command Syntax
ptp delay-req interval log_interval
no ptp delay-req interval
default ptp delay-req interval
Parameters
•
log_interval
The range is -1 to 8 log seconds (base 2 log (seconds)). The default is 5 (32 seconds).
Examples
•
These commands set the minimum interval allowed between PTP delay request messages on
Ethernet interface 5 to 3 (8 seconds).
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp delay-request interval 3
switch(config-if-Et5)#
•
These commands reset the minimum interval allowed between PTP delay-request messages to the
default of 5 (32 seconds).
switch(config)# interface ethernet 5
switch(config-if-Et5)# no ptp delay-request interval
switch(config-if-Et5)#
User Manual: Version 4.15.2F
29 September 2015
301
Switch Administration Commands
Chapter 5 Administering the Switch
ptp domain
The ptp domain command sets the domain number to use for the clock. The no ptp domain command
disables the feature.
Arad, FM6000
Command Mode
Global Configuration
Command Syntax
ptp domain domain_number
no ptp domain
default ptp domain
Parameters
•
domain_number
Value ranges from 0 to 255.
Examples
•
This command shows how to configure domain 1 for use with a clock.
switch(config)# ptp domain 1
switch(config)#
•
This command removes the configured domain 1 for use with a clock.
switch(config)# no ptp domain 1
switch(config)#
302
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ptp enable
The ptp enable command enables PTP on the interface. The no ptp enable command disables PTP on
the interface.
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port Channel Configuration
Command Syntax
ptp enable
no ptp enable
default ptp enable
Examples
•
This command enables PTP on Ethernet interface 5.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp enable
•
This command disables PTP on Ethernet interface 5.
switch(config)# interface ethernet 5
switch(config-if-Et5)# no ptp enable
User Manual: Version 4.15.2F
29 September 2015
303
Switch Administration Commands
Chapter 5 Administering the Switch
ptp forward-v1
The ptp forward-v1 command configures the switch to forward Precision Time Protocol version packets
as regular multicast traffic. By default, PTP v1 packets are trapped by the CPU, logged and discarded.
The no ptp forward-v1 and default ptp forward-v1 commands restore the default forwarding behavior
by removing the corresponding ptp forward-v1 command from running-config.
Arad, FM6000
Command Mode
Global Configuration
Command Syntax
ptp forward-v1
no ptp forward-v1
default ptp forward-v1
Examples
•
This command configures the switch to forward PTP v1 packets as regular multicast traffic.
switch(config)#ptp forward-v1
switch(config)#
•
This command configures the switch to log and discard PTP v1 packets.
switch(config)#no ptp forward-v1
switch(config)#
304
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ptp hold-ptp-time
The ptp hold-ptp-time command configures the PTP offset hold time in seconds. The no ptp
hold-ptp-time command disables the feature.
Arad, FM6000
Command Mode
Global Configuration
Command Syntax
ptp hold-ptp-time offset
no ptp hold-ptp-time
default ptp hold-ptp-time
Parameters
•
offset
Value ranges from 0 to 86400.
Examples
•
This command shows how to configure the PTP offset hold time.
switch(config)# ptp hold-ptp-time 600
switch(config)#
•
This command removes the configured PTP offset hold time.
switch(config)# no ptp hold-ptp-time
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
305
Switch Administration Commands
Chapter 5 Administering the Switch
ptp mode
The ptp mode command configures the Precision Time Protocol (PTP) packet forwarding mode for the
switch. The default ptp mode is disabled.
The no ptp mode and default ptp mode commands return the forwarding mode to disabled by
removing the ptp mode command from running-config.
Arad, FM6000
Command Mode
Global Configuration
Command Syntax
ptp mode MODE_NAME
no ptp mode
default ptp mode
Parameters
•
MODE_NAME
Options include:
— boundary
— disabled
— e2etransparent
— p2ptransparent
— gptp
Examples
•
This command configures the boundary mode for PTP.
switch(config)# ptp mode boundary
switch(config)#
•
This command restores PTP to disabled mode.
switch(config)# no ptp mode
switch(config)#
306
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ptp pdelay-neighbor-threshold
The ptp pdelay-neighbor-threshold command configures the propagation delay threshold above
which the switch will consider the neighbor connected to this port to be incapable of participating in
generalized Precision Time Protocol (gPTP).
The no ptp pdelay-neighbor-threshold and default ptp pdelay-neighbor-threshold commands restore
the threshold to 100000 nanoseconds by removing the corresponding ptp pdelay-neighbor-threshold
command from running-config.
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port Channel Configuration
Command Syntax
ptp pdelay-neighbor-threshold link_prop
no ptp pdelay-neighbor-threshold
default ptp pdelay-neighbor-threshold
Parameters
•
link_prop
100000.
Threshold in nanoseconds. Value ranges from 0 to 10000000000 (ten billion). Default is
Examples
•
These commands set the link propagation delay threshold on Ethernet interface 5 to 200000
nanoseconds.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp pdelay-neighbor-threshold 200000
switch(config-if-Et5)#
•
These commands restore the link propagation delay threshold on Ethernet interface 5 to its default
value of 100000 nanoseconds.
switch(config)# interface ethernet 5
switch(config-if-Et5)# no ptp pdelay-neighbor-threshold
switch(config-if-Et5)#
User Manual: Version 4.15.2F
29 September 2015
307
Switch Administration Commands
Chapter 5 Administering the Switch
ptp pdelay-req interval
The ptp pdelay-req interval command configures the interval between Precision Time Protocol peer
delay-request messages. The no ptp pdelay-req interval command removes the configuration.
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port Channel Configuration
Command Syntax
ptp pdelay-req interval log_interval
no ptp pdelay-req interval
default ptp pdelay-req interval
Parameters
•
log_interval
The log interval in seconds (base 2 log (seconds)). Value ranges from 0 to 5.
Examples
•
This command shows how to configure the interval allowed between PTP peer delay request
messages on interface Ethernet 5.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp pdelay-request interval 3
switch(config-if-Et5)#
•
This command removes the configure the interval allowed between PTP peer delay request
messages on interface Ethernet 5.
switch(config)# interface ethernet 5
switch(config-if-Et5)# no ptp pdelay-request interval
switch(config-if-Et5)#
308
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ptp priority1
The ptp priority1 command configures the priority 1 value for advertising the switch’s PTP clock.
Priority 1 is the most significant of the six factors used by devices in the selection of a master clock. Lower
values indicate higher priority.
The no ptp priority1 and default ptp priority1 commands restore the priority 1 default setting of 128.
Arad, FM6000
Command Mode
Global Configuration
Command Syntax
ptp priority1 priority_rate
no ptp priority1
default ptp priority1
Parameters
•
priority_rate
Value ranges from 0 to 255. Default is 128.
Examples
•
This command sets the priority 1 level for the switch’s PTP clock to 120.
switch(config)# ptp priority1 120
switch(config)#
•
This command restores the default priority 1 level of 128.
switch(config)# no ptp priority1
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
309
Switch Administration Commands
Chapter 5 Administering the Switch
ptp priority2
The ptp priority2 command sets the priority 2 value for the clock. The range is from 0 to 255. Priority 2
is the fifth most significant of the six factors used by devices in the selection of a master clock. Lower
values indicate higher priority.
The no ptp priority2 and default ptp priority2 commands restore the priority 2 default setting of 128.
Arad, FM6000
Command Mode
Global Configuration
Command Syntax
ptp priority2 priority_rate
no ptp priority2
default ptp priority2
Parameters
•
priority_rate
value is 128.
Specifies the priority 2 level for the PTP clock. Value ranges from 0 to 255; default
Examples
•
This command sets the priority 2 level for the switch’s PTP clock to 120.
switch(config)# ptp priority2 120
switch(config)#
•
This command restores the default priority 2 level of 128.
switch(config)# no ptp priority2
switch(config)#
310
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ptp source ip
The ptp source ip command configures the source IP address for all PTP packets. The IP address can be
in IPv4 format. The no ptp source ip command removes this configuration.
Arad, FM6000
Command Mode
Global Configuration
Command Syntax
ptp source ip ipv4_addr
no ptp source ip
default ptp source ip
Parameters
•
ipv4_addr
IPv4 address
Examples
•
This command configures the source IP address 10.0.2.1 for all PTP packets.
switch(config)# ptp source ip 10.0.2.1
switch(config)#
•
This command removes the source IP address 10.0.2.1 for all PTP packets.
switch(config)# no ptp source ip
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
311
Switch Administration Commands
Chapter 5 Administering the Switch
ptp sync interval
The ptp sync interval command configures the time for sending synchronization messages. The
commmand configures the interval by specifying its log2 value. Parameter value ranges from -1 (1/2
second) to 3 (eight seconds). The default value is 0 (one second).
The no ptp sync interval and default ptp sync interval commands restore the default sync interval
setting of 0 by removing the corresponding ptp ptp sync interval command from running-config.
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port Channel Configuration
Command Syntax
ptp sync interval log_interval
no ptp sync interval
default ptp sync interval
Parameters
•
log_interval The interval between PTP synchronization messages sent from the master to the slave
(base 2 log(seconds)). Values range from -1 to 3; default value is 0 (1 second).
Examples
•
These commands set the interval for PTP synchronization messages on Ethernet interface 5 to 3 (8
seconds).
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp sync interval 3
switch(config-if-Et5)#
•
These commands restore the interval for PTP synchronization messages on Ethernet interface 5 to
its default of 0 (1 second).
switch(config)# interface ethernet 5
switch(config-if-Et5)# no ptp sync interval
switch(config-if-Et5)#
312
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ptp sync timeout
A PTP synchronization timeout occurs if a sync message is not received for a specified period of time,
calculated as a multiple of the PTP sync interval. The ptp sync timeout command configures the sync
timeout multiplier. The range is 2 to 255, with a default of 20 (20 times the sync interval). To configure
the sync interval, use the ptp sync interval command.
The no ptp sync timeout and defaul ptp sync timeout commands restore the PTP sync timeout
multiplier to its default value of 20.
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Command Syntax
ptp sync timeout interval_multiplier
no ptp sync timeout
default ptp sync timeout
Parameters
•
interval_multiplier The number of sync intervals that must pass without the configuration mode
interface receiving a PTP sync message before a timeout occurs. Value ranges from 2 to 255. Default
value is 20.
Examples
•
These commands configure the sync timeout on Ethernet interface 5 to ten times the configured
sync interval.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp sync timeout 10
switch(config-if-Et5)#
User Manual: Version 4.15.2F
29 September 2015
313
Switch Administration Commands
Chapter 5 Administering the Switch
ptp transport
The ptp transport command configures the PTP transport type for a specific interface. Any values set in
interface PTP configuration mode override the settings in the PTP configuration profile associated with
the interface. The no ptp transport command removes the settting from the running configuration.
Arad, FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port Channel Configuration
Command Syntax
ptp transport TRANSPORT_TYPE
no ptp transport
default ptp transport
Parameters
•
TRANSPORT_TYPE
The transport mode in boundary clock mode. Options include:
— ipv4 The IPv4 address used as the transport type on the interface.
— layer2 The Layer 2 protocol used as the transport type on the interface.
Examples
•
This command overrides the transport type in the profile and sets it to be IPv4 for the interface.
switch(config)# interface ethernet 5
switch(config-if-Et5)# ptp transport ipv4
switch(config-if-Et5)#
•
This command removes the interval for PTP synchronization messages on interface Ethernet 5.
switch(config)# interface ethernet 5
switch(config-if-Et5)# no ptp transport
switch(config-if-Et5)#
314
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
ptp ttl
The ptp ttl command configures the time to live of the PTP packets. The no ptp ttl resets the time to live
to the default value of 64 seconds by removing the ptp ttl command from the running configuration.
Arad, FM6000
Command Mode
Global Configuration
Command Syntax
ptp ttl number_seconds
no ptp ttl
default ptp ttl
Parameters
•
number_seconds
The time to live measured in seconds. Value ranges from 1 to 255, default is 64.
Example
•
This command sets the time to live of the PTP packets to 60 seconds.
switch(config)# ptp ttl 60
switch(config)#
•
This command resets the time to live of the PTP packets to the default value of 64 seconds.
switch(config)# no ptp ttl
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
315
Switch Administration Commands
Chapter 5 Administering the Switch
show banner
The show banner command displays the specified banner.
all
Command Mode
Privileged EXEC
Command Syntax
show banner BANNER_TYPE
Parameters
•
BANNER_TYPE
— login
— motd
banner that the command displays. Options include
command displays login banner.
command displays message of the day banner.
Example
•
These commands configure and display the message of the day banner.
switch(config)#banner motd
Enter TEXT message. Type 'EOF' on its own line to end.
This is an motd banner for $(hostname)
EOF
switch(config)#show banner motd
This is an motd banner for $(hostname)
switch(config)#
316
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show clock
The show clock command displays the current system clock time and configured time zone. The switch
uses the system clock for system log messages and debugging traces.
all
Command Mode
EXEC
Command Syntax
show clock
Example
•
This command displays the current system clock time and configured time zone.
switch>show clock
Wed Nov 2 10:29:32 2011
timezone is America/Los_Angeles
switch>
User Manual: Version 4.15.2F
29 September 2015
317
Switch Administration Commands
Chapter 5 Administering the Switch
show event-monitor arp
The show event-monitor arp command performs an SQL-style query on the event monitor database
and displays ARP table events as specified by command parameters. The event monitor buffer and all
backup logs are synchronized into a single SQLite file.
all
Command Mode
Privileged EXEC
Command Syntax
show event-monitor arp [GROUP] [MESSAGES] [INTERFACE] [IP] [MAC] [TIME]
Optional parameters can be placed in any order.
Parameters
•
GROUP
used with aggregate functions to group results. Analogous to SQL group by command.
— <no parameter> results are not grouped.
— group-by ip results are grouped by IP address.
— group-by mac results are grouped by MAC address.
•
MESSAGES
number of message returned from query. Analogous to SQL limit command.
— <no parameter> result-set size is not limited.
— limit msg_quantity number of results that are displayed. Values range from 1 to 15,000.
•
INTERFACE
—
—
—
—
—
—
•
IP
resticts result-set to events that include specified interface (SQL Like command).
<no parameter> result-set not restricted by interface.
match-interface ethernet e_range Ethernet interface list.
match-interface loopback l_range loopback interface list.
match-interface management m_range management interface list.
match-interface port-channel c_range port channel interface list.
match-interface vlan v_range VLAN interface list.
resticts result-set to events that include specified IP address (SQL Like command).
— <no parameter> result-set not restricted to specific IP addresses.
— match-ip ip_address_rex IP address, as represented by regular expression.
•
MAC
resticts result-set to events that include specified MAC address (SQL Like command).
— <no parameter> result-set not restricted to specific MAC addresses.
— match-mac mac_address_rex MAC address, as represented by regular expression.
•
TIME
—
—
—
—
—
318
restricts result-set to events generated during specified period.
<no parameter> result-set not restricted by time of event.
match-time last-minute includes events generated during last minute.
match-time last-day includes events generated during last day.
match-time last-hour includes events generated during last hour.
match-time last-week includes events generated during last week.
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
Example
•
This command displays ARP table events listed in the event monitor database.
switch#show event-monitor arp
% Writing 220017 Arp, 234204 Route, 1732559 Mac events to the database
2012-11-06 12:36:10|10.33.6.159|Vlan1417|00:00:00:dc:cc:0d|0|added|2186271
2012-11-06 12:38:20|10.33.7.150|Vlan1417|00:00:00:f7:e2:5f|0|added|2186292
2012-11-06 12:38:34|10.33.6.62|Vlan1417|00:00:00:01:c2:ac|0|added|2186295
2012-11-06 12:39:13|10.33.7.162|Vlan1417|00:00:00:45:c2:79|0|added|2186299
2012-11-06 12:39:50|10.33.12.54|Vlan1417|||removed|2186303
2012-11-06 12:39:51|10.33.6.218|Vlan1417|00:00:00:e9:36:46|0|added|2186305
2012-11-06 12:40:00|10.33.6.140|Vlan1417|00:00:00:4a:36:c3|0|added|2186308
2012-11-06 12:40:02|10.33.6.239|Vlan1417|00:00:00:5b:a7:21|0|added|2186312
2012-11-06 12:41:16|10.33.7.11|Vlan1417|00:00:00:3f:94:59|0|added|2186320
2012-11-06 12:41:50|10.33.7.60|Vlan1417|00:00:00:1f:3c:8e|0|added|2186346
2012-11-06 12:43:34|10.33.7.81|Vlan1417|00:00:00:e3:0d:9c|0|added|2186762
2012-11-06 12:43:42|10.33.6.214|Vlan1417|00:00:00:7b:09:7d|0|added|2186765
2012-11-06 12:43:59|10.33.7.149|Vlan1417|00:00:00:8d:a6:d8|0|added|2186768
switch#
User Manual: Version 4.15.2F
29 September 2015
319
Switch Administration Commands
Chapter 5 Administering the Switch
show event-monitor mac
The show event-monitor mac command performs an SQL-style query on the event monitor database
and displays MAC address table events as specified by command parameters. The event monitor buffer
and all backup logs are synchronized into a single SQLite file.
all
Command Mode
Privileged EXEC
Command Syntax
show event-monitor mac [GROUP] [MESSAGES] [INTERFACE] [MAC] [TIME]
Optional parameters can be placed in any order.
Parameters
•
GROUP
used with aggregate functions to group results. Analogous to SQL group by command.
— <no parameter> results are not grouped.
— group-by interface results are grouped by interface.
— group-by mac results are grouped by MAC address.
•
MESSAGES
number of message returned from query. Analogous to SQL limit command.
— <no parameter> result-set size is not limited.
— limit msg_quantity number of results that are displayed. Values range from 1 to 15,000.
•
INTERFACE
—
—
—
—
—
—
•
resticts result-set to events that include specified interface (SQL Like command).
<no parameter> result-set not restricted by interface.
match-interface ethernet e_range Ethernet interface list.
match-interface loopback l_range loopback interface list.
match-interface management m_range management interface list.
match-interface port-channel c_range port channel interface list.
match-interface vlan v_range VLAN interface list.
MAC
resticts result-set to events that include specified MAC address (SQL Like command).
— <no parameter> result-set not restricted to specific MAC addresses.
— match-mac mac_address_rex MAC address, as represented by regular expression.
•
TIME
—
—
—
—
—
restricts result-set to events with specified period.
<no parameter> result-set not restricted by time of event.
match-time last-minute includes events generated during last minute.
match-time last-day includes events generated during last day.
match-time last-hour includes events generated during last hour.
match-time last-week includes events generated during last week.
Examples
•
This command displays all events triggered by MAC address table events.
switch#show event-monitor mac
% Writing 0 Arp, 0 Route, 1 Mac events to the database
2012-01-19 13:57:55|1|08:08:08:08:08:08|Ethernet1|configuredStaticMac|added|0
•
This command displays events triggered by MAC address table changes.
switch#show event-monitor mac match-mac 08:08:08:%
2012-01-19 13:57:55|1|08:08:08:08:08:08|Ethernet1|configuredStaticMac|added|0
320
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show event-monitor route
The show event-monitor route command performs an SQL-style query on the event monitor database
and displays routing table events as specified by command parameters. The event monitor buffer and
all backup logs are synchronized into a single SQLite file.
all
Command Mode
Privileged EXEC
Command Syntax
show event-monitor route [GROUP] [MESSAGES] [IP] [TIME]
Optional parameters can be placed in any order.
Parameters
•
GROUP
used with aggregate functions to group results. Analogous to SQL group by command.
— <no parameter> results are not grouped.
— group-by ip results are grouped by IP address.
•
MESSAGES
number of message returned from query. Analogous to SQL limit command.
— <no parameter> result-set size is not limited.
— limit msg_quantity number of results that are displayed. Values range from 1 to 15,000.
•
INTERFACE
—
—
—
—
—
—
•
IP
resticts result-set to events that include specified interface (SQL Like command).
<no parameter> result-set not restricted by interface.
match-interface ethernet e_range Ethernet interface list.
match-interface loopback l_range loopback interface list.
match-interface management m_range management interface list.
match-interface port-channel c_range port channel interface list.
match-interface vlan v_range VLAN interface list.
resticts result-set to events that include specified IP address (SQL Like command).
— <no parameter> result-set not restricted to specific IP addresses.
— match-ip ip_address_rex IP address, as represented by regular expression.
•
TIME
—
—
—
—
—
restricts result-set to events with specified period.
<no parameter> result-set not restricted by time of event.
match-time last-minute includes events generated during last minute.
match-time last-day includes events generated during last day.
match-time last-hour includes events generated during last hour.
match-time last-week includes events generated during last week.
User Manual: Version 4.15.2F
29 September 2015
321
Switch Administration Commands
Chapter 5 Administering the Switch
Example
•
This command displays 10 routing table events listed in the event monitor database.
switch#show event-monitor route limit 10
% Writing 0 Arp, 2 Route, 0 Mac events to the database
2012-11-07 12:48:02|10.44.54.0/23|ospfAseE2|30|110|changed|2186957
2012-11-07 12:48:02|10.44.254.172/30|ospfAseE2|20|110|added|2186958
2012-11-07 12:48:02|10.44.254.112/30|ospfAseE2|30|110|changed|2186959
2012-11-07 12:48:02|10.44.48.0/23|ospfAseE2|30|110|changed|2186960
2012-11-07 12:48:02|10.52.0.35/32|ospfAseE2|30|110|changed|2186961
2012-11-07 12:48:02|10.44.50.0/23|ospfAseE2|30|110|changed|2186962
2012-11-07 12:48:02|10.44.254.172/30||||removed|2186963
2012-11-07 12:48:07|10.44.254.148/30|ospfInterArea|50|110|changed|2186964
2012-11-07 12:48:07|10.44.32.0/23|ospfInterArea|50|110|changed|2186965
2012-11-07 12:48:07|10.44.254.128/30|ospfInterArea|40|110|changed|2186966
switch#
322
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show event-monitor sqlite
The show event-monitor sqlite command performs an SQL-style query on the event monitor database,
using the statement specified in the command.
all
Command Mode
Privileged EXEC
Command Syntax
show event-monitor sqlite statement
Parameters
•
statement
SQLite statement.
Example
•
This command displays all entries from the route table.
switch#show event-monitor sqlite select * from route;
2012-01-19 13:53:01|16.16.16.0/24||||removed|0
2012-01-19 13:53:01|16.16.16.17/32||||removed|1
2012-01-19 13:53:01|16.16.16.18/32||||removed|2
2012-01-19 13:53:01|16.16.16.240/32||||removed|5
2012-01-19 13:53:01|16.16.16.0/32||||removed|6
2012-01-19 13:53:01|16.16.16.255/32||||removed|7
2012-01-19 13:53:01|192.168.1.0/24||||removed|8
2012-01-19 13:53:01|192.168.1.5/32||||removed|9
2012-01-19 13:53:01|192.168.1.6/32||||removed|10
switch#
User Manual: Version 4.15.2F
29 September 2015
323
Switch Administration Commands
Chapter 5 Administering the Switch
show hostname
The show hostname command displays the hostname and the fully qualified domain name (FQDN) of
the switch.
all
Command Mode
EXEC
Command Syntax
show hostname
Example
•
This command displays the hostname and FQDN of the switch.
switch>show hostname
Hostname: switch_1
FQDN:
switch_1.aristanetworks.com
switch>
324
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show hosts
The show hosts command displays the default domain name, name lookup service style, a list of name
server hosts, and the static hostname-IP address maps.
all
Command Mode
EXEC
Command Syntax
show hosts
Example
•
This command displays the switch’s IP domain name:
switch>show hosts
Default domain is: aristanetworks.com
Name/address lookup uses domain service
Name servers are: 172.22.22.40, 172.22.22.10
Static Mappings:
Hostname
TEST_LAB
PRODUCTION_LAB
SUPPORT_LAB
switch>
User Manual: Version 4.15.2F
IP
IPV4
IPV4
IPV6
Addresses
10.24.18.6
10.24.18.7
2001:0DB8:73:ff:ff:26:fd:90
29 September 2015
325
Switch Administration Commands
Chapter 5 Administering the Switch
show ip domain-name
The show ip domain-name command displays the switch’s IP domain name that is configured with the
ip domain name command.
all
Command Mode
EXEC
Command Syntax
show ip domain-name
Example
•
This command displays the switch’s IP domain name:
switch>show ip domain-name
aristanetworks.com
switch>
326
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show ip name-server
The ip name-server command displays the ip addresses of name-servers in running-config. The name
servers are configured by the ip name-server command.
all
Command Mode
EXEC
Command Syntax
show ip name-server
Example
•
This command displays the IP address of name servers that the switch is configured to access.
switch>show ip name-server
172.22.22.10
172.22.22.40
switch>
User Manual: Version 4.15.2F
29 September 2015
327
Switch Administration Commands
Chapter 5 Administering the Switch
show ntp associations
The show ntp associations command displays the status of connections to NTP servers.
all
Command Mode
EXEC
Command Syntax
show ntp associations
Display Values
•
•
•
•
•
•
•
•
st (stratum): number of steps between the switch and the reference clock.
t (transmission type): u – unicast; b – broadcast; l – local.
when: interval since reception of last packet (seconds unless unit is provided).
poll: interval between NTP poll packets. Maximum (1024) reached as server and client syncs.
reach: octal number that displays status of last eight NTP messages (377 - all messages received).
delay: round trip delay of packets to selected reference clock.
offset: difference between local clock and reference clock.
jitter: maximum error of local clock relative to reference clock.
Example
•
This command displays the status of the switch’s NTP associations.
switch>show ntp associations
remote
refid
st t when poll reach
delay
offset jitter
==============================================================================
172.1.1.1
.INIT.
16 u
- 1024
0
0.000
0.000
0.000
moose.aristanet 192.187.233.4
2 u
9
64 377
0.118 9440498
0.017
172.17.2.6
.INIT.
16 u
- 1024
0
0.000
0.000
0.000
*LOCAL(0)
.LOCL.
10 l
41
64 377
0.000
0.000
0.000
328
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show ntp status
The show ntp status command displays the status of NTP on the switch. If the switch clock is not
synchronised to an NTP server, the status reads “unsynchronised” and shows the server polling
interval. If the clock is synchronised to an NTP server, the status shows the reference ID and stratum of
the server, the precision of the synchronisation, and the polling interval.
Important As specified in RFC5905, for servers with IPv4 addresses the reference ID is the four-octet IPv4 address,
but for servers with IPv6 addresses the reference ID is the first four octets of the MD5 hash of the IPv6
address.
all
Command Mode
EXEC
Command Syntax
show ntp status
Example
•
This command displays the switch’s NTP status.
switch>show ntp status
synchronised to NTP server (172.16.1.50) at stratum 4
time correct to within 77 ms
polling server every 1024 s
switch>
User Manual: Version 4.15.2F
29 September 2015
329
Switch Administration Commands
Chapter 5 Administering the Switch
show ptp
The show ptp command displays summary Precision Time Protocol (PTP) information and PTP status
of switch ports.
Arad, FM6000
Command Mode
EXEC
Command Syntax
show ptp
Example
•
This command displays summary PTP information.
switch#show ptp
PTP Mode: gptp - Generalized PTP Clock
Clock Identity: 2001:0DB8:73:ff:ff:26:fd:90
Grandmaster Clock Identity: 2001:0DB8:96:ff:fe:6c:ed:02
Number of slave ports: 1
Number of master ports: 6
Slave port: Ethernet33
Mean Path Delay (nanoseconds): 718
Steps Removed: 1
Neighbor Rate Ratio: 1.00000007883
Rate Ratio: 1.00000007883
Interface State
AS
Time Since Last
Neighbor
Capable Changed
Rate Ratio
--------- -------- ------- ------------------ ----------Et1
Disabled No
Never
1.0
Et2
Disabled No
Never
1.0
Et3
Disabled No
Never
1.0
Et4
Disabled No
Never
1.0
Et5
Disabled No
Never
1.0
Et6
Disabled No
Never
1.0
Et7
Master
Yes
0:21:08
1.00000009
<-------OUTPUT OMITTED FROM EXAMPLE-------->
330
29 September 2015
Mean Path
Delay (ns)
----------0
0
0
0
0
0
420
Residence
Time (ms)
--------0
0
0
0
0
0
0
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show ptp clock
The show ptp clock command displays the Precision Time Protocol (PTP) clock information.
Arad, FM6000
Command Mode
EXEC
Command Syntax
show ptp clock
Example
•
This command shows how to display the PTP local clock and offset.
switch#show ptp clock
PTP Mode: Boundary Clock
Clock Identity: 0x00:1c:73:ff:ff:1e:83:24
Clock Domain: 1
Number of PTP ports: 24
Priority1: 128
Priority2: 128
Clock Quality:
Class: 248
Accuracy: 0x30
OffsetScaledLogVariance: 0xffff
Offset From Master: 0
Mean Path Delay: 0
Steps Removed: 0
switch#
User Manual: Version 4.15.2F
29 September 2015
331
Switch Administration Commands
Chapter 5 Administering the Switch
show ptp foreign-master-record
The show ptp foreign-master-record command displays information about foreign masters (PTP
sources not designated as the switch’s master from which the switch has received sync packets).
Arad, FM6000
Command Mode
EXEC
Command Syntax
show ptp foreign-master-record
Examples
•
This command displays information about PTP foreign masters.
switch# show ptp clocks foreign-masters-record
No Foreign Master Records
switch#
332
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show ptp interface
The show ptp interface command displays PTP information for all the interfaces on the device.
Arad, FM6000
Command Mode
EXEC
Command Syntax
show ptp [INTERFACE_NAME][STATUS_FILTER]
Parameters
•
INTERFACE_NAME
—
—
—
—
—
—
Interface type and numbers. Options include:
<no parameter> Display information for all interfaces.
ethernet e_range Ethernet interface range specified by e_range.
loopback l_range Loopback interface specified by l_range.
management m_range Management interface range specified by m_range.
port-channel p_range Port-Channel Interface range specified by p_range.
vlan v_range VLAN interface range specified by v_range.
Valid range formats include number, number range, or comma-delimited list of numbers and
ranges.
•
STATUS_FILTER
Filters interfaces by their configuration status. Options include:
— <no parameter> all interfaces.
— enabled PTP configured interfaces.
Examples
This command displays PTP information for all the interfaces on the device.
switch# show ptp interface
Interface Ethernet1
PTP: Disabled
Port state: Disabled
Sync interval: 1.0 seconds
Announce interval: 2.0 seconds
Announce interval timeout multiplier: 3
Delay mechanism: end to end
Delay request message interval: 32.0 seconds
Transport mode: ipv4
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Interface Ethernet5
PTP: Disabled
Port state: Disabled
Sync interval: 8.0 seconds
Announce interval: 2.0 seconds
Announce interval timeout multiplier: 5
Delay mechanism: peer to peer
Peer delay request message interval: 8.0 seconds
Peer Mean Path Delay: 0
Transport mode: ipv4
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch#
User Manual: Version 4.15.2F
29 September 2015
333
Switch Administration Commands
Chapter 5 Administering the Switch
show ptp interface counters
The show ptp interface counters command displays PTP interface counters for all interfaces.
Arad, FM6000
Command Mode
EXEC
Command Syntax
show ptp [INTERFACE_NAME] counters
Parameters
•
INTERFACE_NAME
—
—
—
—
—
—
—
Interface type and numbers. Options include:
<no parameter> Display information for all interfaces.
ethernet e_range Ethernet interface range specified by e_range.
loopback l_range Loopback interface specified by l_range.
management m_range Management interface range specified by m_range.
port-channel p_range Port-Channel Interface range specified by p_range.
vlan v_range VLAN interface range specified by v_range.
vxlan vx_range VXLAN interface range specified by vx_range.
Valid range formats include number, number range, or comma-delimited list of numbers and
ranges.
Examples
•
This command displays the PTP interface counters.
switch# show ptp interface ethernet 5 counters
Interface Ethernet5
Announce messages sent: 0
Announce messages received: 0
Sync messages sent: 0
Sync messages received: 0
Follow up messages sent: 0
Follow up messages received: 0
Delay request messages sent: 0
Delay request messages received: 0
Delay response messages sent: 0
Delay response messages received: 0
Peer delay request messages sent: 0
Peer delay request messages received: 0
Peer delay response messages sent: 0
Peer delay response messages received: 0
Peer delay response follow up messages sent: 0
Peer delay response follow up messages received: 0
switch#
334
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show ptp parent
The show ptp parent command displays information about the switch’s PTP parent and grand master
clocks.
Arad, FM6000
Command Mode
Privileged EXEC
Command Syntax
show ptp parent
Examples
•
This command displays information about the switch’s PTP parent and grand master clocks.
switch# show ptp parent
Parent Clock:
Parent Clock Identity: 0x00:1c:73:ff:ff:00:72:40
Parent Port Number: 0
Parent IP Address: N/A
Observed Parent Offset (log variance): N/A
Observed Parent Clock Phase Change Rate: N/A
Grandmaster Clock:
Grandmaster Clock Identity: 0x00:1c:73:ff:ff:00:72:40
Grandmaster Clock Quality:
Class: 248
Accuracy: 0x30
OffsetScaledLogVariance: 0xffff
Priority1: 128
Priority2: 128
switch#
User Manual: Version 4.15.2F
29 September 2015
335
Switch Administration Commands
Chapter 5 Administering the Switch
show ptp source ip
The show ptp source ip command displays the PTP source IP for the device.
Arad, FM6000
Command Mode
Privileged EXEC
Command Syntax
show ptp source ip
Examples
•
This command shows the PTP source IP to be 10.0.2.1.
switch#show ptp source ip
PTP source IP: 10.0.2.1
switch#
336
29 September 2015
User Manual: Version 4.15.2F
Chapter 5 Administering the Switch
Switch Administration Commands
show ptp time-property
The show ptp time-property command displays the Precision Time Protocol (PTP) clock properties.
Arad, FM6000
Command Mode
Privileged EXEC
Command Syntax
show ptp time-property
Examples
•
This command shows the PTP clock properties.
switch# show ptp time-property
Current UTC offset valid: False
Current UTC offset: 0
Leap 59: False
Leap 61: False
Time Traceable: False
Frequency Traceable: False
PTP Timescale: False
Time Source: 0x0
switch#
User Manual: Version 4.15.2F
29 September 2015
337
Switch Administration Commands
338
Chapter 5 Administering the Switch
29 September 2015
User Manual: Version 4.15.2F
Chapter 6
Booting the Switch
This chapter describes the switch boot process, describes configuration options, and lists the
components it requires, including the boot loader, the boot loader shell, and other configuration files.
This chapter includes the following sections:
•
•
•
•
•
•
•
6.1
Section 6.1: Boot Loader – Aboot
Section 6.2: Configuration Files
Section 6.3: Supervisor Redundancy
Section 6.4: System Reset
Section 6.5: Aboot Shell
Section 6.6: Aboot Configuration Commands
Section 6.7: Switch Booting Commands
Boot Loader – Aboot
Aboot is the boot loader for Arista switches. In addition to booting the switch EOS, Aboot provides a
shell for changing boot parameters, restoring default switch settings, diagnosing hardware problems,
and managing switch files. Section 6.5: Aboot Shell describes the Aboot shell.
The boot process loads an EOS image file, initiates switch processes, performs self tests, restores
interface settings, and configures other network parameters. The replacement image file can be in the
switch’s flash or on a device in the flash drive port. Configuration files stored in flash memory specify
boot parameters.
Aboot supports most available USB flash drive models. The flash drive must be formatted with the FAT
or VFAT file system. Windows NT File System (NTFS) is not supported.
Aboot initiates a system reboot upon a reload command or by restoring power to the switch. Before
loading the EOS image file, Aboot provides an option to enter the Aboot shell. The user can either enter
the shell to modify boot parameters or allow the switch to boot.
The boot process can be monitored through a terminal connected to the console port. The console port
is configured to interact with the terminal by configuration file settings.
User Manual: Version 4.15.2F
29 September 2015
339
Configuration Files
6.2
Chapter 6 Booting the Switch
Configuration Files
Three files define boot and running configuration parameters.
•
•
•
boot-config: Contains the location and name of the image to be loaded.
running-config: Contains the current switch configuration.
startup-config: Contains the switch configuration that is loaded when the switch boots.
The running-config and startup-config are different when configuration changes have not been saved
since the last boot.
6.2.1
boot-config
The boot-config file is an ASCII file that Aboot uses to configure console communication settings, locate
the EOS flash image, and specify initial network configuration settings.
Aboot attempts to boot the EOS flash software image (with the extension .swi) referenced by boot-config
if the user does not interrupt the boot process. See Section 6.5: Aboot Shell describes how Aboot uses
boot-config.
You can view and edit the boot-config file contents. Viewing and editing options include:
•
View boot-config file contents with the more boot-config command:
switch(config)#more boot-config
SWI=flash:/EOS.swi
CONSOLESPEED=2400
Aboot password (encrypted): $1$A8dZ3GLZ$knKrBpTyg5dhmtGdCdwNM.
switch(config)#
•
View boot-config settings with the show boot-config command:
switch(config)#show boot-config
Software image: flash:/EOS.swi
Console speed: 2400
Aboot password (encrypted): $1$A8dZ3GLZ$knKrBpTyg5dhmtGdCdwNM.
Memory test iterations: (not set)
switch(config)#
•
Modify file settings from the command line with EOS boot commands.
See Section 6.2.1.3: Programming boot-config from the CLI for a list of boot commands.
•
Edit the file directly by using vi from the Bash shell.
See Section 6.2.1.2: boot-config Command Line Content for a list of boot-config parameters.
6.2.1.1
boot-config File Structure
Each line in the boot-config file specifies a configuration setting and has this format:
NAME=VALUE
•
•
NAME is the parameter label.
VALUE indicates the parameter’s bootup setting.
The NAME and VALUE fields cannot contain spaces.
Aboot ignores blank lines and lines that begin with a # character.
6.2.1.2
boot-config Command Line Content
Aboot configuration commands that boot-config files can contain include:
340
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
•
Configuration Files
SWI specifies the location and file name of the EOS image file that Aboot loads when booting, using
the same format as the boot command to designate a local or network path.
Example
— SWI=flash:EOS.swi
— SWI=usb1:/EOS1.swi
— SWI=file:/tmp/EOSexp.swi
—
—
—
—
—
•
(flash drive location)
(usb drive location)
(switch directory location)
SWI=/mnt/flash/EOS.swi
SWI=http://foo.com/images/EOS.swi
SWI=ftp://foo.com/images/EOS.swi
SWI=tftp://foo.com/EOS.swi
SWI=nfs://foo.com/images/EOS.swi
CONSOLESPEED specifies the console baud rate. To communicate with the switch, the connected
terminal must match the specified rate. Baud rates are 1200, 2400, 4800, 9600, 19200, or 38400. The
default baud rate is 9600.
Example
CONSOLESPEED=2400
CONSOLESPEED=19200
•
PASSWORD (ABOOT) specifies the Aboot password, as described in Section 6.5.2: Accessing the
Aboot Shell. If boot-config does not contain a PASSWORD line, the Aboot shell does not require a
password.
Example
PASSWORD=$1$CdWp5wfe$pzNtE3ujBoFEL8vjcq7jo/
•
NET commands NET commands in the boot-config file are used by Aboot during switch booting to
configure the network interface that will be used for switch configuration. These commands can
also be entered manually in Aboot.
NETDEV indicates which network interface is being configured. If boot-config does not contain a
NETDEV setting, the booting process does not attempt to configure a network interface. Other NET
commands specify settings that Aboot uses to configure the interface.
Examples
— This NETDEV command specifies management port 1 as the network interface to be
configured by boot-config.
NETDEV=ma1
— This NETAUTO command instructs the switch to configure the network interface through
a DHCP server, ignoring other NET settings.
NETAUTO=dhcp
— These NET commands configure the network interface.
NETIP=10.12.15.10
NETMASK=255.255.255.0
NETGW=10.12.15.24
NETDOMAIN=mycompany.com
NETDNS=10.12.15.13
6.2.1.3
Programming boot-config from the CLI
The switch CLI provides boot commands for editing boot-config contents. The boot commands are not
accessible from a console port CLI. Parameters not configurable from a boot command can be modified
by directly editing the boot-config file.
User Manual: Version 4.15.2F
29 September 2015
341
Configuration Files
Chapter 6 Booting the Switch
Commands that configure boot parameters include boot system, boot secret, and boot console.
boot system
The boot system command provides the EOS image file location to Aboot.
Example
• This command specifies EOS1.swi on USB flash memory as the software image load file.
switch(config)#boot system usb1:EOS1.swi
The boot system command above adds this line to boot-config.
SWI=usb1:/EOS1.swi
•
This command designates EOS.swi, on the switch flash, as the EOS software image load file.
switch(config)#boot system flash:EOS.swi
The boot system command above adds this line to boot-config.
SWI=flash:/EOS.swi
boot secret
The boot secret command sets the Aboot password.
Example
• These equivalent commands set the Aboot password to xr19v.
switch(config)#boot secret xr19v
switch(config)#boot secret 0 xr19v
This command shows the password that has been set.
switch(config)#show boot-config
Software image: flash:/EOS.swi
Console speed: (not set)
Aboot password (encrypted): $1$k9YHFW8D$cgM8DSN.e/yY0p3k3RUvk.
The boot secret commands above add this line to boot-config.
PASSWORD=$1$k9YHFW8D$cgM8DSN.e/yY0p3k3RUvk.
The user must enter xr19v at the login prompt to access the Aboot shell.
•
This command sets the Aboot password to xr123. The encrypted string was previously generated
with xr123 as the clear-text seed.
switch(config)#boot secret 5 $1$QfbYkVWb$PIXG0udEquW0wOSiZBN3D/
This command shows the password that has been set.
switch(config)#show boot-config
Software image: flash:/EOS.swi
Console speed: (not set)
Aboot password (encrypted): $1$QfbYkVWb$PIXG0udEquW0wOSiZBN3D/
The boot secret command above adds this line to boot-config.
PASSWORD=$1$QfbYkVWb$PIXG0udEquW0wOSiZBN3D/
The user must enter xr123 at the login prompt to access the Aboot shell.
•
This command removes the Aboot password; subsequent Aboot access is not authenticated.
switch(config)#no boot secret
342
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Configuration Files
This command shows that there is now no Aboot password.
switch(config)#show boot-config
Software image: flash:/EOS.swi
Console speed: (not set)
Aboot password (encrypted): (not set)
boot console
The boot console command sets console settings for attaching devices.
Example
• This command sets the console speed to 4800 baud:
switch(config)#boot console speed 4800
This command shows the console speed.
switch(config)#show boot-config
Software image: flash:/EOS.swi
Console speed: 4800
Aboot password (encrypted): (not set)
The boot console command above adds this line to boot-config.
CONSOLESPEED=4800
6.2.2
Running-Config
running-config is a virtual file that contains the system’s operating configuration, formatted as a
command sequence. Commands entered from the CLI modify running-config. Copying a file to
running-config updates the operating configuration by executing the commands in the copied file.
running-config commands include:
•
•
•
6.2.3
show running-config displays running-config.
copy running-config startup-config copies running-config contents to the startup-config.
write copies running-config contents to the startup-config file.
Startup-Config
The startup-config file is stored in flash memory and contains the configuration that the switch loads
when booting. During a switch boot, running-config is replaced by startup-config. Changes to
running-config that are not copied to startup-config are lost when the system reboots.
startup-config commands include:
•
•
•
show startup-config displays startup-config.
copy <filename> startup-config copies contents of the specified file to startup-config.
erase startup-config deletes the startup-config file.
User Manual: Version 4.15.2F
29 September 2015
343
Supervisor Redundancy
6.3
Chapter 6 Booting the Switch
Supervisor Redundancy
On modular switches with redundant supervisor modules, control of the switch can be transferred to
the standby supervisor to minimize downtime and data loss in the case of a reset, reload, or failure of
the active supervisor. How the switchover takes place is determined by the redundancy protocol on the
active supervisor.
To display the state and the current redundancy protocol of both supervisors, use the show redundancy
states command. To display the state of configuration file synchronization between the supervisors, use
the show redundancy file-replication command.
6.3.1
Redundancy Supervisor Protocols
There are three available supervisor redundancy protocols.
Route Processor Redundancy (RPR)
The default redundancy protocol is route processor redundancy (RPR), which synchronizes
startup-config files between the supervisor modules and partially boots the standby supervisor to a
“standby warm” state, but does not synchronize running-config. If the active supervisor fails, or a
manual switchover is initiated with the redundancy force-switchover command, the standby
supervisor will become active. Running state, including spanning tree, is lost, and all links are
temporarily brought down.
Under RPR, the CLI of the standby supervisor can be accessed by SSH or through the console port, but
the available command set is limited. Any configuration changes made to the standby supervisor will
be lost when the supervisor reboots.
Stateful Switchover (SSO)
In stateful switchover (SSO) protocol, the switch synchronizes both startup-config and running-config
files between the supervisor modules and fully boots the standby module to a “standby hot” state to
speed the switchover process and minimize packet loss. If the active supervisor fails, or a manual
switchover is initiated, the standby supervisor immediatelay becomes active, and running state is
maintained. An SSO switchover is transparent from the outside.
Under SSO, the CLI of the standby supervisor can be accessed only through the console port, and the
command set is limited. Any configuration changes made on the standby supervisor will be lost when
the supervisor reboots.
Important When upgrading the EOS on a dual-supervisor switch to an SSO-capable version (4.11.0 or higher)
from a version that does not support SSO, both supervisors will reset simultaneously, causing several
seconds of system downtime.
Simplex
When the switch is set to simplex protocol, the standby supervisor is disabled and switchover will not
occur even if the active supervisor fails. Reloading the active supervisor results in system downtime
while the supervisor reboots, and the standby supervisor remains disabled. To transfer control of the
switch to the standby supervisor, the redundancy protocol must be changed to RPR or SSO.
Under simplex protocol, the CLI of the disabled supervisor can be accessed only through the console
port, and the command set is limited. Any configuration changes made on the standby supervisor will
be lost when the supervisor reboots.
344
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
6.3.2
Supervisor Redundancy
Configuring Supervisor Redundancy
The supervisor redundancy protocol is configured using the protocol command in redundancy
configuration mode (accessed with the redundancy command).
Changing the redundancy protocol on the active supervisor resets the standby supervisor regardless of
redundancy protocol, and executing the write command on the active supervisor synchronizes the
startup-config files between supervisors in RPR and SSO modes.
Examples
• These commands display the current redundancy state of the switch and the most recent file
synchronization information.
switch#show redundancy state
my state = ACTIVE
peer state = STANDBY WARM
Unit = Primary
Unit ID = 1
Redundancy Protocol (Operational) = Route Processor Redundancy
Redundancy Protocol (Configured) = Route Processor Redundancy
Communications = Up
Ready for switchover
Last switchover time = 7:23:56 ago
Last switchover reason = Supervisor has control of the active supervisor lock
Switch#show redundancy file-replication
0 files unsynchronized, 2 files synchronized, 0 files failed, 2 files total.
File
---------------------file:persist/sys
flash:startup-config
•
Status
-------------Synchronized
Synchronized
Last Synchronized
------------------0:10:04 ago
0:10:04 ago
These commands set the redundancy protocol for the active supervisor to stateful switchover (SSO).
switch#config
switch(config)#redundancy
switch(config-redundancy)#protocol sso
Peer supervisor will be restarted.
switch(config-redundancy)#
User Manual: Version 4.15.2F
29 September 2015
345
System Reset
6.4
Chapter 6 Booting the Switch
System Reset
When a reset condition exists, Aboot can either reset the switch without user intervention or facilitate a
manual reset through the Aboot shell. A reset operation clears the switch, including memory states and
other hardware logic
•
Fixed systems: The power supply remains powered up through the reset. Power is removed from
all other switch components for two to five seconds.
•
Modular systems: The power supply on the active supervisor remains powered up through the
reset. Power is removed from all other supervisor components for at least one second. In stateful
switchover (SSO) and route processor redundancy (RPR) modes, resetting the standby supervisor
has no effect on the active supervisor, but resetting the active supervisor causes the standby
supervisor to immediately become active. After the supervisor becomes functional, it manages the
power-cycling of all line cards.
The reload command initiates an immediate reset, terminating all CLI instances not running through
the console port. The console port CLI displays messages that the switch generates during a reset. On
modular switches with redundant supervisors, CLI sessions on the standby supervisor are not
terminated.
The reload <scheduled> command schedules a reset operation to initiate at a specific time or after a
specified period.
6.4.1
Typical Reset Sequence
The reload command power cycles the switch, then resets it under Aboot control. The hard reset clears
the switch, including memory states and other hardware logic.
By default, the reload command triggers a request to store unsaved running-config commands and an
option to open the Aboot shell before starting the reboot when accessing the CLI through the console
port. The switch then begins the reboot process controlled by Aboot.
This procedure is an example of a typical restart.
Step 1 Begin the reboot process by typing the reload command:
switch#reload
The switch sends a message to confirm the reload request:
Proceed with reload? [confirm]
Step 2 Press enter or type y to confirm the requested reload. Pressing any other key terminates the
reload operation.
The switch sends a series of messages, including a notification that a message was broadcast to
all open CLI instances, informing them that the system is being rebooted. The reload pauses
when the CLI displays the Aboot shell notification line.
Broadcast message from root@mainStopping sshd: [
SysRq : Remount R/O
Restarting system
OK
]
Aboot 1.9.0-52504.EOS2.0
Press Control-C now to enter Aboot shell
Step 3 To continue the reload process, do nothing. Typing Ctrl-C opens the Aboot shell; see Section
6.5.5: Commands for Aboot editing instructions.
346
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
System Reset
The switch continues the reset process, displaying messages to indicate the completion of
individual tasks. The reboot is complete when the CLI displays a login prompt.
Booting flash:/EOS.swi
Unpacking new kernel
Starting new kernel
Switching to rooWelcome to Arista Networks EOS 4.4.0
Mounting filesystems: [ OK ]
Entering non-interactive startup
Starting EOS initialization stage 1: [ OK ]
ip6tables: Applying firewall rules: [ OK ]
iptables: Applying firewall rules: [ OK ]
iptables: Loading additional modules: nf_conntrack_tftp [
Starting system logger: [ OK ]
Starting system message bus: [ OK ]
Starting NorCal initialization: [ OK ]
Starting EOS initialization stage 2: [ OK ]
Starting ProcMgr: [ OK ]
Completing EOS initialization: [ OK ]
Starting Power On Self Test (POST): [ OK ]
Generating SSH2 RSA host key: [ OK ]
Starting isshd: [ OK ]
Starting sshd: [ OK ]
Starting xinetd: [ OK ]
[ OK ] crond: [ OK ]
OK
]
switch login:
Step 4 Log into the switch to resume configuration tasks.
6.4.2
Switch Recovery
Aboot can automatically erase the internal flash and copy the contents of a USB drive that has been
inserted before powering up or rebooting the switch. This recovery method does not require access to
the switch console or Aboot password entry, even if the boot-config file lists one.
Aboot invokes the recovery mechanism only if each of these two conditions is met:
•
The USB drive must contain a file called fullrecover
The file’s contents are ignored; an empty text file is sufficient.
•
If the USB drive contains a file named boot-config, its timestamp must differ from the timestamp of
the boot-config file on the internal flash.
This prevents Aboot from invoking the recovery mechanism again on every boot if you leave the
flash key inserted.
To use this recovery mechanism, set up a USB drive with the files to be installed on the internal flash –
for example, a current EOS software image, and a customized or empty boot-config – plus an empty file
named fullrecover.
Check that the timestamp of boot-config is current to ensure that the above conditions are met.
6.4.3
Display Reload Cause
The show reload cause command displays the cause of the most recent system reset and lists
recommended actions, if any exist, to avoid future spontaneous resets or resolve other issues that may
have cause the reset.
User Manual: Version 4.15.2F
29 September 2015
347
System Reset
Chapter 6 Booting the Switch
Example
• To display the reset cause, type show reload cause at the prompt.
switch# show reload cause
Reload Cause 1:
------------------Reload requested by the user.
Recommended Action:
------------------No action necessary.
Debugging Information:
---------------------None available.
switch#
6.4.4
Configuring Zero Touch Provisioning
Zero Touch Provisioning (ZTP) is a switch configuration method that uses files referenced by a DCHP
server to initially provision the switch without user intervention. A switch enters ZTP mode when it is
reloaded if flash memory does not contain a startup-config.
Cancelling ZTP boots the switch without using a startup-config file. When ZTP mode is cancelled, a
startup-config file is not stored to flash memory. Until a startup-config file is stored to flash, the switch
returns to ZTP mode on subsequent reboots. This section describes steps required to implement,
monitor, and cancel ZTP.
6.4.4.1
Configuring the Network for ZTP
A switch performs the following after booting in ZTP mode:
•
•
Configures each physical interface to no switchport mode.
Sends a DHCP query packet on all Ethernet and management interfaces.
After the switch receives a DHCP offer, it responds with a DHCP request for Option 66 (TFTP server
name), Option 67 (bootfile name), and dynamic network configuration settings. When the switch
receives a valid DHCP response, it configures the network settings, then fetches the file from the
location listed in Option 67. If Option 67 returns a network URL (http:// or ftp://), the switch obtains the
file from the network. If Option 67 returns a file name, the switch retrieves the file from the TFTP server
listed in Option 66.
The Option 67 file can be a startup-config file or a boot script. The switch distinguishes between a
startup-config file and a boot script by examining the first line in the file:
•
The first line of a boot file must consist of the #! characters followed by the interpreter path. The
switch executes the code in the script, then reboots. The boot script may fetch an EOS software
image or perform required customization tasks.
The following boot file fetches an EOS software image and stores a startup configuration file to
flash.
#!/usr/bin/Cli -p2
copy http://company.com/startup-config flash:startup-config
copy http://company.com/EOS-2.swi flash:EOS-2.swi
config
boot system flash:EOS-2.swi
•
348
The switch identifies any other file as a startup-config file. The switch copies the startup-config file
into flash as mnt/flash/startup-config, then reboots.
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
System Reset
The switch uses its system MAC address as the DHCP client identifier and Arista as the Vendor Class
Identifier (Option 60). When the switch receives an http URL through Option 67, it sends the following
http headers in the GET request:
X-Arista-SystemMAC:
X-Arista-HardwareVersion:
X-Arista-SKU:
X-Arista-Serial:
X-Arista-Architecture:
6.4.4.2
Monitoring ZTP Progress
A switch displays the following message after rebooting when it does not contain a startup-config file:
No startup-config was found.
The device is in Zero Touch Provisioning mode and is attempting to
download the startup-config from a remote system. The device will not
be fully functional until either a valid startup-config is downloaded
from a remote system or Zero Touch Provisioning is cancelled. To cancel
Zero Touch Provisioning, login as admin and type 'zerotouch cancel'
at the CLI.
switch login:
The switch displays a CONFIG_DOWNLOAD_SUCCESS message after it successfully downloads a
startup-config file, then continues the reload process as described in Section 6.4.1.
===============================================================================
Successful download
--------------------
Apr 15 21:36:46 switch ZeroTouch: %ZTP-5-DHCP_QUERY: Sending DHCP request on [
Ethernet10, Ethernet13, Ethernet14, Ethernet17, Ethernet18, Ethernet21, Ethernet22,
Ethernet23, Ethernet24, Ethernet7, Ethernet8, Ethernet9, Management1, Management2 ]
Apr 15 21:36:56 switch ZeroTouch: %ZTP-5-DHCP_SUCCESS: DHCP response received on
Ethernet24 [ Mtu: 1500; Ip Address: 10.10.0.4/16; Nameserver: 10.10.0.1; Domain:
aristanetworks.com; Gateway: 10.10.0.1; Boot File:
http://10.10.0.2:8080/tmp/172.17.11.196-startup-config.1 ]
Apr 15 21:37:01 switch ZeroTouch: %ZTP-5-CONFIG_DOWNLOAD: Attempting to download the
startup-config from http://10.10.0.2:8080/tmp/172.17.11.196-startup-config.1
Apr 15 21:37:02 switch ZeroTouch: %ZTP-5-CONFIG_DOWNLOAD_SUCCESS: Successfully
downloaded startup-config from
http://10.10.0.2:8080/tmp/172.17.11.196-startup-config.1
Apr 15 21:37:02 switch ZeroTouch: %ZTP-5-RELOAD: Rebooting the system
Broadcast messagStopping sshd: [ OK ]
watchdog is not running
SysRq : Remount R/O
Restarting system
ø
Aboot 1.9.0-52504.EOS2.0
Press Control-C now to enter Aboot shell
User Manual: Version 4.15.2F
29 September 2015
349
System Reset
6.4.4.3
Chapter 6 Booting the Switch
ZTP Failure Notification
The switch displays a DHCP_QUERY_FAIL message when it does not receive a valid DHCP response
within 30 seconds of sending the query. The switch then sends a new DHCP query and waits for a
response. The switch continues sending queries until it receives a valid response or until ZTP mode is
cancelled.
switch login:admin
admin
switch>Apr 15 21:28:21 localhost ZeroTouch: %ZTP-5-DHCP_QUERY: Sending DHCP request on
[ Ethernet10, Ethernet13, Ethernet14, Ethernet17, Ethernet18, Ethernet21, E-thernet22,
Ethernet23, Ethernet24, Ethernet7, Ethernet8, Ethernet9, Management1, Management2 ]
Apr 15 21:28:51 localhost ZeroTouch: %ZTP-5-DHCP_QUERY_FAIL: Failed to get a valid DHCP
response
Apr 15 21:28:51 localhost ZeroTouch: %ZTP-5-RETRY: Retrying Zero Touch Provisioning
from the begining (attempt 1)
Apr 15 21:29:22 localhost ZeroTouch: %ZTP-5-DHCP_QUERY: Sending DHCP request on [
Ethernet10, Ethernet13, Ethernet14, Ethernet17, Ethernet18, Ethernet21, Ethernet22,
Ethernet23, Ethernet24, Ethernet7, Ethernet8, Ethernet9, Management1, Management2 ]
6.4.4.4
Cancelling ZTP Mode
To boot the switch without a startup-config file, log into the console, then cancel ZTP mode. After the
switch boots, it uses all factory default settings. A startup-config file must be saved to flash memory to
prevent the switch from entering ZTP mode on subsequent boots.
See Section 2.1.2.2 for ZTP mode cancellation instructions.
6.4.5
Configuring the Networks
If the boot-config file contains a NETDEV statement, Aboot attempts to configure the network interface,
as specified by Network configuration commands. See Section 6.2.1.2: boot-config Command Line
Content for a list of commands that define the network configuration.
350
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
6.5
Aboot Shell
Aboot Shell
The Aboot shell is an interactive command-line interface used to manually boot a switch, restore the
internal flash to its factory-default state, run hardware diagnostics, and manage files. The Aboot shell is
similar to the Linux Bourne Again Shell (Bash).
The Aboot shell provides commands for restoring the state of the internal flash to factory defaults or a
customized default state. You can use these recovery methods to:
•
•
•
•
6.5.1
restore the factory-default flash contents before transferring the switch to another owner.
restore Aboot shell access if the Aboot password is lost or forgotten.
restore console access if baud rate or other settings are incompatible with the terminal.
replace the internal flash contents with configuration or image files stored on a USB flash drive.
Operation
When the switch is powered on or rebooted, Aboot reads its configuration from boot-config on the
internal flash and attempts to boot an EOS software image (with the extension .swi) automatically if one
is configured.
You can monitor the automatic boot process or enter the Aboot shell only from the console port. You can
connect a PC or terminal directly to the port and run a terminal emulator to interact with the serial port
or access it through a serial concentrator device.
Console settings are stored in boot-config; the factory-default settings for Arista switches are 9600 baud,
no parity, 8 character bits, and 1 stop bit. If you do not know the current settings, perform a full flash
recovery to restore the factory-default settings. When the console port is connected and the terminal
settings are configured properly, the terminal displays a message similar to the following a few seconds
after powering up the switch:
Aboot 1.0.0
Press Control-C now to enter the Aboot shell
To abort the automatic boot process and enter the Aboot shell, press Ctrl-C (ASCII 3 in the terminal
emulator) after the Press Control-C now to enter Aboot shell message appears. Pressing Ctrl-C can
interrupt the boot process up through the starting of the new kernal.
If the boot-config file does not contain a password command, the Aboot shell starts immediately.
Otherwise, you must enter the correct password at the password prompt to start the shell. If you enter
the wrong password three times, Aboot displays this message:
Type "fullrecover" and press Enter to revert /mnt/flash to factory default
state, or just press Enter to reboot:
•
Pressing Enter continues a normal soft reset without entering the Aboot shell.
•
Typing fullrecover and pressing Enter performs a full flash recovery to restore the factory-default
settings, removing all previous contents of the flash drive.
The Aboot shell starts by printing:
Welcome to Aboot.
Aboot then displays the Aboot# prompt.
Aboot reads its configuration from boot-config on the internal flash.
User Manual: Version 4.15.2F
29 September 2015
351
Aboot Shell
6.5.2
Chapter 6 Booting the Switch
Accessing the Aboot Shell
This procedure accesses the Aboot Shell:
Step 1 Reload the switch and press enter or type y when prompted, as described by step 1 and step 2
in Section 6.4.1: Typical Reset Sequence.
The command line displays this Aboot entry prompt.
Press Control-C now to enter Aboot shell
Step 2 Type Ctrl-C.
If the boot-config file does not contain a PASSWORD command, the CLI displays an Aboot
welcome banner and prompt.
^CWelcome to Aboot.
Aboot#
If the boot-config file contains a PASSWORD command, the CLI displays a password prompt.
In this case, proceed to step 3. Otherwise, the CLI displays the Aboot prompt.
Step 3 If prompted, enter the Aboot password.
Press Control-C now to enter Aboot shell
^CAboot password:
Welcome to Aboot.
Aboot#
Aboot allows three attempts to enter the correct password. After the third attempt, the CLI
prompts the user to either continue the reboot process without entering the Aboot shell or to
restore the flash drive to the factory default state.
Press Control-C now to enter Aboot shell
^CAboot password:
incorrect password
Aboot password:
incorrect password
Aboot password:
incorrect password
Type "fullrecover" and press Enter to revert /mnt/flash to factory default
state, or just press Enter to reboot: fullrecover
All data on /mnt/flash will be erased; type "yes" and press Enter to proceed,
or just press Enter to cancel:
The fullrecover operation replaces the flash contents with a factory default configuration. The
CLI displays text similar to the following when performing a fullrecover, finishing with another
entry option into the Aboot shell.
Erasing /mnt/flash
Writing recovery data to /mnt/flash
boot-config
startup-config
EOS.swi
210770 blocks
Restarting system.
Aboot 1.9.0-52504.EOS2.0
Press Control-C now to enter Aboot shell
352
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
6.5.3
Aboot Shell
File Structure
When you enter the Aboot CLI, the current working directory is the root directory on the switch. Switch
image and configuration files are at /mnt/flash. When exiting the Aboot shell, only the contents of
/mnt/flash are preserved. The /mnt directory contains the file systems of storage devices. Aboot mounts
the internal flash device at /mnt/flash.
When a USB flash drive is inserted in one of the flash ports, Aboot mounts its file system on /mnt/usb1.
The file system is unmounted when the USB flash drive is removed from the port. Most USB drives
contain an LED that flashes when the system is accessing it; do not remove the drive from the flash port
until the LED stops flashing.
6.5.4
Booting From the Aboot Shell
Aboot attempts to boot the EOS software image (with the extension .swi) configured in boot-config
automatically if you take no action during the boot process. If the boot process fails for any reason, such
as an incorrectly configured software image, Aboot enters the shell, allowing you to correct the
configuration or boot a software image manually. The boot command loads and boots an EOS software
image file.
The boot command syntax is
boot SWI
where SWI lists the location of the EOS image that the command loads. SWI settings include:
•
DEVICE:PATH
Loads the image file from the specified storage device. The default
DEVICE value is flash; other values include file and usb1.
•
/PATH
Loads the image file from the specified path in the switch directory.
•
http://SERVER/PATH
Loads the image file from the HTTP server on the host server.
•
ftp://SERVER/PATH
Loads the image file from the FTP server on the host server.
•
tftp://SERVER/PATH
Loads the image file from the TFTP server on the host server
•
nfs://SERVER/PATH
Mounts the path’s parent directory from the host server and loadsthe
image file from the loaded directory.
The accepts the same commands as the SWI variable in the boot-config file. See Section 6.2.1.2:
boot-config Command Line Content for a list of boot command formats.
If an image file is not specified in boot-config, or if booting the image results in an error condition (for
example, an incorrect path or unavailable HTTP server), Aboot halts the boot process and drops into the
shell.
Example
• To boot EOS.swi from internal flash, enter one of these commands on the Aboot command line:
boot flash:EOS.swi
boot /mnt/flash/EOS.swi.
User Manual: Version 4.15.2F
29 September 2015
353
Aboot Shell
6.5.5
Chapter 6 Booting the Switch
Commands
To list the contents of the internal flash, enter ls /mnt/flash at the Aboot# prompt.
Example
Aboot# ls /mnt/flash
EOS.swi boot-config startup-config
Commonly used commands include:
•
•
•
•
•
•
•
•
•
•
•
•
ls
cd
cp
more
vi
boot
swiinfo
recover
reboot
udhcpc
ifconfig
wget
Prints a list of the files in the current working directory.
Changes the current working directory.
Copies a file.
Prints the contents of a file one page at a time.
Edits a text file.
Boots a software image file.
Prints information about a software image.
Recovers the factory-default configuration.
Reboots the switch.
Configures a network interface automatically via DHCP.
Prints or alters network interface settings.
Downloads a file from an HTTP or FTP server.
Many Aboot shell commands are provided by Busybox, an open-source implementation of UNIX
utilities. Busybox command help is found at http://www.busybox.net/downloads/BusyBox.html. Aboot
provides access to only a subset of the documented commands.
Aboot can access networks through the Ethernet management ports. Aboot provides network interfaces
mgmt1 and mgmt2. These ports are unconfigured by default; you can configure management port
settings using Aboot shell commands like ifconfig and udhcpc. When a management interface is
configured, use wget to transfer files from an HTTP or FTP server, tftp to transfer files from a TFTP
server, or mount to mount an NFS filesystem.
354
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
6.6
Aboot Configuration Commands
Aboot Configuration Commands
This section describes the Aboot configuration commands that a boot-config file can contain.
•
•
•
•
SWI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONSOLESPEED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PASSWORD (ABOOT). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NET commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Manual: Version 4.15.2F
29 September 2015
Page 359
Page 356
Page 358
Page 357
355
Aboot Configuration Commands
Chapter 6 Booting the Switch
CONSOLESPEED
CONSOLESPEED specifies the console baud rate. To communicate with the switch, the connected
terminal must match the specified rate. Baud rates are 1200, 2400, 4800, 9600, 19200, or 38400.
The default baud rate is 9600.
Command Syntax
CONSOLESPEED=baud_rate
Parameters
•
baud_rate specifies the console speed. Values include 1200, 2400, 4800, 9600, 19200, or 38400
Examples
•
These lines are CONSOLESPEED command examples:
CONSOLESPEED=2400
CONSOLESPEED=19200
356
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Aboot Configuration Commands
NET commands
NET commands in the boot-config file are used by Aboot during switch booting to configure the
network interface that will be used for switch configuration. These commands can also be entered
manually in Aboot.
NETDEV indicates which network interface is being configured. If boot-config does not contain a
NETDEV setting, the booting process does not attempt to configure a network interface. Other NET
commands specify settings that Aboot uses to configure the interface.
Command Syntax
NETDEV=interface
NETAUTO=auto_setting
NETIP=interface_address
NETMASK=interface_mask
NETGW=gateway_address
NETDOMAIN=domain_name
NETDNS=dns_address
Parameters
•
interface
the network interface. Settings include:
— NETDEV=ma1
— NETDEV=ma2
•
auto_setting
management port 1.
management port 2.
the configuration method. Settings include
— NETAUTO=dhcp
are ignored.
interface is configured through a DHCP server; other NET commands
— NETAUTO command is omitted
•
interface_address
•
interface_mask
•
gateway_address
•
domain_name
•
dns_address
interface is configured with other NET commands,
interface IP address, in dotted-decimal notation.
interface subnet mask, in dotted-decimal notation.
default gateway IP address, in dotted decimal notation.
interface domain name.
IP address of the Domain Name Server, in dotted decimal notation.
Examples
•
This NETDEV command specifies management port 1 as the network interface to be configured for
management traffic.
NETDEV=ma1
•
This NETAUTO command instructs the switch to configure the network interface through a DHCP
server, ignoring other NET settings.
NETAUTO=dhcp
•
These NET commands configure the network interface.
NETIP=10.12.15.10
NETMASK=255.255.255.0
NETGW=10.12.15.24
NETDOMAIN=mycompany.com
NETDNS=10.12.15.13
User Manual: Version 4.15.2F
29 September 2015
357
Aboot Configuration Commands
Chapter 6 Booting the Switch
PASSWORD (ABOOT)
PASSWORD specifies the Aboot password, as described in Section 6.5.2: Accessing the Aboot Shell. If
boot-config does not contain a PASSWORD line, the Aboot shell does not require a password.
boot-config stores the password as an MD5-encrypted string as generated by the UNIX passwd program
or the crypt library function from a clear-text seed. When entering the Aboot password, the user types
the clear-text seed.
There is no method of recovering the password from the encrypted string. If the clear-text password is
lost, delete the corresponding PASSWORD command line from the boot-config file.
The EOS boot secret command is the recommended method of adding or modifying the PASSWORD
configuration line.
Command Syntax
PASSWORD=encrypted_string
Parameters
•
encrypted_string
the encrypted string that corresponds to the clear-text Aboot password.
Example
•
This line is a PASSWORD command example where the encrypted string corresponds with the
clear-text password abcde.
PASSWORD=$1$CdWp5wfe$pzNtE3ujBoFEL8vjcq7jo/
358
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Aboot Configuration Commands
SWI
SWI specifies the location and file name of the EOS image file that Aboot loads when booting, using the
same format as boot-config to designate a local or network path.
Command Syntax
SWI=FILE_LOCATION
Parameters
•
FILE_LOCATION
— device:path
specifies the location of the EOS image file. Formats include:
storage device location:
device denotes a storage device. Settings include flash, file and usb1. Default is flash.
path denotes a file location.
Examples
flash drive location
usb drive location.
switch directory location
— /path
switch directory location.
Example
SWI=/mnt/flash/EOS.swi
— http://server/path
Example
Example
TFTP server location.
SWI=tftp://foo.com/EOS.swi
— nfs://server/path
Example
FTP server location.
SWI=ftp://foo.com/images/EOS.swi
— tftp://server/path
Example
HTTP server location.
SWI=http://foo.com/images/EOS.swi
— ftp://server/path
User Manual: Version 4.15.2F
SWI=flash:EOS.swi
SWI=usb1:/EOS1.swi
SWI=file:/tmp/EOSexp.swi
imports path from server, then mounts parent directory of the path
SWI=nfs://foo.com/images/EOS.swi
29 September 2015
359
Switch Booting Commands
6.7
Switch Booting Commands
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
360
Chapter 6 Booting the Switch
boot console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
boot secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
erase startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
redundancy force-switchover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
reload <scheduled> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
service sequence-numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show redundancy file-replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show redundancy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show redundancy switchover sso . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show reload cause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29 September 2015
Page 361
Page 362
Page 364
Page 365
Page 366
Page 367
Page 368
Page 369
Page 371
Page 372
Page 373
Page 374
Page 375
Page 376
Page 377
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Switch Booting Commands
boot console
The boot console command configures terminal settings for serial devices connecting to the console
port. Console settings that you can specify from boot-config include:
•
speed
Factory-default console settings are 9600 baud, no parity, 8 character bits, and 1 stop bit. If you do not
know the current settings, restore the factory-default settings as described in Section 2.3.3: Restoring the
Factory Default EOS Image and Startup Configuration.
The no boot console and default boot console commands restore the factory default settings on the
switch and remove the corresponding CONSOLESPEED command from the boot-config file.
all
Command Mode
Global Configuration
Command Syntax
boot console speed baud
no boot console speed
default boot console speed
Parameters
•
baud
console baud rate. Settings include 1200, 2400, 4800, 9600, 19200, and 38400.
Example
•
This command sets the console speed to 4800 baud
switch(config)#boot console speed 4800
This code displays the result of the command:
switch(config)#show boot-config
Software image: flash:/EOS.swi
Console speed: 4800
Aboot password (encrypted): (not set)
The above boot console command adds the following line to boot-config.
CONSOLESPEED=4800
User Manual: Version 4.15.2F
29 September 2015
361
Switch Booting Commands
Chapter 6 Booting the Switch
boot secret
The boot secret command creates or edits the Aboot shell password and stores the encrypted string in
the PASSWORD command line of the boot-config file.
The no boot secret and default boot secret commands remove the Aboot password from the boot-config
file. When the Aboot password does not exist, entering Aboot shell does not require a password.
all
Command Mode
Global Configuration
Command Syntax
boot secret [ENCRYPT_TYPE] password
no boot secret
default boot secret
Parameters
•
ENCRYPT_TYPE indicates the encryption level of the password parameter. Settings include:
—
—
—
—
•
<no parameter> the password is clear text.
0 the password is clear text. Equivalent to the <no parameter> case.
5 the password is an md5 encrypted string.
sha512 the password is entered as an sha512 encrypted string.
password
specifies the boot password.
— password must be in clear text if ENCRYPT_TYPE specifies clear text.
— password must be an appropriately encrypted string if ENCRYPT_TYPE specifies encryption.
Restrictions
The sha512 encryption option is not available on Trident platform switches.
Examples
•
These equivalent commands set the Aboot password to xr19v:
switch(config)#boot secret xr19v
switch(config)#boot secret 0 xr19v
This CLI code displays the result:
switch(config)#show boot-config
Software image: flash:/EOS.swi
Console speed: (not set)
Aboot password (encrypted): $1$k9YHFW8D$cgM8DSN.e/yY0p3k3RUvk.
The boot secret commands above add this line to boot-config.
PASSWORD=$1$k9YHFW8D$cgM8DSN.e/yY0p3k3RUvk.
The user must enter xr19v at the login prompt to access the Aboot shell.
•
These commands set the Aboot password to xr123, then displays the resulting boot-config code. The
encrypted string was previously generated with xr123 as the clear-text seed.
switch(config)#boot secret 5 $1$QfbYkVWb$PIXG0udEquW0wOSiZBN3D/
switch(config)#show boot-config
Software image: flash:/EOS.swi
Console speed: (not set)
Aboot password (encrypted): $1$QfbYkVWb$PIXG0udEquW0wOSiZBN3D/
362
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Switch Booting Commands
The boot secret command above adds this line to boot-config.
PASSWORD=$1$QfbYkVWb$PIXG0udEquW0wOSiZBN3D/
The user must enter xr123 at the login prompt to access the Aboot shell.
•
This command removes the Aboot password, allowing access to the Aboot shell without a
password.
switch(config)#no boot secret
User Manual: Version 4.15.2F
29 September 2015
363
Switch Booting Commands
Chapter 6 Booting the Switch
boot system
The boot system command specifies the location of the EOS software image that Aboot loads when the
switch boots. The command can refer to files on flash or on a module in the USB flash port.
all
Command Mode
Global Configuration
Command Syntax
boot system DEVICE file_path
Parameters
•
DEVICE
Location of the image file. Options include
— file: file is located in the switch file directory.
— flash: file is located in flash memory.
— usb1: file is located on a drive inserted in the USB flash port. Available if a drive is in the port.
•
file_path
Path and name of the file.
Examples
•
This command designates EOS1.swi, on USB flash memory, as the EOS software image load file.
switch(config)#boot system usb1:EOS1.swi
The boot system command above adds this line to boot-config.
SWI=usb1:/EOS1.swi
•
This command designates EOS.swi, on the switch flash, as the EOS software image load file.
switch(config)#boot system flash:EOS.swi
The boot system command above adds this line to boot-config.
SWI=flash:/EOS.swi
364
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Switch Booting Commands
erase startup-config
The erase startup-config command erases or deletes the startup configuration.
all
Command Mode
Privileged EXEC
Command Syntax
erase startup-config [CONFIRMATION]
Parameters
•
CONFIRMATION
— <no parameter> the switch requires a confirmation before starting the erase.
— now the erase begins immediately without prompting the user to confirm the request.
Examples
•
This command deletes the startup configuration from the switch. When the erase startup-config
command is entered, the switch sends a message prompting the user to confirm the erase
startup-config request.
switch# erase startup-config
Proceed with erasing startup configuration? [confirm]
switch#
•
This command deletes the startup configuration from the switch immediately without prompting.
switch# erase startup-config now
switch#
User Manual: Version 4.15.2F
29 September 2015
365
Switch Booting Commands
Chapter 6 Booting the Switch
protocol
The protocol command configures how the supervisors on a modular switch will handle switchover
events. By default, the switch is set to route processor redundancy (RPR), which synchronizes
startup-config files between the supervisor modules and partially boots the standby supervisor. The
mode can also be set to simplex (manual switchover only) or to stateful switchover (SSO) which
synchronizes both startup-config and running-config files between the supervisor modules and fully
boots the standby module to speed the switchover process and minimize packet loss.
The no protocol and default protocol commands set the redundancy protocol to the default value (rpr)
by removing the protocol command from running-config.
Command Mode
Redundancy Configuration
Command Syntax
protocol PROTOCOL_NAME
no protocol
default protocol
Parameters
•
PROTOCOL_NAME
specifies the location of the image file. Settings include
— rpr route processor redundancy protocol (the default).
— simplex no redundancy. Switchover must be initiated manually.
— sso stateful switchover.
Related Commands
•
redundancy
Places switch in redundancy configuration mode.
Example
•
These commands enter redundancy configuration mode and set the redundancy protocol to
stateful switchover.
switch(config)#redundancy
switch(config-redundancy)#protocol sso
switch(config-redundancy)#
366
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Switch Booting Commands
redundancy
The redundancy command places the switch in redundancy configuration mode.
Command Mode
Global Configuration
Command Syntax
redundancy
Commands Available in Redundancy Configuration Mode
protocol
Related Commands
•
redundancy force-switchover
Manually initiates a switchover.
Example
•
These commands enter redundancy configuration mode and set the redundancy protocol to
stateful switchover.
switch(config)#redundancy
switch(config-redundancy)#protocol sso
switch(config-redundancy)#
User Manual: Version 4.15.2F
29 September 2015
367
Switch Booting Commands
Chapter 6 Booting the Switch
redundancy force-switchover
The redundancy force-switchover command immediately switches control of the switch to the standby
supervisor. If the redundancy mode is set to simplex or the standby supervisor is unavailable for any
other reason, this command will not function.
Command Mode
Privileged EXEC
Command Syntax
redundancy force-switchover
Related Commands
•
redundancy
Places the switch in redundancy configuration mode.
Example
•
This command forces a switchover to the standby supervisor. The switchover is executed
immediately without further confirmation from the user.
switch#redundancy force-switchover
This supervisor will be restarted.
368
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Switch Booting Commands
reload
The reload command power cycles the switch, then resets it under Aboot control. The hard reset clears
the switch, including memory states and other hardware logic.
Important The reload commands are used to iniate Accelerated Switch Update (ASU) and Smart Switch Update
(SSU); for descriptions of these features and the appropriate command syntax, please refer to the
Accelerated Software Upgrade (ASU) and Leaf Smart System Upgrade (Leaf SSU) sections.
•
Fixed 1-RU systems: The power supply remains powered up through the reset. Power is removed
from all other switch components for two to five seconds.
•
Modular systems: The power supply on the active supervisor remains powered up through the
reset. Power is removed from all other supervisor components for at least one second. After the
supervisor becomes functional, it manages the power-cycling of all line cards.
all
Command Mode
Privileged EXEC
Command Syntax
reload [TARGET] [CONFIRMATION]
Parameters
•
TARGET specifies which supervisor(s) will be reset. Some options are available only on
dual-supervisor switches.
—
—
—
—
•
<no parameter> the active supervisor is reset.
all both supervisors are reset.
peer the peer supervisor is reset.
power the active supervisor is reset.
CONFIRMATION
specifies when the switch resets.
— <no parameter> the switch requires a confirmation before starting the reset.
— now the reset begins immediately without prompting the user to confirm the request.
Related Commands
•
•
reload <scheduled> Schedules a pending reload operation.
show reload cause Displays cause of most recent reload.
Example
•
Begin the reboot process by typing the reload command:
switch#reload
When the reload command is entered, the switch sends a message prompting the user to save the
configuration if it contains unsaved modifications, then asks the user to confirm the reload request.
System configuration has been modified. Save? [yes/no/cancel/diff]:n
Proceed with reload? [confirm]
User Manual: Version 4.15.2F
29 September 2015
369
Switch Booting Commands
Chapter 6 Booting the Switch
The switch responds by broadcasting a series of messages, including a notification that the system
is being rebooted, to all open CLI instances. The reload pauses to provide an option for the user to
enter Aboot shell; the Aboot shell supports commands that restore the state of the internal flash to
factory defaults or create a customized default state.
Broadcast message from root@mainStopping sshd: [
SysRq : Remount R/O
Restarting system
OK
]
Aboot 1.9.0-52504.EOS2.0
Press Control-C now to enter Aboot shell
No action is required to continue the reset process. The switch displays messages to indicate the
completion of individual tasks. The reboot is complete when the CLI displays a login prompt.
Booting flash:/EOS.swi
Unpacking new kernel
Starting new kernel
Switching to rooWelcome to Arista Networks EOS 4.4.0
Mounting filesystems: [ OK ]
Entering non-interactive startup
Starting EOS initialization stage 1: [ OK ]
ip6tables: Applying firewall rules: [ OK ]
iptables: Applying firewall rules: [ OK ]
iptables: Loading additional modules: nf_conntrack_tftp [
Starting system logger: [ OK ]
Starting system message bus: [ OK ]
Starting NorCal initialization: [ OK ]
Starting EOS initialization stage 2: [ OK ]
Starting ProcMgr: [ OK ]
Completing EOS initialization: [ OK ]
Starting Power On Self Test (POST): [ OK ]
Generating SSH2 RSA host key: [ OK ]
Starting isshd: [ OK ]
Starting sshd: [ OK ]
Starting xinetd: [ OK ]
[ OK ] crond: [ OK ]
OK
]
switch login:
370
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Switch Booting Commands
reload <scheduled>
The reload <scheduled> command configures the switch to reset at a specified time or after a specified
interval. Refer to reload for details on the functional details of the reset operation.
The switch prompts to save the configuration and confirm the reload request. After the request is
confirmed, the switch resumes normal operation until the reload initiates.
The reload cancel, no reload, and default reload commands cancel the pending reload operation.
all
Command Mode
Privileged EXEC
Command Syntax
reload [power] TIMEFRAME [COMMENT]
reload cancel
no reload
default reload
Parameters
•
power
•
TIMEFRAME
specifies when the switch resets.
— at absolute
— in relative
specifies the time when a reset begins.
specifies the period until the reset begins.
Parameter has no functional affect.
absolute denotes time-date (24-hour notation): hh:mm [month date] or hh:mm [date month]
relative designates a time period: hhh:mm
•
COMMENT descriptive text for denoting the reset reason. This option has no functional effect on
the reset operation.
— <no parameter> reason for system reset is not stated.
— reason comment_string text that describes the reset.
Related Commands
reload Initiate an immediate reload operation.
show reload Displays time and reason of any pending reload operation.
Examples
•
This command schedules a switch reset to begin in twelve hours.
switch#reload in 12:00
System configuration has been modified. Save? [yes/no/cancel/diff]:y
Proceed with reload? [confirm]
Reload scheduled for Tue Mar 27 05:57:25 2012 ( in 11 hours 59 minutes )
•
This command cancels a scheduled switch reset.
switch#no reload
Scheduled reload has been cancelled
switch#
User Manual: Version 4.15.2F
29 September 2015
371
Switch Booting Commands
Chapter 6 Booting the Switch
service sequence-numbers
The service sequence-numbers command causes the sequence numbers of syslog messages to be visible
when the messages are displayed.
The no service sequence-numbers and default service sequence-numbers commands remove the
service sequence-numbers command from running-config.
all
Command Mode
Global Configuration
Command Syntax
service sequence-numbers
no service sequence-numbers
default service sequence-numbers
Examples
•
This command enables sequence numbering that can been seen when syslog messages are
displayed.
switch(config)#service sequence-numbers
switch(config)#
•
To display the service sequence number, issue the show logging command.
switch#show logging
Syslog logging: enabled
Buffer logging: level debugging
Console logging: level informational
Synchronous logging: disabled
Trap logging: level informational
Sequence numbers: enabled
Syslog facility: local4
Hostname format: Hostname only
Repeat logging interval: disabled
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Log Buffer:
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Nov 12 14:03:34 switch1 SuperServer: 1: %SYS-7-CLI_SCHEDULER_LOG_STORED: Logfile
for scheduled CLI execution job 'tech-support' is stored in
flash:/schedule/tech-support/tech-support_2012-11-12.1402.log.gz
Nov 12 14:06:52 switch1 Cli: 2: %SYS-5-CONFIG_I: Configured from console by admin
on con0 (0.0.0.0)
Nov 12 14:07:26 switch1 Cli: 3: %SYS-5-CONFIG_E: Enter configuration mode from
console by admin on con0 (0.0.0.0)
Nov 12 14:14:29 switch1 Cli: 4: %SYS-5-CONFIG_I: Configured from console by admin
on con0 (0.0.0.0)
Nov 12 14:15:55 switch1 Cli: 5: %SYS-5-CONFIG_E: Enter configuration mode from
console by admin on con0 (0.0.0.0)
Nov 12 14:33:05 switch1 Cli: 6: %SYS-5-CONFIG_I: Configured from console by admin
on con0 (0.0.0.0)
Nov 12 14:45:13 switch1 Cli: 7: %SYS-5-CONFIG_E: Enter configuration mode from
console by admin on con0 (0.0.0.0)
switch#
372
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Switch Booting Commands
show redundancy file-replication
The show redundancy file-replication command displays the status and last synchronization date of
file replication between the supervisors on the switch.
Command Mode
EXEC
Command Syntax
show redundancy file-replication
Related Commands
•
•
show redundancy states Displays status and redundancy protocol of supervisors.
show redundancy switchover sso Displays stateful switchover information since last reload.
Example
•
This command displays the current file replication status of the supervisors.
switch#show redundancy file-replication
0 files unsynchronized, 2 files synchronized, 0 files failed, 2 files total.
File
---------------------file:persist/sys
flash:startup-config
switch#
User Manual: Version 4.15.2F
Status
-------------Synchronized
Synchronized
Last Synchronized
----------------------25 days, 19:48:26 ago
25 days, 19:48:26 ago
29 September 2015
373
Switch Booting Commands
Chapter 6 Booting the Switch
show redundancy states
The show redundancy states command displays the current status (active or standby) and the
configured redundancy protocol of both supervisors, as well as summary information about the latest
switchover event.
Command Mode
EXEC
Command Syntax
show redundancy states
Related Commands
•
•
show redundancy file-replication
show redundancy switchover sso
Displays status of file replication between supervisors.
Displays stateful switchover information since last reload.
Example
•
This command displays redundancy information for both supervisors and a summary of the latest
switchover.
switch#show redundancy states
my state = ACTIVE
peer state = STANDBY HOT
Unit = Secondary
Unit ID = 2
Redundancy Protocol (Operational) = Stateful Switchover
Redundancy Protocol (Configured) = Stateful Switchover
Communications = Up
Ready for switchover
Last switchover time = 25 days, 19:51:34 ago
Last switchover reason = Other supervisor stopped sending heartbeats
374
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Switch Booting Commands
show redundancy switchover sso
The show redundancy switchover sso command displays the number of stateful switchovers since the
last reload and a log of the events in the latest stateful switchover.
Command Mode
EXEC
Command Syntax
show redundancy switchover sso
Related Commands
•
•
show redundancy file-replication Displays status of file replication between supervisors.
show redundancy states Displays status and redundancy protocol of supervisors.
Example
•
This command displays stateful switchover information.
switch#show redundancy switchover sso
Total number of Stateful Switchover completed since reload: 4
Latest Stateful Switchover occured 29 days, 12:48:22 ago @ 2012-06-09 19:47:50
(completed)
0.000000: switchover started
0.000235: stage PCIEAcquired started
0.000349:
event PCIEAcquired:__dummyInternal1__ completed
0.000394:
event PCIEAcquired:PlxPcie-system started
0.027738:
event PCIEAcquired:PlxPcie-system completed
0.027829: stage PCIEAcquired is complete
0.027935: stage DmaReady started
0.028042:
event DmaReady:ForwardingAgent started
0.079620:
event DmaReady:ForwardingAgent completed
0.079699: stage DmaReady is complete
0.079781: stage TimeCriticalServices started
0.079887:
event TimeCriticalServices:__dummyInternal1__ completed
0.079928:
event TimeCriticalServices:Stp started
0.208035:
event TimeCriticalServices:Stp completed
0.208120: stage TimeCriticalServices is complete
<-------OUTPUT OMITTED FROM EXAMPLE-------->
39.675076: stage NonCriticalServices started
39.675145:
event NonCriticalServices:__dummyInternal1__ completed
39.675183: stage NonCriticalServices is complete
39.675399: switchover is complete
User Manual: Version 4.15.2F
29 September 2015
375
Switch Booting Commands
Chapter 6 Booting the Switch
show reload
The show reload command displays the time and reason of any pending reload operation. The reload
<scheduled> command schedules a reload operation and can be used to cancel a pending reload.
all
Command Mode
EXEC
Command Syntax
show reload
Related Commands
•
•
reload <scheduled> Schedules a pending reload operation.
show reload cause Displays cause of most recent reload.
Example
•
These commands schedule a reload for 2:45 pm, display the time of the pending reload, then cancel
the scheduled reload.
switch>reload at 14:45
Proceed with reload? [confirm]
Reload scheduled for Tue Mar 27 14:45:00 2012 ( in 4 hours 11 minutes )
switch#show reload
Reload scheduled for Tue Mar 27 14:45:00 2012 ( in 4 hours 11 minutes )
switch#reload cancel
Scheduled reload has been cancelled
switch>
376
29 September 2015
User Manual: Version 4.15.2F
Chapter 6 Booting the Switch
Switch Booting Commands
show reload cause
The show reload cause command displays the reason of the most recent reload operation. The
command displays recommended actions and debug information related to the executed reload.
all
Command Mode
EXEC
Command Syntax
show reload cause
Related Commands
•
•
reload Initiates an immediate reload operation.
show reload Displays time and reason of all pending reload operations.
Example
•
This command displays the cause of the recent reload operation.
switch>show reload cause
Reload Cause 1:
------------------Reload requested by the user.
Recommended Action:
------------------No action necessary.
Debugging Information:
---------------------None available.
switch>
User Manual: Version 4.15.2F
29 September 2015
377
Switch Booting Commands
378
Chapter 6 Booting the Switch
29 September 2015
User Manual: Version 4.15.2F
Chapter 7
Upgrades and Downgrades
This chapter describes the procedures for upgrading or downgrading the switch software.
This chapter contains these sections:
•
•
•
•
•
7.1
Section 7.1: Upgrade/Downgrade Overview
Section 7.2: Accelerated Software Upgrade (ASU)
Section 7.3: Leaf Smart System Upgrade (Leaf SSU)
Section 7.4: Standard Upgrades and Downgrades
Section 7.5: Upgrade/Downgrade Commands
Upgrade/Downgrade Overview
Upgrading or downgrading Arista switch software is accomplished by replacing the EOS image and
reloading the switch. Depending on the switch model and the software change being made, there are
different options for minimizing (or potentially eliminating) downtime and packet loss during the
upgrade/downgrade.
Accelerated Software Upgrade (ASU): ASU is available on the 7050SX-64, 7050SX-128, 7050Q-32, and
7050Q-32S and can be used on both leaf and spine switches. It significantly reduces reload time by
streamlining and optimizing the reload procedure for upgrades, and continues sending LACP PDUs
while the CPU is rebooting, keeping port channels operational during the reload. Downtime during the
upgrade is reduced to 30 seconds. Note: ASU does not support software downgrades.
Leaf Smart System Upgrade (Leaf SSU): SSU is available only on 7050X platforms (excluding 7050SX-72
and 7050SX-96), and can only be used on leaf switches. It includes the core functionality of ASU, plus
additional elements that permit a hitless restart of several features. SSU does not support software
downgrades, and is incompatible with VRRP.
Standard Upgrades and Downgrades: In those cases where an accelerated upgrade is not an option
(such as software downgrades and unsupported platforms), performing a standard upgrade or
downgrade using the steps described here will minimize downtime and packet loss.
Important To upgrade the software on switches participating in an MLAG, see Section 11.3.3: Upgrading MLAG
Peers.
User Manual: Version 4.15.2F
29 September 2015
379
Accelerated Software Upgrade (ASU)
7.2
Chapter 7 Upgrades and Downgrades
Accelerated Software Upgrade (ASU)
The Accelerated Software Upgrade (ASU) process significantly decreases downtime and packet loss
during a software upgrade in three ways:
•
performing time-intensive tasks (including copying the EOS image) before rebooting the
control plane
•
forwarding packets in hardware (based on the last known state) while the control-plane is
offline
•
optimizing the boot process by performing only tasks essential for software upgrade
After the control plane has fully loaded, the data plane is restarted, causing approximately 30 seconds
of downtime.
7.2.1
Upgrading the EOS image with Accelerated Software Upgrade
Using ASU to upgrade the active EOS image is a five-step process:
1.
2.
3.
4.
5.
7.2.1.1
Prepare switch for upgrade (Section 7.2.1.1).
Transfer image file to the switch (Section 7.2.1.2). (Not required if desired file is on the switch).
Modify boot-config file to point to the desired image file (Section 7.2.1.3).
Start the ASU process (Section 7.2.1.4).
Verify that switch is running the new image (Section 7.2.1.5).
Prepare the Switch
Before upgrading the EOS image, ensure that backup copies of the currently running EOS version and
the running-config file are available in case of corruption during the upgrade process. To copy the
running-config file, use the copy running-config command. In this example, running-config is copied to
a file in the flash drive on the switch.
switch#copy running-config flash:/cfg_06162014
Copy completed successfully.
switch#
Determine the size of the new EOS image. Then verify that there is enough space available on the flash
drive for two copies of this image (use the dir command to check the “bytes free” figure).
switch#dir flash:
Directory of flash:/
-rwx
293168526
-rwx
36
-rwx
37339
Nov 4 22:17
Nov 8 10:24
Jun 16 14:18
EOS4.11.0.swi
boot-config
cfg_06162014
<-------OUTPUT OMITTED FROM EXAMPLE-------->
606638080 bytes total (602841088 bytes free)
Ensure that the switch has a management interface configured with an IP addresses and default
gateway (see Assigning an IP Address to a Specific Ethernet Management Port and Configuring a
Default Route to the Gateway), and confirm that it can be reached through the network by using the
show interfaces status command and pinging the default gateway.
switch#show interfaces status
Port
Name
Status
Et3/1
notconnect
380
Vlan
1
29 September 2015
Duplex
auto
Speed Type
auto 1000BASE-T
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
Accelerated Software Upgrade (ASU)
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ma1/1
connected
routed
unconf unconf Unknown
switch#ping 1.1.1.10
PING 172.22.26.1 (172.22.26.1) 72(100) bytes of data.
80 bytes from 1.1.1.10: icmp_seq=1 ttl=64 time=0.180 ms
80 bytes from 1.1.1.10: icmp_seq=2 ttl=64 time=0.076 ms
80 bytes from 1.1.1.10: icmp_seq=3 ttl=64 time=0.084 ms
80 bytes from 1.1.1.10: icmp_seq=4 ttl=64 time=0.073 ms
80 bytes from 1.1.1.10: icmp_seq=5 ttl=64 time=0.071 ms
7.2.1.2
Transfer the Image File
The target image must be copied to the file system on the switch, typically onto the flash drive. After
verifying that there is space for two copies of the image, use the copy command to copy the image to
the flash drive, then confirm that the new image file has been correctly transferred.
These command examples transfer an image file to the flash drive from various locations.
USB Memory
Command
copy usb1:/sourcefile flash:/destfile
Example
Sch#copy usb1:/EOS-4.14.4.swi flash:/EOS-4.14.4.swi
FTP Server
Command
copy ftp:/ftp-source/sourcefile flash:/destfile
Example
Sch#copy ftp:/user:password@10.0.0.3/EOS-4.14.4.swi flash:/EOS-4.14.4.swi
SCP
Command
copy scp://scp-source/sourcefile flash:/destfile
Example
sch#copy scp://user@10.1.1.8/user/EOS-4.14.4.swi flash:/EOS-4.14.4.swi
HTTP
Command
copy http://http-source/sourcefile flash:/destfile
Example
sch#copy http://10.0.0.10/EOS-4.14.4.swi flash:/EOS-4.14.4.swi
User Manual: Version 4.15.2F
29 September 2015
381
Accelerated Software Upgrade (ASU)
Chapter 7 Upgrades and Downgrades
Once the file has been transferred, verify that it is present in the directory, then confirm the MD5
checksum using the verify command. The MD5 checksum is available from the EOS download page of
the Arista website.
switch#dir flash:
Directory of flash:/
-rwx
293168526
-rwx
36
-rwx
37339
-rwx
394559902
Nov
Nov
Jun
May
4 22:17
8 10:24
16 14:18
30 02:57
EOS4.14.2.swi
boot-config
cfg_06162014
EOS-4.13.1.swi
<-------OUTPUT OMITTED FROM EXAMPLE-------->
606638080 bytes total (208281186 bytes free)
switch#53#verify /md5 flash:EOS-4.14.4.swi
verify /md5 (flash:EOS-4.14.4.swi) =c277a965d0ed48534de6647b12a86991
7.2.1.3
Modify boot-config
After transferring and confirming the desired image file, use the boot system command to update the
boot-config file to point to the new EOS image.
This command changes the boot-config file to point to the image file located in flash memory at
EOS-4.14.4.swi.
switch#configure terminal
switch(config)#boot system flash:/EOS-4.14.4.swi
Use the show boot-config command to verify that the boot-config file is correct:
switch(config)#show boot-config
Software image: flash:/EOS-4.14.4.swi
Console speed: (not set)
Aboot password (encrypted): $1$ap1QMbmz$DTqsFYeauuMSa7/Qxbi2l1
Save the configuration to the startup-config file with the write command.
switch#write
7.2.1.4
Start the ASU Process
After updating the boot-config file, start the ASU process using the reload fast-boot command to reload
the switch and activate the new image. The CLI will prompt to save any modifications to the system
configuration, and request confirmation before reloading.
switch#reload fast-boot
System configuration has been modified. Save? [yes/no/cancel/diff]:y
382
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
7.2.1.5
Accelerated Software Upgrade (ASU)
Verify
After the switch finishes reloading, log into the switch and use the show version command to confirm
the correct image is loaded. The Software image version line displays the version of the active image file.
switch#show version
Arista DCS-7150S-64-CL-F
Hardware version:
01.01
Serial number:
JPE13120819
System MAC address: 001c.7326.fd0c
Software image version: 4.14.4F
Architecture:
i386
Internal build version: 4.14.4F-1649184.4144F.2
Internal build ID:
eeb3c212-b4bd-4c19-ba34-1b0aa36e43f1
Uptime:
Total memory:
Free memory:
14 hours and 48 minutes
4017088 kB
1569760 kB
switch>
User Manual: Version 4.15.2F
29 September 2015
383
Leaf Smart System Upgrade (Leaf SSU)
7.3
Chapter 7 Upgrades and Downgrades
Leaf Smart System Upgrade (Leaf SSU)
The Smart System Upgrade (SSU) process includes the core functionality of Accelerated Software
Upgrade, plus additional optimizations that permit a hitless restart of several features. SSU leverages
protocols capable of graceful restart to minimize traffic loss during upgrade. For protocols not capable
of graceful restart, SSU generates control plane messages and and buffers them in hardware to be slowly
released when the control plane is offline. Additionally, under SSU, the forwarding ASIC does not get
reset and ports do not flap.
Features capable of hitless restart under SSU include:
•
QinQ
•
802.3ad Link Aggregation/LACP
•
802.3x flow control
•
private VLANs
•
BGP (BGP graceful restart must be enabled: see Configuring BGP)
•
MP-BGP (BGP graceful restart must be enabled: see Configuring BGP)
•
128-way Equal Cost Multipath Routing (ECMP)
•
VRF
•
route maps
•
L2 MTU
•
QoS
Important SSU is not compatible with VRRP. If VRRP is configured on the switch, another upgrade method must
be used.
7.3.1
Upgrading the EOS image with Smart System Upgrade
Using SSU to upgrade the active EOS image is a five-step process:
1.
2.
3.
4.
5.
7.3.1.1
Prepare switch for upgrade (Section 7.3.1.1).
Transfer image file to the switch (Section 7.3.1.2). (Not required if desired file is on the switch).
Modify boot-config file to point to the desired image file (Section 7.3.1.3).
Start the SSU process (Section 7.3.1.4).
Verify that the upgrade was successful (Section 7.3.1.5).
Prepare the Switch
Preparation of the switch for SSU includes:
384
•
Backing Up Critical Software
•
Making Room on the Flash Drive
•
Verifying Connectivity
•
Verifying Configuration
•
Configuring BGP
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
Leaf Smart System Upgrade (Leaf SSU)
Backing Up Critical Software
Before upgrading the EOS image, ensure that copies of the currently running EOS version and the
running-config file are available in case of corruption during the upgrade process. To copy the
running-config file, use the copy running-config command. In this example, running-config is copied to
a file in the flash drive on the switch.
switch#copy running-config flash:/cfg_06162014
Copy completed successfully.
switch#
Making Room on the Flash Drive
Determine the size of the new EOS image. Then verify that there is enough space available on the flash
drive for two copies of this image, plus a recommended 240MB (if available) for diagnostic information
in case of a fatal error. Use the dir command to check the “bytes free” figure.
switch#dir flash:
Directory of flash:/
-rwx
293168526
-rwx
36
-rwx
37339
Nov 4 22:17
Nov 8 10:24
Jun 16 14:18
EOS4.11.0.swi
boot-config
cfg_06162014
<-------OUTPUT OMITTED FROM EXAMPLE-------->
606638080 bytes total (602841088 bytes free)
Verifying Connectivity
Ensure that the switch has a management interface configured with an IP addresses and default
gateway (see Assigning an IP Address to a Specific Ethernet Management Port and Configuring a
Default Route to the Gateway), and confirm that it can be reached through the network by using the
show interfaces status command and pinging the default gateway.
switch#show interfaces status
Port
Name
Status
Et3/1
notconnect
Vlan
1
Duplex
auto
Speed Type
auto 1000BASE-T
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ma1/1
connected
routed
unconf unconf Unknown
switch#ping 1.1.1.10
PING 172.22.26.1 (172.22.26.1) 72(100) bytes of data.
80 bytes from 1.1.1.10: icmp_seq=1 ttl=64 time=0.180 ms
80 bytes from 1.1.1.10: icmp_seq=2 ttl=64 time=0.076 ms
80 bytes from 1.1.1.10: icmp_seq=3 ttl=64 time=0.084 ms
80 bytes from 1.1.1.10: icmp_seq=4 ttl=64 time=0.073 ms
80 bytes from 1.1.1.10: icmp_seq=5 ttl=64 time=0.071 ms
Verifying Configuration
Verify that the switch configuration is valid for SSU by using the show reload hitless command. If parts
of the configuration are blocking execution of SSU, an error message will be displayed explaining what
they are. For SSU to proceed, the configuration conflicts must be corrected before issuing the reload
hitless command.
switch#show reload hitless
switch#'reload hitless' cannot proceed due to the following:
Spanning-tree portfast is not enabled for one or more ports
Spanning-tree BPDU guard is not enabled for one or more ports
switch#
User Manual: Version 4.15.2F
29 September 2015
385
Leaf Smart System Upgrade (Leaf SSU)
Chapter 7 Upgrades and Downgrades
Configuring BGP
For hitless restart of BGP and MP-BGP, BGP graceful restart must first be enabled using the
graceful-restart command. The default restart time value (300 seconds) is appropriate for most
configurations.
The BGP configuration mode in which the graceful-restart command is issued determines which BGP
connections will restart gracefully.
•
For all BGP connections, use the graceful-restart command in BGP configuration mode:
switch#config
switch(config)#router bgp 64496
switch(config-router-bgp)#graceful-restart
switch(config-router-bgp)#
•
For all BGP connections in a specific VRF, use the graceful-restart command in BGP VRF
configuration mode:
switch#config
switch(config)#router bgp 64496
switch(config-router-bgp)#vrf purple
switch(config-router-bgp-vrf-purple)#graceful-restart
switch(config-router-bgp-vrf-purple)#exit
switch(config-router-bgp)#
•
For all BGP connections in a specific BGP address family, use the graceful-restart command
in BGP address-family configuration mode:
switch#config
switch(config)#router bgp 64496
switch(config-router-bgp)#address-family ipv6
switch(config-router-bgp-af)#graceful-restart
switch(config-router-bgp-af)#exit
switch(config-router-bgp)#
BGP graceful restart can also be configured for a specific interface.
7.3.1.2
Transfer the Image File
The target image must be copied to the file system on the switch, typically onto the flash drive. After
verifying that there is space for two copies of the image plus an optional 240MB for diagnostic
information, use the copy command to copy the image to the flash drive, then confirm that the new
image file has been correctly transferred.
These command examples transfer an image file to the flash drive from various locations.
USB Memory
Command
copy usb1:/sourcefile flash:/destfile
Example
Sch#copy usb1:/EOS-4.14.4.swi flash:/EOS-4.14.4.swi
FTP Server
Command
copy ftp:/ftp-source/sourcefile flash:/destfile
Example
Sch#copy ftp:/user:password@10.0.0.3/EOS-4.14.4.swi flash:/EOS-4.14.4.swi
386
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
Leaf Smart System Upgrade (Leaf SSU)
SCP
Command
copy scp://scp-source/sourcefile flash:/destfile
Example
sch#copy scp://user@10.1.1.8/user/EOS-4.14.4.swi flash:/EOS-4.14.4.swi
HTTP
Command
copy http://http-source/sourcefile flash:/destfile
Example
sch#copy http://10.0.0.10/EOS-4.14.4.swi flash:/EOS-4.14.4.swi
Once the file has been transferred, verify that it is present in the directory, then confirm the MD5
checksum using the verify command. The MD5 checksum is available from the EOS download page of
the Arista website.
switch#dir flash:
Directory of flash:/
-rwx
293168526
-rwx
36
-rwx
37339
-rwx
394559902
Nov
Nov
Jun
May
4 22:17
8 10:24
16 14:18
30 02:57
EOS4.14.2.swi
boot-config
cfg_06162014
EOS-4.13.1.swi
<-------OUTPUT OMITTED FROM EXAMPLE-------->
606638080 bytes total (208281186 bytes free)
switch#53#verify /md5 flash:EOS-4.14.4.swi
verify /md5 (flash:EOS-4.14.4.swi) =c277a965d0ed48534de6647b12a86991
7.3.1.3
Modify boot-config
After transferring and confirming the desired image file, use the boot system command to update the
boot-config file to point to the new EOS image.
This command changes the boot-config file to point to the image file located in flash memory at
EOS-4.14.4.swi.
switch#configure terminal
switch(config)#boot system flash:/EOS-4.14.4.swi
Use the show boot-config command to verify that the boot-config file is correct:
switch(config)#show boot-config
Software image: flash:/EOS-4.14.4.swi
Console speed: (not set)
Aboot password (encrypted): $1$ap1QMbmz$DTqsFYeauuMSa7/Qxbi2l1
Save the configuration to the startup-config file with the write command.
switch#write
7.3.1.4
Start the SSU Process
After updating the boot-config file, verify that your configuration supports SSU (if you have not already
done so) by using the show reload hitless command. If parts of the configuration are blocking execution
of SSU, an error message will be displayed explaining what they are.
User Manual: Version 4.15.2F
29 September 2015
387
Leaf Smart System Upgrade (Leaf SSU)
Chapter 7 Upgrades and Downgrades
switch#show reload hitless
switch#'reload hitless' cannot proceed due to the following:
Spanning-tree portfast is not enabled for one or more ports
Spanning-tree BPDU guard is not enabled for one or more ports
Then start the SSU process using the reload hitless command to reload the switch and activate the new
image. The CLI will identify any changes that must be made to the configuration before starting SSU,
prompt to save any modifications to the system configuration, and request confirmation before
reloading.
switch#reload hitless
System configuration has been modified. Save? [yes/no/cancel/diff]:y
Copy completed successfully.
Proceed with reload? [confirm]y
Important Any configuration changes must be saved for SSU to continue. However, once the upgrade has begun,
no changes should be made to the configuration until the “LAUNCHER-6-BOOT_STATUS: 'reload
hitless' reconciliation complete.” syslog message has been generated by the switch.
7.3.1.5
Verify Success of the Upgrade
Before making any configuration changes to the switch after reload, verify that the SSU process is
complete using the command show boot stages log. If the process is complete, the last message should
be “Asu Hitless boot stages complete.”
switch#show boot stages log
Timestamp
Delta Begin Msg
2015-03-28 15:18:30 000.000000 Asu Hitless boot stages started
2015-03-28 15:18:30 000.069732 stage CriticalAgent started
2015-03-28 15:18:30 000.069811
event CriticalAgent:SuperServer completed
<-------OUTPUT OMITTED FROM EXAMPLE-------->
2015-03-28 15:20:20 110.224504 stage BootSanityCheck is complete
2015-03-28 15:20:20 110.225439 Asu Hitless boot stages complete
switch#
Completion of the SSU process may also be verified by checking the syslog for the following message:
LAUNCHER-6-BOOT_STATUS: 'reload hitless' reconciliation complete
To verify whether the SSU upgrade was successful, use the show reload cause command. If a fatal error
occurred during the upgrade process, the switch will have completely rebooted and the fatal error will
be displayed along with the directory in which diagnostic information can be found. If the SSU upgrade
succeeded, it will read “Hitless reload requested by the user.”
388
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
Leaf Smart System Upgrade (Leaf SSU)
Fatal Error Display
switch#show reload cause
Reload Cause 1:
------------------Reload requested by the user.
Reload Time:
-----------Reload occurred at Sat Feb 28 02:34:26 2015 PST.
Recommended Action:
------------------No action necessary.
Debugging Information:
---------------------None available.
Reload Cause 2:
------------------Fatal error during 'reload hitless'. (stageMgr - LinkStatusUpdate timed out)
Reload Time:
-----------Reload occurred at Sat Feb 28 02:33:54 2015 PST.
Recommended Action:
------------------A fatal error occurred during hitless reload.
If the problem persists, contact your customer support representative.
Debugging Information:
---------------------/mnt/flash/persist/fatalError-2015-02-28_023355
switch#
Successful Upgrade Display
switch#show reload cause
Reload Cause 1:
------------------Hitless reload requested by the user.
Reload Time:
-----------Reload occurred at Wed Mar 25 14:49:04 2015 PDT.
Recommended Action:
------------------No action necessary.
Debugging Information:
---------------------None available.
switch#
User Manual: Version 4.15.2F
29 September 2015
389
Leaf Smart System Upgrade (Leaf SSU)
Chapter 7 Upgrades and Downgrades
The show version command will confirm whether the correct image is loaded. The Software image
version line displays the version of the active image file.
switch#show version
Arista DCS-7050QX-32-F
Hardware version:
02.00
Serial number:
JPE14071098
System MAC address: 001c.7355.556f
Software image version: 4.14.5F-2353054.EOS4145F
Architecture:
i386
Internal build version: 4.14.5F-2353054.EOS4145F
Internal build ID:
e8748ea7-916d-4217-878f-4bfe2adc7122
Uptime:
Total memory:
Free memory:
4 minutes
3981328 kB
1342408 kB
switch#
Important If a fatal error occurs during the SSU process, the new EOS image will still be loaded and booted.
390
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
7.4
Standard Upgrades and Downgrades
Standard Upgrades and Downgrades
Standard software upgrades and downgrades on Arista switches are accomplished by installing a
different EOS image and reloading the switch. On switches with redundant supervisors, the EOS image
must be installed on both supervisors. Using the procedure described below will minimize packet loss
during a standard upgrade or downgrade.
These sections describe standard switch upgrade and downgrade procedures
•
•
7.4.1
Section 7.4.1: Upgrading or Downgrading the EOS on a Single-Supervisor Switch
Section 7.4.2: Upgrading or Downgrading the EOS on a Dual-Supervisor Switch
Upgrading or Downgrading the EOS on a Single-Supervisor Switch
Modifying the active EOS image is a five-step process:
1.
2.
3.
4.
5.
7.4.1.1
Prepare switch for upgrade (Section 7.4.1.1).
Transfer image file to the switch (Section 7.4.1.2). (Not required if desired file is on the switch).
Modify boot-config file to point to the desired image file (Section 7.4.1.3).
Reload switch (Section 7.4.1.4).
Verify that switch is running the new image (Section 7.4.1.5).
Prepare the Switch
Before upgrading the EOS image, ensure that backup copies of the currently running EOS version and
the running-config file are available in case of corruption during the upgrade process. To copy the
running-config file, use the copy running-config command. In this example, running-config is copied to
a file in the flash drive on the switch.
switch#copy running-config flash:/cfg_06162014
Copy completed successfully.
switch#
Determine the size of the new EOS image and verify that there is space available for it on the flash drive,
using the dir command to check the “bytes free” figure.
switch#dir flash:
Directory of flash:/
-rwx
293168526
-rwx
36
-rwx
37339
Nov 4 22:17
Nov 8 10:24
Jun 16 14:18
EOS4.11.0.swi
boot-config
cfg_06162014
<-------OUTPUT OMITTED FROM EXAMPLE-------->
606638080 bytes total (602841088 bytes free)
Ensure that the switch has a management interface configured with an IP addresses and default
gateway (see Assigning an IP Address to a Specific Ethernet Management Port and Configuring a
Default Route to the Gateway), and confirm that it can be reached through the network by using the
show interfaces status command and pinging the default gateway. To configure a virtual IP address to
access the active supervisor on a modular switch, see also Assigning a Virtual IP Address to Access the
Active Ethernet Management Port.
switch#show interfaces status
Port
Name
Status
Et3/1
notconnect
User Manual: Version 4.15.2F
Vlan
1
29 September 2015
Duplex
auto
Speed Type
auto 1000BASE-T
391
Standard Upgrades and Downgrades
Chapter 7 Upgrades and Downgrades
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ma1/1
connected
routed
unconf unconf Unknown
switch#ping 1.1.1.10
PING 172.22.26.1 (172.22.26.1) 72(100) bytes of data.
80 bytes from 1.1.1.10: icmp_seq=1 ttl=64 time=0.180 ms
80 bytes from 1.1.1.10: icmp_seq=2 ttl=64 time=0.076 ms
80 bytes from 1.1.1.10: icmp_seq=3 ttl=64 time=0.084 ms
80 bytes from 1.1.1.10: icmp_seq=4 ttl=64 time=0.073 ms
80 bytes from 1.1.1.10: icmp_seq=5 ttl=64 time=0.071 ms
7.4.1.2
Transfer the Image File
The target image must be copied to the file system on the switch, typically onto the flash drive. After
verifying that there is space for the image, use the CLI copy command to copy the image to the flash
drive, then confirm that the new image file has been correctly transferred.
These command examples transfer an image file to the flash drive from various locations.
USB Memory
Command
copy usb1:/sourcefile flash:/destfile
Example
Sch#copy usb1:/EOS-4.13.2.swi flash:/EOS-4.13.2.swi
FTP Server
Command
copy ftp:/ftp-source/sourcefile flash:/destfile
Example
Sch#copy ftp:/user:password@10.0.0.3/EOS-4.13.2.swi flash:/EOS-4.13.2.swi
SCP
Command
copy scp://scp-source/sourcefile flash:/destfile
Example
sch#copy scp://user:password@10.1.1.8/user/EOS-4.13.2.swi flash:/EOS-4.13.2.swi
HTTP
Command
copy http://http-source/sourcefile flash:/destfile
Example
sch#copy http://10.0.0.10/EOS-4.13.2.swi flash:/EOS-4.13.2.swi
392
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
Standard Upgrades and Downgrades
Once the file has been transferred, verify that it is present in the directory, then confirm the MD5
checksum using the verify command. The MD5 checksum is available from the EOS download page of
the Arista website.
switch#dir flash:
Directory of flash:/
-rwx
293168526
-rwx
36
-rwx
37339
-rwx
394559902
Nov
Nov
Jun
May
4 22:17
8 10:24
16 14:18
30 02:57
EOS4.11.0.swi
boot-config
cfg_06162014
EOS-4.12.2.swi
<-------OUTPUT OMITTED FROM EXAMPLE-------->
606638080 bytes total (208281186 bytes free)
switch#53#verify /md5 flash:EOS-4.13.2.swi
verify /md5 (flash:EOS-4.13.2.swi) =c277a965d0ed48534de6647b12a86991
7.4.1.3
Modify boot-config
After transferring and confirming the desired image file, use the boot system command to update the
boot-config file to point to the new EOS image.
This command changes the boot-config file to point to the image file located in flash memory at
EOS-4.12.2.swi.
switch#configure terminal
switch(config)#boot system flash:/EOS-4.13.2.swi
Use the show boot-config command to verify that the boot-config file is correct:
switch(config)#show boot-config
Software image: flash:/EOS-4.13.2.swi
Console speed: (not set)
Aboot password (encrypted): $1$ap1QMbmz$DTqsFYeauuMSa7/Qxbi2l1
Save the configuration to the startup-config file with the write command.
switch#write
7.4.1.4
Reload
After updating the boot-config file, reset the switch to activate the new image. The reload command
resets the switch, resulting in temporary downtime and packet loss on single supervisor switches.
When reloading from the console port, all rebooting messages are displayed on the terminal. See Section
6.4: System Reset for information about rebooting the system. From any port except the console, the CLI
displays this text:
switch#reload
The system is going down for reboot NOW!
User Manual: Version 4.15.2F
29 September 2015
393
Standard Upgrades and Downgrades
7.4.1.5
Chapter 7 Upgrades and Downgrades
Verify
After the switch finishes reloading, log into the switch and use the show version command to confirm
the correct image is loaded. The Software image version line displays the version of the active image file.
switch#show version
Arista DCS-7150S-64-CL-F
Hardware version:
01.01
Serial number:
JPE13120819
System MAC address: 001c.7326.fd0c
Software image version: 4.13.2F
Architecture:
i386
Internal build version: 4.13.2F-1649184.4132F.2
Internal build ID:
eeb3c212-b4bd-4c19-ba34-1b0aa36e43f1
Uptime:
Total memory:
Free memory:
14 hours and 48 minutes
4017088 kB
1569760 kB
switch>
7.4.2
Upgrading or Downgrading the EOS on a Dual-Supervisor Switch
Modifying the active EOS image is a four-step process:
1.
2.
3.
4.
Prepare switch for upgrade (Section 7.4.2.1).
Transfer image file to primary supervisor (Section 7.4.2.2). (Not required if desired file is on switch)
Use the install command to install the new EOS image and update boot-config (Section 7.4.2.3).
Verify that the switch is running the new image (Section 7.4.2.4).
Important Due to a change in the supervisor heartbeat timeout, booting one supervisor with a post-SSO image
(version 4.10.0-SSO, 4.11.X and later) while the other supervisor is running a pre-SSO image will cause
the supervisor running the pre-SSO image to reload. This will cause a disruption as both supervisors
will be inactive for a short time. To minimize downtime, upgrade the images on both supervisors and
reload the entire chassis using the install command.
7.4.2.1
Prepare the Switch
To prepare the switch for an EOS upgrade, take the following steps:
•
•
•
•
•
Back up essential files.
Ensure that you are logged in to the primary supervisor.
Ensure that both supervisors are reachable and have management interfaces configured.
Ensure that there is enough room on both supervisors for the new image file.
Ensure that any extensions running on the active supervisor are also available on the standby.
Before upgrading the EOS image, ensure that backup copies of the currently running EOS version and
the running-config file are available in case of corruption during the upgrade process. To copy the
running-config file, use the copy running-config command. In this example, running-config is being
copied to a file in the backup subdirectory on the switch.
switch#copy running-config file:backup/EOS4.11.0.swi
Directory of flash:/
394
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
Standard Upgrades and Downgrades
Ensure that you are logged in to the primary supervisor, not the standby. Use the show redundancy
states command, and verify that my state reads “ACTIVE” and not “STANDBY.”
switch#show redundancy states
my state = ACTIVE
peer state = STANDBY HOT
Unit = Secondary
Unit ID = 1
Redundancy Protocol (Operational) = Stateful Switchover
Redundancy Protocol (Configured) = Stateful Switchover
Communications = Up
Ready for switchover
Last switchover time = 25 days, 19:51:34 ago
Last switchover reason = Other supervisor stopped sending heartbeats
Ensure that each supervisor has a management interface configured with an IP addresses and default
gateway (see Assigning an IP Address to a Specific Ethernet Management Port and Configuring a
Default Route to the Gateway), and confirm that both management interfaces can be reached through
the network by using the show interfaces status command and pinging the default gateway.
switch#show interfaces status
Port
Name
Status
Et3/1
notconnect
Vlan
1
Duplex
auto
Speed Type
auto 1000BASE-T
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Ma1/1
Ma2/1
connected
connected
routed
routed
unconf unconf Unknown
a-full a-100M 10/100/1000
switch#ping 1.1.1.10
PING 172.22.26.1 (172.22.26.1) 72(100) bytes of data.
80 bytes from 1.1.1.10: icmp_seq=1 ttl=64 time=0.180 ms
80 bytes from 1.1.1.10: icmp_seq=2 ttl=64 time=0.076 ms
80 bytes from 1.1.1.10: icmp_seq=3 ttl=64 time=0.084 ms
80 bytes from 1.1.1.10: icmp_seq=4 ttl=64 time=0.073 ms
80 bytes from 1.1.1.10: icmp_seq=5 ttl=64 time=0.071 ms
Determine the size of the new EOS image and verify that there is space available for it on the flash drive
of both supervisors, using the dir command to check the “bytes free” figure.
Primary supervisor:
switch#dir flash:
Directory of flash:/
-rwx
293168526
-rwx
36
-rwx
37339
Nov 4 22:17
Nov 8 10:24
Jun 16 14:18
EOS4.11.0.swi
boot-config
cfg_06162014
<-------OUTPUT OMITTED FROM EXAMPLE-------->
606638080 bytes total (602841088 bytes free)
User Manual: Version 4.15.2F
29 September 2015
395
Standard Upgrades and Downgrades
Chapter 7 Upgrades and Downgrades
Standby supervisor:
switch#dir supervisor-peer:mnt/flash/
Directory of flash:/
-rwx
293168526
Nov 4 22:17
-rwx
36
Nov 8 10:24
-rwx
37339
Jun 16 14:18
EOS4.11.0.swi
boot-config
cfg_06162014
<-------OUTPUT OMITTED FROM EXAMPLE-------->
606638080 bytes total (602841088 bytes free)
And, finally, ensure that any extensions running on the primary supervisor are also available on the
secondary supervisor.
7.4.2.2
Transfer the Image File to the Primary Supervisor
Load the desired image to the file system on the primary supervisor, typically into the flash. Use the CLI
copy command to load files to the flash on the primary supervisor, then confirm that the new image file
has been correctly transferred.
These command examples transfer an image file to flash from various locations.
USB Memory
Command
copy usb1:/sourcefile flash:/destfile
Example
Sch#copy usb1:/EOS-4.13.2.swi flash:/EOS-4.13.2.swi
FTP Server
Command
copy ftp:/ftp-source/sourcefile flash:/destfile
Example
Sch#copy ftp:/user:password@10.0.0.3/EOS-4.13.2.swi flash:/EOS-4.13.2.swi
SCP
Command
copy scp://scp-source/sourcefile flash:/destfile
Example
sch#copy scp://user:password@10.1.1.8/user/EOS-4.13.2.swi flash:/EOS-4.13.2.swi
HTTP
Command
copy http://http-source/sourcefile flash:/destfile
Example
sch#copy http://10.0.0.10/EOS-4.13.2.swi flash:/EOS-4.13.2.swi
396
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
Standard Upgrades and Downgrades
Once the file has been transferred, verify that it is present in the directory, then confirm the MD5
checksum using the verify command. The MD5 checksum for each available image can be found on the
EOS download page of the Arista website.
switch#dir flash:
Directory of flash:/
-rwx
293168526
-rwx
36
-rwx
37339
-rwx
394559902
Nov
Nov
Jun
May
4 22:17
8 10:24
16 14:18
30 02:57
EOS4.11.0.swi
boot-config
cfg_06162014
EOS-4.12.2.swi
<-------OUTPUT OMITTED FROM EXAMPLE-------->
606638080 bytes total (208281186 bytes free)
switch#53#verify /md5 flash:EOS-4.13.2.swi
verify /md5 (flash:EOS-4.13.2.swi) =c277a965d0ed48534de6647b12a86991
7.4.2.3
Install the New EOS Image
Once the EOS image has been copied to the flash drive of the primary supervisor, use the install
command to update the boot-config, copy the new image to the secondary supervisor and reload both
supervisors. When upgrading to a new image, both supervisors will briefly be unavailable; using the
install command minimizes packet loss during reload.
switch(config)#install source EOS-4.13.2.swi reload
Preparing new boot-config... done.
Copying new software image to standby supervisor... done.
Copying new boot-config to standby supervisor... done.
Committing changes on standby supervisor... done.
Reloading standby supervisor... done.
Committing changes on this supervisor... done.
Reloading this supervisor...
7.4.2.4
Verify the New Image
After the switch finishes reloading, log into the switch and use the show version command to confirm
the correct image is loaded. The Software image version line displays the version of the active image file.
switch#show version
Arista DCS-7504
Hardware version:
Serial number:
System MAC address:
01.01
JPE13120819
001c.7326.fd0c
Software image version: 4.13.2F
Architecture:
i386
Internal build version: 4.13.2F-1649184.4132F.2
Internal build ID:
eeb3c212-b4bd-4c19-ba34-1b0aa36e43f1
Uptime:
Total memory:
Free memory:
1 hour and 36 minutes
4017088 kB
1473280 kB
switch#
User Manual: Version 4.15.2F
29 September 2015
397
Upgrade/Downgrade Commands
7.5
Upgrade/Downgrade Commands
•
•
•
398
Chapter 7 Upgrades and Downgrades
install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 399
reload fast-boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 400
reload hitless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 401
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
Upgrade/Downgrade Commands
install
The install command copies the specified EOS image onto the switch (if the source is external),
configures the boot-config file to point to the specified EOS image, copies the image to the standby
supervisor (on dual-supervisor switches), and optionally reloads the switch to run the new EOS.
all
Command Mode
Privileged EXEC
Command Syntax
install source source_path [destination destination_path] [now] [reload]
Parameters
•
source_path file path and name of EOS image. If no file path is specified, the switch will look for
the image on the flash drive of the primary supervisor.
•
destination destination_path destination file path and name of the EOS image. If no destination or
name is specified, the EOS image will be stored on the flash drive with its original file name.
•
now
•
reload supervisor is reloaded after the image and updated boot-config file are installed. On
dual-supervisor switches, reloads both supervisors, after which control is returned to the primary
supervisor.
command is executed immediately without further prompts.
Example
•
This command updates the boot-config file to point to the EOS.swi file on the primary supervisor’s
flash drive, copies the image and boot-config file to the secondary supervisor, and reboots both.
switch(config)#install source EOS.swi reload
Preparing new boot-config... done.
Copying new software image to standby supervisor... done.
Copying new boot-config to standby supervisor... done.
Committing changes on standby supervisor... done.
Reloading standby supervisor... done.
Committing changes on this supervisor... done.
Reloading this supervisor...
User Manual: Version 4.15.2F
29 September 2015
399
Upgrade/Downgrade Commands
Chapter 7 Upgrades and Downgrades
reload fast-boot
The reload fast-boot command starts the Accelerated Software Upgrade (ASU) process using the EOS
image specified by the boot-config file (configured by the boot system command).
ASU significantly decreases downtime and packet loss during a software upgrade, but the data plane is
still restarted after the control plane has loaded, resulting in approximately 30 seconds of downtime. If
available, Arista recommends using Smart System Upgrade (SSU) instead.
ASU shortens downtime and minimizes packet loss during EOS upgrades in three ways:
•
performing time-intensive tasks (including copying the EOS image) before rebooting the
control plane
•
forwarding packets in hardware (based on the last known good state) while the control-plane
is offline
•
optimizing the boot process by performing only tasks essential for software upgrade
7050 Series, 7050X Series
Command Mode
Privileged EXEC
Command Syntax
reload fast-boot
Guidelines
•
ASU is supported only for upgrades (not downgrades).
•
ASU is not supported if the EOS upgrade requires an FPGA upgrade.
•
Enough free space must be available on the flash drive to store two copies of the target EOS
image.
Example
•
This command starts the Accelerated Software Upgrade process.
switch#reload fast-boot
Proceed with reload? [confirm]
When the reload fast-boot command is entered, the switch sends a message prompting the user to
save the configuration if it contains unsaved modifications, then asks the user to confirm the reload
request.
400
29 September 2015
User Manual: Version 4.15.2F
Chapter 7 Upgrades and Downgrades
Upgrade/Downgrade Commands
reload hitless
The reload hitless command starts the Smart System Upgrade (SSU) process using the EOS image
specified by the boot-config file (configured by the boot system command).
7050X Series
Command Mode
Privileged EXEC
Command Syntax
reload hitless
Guidelines
•
SSU is supported only for upgrades (not downgrades).
•
SSU is not supported if the EOS upgrade requires an FPGA upgrade.
•
Enough free space must be available on the flash drive to store two copies of the target EOS
image. It is also recommended that an additional 240MB be available to store diagnostic
information.
Example
•
This command starts the SSU process.
switch#reload hitless
Proceed with reload? [confirm]
If there are issues with the current switch configuration that will prevent SSU from being
performed, the switch lists the changes that must be made before SSU can begin.
switch#reload hitless
switch#'reload hitless' cannot proceed due to the following:
Spanning-tree portfast is not enabled for one or more ports
Spanning-tree BPDU guard is not enabled for one or more ports
switch#
When the reload hitless command is entered, the switch sends a message prompting the user to
save the configuration if it contains unsaved modifications, then asks the user to confirm the reload
request.
switch#reload hitless
System configuration has been modified. Save? [yes/no/cancel/diff]:y
Copy completed successfully.
Proceed with reload? [confirm]y
User Manual: Version 4.15.2F
29 September 2015
401
Upgrade/Downgrade Commands
402
Chapter 7 Upgrades and Downgrades
29 September 2015
User Manual: Version 4.15.2F
Chapter 8
Switch Environment Control
The following sections describe the commands that display temperature, fan, and power supply status:
•
•
•
•
Section 8.1: Environment Control Introduction
Section 8.2: Environment Control Overview
Section 8.3: Configuring and Viewing Environment Settings
Section 8.4: Environment Commands
The switch chassis, fans, power supplies, linecards, and supervisors also provide LEDs that signal status
and conditions that require attention. The Quick Start Guide for the individual switches provides
information about their LEDs.
8.1
Environment Control Introduction
Arista Networks switching platforms are designed to work reliably in common data center
environments. To ensure their reliable operation and to monitor or diagnose the switch's health, Arista
provides a set of monitoring capabilities available through the CLI or SNMP entity MIBs to monitor and
diagnose potential problems with the switching platform.
8.2
Environment Control Overview
8.2.1
Temperature
Arista switches include internal temperature sensors. The number and location of the sensors vary with
each switch model. Each sensor is assigned temperature thresholds that denote alert and critical
conditions. Temperatures that exceed the threshold trigger the following:
•
•
Alert Threshold: All fans run at maximum speed and a warning message is logged.
Critical Threshold: The component is shut down immediately and its Status LED flashes orange.
In modular systems, cards are shut down when their temperatures exceed the critical threshold. The
switch is shut down if the temperature remains above the critical threshold for three minutes.
8.2.2
Fans
Arista switches include fan modules that maintain internal components at proper operating
temperatures. The number and type of fans vary with switch chassis type:
•
Fixed configuration switches contain hot-swappable independent fans. Fan models with different
airflow directions are available. All fans within a switch must have the same airflow direction.
User Manual: Version 4.15.2F
29 September 2015
403
Configuring and Viewing Environment Settings
•
Chapter 8 Switch Environment Control
Modular switches contain independent fans that circulate air from front-to-rear panel. Power
supplies for modular switches also include fans that cool the power supply and supervisors.
The switch operates normally when one fan is not operating. Nonfunctioning modules should not be
removed from the switch unless they are immediately replaced; adequate switch cooling requires the
installation of all components, including a non-functional fan.
Two non-operational fans trigger an insufficient fan shutdown condition. Under normal operations, this
condition initiates a switch power down procedure.
Fans are accessible from the rear panel.
8.2.3
Power
Arista switches contain power supplies which provide power to internal components.
•
•
Fixed configuration switches contain two power supplies, providing 1+1 redundancy.
Modular switches contain four power supplies, providing a minimum of 2+2 redundancy.
Power supply LED indicators are visible from the rear panel.
8.3
Configuring and Viewing Environment Settings
8.3.1
Overriding Automatic Shutdown
8.3.1.1
Overheating
The switch can be configured to continue operating during temperature shutdown conditions. Ignoring
a temperature shutdown condition is strongly discouraged because operating at high temperatures can
damage the switch and void the warranty.
Temperature shutdown condition actions are specified by the environment overheat action command.
The switch displays this warning when configured to ignore shutdown temperature conditions.
Switch(config)#environment overheat action ignore
====================================================================
WARNING: Overriding the system shutdown behavior when the system
is overheating is unsupported and should only be done under
the direction of an Arista Networks engineer. You risk damaging
hardware by not shutting down the system in this situation, and doing
so without direction from Arista Networks can be grounds for voiding
your warranty. To re-enable the shutdown-on-overheat behavior, use
the 'environment overheat action shutdown' command.
====================================================================
Switch(config)#
The running-config contains the environment overheat action command when it is set to ignore. When
the command is not in running-config, the switch shuts down when an overheating condition exists.
The following running-config file lists the environment overheat action command.
switch#show running-config
! Command: show running-config
! device: switch (DCS-7150S-64-CL, EOS-4.13.2F)
<-------OUTPUT OMITTED FROM EXAMPLE-------->
ip route 0.0.0.0/0 10.255.255.1
!
environment overheat action ignore
404
29 September 2015
User Manual: Version 4.15.2F
Chapter 8 Switch Environment Control
Configuring and Viewing Environment Settings
!
!
end
switch#
8.3.1.2
Insufficient Fans
The switch can be configured to ignore the insufficient fan shutdown condition. This is strongly
discouraged because continued operation without sufficient cooling may lead to a critical temperature
condition that can damage the switch and void the warranty.
Insufficient-fans shutdown override is configured by the environment insufficient-fans action
command. The switch displays this warning when configured to ignore insufficient-fan conditions.
Switch(config)#environment insufficient-fans action ignore
====================================================================
WARNING: Overriding the system shutdown behavior when the system
has insufficient fans inserted is unsupported and should only be done under
the direction of an Arista Networks engineer. You risk damaging
hardware by not shutting down the system in this situation, and doing
so without direction from Arista Networks can be grounds for voiding
your warranty. To re-enable the shutdown-on-overheat behavior, use
the 'environment insufficient-fans action shutdown' command.
====================================================================
Switch(config)#
The running-config contains the environment insufficient-fans action command when it is set to ignore.
When running-config does not contain this command, the switch shuts down when it detects an
insufficient-fans condition.
8.3.1.3
Fan Speed
The switch can be configured to override the automatic fan speed. The switch normally controls the fan
speed to maintain optimal operating temperatures. The fans can be configured to operate at a constant
speed regardless of the switch temperature conditions.
Fan speed override is configured by the environment fan-speed command. The switch displays this
warning when its control of fan speed is overridden.
switch(config)#environment fan-speed override 50
====================================================================
WARNING: Overriding the system fan speed is unsupported and should only
be done under the direction of an Arista Networks engineer.
You can risk damaging hardware by setting the fan speed too low
and doing so without direction from Arista Networks can be grounds
for voiding your warranty.
To set the fan speed back to automatic mode, use the
'environment fan-speed auto' command
====================================================================
switch(config)#
The running-config contains the environment fan-speed override command if it is set to override. When
running-config does not contain this command, the switch controls the fan speed.
User Manual: Version 4.15.2F
29 September 2015
405
Configuring and Viewing Environment Settings
Chapter 8 Switch Environment Control
8.3.2
Viewing Environment Status
8.3.2.1
Temperature Status
To display internal temperature sensor status, enter show environment temperature.
switch>show environment temperature
System temperature status is: Ok
Sensor
------1
2
3
4
5
switch>
Alert
Critical
Description
Temperature Threshold Threshold
------------------------------------ ------------- ---------- ---------Front-panel temp sensor
22.000C
65C
75C
Fan controller 1 sensor
23.000C
75C
85C
Fan controller 2 sensor
28.000C
75C
85C
Switch chip 1 sensor
40.000C
105C
115C
VRM 1 temp sensor
48.000C
105C
110C
System temperature status is the first line that the command displays. System temperature status
values indicate the following:
•
•
•
•
•
8.3.2.2
Ok: All sensors report temperatures below the alert threshold.
Overheating: At least one sensor reports a temperature above its alert threshold.
Critical: At least one sensor reports a temperature above its critical threshold.
Unknown: The switch is initializing.
Sensor Failed: At least one sensor is not functioning.
Fans
The show environment cooling command displays the cooling and fan status.
Example
This command displays the fan and cooling status.
switch>show environment cooling
System cooling status is: Ok
Ambient temperature: 22C
Airflow: front-to-back
Fan Tray Status
Speed
--------- --------------- -----1
Ok
35%
2
Ok
35%
3
Ok
35%
4
Ok
35%
5
Ok
35%
switch>
8.3.2.3
Power
The show environment power command displays the status of the power supplies.
Example
• This command displays the status of the power supplies:
switch>show environment power
Power
Input
Output
Output
Supply Model
Capacity Current Current Power
Status
------- -------------------- --------- -------- -------- -------- ------------1
PWR-650AC
650W
0.44A
10.50A
124.0W Ok
Switch>
406
29 September 2015
User Manual: Version 4.15.2F
Chapter 8 Switch Environment Control
8.3.2.4
Configuring and Viewing Environment Settings
System Status
The show environment all command lists the temperature, cooling, fan, and power supply information
that the individual show environment commands display, as described in Section 8.3.2.1, Section 8.3.2.2,
and Section 8.3.2.3.
Example
• This command displays the temperature, cooling, fan, and power supply status:
switch>show environment all
System temperature status is: Ok
Sensor
------1
2
3
4
5
Alert
Critical
Description
Temperature Threshold Threshold
------------------------------------ ------------- ---------- ---------Front-panel temp sensor
22.750C
65C
75C
Fan controller 1 sensor
24.000C
75C
85C
Fan controller 2 sensor
29.000C
75C
85C
Switch chip 1 sensor
41.000C
105C
115C
VRM 1 temp sensor
49.000C
105C
110C
System cooling status is: Ok
Ambient temperature: 22C
Airflow: front-to-back
Fan Tray Status
Speed
--------- --------------- -----1
Ok
35%
2
Ok
35%
3
Ok
35%
4
Ok
35%
5
Ok
35%
Power
Input
Output
Output
Supply Model
Capacity Current Current Power
Status
------- -------------------- --------- -------- -------- -------- ------------1
PWR-650AC
650W
0.44A
10.50A
124.0W Ok
8.3.3
Locating Components on the Switch
When a component requires service, the switch administrator may use the locator-led command to
assist a technician in finding the component. The command causes the status LED on the specified
component to flash, and also displays a “service requested” message on the LCD panel of modular
switches or lights the blue locator light on the front of fixed switches. Use the show locator-led
command to display all locator LEDs currently enabled on the switch.
Examples
• This command enables the locator LED on fan tray 3:
switch#locator-led fantray 3
Enabling locator led for FanTray3
switch#
•
This command displays all locator LEDs enabled on the switch:
switch#show locator-led
There are no locator LED enabled
switch#
User Manual: Version 4.15.2F
29 September 2015
407
Environment Commands
8.4
408
Chapter 8 Switch Environment Control
Environment Commands
Environment Control Configuration Commands
• environment fan-speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• environment insufficient-fans action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• environment overheat action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• locator-led . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 409
Page 410
Page 411
Page 412
Environment Display Commands
• show environment all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show environment cooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show environment power. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show environment temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show locator-led . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 413
Page 414
Page 415
Page 416
Page 418
29 September 2015
User Manual: Version 4.15.2F
Chapter 8 Switch Environment Control
Environment Commands
environment fan-speed
The environment fan-speed command determines the method of controlling the speed of the switch
fans. The switch automatically controls the fan speed by default.
The switch normally controls the fan speed to maintain optimal operating temperatures. The fans can
be configured to operate at a constant speed regardless of the switch temperature conditions.
The no environment fan-speed and default environment fan-speed commands restore the default
action of automatic fan-speed control by removing the environment fan-speed override statement from
running-config.
Important Overriding the system fan speed is unsupported and should only be done under the direction of
an Arista Networks engineer. You can risk damaging hardware by setting the fan speed too low.
Doing so without direction from Arista Networks can be grounds for voiding your warranty.
all
Command Mode
Global Configuration
Command Syntax
environment fan-speed ACTION
no environment fan-speed
default environment fan-speed
Parameters
•
ACTION
fan speed control method. Valid settings include:
— auto
fan speed is controlled by the switch.
This option restores the default setting by removing the environment fan-speed override
command from running-config.
— override percent fan speed is set to the specified percentage of the maximum. Valid percent
settings range from 30 to 100.
Examples
•
This command overrides the automatic fan speed control and configures the fans to operate at 50%
of maximum speed.
switch(config)#environment fan-speed override 50
====================================================================
WARNING: Overriding the system fan speed is unsupported and should only
be done under the direction of an Arista Networks engineer.
You can risk damaging hardware by setting the fan speed too low
and doing so without direction from Arista Networks can be grounds
for voiding your warranty.
To set the fan speed back to automatic mode, use the
'environment fan-speed auto' command
====================================================================
switch(config)#
•
This command restores control of the fan speed to the switch.
switch(config)#environment fan-speed auto
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
409
Environment Commands
Chapter 8 Switch Environment Control
environment insufficient-fans action
The environment insufficient-fans command controls the switch response to the insufficient fan
condition. By default, the switch initiates a shutdown procedure when it senses insufficient fans.
The switch operates normally when one fan is not operating. Nonfunctioning modules should not be
removed from the switch unless they are immediately replaced; adequate switch cooling requires the
installation of all components, including a non-functional fan.
Two non-operational fans trigger an insufficient fan shutdown condition. This condition normally
initiates a power down procedure.
The no environment insufficient-fans and default environment insufficient-fans commands restore
the default shutdown response to the insufficient-fans condition by removing the environment
insufficient-fans action ignore statement from running-config.
Important Overriding the system shutdown behavior when the system has insufficient fans inserted is
unsupported and should only be done under the direction of an Arista Networks engineer. You
risk damaging hardware by not shutting down the system in this situation, and doing so without
direction from Arista Networks can be grounds for voiding your warranty.
all
Command Mode
Global Configuration
Command Syntax
environment insufficient-fans action REMEDY
no environment insufficient-fans action
default environment insufficient-fans action
Parameters
•
REMEDY
configures action when switch senses an insufficient fan condition. Settings include:
— ignore switch continues operating when insufficient fans are operating.
— shutdown switch shuts power down when insufficient fans are operating.
The shutdown parameter restores default behavior by removing the environment insufficient-fans
command from running-config.
Examples
•
This command configures the switch to continue operating after it senses insufficient fan condition.
switch(config)#environment insufficient-fans action ignore
====================================================================
WARNING: Overriding the system shutdown behavior when the system
has insufficient fans inserted is unsupported and should only be done under
the direction of an Arista Networks engineer. You risk damaging
hardware by not shutting down the system in this situation, and doing
so without direction from Arista Networks can be grounds for voiding
your warranty. To re-enable the shutdown-on-overheat behavior, use
the 'environment insufficient-fans action shutdown' command.
====================================================================
•
This command configures the switch to shut down when it senses an insufficient fan condition.
switch(config)#environment insufficient-fans action shutdown
switch(config)#
410
29 September 2015
User Manual: Version 4.15.2F
Chapter 8 Switch Environment Control
Environment Commands
environment overheat action
The environment overheat command controls the switch response to an overheat condition. By default,
the switch shuts down when it senses an overheat condition.
Important Overriding the system shutdown behavior when the system is overheating is unsupported and
should only be done under the direction of an Arista Networks engineer. You risk damaging
hardware by not shutting down the system in this situation, and doing so without direction from
Arista Networks can be grounds for voiding your warranty.
Arista switches include internal temperature sensors. The number and location of the sensors vary with
each switch model. Each sensor is assigned temperature thresholds that denote alert and critical
conditions. Temperatures that exceed the threshold trigger the following:
•
•
Alert Threshold: All fans run at maximum speed and a warning message is logged.
Critical Threshold: The component is shut down immediately and its Status LED flashes orange.
In modular systems, cards are shut down when their temperatures exceed the critical threshold. The
switch normally shuts down if the temperature remains above the critical threshold for three minutes.
The no environment overheat action and default environment overheat action commands restore the
default shutdown response to the environment overheat condition by removing the environment
overheat action ignore statement from running-config.
all
Command Mode
Global Configuration
Command Syntax
environment overheat action REMEDY
no environment overheat action
default environment overheat action
Parameters
•
REMEDY
reaction to an overheat condition. Default value is shutdown.
— shutdown switch shuts power down by an overheat condition.
— ignore switch continues operating during an overheat condition.
Examples
•
This command configures the switch to continue operating after it senses an overheat condition.
switch(config)#environment overheat action ignore
====================================================================
WARNING: Overriding the system shutdown behavior when the system
is overheating is unsupported and should only be done under
the direction of an Arista Networks engineer. You risk damaging
hardware by not shutting down the system in this situation, and doing
so without direction from Arista Networks can be grounds for voiding
your warranty. To re-enable the shutdown-on-overheat behavior, use
the 'environment overheat action shutdown' command.
====================================================================
switch(config)#
•
This command configures the switch to shut down when it senses an overheat condition.
switch(config)#environment overheat action shutdown
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
411
Environment Commands
Chapter 8 Switch Environment Control
locator-led
When a component requires service, the locator-led command activates a locator to assist a technician
in finding the component. The command causes the status LED on the specified component to flash,
and also displays a “service requested” message on the LCD panel of modular switches or lights the blue
locator light on the front of fixed switches. The available locators vary by platform; to see a list of the
locator LEDs available on the switch, use the locator-led ? command. To disable the locator LED, use the
no locator-led command.
all
Command Mode
Privileged EXEC
Command Syntax
locator-led {fantray tray_num | interface interface | module module_num |
powersupply supply_num}
no locator-led {fantray tray_num | interface interface | module module_num |
powersupply supply_num}
Parameters
•
fantray tray_num
activates locator on specified fan tray.
•
interface interface
activates locator on specified interface.
•
module module_num
•
powersupply supply_num
activates locator on specified module.
activates locator on specified power supply.
Examples
•
This command enables the locator LED on fan tray 3.
switch#locator-led fantray 3
Enabling locator led for FanTray3
switch#
•
This command disables the locator LED on fan tray 3.
switch#no locator-led fantray 3
Disabling locator led for FanTray3
switch#
•
This command displays the locator LEDs available on the switch.
switch#locator-led ?
fantray
Fan tray LED
interface
Interface LED
module
Module LED
powersupply Power supply LED
switch#
412
29 September 2015
User Manual: Version 4.15.2F
Chapter 8 Switch Environment Control
Environment Commands
show environment all
The show environment all command displays temperature, cooling, and power supply status.
all
Command Mode
EXEC
Command Syntax
show environment all
Examples
•
This command displays the switch’s temperature, cooling, and power supply status
switch>show environment all
System temperature status is: Ok
Sensor
------1
2
3
4
5
Alert
Critical
Description
Temperature Threshold Threshold
------------------------------------ ------------- ---------- ---------Front-panel temp sensor
31.000C
65C
75C
Fan controller 1 sensor
32.000C
75C
85C
Fan controller 2 sensor
38.000C
75C
85C
Switch chip 1 sensor
50.000C
105C
115C
VRM 1 temp sensor
60.000C
105C
110C
System cooling status is: Ok
Ambient temperature: 31C
Airflow: front-to-back
Fan Tray Status
Speed
--------- --------------- -----1
Ok
52%
2
Ok
52%
3
Ok
52%
4
Ok
52%
5
Ok
52%
Power
Supply
------1
2
Input
Output
Output
Model
Capacity Current Current Power
-------------------- --------- -------- -------- -------PWR-760AC
760W
0.81A
11.00A
132.6W
PWR-760AC
760W
0.00A
0.00A
0.0W
Status
------------Ok
AC Loss
switch>
User Manual: Version 4.15.2F
29 September 2015
413
Environment Commands
Chapter 8 Switch Environment Control
show environment cooling
The show environment cooling command displays fan status, air flow direction, and ambient
temperature on the switch.
all
Command Mode
EXEC
Command Syntax
show environment cooling [INFO_LEVEL]
Parameters
•
INFO_LEVEL
specifies level of detail that the command displays. Options include:
— <no parameter> displays the fan status, air flow direction, and ambient switch
temperature.
— detail also displays actual and configured fan speed of each fan.
Display Values
•
System cooling status:
— Ok
no more than one fan has failed or is not inserted.
— Insufficient fans more than one fan has failed or is not inserted. This status is also displayed
if fans with different airflow directions are installed. The switch shuts down if the error is not
resolved.
•
Ambient temperature
•
Airflow
—
—
—
—
•
temperature of the surrounding area.
indicates the direction of the installed fans:
front-to-back all fans flow air from the front to the rear of the chassis.
back-to-front all fans flow air from the rear to the front of the chassis.
incompatible fans fans with different airflow directions are inserted.
Unknown The switch is initializing.
Fan Tray Status table displays the status and operating speed of each fan. Status values indicate
the following conditions:
—
—
—
—
—
OK The fan is operating normally.
Failed The fan is not operating normally.
Unknown The system is initializing.
Not Inserted The system is unable to detect the specified fan.
Unsupported The system detects a fan that the current software version does not support.
Example
•
This command displays the fan status, air flow direction, and ambient switch temperature.
switch>show environment cooling
System cooling status is: Ok
Ambient temperature: 30C
Airflow: front-to-back
Fan Tray Status
Speed
--------- --------------- -----1
Ok
51%
2
Ok
51%
3
Ok
51%
4
Ok
51%
5
Ok
51%
switch>
414
29 September 2015
User Manual: Version 4.15.2F
Chapter 8 Switch Environment Control
Environment Commands
show environment power
The show environment power command displays the status of all power supplies in the switch.
all
Command Mode
EXEC
Command Syntax
show environment power [INFO_LEVEL]
Parameters
•
INFO_LEVEL
specifies level of detail that the command displays. Options include:
— <no parameter> displays current and power levels for each supply.
— detail also includes status codes that can report error conditions.
Example
•
This command displays the status of power supplies on the switch.
switch>show environment power
Power
Input
Output
Output
Supply Model
Capacity Current Current Power
------- -------------------- --------- -------- -------- -------1
PWR-760AC
760W
0.81A
11.00A
132.8W
2
PWR-760AC
760W
0.00A
0.00A
0.0W
switch>
User Manual: Version 4.15.2F
29 September 2015
Status
------------Ok
AC Loss
415
Environment Commands
Chapter 8 Switch Environment Control
show environment temperature
The show environment temperature command displays the operating temperature of all sensors on the
switch.
all
Command Mode
EXEC
Command Syntax
show environment temperature [MODULE_NAME][INFO_LEVEL]
Parameters
•
MODULE_NAME Specifies modules for which data is displayed. This parameter is only
available on modular switches. Options include:
—
—
—
—
—
—
•
<no parameter> All modules (identical to all option).
fabric fab_num Specified fabric module. Number range varies with switch model.
linecard line_num Linecard module. Number range varies with switch model.
supervisor super_num Supervisor module. Number range varies with switch model.
mod_num Supervisor (1 to 2) or linecard (3 to 18) module.
all All modules.
INFO_LEVEL
specifies level of detail that the command displays. Options include:
— <no parameter> displays table that lists the temperature and thresholds of each sensor.
— detail displays data block for each sensor listing the current temperature and historic data.
Display Values
•
System temperature status is the first line that the command displays. Values report the following:
—
—
—
—
—
Ok All sensors report temperatures below the alert threshold.
Overheating At least one sensor reports a temperature above its alert threshold.
Critical At least one sensor reports a temperature above its critical threshold.
Unknown The switch is initializing.
Sensor Failed At least one sensor is not functioning.
Examples
•
This command displays a table that lists the temperature measured by each sensor.
switch>show environment temperature
System temperature status is: Ok
Sensor
------1
2
3
4
5
switch>
416
Alert
Critical
Description
Temperature Threshold Threshold
------------------------------------ ------------- ---------- ---------Front-panel temp sensor
30.750C
65C
75C
Fan controller 1 sensor
32.000C
75C
85C
Fan controller 2 sensor
38.000C
75C
85C
Switch chip 1 sensor
50.000C
105C
115C
VRM 1 temp sensor
60.000C
105C
110C
29 September 2015
User Manual: Version 4.15.2F
Chapter 8 Switch Environment Control
•
Environment Commands
This command lists the temperature detected by each sensor, and includes the number of previous
alerts, the time of the last alert, and the time of the last temperature change.
switch>show environment temperature detail
TempSensor1 - Front-panel temp sensor
Current State
Temperature
30.750C
Max Temperature
35.000C
Alert
False
TempSensor2 - Fan controller 1 sensor
Current State
Temperature
32.000C
Max Temperature
36.000C
Alert
False
TempSensor3 - Fan controller 2 sensor
Current State
Temperature
38.000C
Max Temperature
41.000C
Alert
False
TempSensor4 - Switch chip 1 sensor
Current State
Temperature
51.000C
Max Temperature
53.000C
Alert
False
Count
Last Change
0
4 days, 23:35:24 ago
never
Count
Last Change
0
4 days, 23:32:46 ago
never
Count
Last Change
0
4 days, 23:37:56 ago
never
Count
Last Change
0
4 days, 23:35:16 ago
never
Count
Last Change
0
4 days, 22:54:51 ago
never
TempSensor5 - VRM 1 temp sensor
Temperature
Max Temperature
Alert
Current State
60.000C
62.000C
False
switch>
User Manual: Version 4.15.2F
29 September 2015
417
Environment Commands
Chapter 8 Switch Environment Control
show locator-led
The show locator-led command displays the status of locator LEDs enabled on the switch.
all
Command Mode
Privileged EXEC
Command Syntax
show locator-led
Example
•
This command displays all locator LEDs enabled on the switch.
switch#show locator-led
There are no locator LED enabled
switch#
418
29 September 2015
User Manual: Version 4.15.2F
Chapter 9
Ethernet Ports
This chapter describes Ethernet ports supported by Arista switches. Sections covered in this chapter
include:
•
•
•
•
•
•
9.1
Section 9.1: Ethernet Ports Introduction
Section 9.2: Ethernet Standards
Section 9.3: Ethernet Physical Layer
Section 9.4: Interfaces
Section 9.5: Ethernet Configuration Procedures
Section 9.6: Ethernet Configuration Commands
Ethernet Ports Introduction
Arista switches support a variety of Ethernet network interfaces. This chapter describes the
configuration and monitoring options available in Arista switching platforms.
9.2
Ethernet Standards
Ethernet, standardized in IEEE 802.3, is a group of technologies used for communication over local area
networks. Ethernet communication divides data streams into frames containing addresses (source and
destination), payload, and cyclical redundancy check (CRC) information.
IEEE 802.3 also describes two types of optical fiber: single-mode fiber (SMF) and multi-mode fiber
(MMF).
9.2.1
•
SMF is more expensive, but can be used over longer distances (over 300 meters).
•
MMF is less expensive, but can only be used over distances of less than 300 meters.
100 Gigabit Ethernet
The 100 Gigabit Ethernet (100GbE) standard defines an Ethernet implementation with a nominal data
rate of 100 billion bits per second over multiple 10 gigabit lanes. 100 Gigabit Ethernet implements full
duplex point to point links connected by network switches. Arista switches support 100GBASE-10SR
through MXP ports.
User Manual: Version 4.15.2F
29 September 2015
419
Ethernet Standards
9.2.2
Chapter 9 Ethernet Ports
40 Gigabit Ethernet
The 40 Gigabit Ethernet (40GbE) standard defines an Ethernet implementation with a nominal data rate
of 40 billion bits per second over multiple 10 gigabit lanes. 40 Gigabit Ethernet implements full duplex
point to point links connected by network switches. 40 gigabit Ethernet standards are named
40GBASE-xyz, as interpreted by Table 9-1.
Table 9-1
40GBASE-xyz Interpretation
x
9.2.3
y
z
Non-fiber media type, or fiber
wavelength
PHY encoding
Number of WWDM wavelengths or XAUI
Lanes
C = Copper
F = Serial SMF
K = Backplane
L = Long (1310 nm)
S = Short (850 nm)
R = LAN PHY (64B/66B)
No value = 1 (serial)
4 = 4 WWDM wavelengths or XAUI Lanes
10 Gigabit Ethernet
The 10 Gigabit Ethernet (10GbE) standard defines an Ethernet implementation with a nominal data rate
of 10 billion bits per second. 10 Gigabit Ethernet implements full duplex point to point links connected
by network switches. Half duplex operation, hubs and CSMA/CD do not exist in 10GbE. The standard
encompasses several PHY standards; a networking device may support different PHY types through
pluggable PHY modules. 10GbE standards are named 10GBASE-xyz, as interpreted by Table 9-2.
Table 9-2
10GBASE-xyz Interpretation
x
9.2.4
y
z
media type or wavelength, if
media type is fiber
PHY encoding type
Number of WWDM wavelengths or XAUI
Lanes
C = Copper (twin axial)
T = Twisted Pair
S = Short (850 nm)
L = Long (1310 nm)
E = Extended (1550 nm)
Z = Ultra extended (1550 nm)
R = LAN PHY (64B/66B)
X = LAN PHY (8B/10B)
W = WAN PHY(*) (64B/66B)
If omitted, value = 1 (serial)
4 = 4 WWDM wavelengths or XAUI Lanes
Gigabit Ethernet
The Gigabit Ethernet (GbE), defined by IEEE 802.3-2008, describes an Ethernet version with a nominal
data rate of one billion bits per second. GbE cables and equipment are similar to those used in previous
standards. While full-duplex links in switches is the typical implementation, the specification permits
half-duplex links connected through hubs.
Gigabit Ethernet physical layer standards that Arista switches support include 1000BASE-X (optical
fiber), 1000BASE-T (twisted pair cable), and 1000BASE-CX (balanced copper cable).
420
•
1000BASE-SX is a fiber optic standard that utilizes multi-mode fiber supporting 770 to 860 nm, near
infrared (NIR) light wavelength to transmit data over distances ranging from 220 to 550 meters.
1000BASE-SX is typically used for intra-building links in large office buildings, co-location facilities
and carrier neutral internet exchanges.
•
1000BASE-LX is a fiber standard that utilizes a long wavelength laser (1,270–1,355 nm), with a RMS
spectral width of 4 nm to transmit data up to 5 km. 1000BASE-LX can run on all common types of
multi-mode fiber with a maximum segment length of 550 m.
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
•
9.2.5
Ethernet Standards
1000BASE-T is a standard for gigabit Ethernet over copper wiring. Each 1000BASE-T network
segment can be a maximum length of 100 meters.
10/100/1000 BASE-T
Arista switches provide 10/100/1000 BASE-T Mbps Ethernet out of band management ports.
Auto-negotiation is enabled on these interfaces. Speed (10/100/1000), duplex (half/full), and flow control
settings are available using the appropriate speed forced and flowcontrol commands.
User Manual: Version 4.15.2F
29 September 2015
421
Ethernet Physical Layer
9.3
Chapter 9 Ethernet Ports
Ethernet Physical Layer
The Ethernet physical layer (PHY) includes hardware components connecting a switch’s MAC layer to
the transceiver, cable, and ultimately a peer link partner. Data exist in digital form at the MAC layer. On
the line side of the PHY, data exist as analog signals: light blips on optical fiber or voltage pulses on
copper cable. Signals may be distorted while in transit and recovery may require signal processing.
Ethernet physical layer components include a PHY and a transceiver.
9.3.1
PHYs
The PHY provides translation services between the MAC layer and transceiver. It also helps to establish
links between the local MAC layer and peer devices by detecting and signaling fault conditions. The
PHY line-side interface receives Ethernet frames from the link partner as analog waveforms. The PHY
uses signal processing to recover the encoded bits, then sends them to the MAC layer.
PHY line-side interface components and their functions include:
•
•
•
Physical Medium Attachment (PMA): Framing, octet synchronization, scrambling / descrambling.
Physical Medium Dependent (PMD): Consists of the transceiver.
Physical Coding Sublayer (PCS): Performs auto-negotiation and coding (8B/10B or 64B/66B).
The MAC sublayer of the PHY provides a logical connection between the MAC layer and the peer device
by initializing, controlling, and managing the connection with the peer.
Ethernet frames transmitted by the switch are received by the PHY system-side interface as a sequence
of digital bits. The PHY encodes them into a media-specific waveform for transmission through the
line-side interface and transceiver to the link peer. This encoding may include signal processing, such
as signal pre-distortion and forward error correction.
PHY system-side interface components and their functions include:
•
•
9.3.2
10 Gigabit Attachment Unit Interface (XAUI): Connects an Ethernet MAC to a 10 G PHY.
Serial Gigabit Media Independent Attachment (SGMII): Connects an Ethernet MAC to a 1G PHY.
Transceivers
A transceiver connects the PHY to an external cable (optical fiber or twisted-pair copper) and through a
physical connector (LC jack for fiber or RJ-45 jack for copper).
•
•
Optical transceivers convert the PHY signal into light pulses that are sent through optical fiber.
Copper transceivers connect the PHY to twisted-pair copper cabling.
Arista Small Form-Factor Pluggable (SFP+) and Quad Small Form Factor Pluggable (QSFP+) modules
and cables provide high-density, low-power Ethernet connectivity over fiber and copper media. Arista
offers transceivers that span data rates, media types, and transmission distances.
Arista 10 Gigabit Ethernet SFP+ Modules:
•
10GBASE-SR (Short Reach)
— Link length maximum 300 meters over multi-mode fiber.
— Optical interoperability with 10GBASE-SRL.
•
10GBASE-SRL (Short Reach Lite)
— Link length maximum 100 meters over multi-mode fiber.
— Optical interoperability with 10GBASE-SR.
•
422
10GBASE-LRL (Long Reach Lite)
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Physical Layer
— Link length maximum 1 km over single-mode fiber.
— Optical interoperability with 10GBASE-LR (1 km maximum).
•
10GBASE-LR (Long Reach)
— Link length maximum 10 km over single-mode fiber.
— Optical interoperability with 10GBASE-LRL (1 km maximum).
•
10GBASE-LRM (Long Reach Multimode)
— Link length maximum 220 meters over multi-mode fiber (50 um and 62.5 um).
•
10GBASE-ER (Extended Reach)
— Link length maximum 40 km over single-mode fiber.
•
10GBASE-ZR (Ultra-Extended Reach)
— Link length maximum 80 km over single-mode fiber.
•
10GBASE-DWDM (Dense Wavelength Division Multiplexing)
— Link length maximum 80 km over single-mode fiber (40 color options).
Arista 10 Gigabit Ethernet CR Cable Modules:
•
10GBASE-CR SFP+ to SFP+ Cables
— Link lengths of 0.5, 1, 1.5, 2, 2.5, 3, 5 and 7 meters over twinax copper cable
— Includes SFP+ connectors on both ends
•
4 x 10GbE QSFP+ to 4 x SFP+ twinax copper cables
— Link lengths of 0.5, 1, 2 and 3 meters over twinax copper cable
•
40GBASE-CR4 QSFP+ to QSFP+ twinax copper cables
— Twinax copper cable
— Link lengths of 1, 2, 3, 5 and 7 meters
Arista 40 Gigabit Ethernet QSFP+ Cables and Optics:
•
40GBASE-SR4 QSFP+ Transceiver
— Link length maximum 100 meters over parallel OM3 or 150 meters over OM4 MMF
— Optical interoperability with 40GBASE-XSR4 (100/150 meter maximum)
•
40GBASE-XSR4 QSFP+ Transceiver
— Link length maximum 300 meters over parallel OM3 or 450 meters over OM4 MMF
— Optical interoperability with 40GBASE-SR4 (100/150 meter maximum)
•
40GBASE-LR4 QSFP+
— Link length maximum 10 km over duplex single-mode fiber
•
40GBASE-CR4 QSFP+ to QSFP+ twinax copper cables
— Link lengths of 1, 2, 3, 5 and 7 meters over twinax copper cable
Arista Gigabit Ethernet SFP Options:
•
1000BASE-SX (Short Haul)
— Multi-mode fiber
— Link length maximum 550 meter
User Manual: Version 4.15.2F
29 September 2015
423
Ethernet Physical Layer
•
Chapter 9 Ethernet Ports
1000BASE-LX (Long Haul)
— Single-mode or multi-mode fiber
— Link length maximum 10 km (single mode) or 550 meters (multi-mode)
•
1000BASE-T (RJ-45 Copper)
— Category 5 cabling
— Full duplex 1000Mbps connectivity
Internal ports
Several Arista switches include internal ports that connect directly to an external cable through an RJ-45
jack. Internal ports available on Arista switches include:
•
•
9.3.3
100/1000BASE-T (7048T-A)
100/1000/10GBASE-T (7050-T)
MXP Ports
MXP ports provide embedded optics that operate in one of three modes: 10GbE (12 ports), 40GbE (3
ports), and 100GbE (1 port). Each mode requires a specified cable is implemented through configuration
commands. MXP ports utilize multi-mode fiber to provide support over 150 meters.
424
•
100GbE mode requires an MTP-24 to MTP-24 cable, which uses 20 of 24 fibers to carry 100Gbe across
10 send and 10 receive channels. When connecting two 100GbE MXP ports, the TX lanes must be
crossed with the RX lanes.
•
40GbE mode requires an MTP cable that provides a split into three MTP-12 ends. The cable splits
the MXP port into three MTP-12 ends, each compatible with standards based 40GBASE-SR4 ports
over OM3 or OM4 fiber up to 100m or 150m.
•
10GbE mode requires an MTP cable that provides a split into 12x10G with LC connectors to adapt
the MXP port into 12x10GbE. The cable splits the MXP port into twelve LC ends for using SR or SRL
optics over multimode OM3/OM4 cables.
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
9.4
Interfaces
Interfaces
Arista switches provide two physical interface types that receive, process, and transmit Ethernet frames:
Ethernet interfaces and Management interfaces.
Each Ethernet interface is assigned a 48-bit MAC address and communicates with other interfaces by
exchanging data packets. Each packet contains the MAC address of its source and destination interface.
Ethernet interfaces establish link level connections by exchanging packets. Interfaces do not typically
accept packets with a destination address of a different interface.
Ethernet data packets are frames. A frame begins with preamble and start fields, followed by an
Ethernet header that includes source and destination MAC addresses. The middle section contains
payload data, including headers for other protocols carried in the frame. The frame ends with a 32-bit
cyclic redundancy check (CRC) field that interfaces use to detect data corrupted during transmission.
9.4.1
Ethernet Interfaces
Ethernet speed and duplex configuration options depend on the media type of the interface:
•
40GBASE-SR4 and 40GBASE-CR4: Default operation is as four 10G ports. Speed command options
support their configuration as a single 40G port.
•
10GBASE-T: Ports autonegotiates speed, offering 10G and 1G full duplex. Preferred setting is 10G.
Half duplex and 10M are not supported. 100M is supported on the 7050-T.
Available speed forced commands include 10GFull and 1GFull.
9.4.2
•
10GBASE (SFP+): Ports operate as 10G ports. Speed commands do not effect configuration.
•
1000BASE-T (Copper): Default setting is autonegotiate, offering 1G full and 100M; preferred setting
is 1G full. Autonegotiation that offers only 100M is available through speed auto 100full command.
Half duplex and 10M are not supported.
•
1000BASE (fiber): Operates as 1 G full duplex port. Speed commands do not effect configuration.
Agile Ports
Agile Ports are a feature of the 7150S Series that allows the user to configure adjacent blocks of 4 x SFP+
interfaces as a single 40G link. The set of interfaces that can be combined to form a higher speed port is
restricted by the hardware configuration. Only interfaces that pass through a common PHY component
can be combined. One interface within a combinable set is designated as the primary port. When the
primary interface is configured as a higher speed port, all configuration statements are performed on
that interface. All other interfaces in the set are subsumed and not individually configurable when the
primary interface is configured as the higher speed port. This feature allows the 7150S-24 to behave as
a 4x40G switch (using 16 SFP+) and the remaining SFP+ provide 8 x 10G ports. On the 7150S-52 this
allows up to 13x 40G (all 52 ports grouped as 40G) and on the 7150S-64 Agile Ports allows the switch to
be deployed with up to 16 native 40G interfaces - 4 are QSFP+ and the remaining 12 as 4xSFP+ groups.
Section 9.5.6 describes the configuration of agile ports.
9.4.3
Management Interfaces
The management interface is a layer 3 host port that is typically connected to a PC for performing out
of band switch management tasks. Each switch has one or two management interfaces. Only one port
is needed to manage the switch; the second port, when available, provides redundancy.
User Manual: Version 4.15.2F
29 September 2015
425
Interfaces
Chapter 9 Ethernet Ports
Management interfaces are 10/100/1000 BASE-T interfaces. By default, auto-negotiation is enabled on
management interfaces. All combinations of speed 10/100/1000 and full or half duplex is enforceable on
these interfaces through speed commands.
Management ports are enabled by default. The switch cannot route packets between management ports
and network (Ethernet interface) ports because they are in separate routing domains. When the PC is
multiple hops from the management port, packet exchanges through layer 3 devices between the
management port and PC may require the enabling of routing protocols.
The Ethernet management ports are accessed remotely over a common network or locally through a
directly connected PC. An IP address and static route to the default gateway must be configured to
access the switch through a remote connection.
426
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
9.5
Ethernet Configuration Procedures
Ethernet Configuration Procedures
These sections describe Ethernet and Management interface configuration procedures:
•
•
•
•
•
•
•
9.5.1
Section 9.5.1: Physical Interface Configuration Modes
Section 9.5.2: Assigning MAC Addresses to an Interface
Section 9.5.3: Referencing Modular Ports
Section 9.5.4: QSFP+ Modules
Section 9.5.6: Agile Ports
Section 9.5.7: Autonegotiated Settings
Section 9.5.8: Displaying Ethernet Port Properties
Physical Interface Configuration Modes
The switch provides two configuration modes for modifying Ethernet parameters:
•
•
Interface-Ethernet mode configures parameters for specified Ethernet interfaces.
Interface-Management mode configures parameters for specified management Ethernet interfaces.
Physical interfaces cannot be created or removed.
Multiple interfaces can be simultaneously configured. Commands are available for configuring
Ethernet specific, layer 2, layer 3, and application layer parameters. Commands that modify protocol
specific settings in Ethernet configuration mode are listed in the protocol chapters.
•
•
The interface ethernet command places the switch in Ethernet-interface configuration mode.
The interface management command places the switch in management configuration mode.
Examples
• This command places the switch in Ethernet-interface mode for Ethernet interfaces 5-7 and 10.
switch(config)#interface ethernet 5-7,10
switch(config-if-Et5-7,10)#
•
This command places the switch in management-interface mode for management interface 1.
switch(config)#interface management 1
switch(config-if-Ma1)#
9.5.2
Assigning MAC Addresses to an Interface
Ethernet and Management interfaces are assigned a MAC address when manufactured. This address is
the burn in address. The mac-address command assigns a MAC address to the configuration mode
interface in place of the burn in address. The no mac-address command reverts the interface’s current
MAC address to its burn in address.
Examples
• This command assigns the MAC address of 001c.2804.17e1 to Ethernet interface 7.
switch(config-if-Et7)#mac-address 001c.2804.17e1
•
This command displays the MAC address of Ethernet interface 7. The active MAC address is
001c.2804.17e1. The burn in address is 001c.7312.02e2.
switch(config-if-Et7)#show interface ethernet 7
Ethernet7 is up, line protocol is up (connected)
Hardware is Ethernet, address is 001c.2804.17e1 (bia 001c.7312.02e2)
Description: b.e45
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config-if-Et7)#
User Manual: Version 4.15.2F
29 September 2015
427
Ethernet Configuration Procedures
9.5.3
Chapter 9 Ethernet Ports
Referencing Modular Ports
Arista modular switches provide port access through installed linecards. The maximum number of
linecards on a modular switch varies with the switch series and model.
Several CLI commands modify modular parameters for all ports on a specified linecard or controlled by
a specified chip. This manual uses these conventions to reference modular components:
•
•
•
card_x refers to a line card.
module_y refers to a QSFP+ module.
port_z refers to a linecard or module port.
Commands that display Ethernet port status use the following conventions:
•
•
SFP ports: : card_x/port_z to label the linecard-port location of modular ports
QSFP ports: card_x/module_y/port_z to label the linecard-port location of modular ports
Section 9.5.4 describe QSFP+ module usage.
Example
• This command displays the status of interfaces 1 to 9 on linecard 4:
switch>show interface ethernet 4/1-9 status
Port
Name
Status
Vlan
Et4/1
connected
1
Et4/2
connected
1
Et4/3
connected
1
Et4/4
connected
1
Et4/5
connected
1
Et4/6
connected
1
Et4/7
connected
1
Et4/8
connected
1
Et4/9
connected
1
switch>
9.5.4
Duplex
full
full
full
full
full
full
full
full
full
Speed
10G
10G
10G
10G
10G
10G
10G
10G
10G
Type
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
QSFP+ Modules
The following sections describe the configuration of QSFP+ ports.
9.5.4.1
QSFP+ Ethernet Interface Configuration
Each QSFP+ module Ethernet interface is configurable as a single 40G port or as four 10G ports. The
switch displays four ports for each interface. Each port’s status depends on the interface configuration:
•
•
•
The /1 port is active (connected or not connected), regardless of the interface configuration.
The /2, /3, and /4 ports are error-disabled when the interface is configured as a single 40G port;
all ports are active (connected or not connected), when the interface is configured as four 10G ports.
Example
• On DCS-7050S-64, interface 49 is a QSFP+ interface. Its ports are listed as 49/1, 49/2, 49/3, and 49/4.
Port status depends on the interface configuration:
— 40G port configuration: 49/1 is connected or not connected; 49/2, 49/3, and 49/4 are error-disabled.
— 4x10G port configuration: 49/1, 49/2, 49/3, and 49/4 status is connected or not connected.
The speed forced 40gfull command configures a QSFP+ Ethernet interface as a 40G port. The no speed
forced 40gfull command configures a QSFP+ Ethernet interface as four 10G ports. These commands
reset the forwarding agent, which disrupts traffic on all switch ports. These commands must be applied
to the /1 port.
428
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Procedures
To configure a QSFP+ Ethernet interface as a single 40G port:
Step 1 Enter Interface Ethernet configuration mode for port /1 of the QSFP+ Ethernet interface.
switch(config)#interface ethernet 49/1
Step 2 Enter speed force 40gfull command:
switch(config-if-Et49/1)#speed forced 40gfull
This step restarts the forwarding agent, which disrupts traffic on all switch ports. The agent
may require more than a minute to restart.
Step 3 Enter show interface status to confirm the change in configuration.
switch(config-if-Et49/1)#show interface status
Port
Name
Status
Vlan
Et1
connected
1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Et48
connected
1
Et49/1
connected
1
Et49/2
errdisabled 1
Et49/3
errdisabled 1
Et49/4
errdisabled 1
Et50/1
connected
1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config-if-Et49/1)#
Duplex
full
full
full
full
full
full
full
Speed Type
10G 10GBASE-SR
10G
40G
10G
10G
10G
10G
10GBASE-SR
40GBASE-CR
40GBASE-CR
40GBASE-CR
40GBASE-CR
40GBASE-CR
To configure a QSFP+ Ethernet interface as four 10G port interfaces:
Step 1 Enter Interface Ethernet mode for port /1 of the QSFP+ interface.
switch(config)#interface ethernet 49/1
switch(config-if-Et49/1)#
Step 2 Enter no speed force 40gfull command.
switch(config-if-Et49/1)#no speed forced 40gfull
switch(config-if-Et49/1)#
This step restarts the forwarding agent, which disrupts traffic on all switch ports. The agent
may require more than a minute to restart.
Step 3 Enter show interface status to confirm the change in configuration.
switch(config-if-Et49/1)#show interface status
Port
Name
Status
Vlan
Et1
notconnect
1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Et48
connected
1
Et49/1
connected
1
Et49/2
connected
1
Et49/3
connected
1
Et49/4
connected
1
Et50/1
connected
1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config-if-Et49/1)#
User Manual: Version 4.15.2F
29 September 2015
Duplex
full
full
full
full
full
full
full
Speed Type
10G Not Present
10G
10G
10G
10G
10G
10G
10GBASE-SR
40GBASE-CR
40GBASE-CR
40GBASE-CR
40GBASE-CR
40GBASE-CR
429
Ethernet Configuration Procedures
9.5.4.2
Chapter 9 Ethernet Ports
QSFP-SFP Interface Availability (DCS-7050Q-16)
The DCS-7050Q-16 contains the following interfaces:
•
16 QSFP+ interfaces, labeled 1-16. Each is configurable as one 40G port or four 10G ports.
Four ports are displayed for each interface. Port status depends on the interface configuration:
— The /1 port is active (connected or not connected), regardless of interface configuration.
— The /2, /3, and /4 ports are error-disabled when interface is configured as a single 40 port;
— all ports are active (connected or not connected), when interface is configured as four 10G ports.
•
8 SFP+ interfaces, labeled 17-24. Each is configurable as a 10G port.
The switch supports a maximum of 64 simultaneously enabled 10G data lanes, requiring that one
QSFP+ interface is disabled for every four enabled SFP+ interfaces. This limitation is enforced through
two port groups, each containing one QSFP+ interface and a set of four SFP+ interfaces. In each port
group, either the QSFP+ interface or the SFP+ interface set is enabled. The port groups are
independently configurable.
•
•
Port group 1 contains interface 15 (QSFP+) and interfaces 17-20 (SFP+).
Port group 2 contains interface 16 (QSFP+) and interfaces 21-24 (SFP+).
Table 9-3 displays the port group configuration options.
Table 9-3
Port Group 1
QSFP+ enabled
Port Group Configuration Options
Port Group 2
QSFP Ports enabled
QSFP+ enabled
SFP Ports enabled
16: Ports 1-16
none
Default
Yes
QSFP+ enabled
SFP+ enabled
15: Ports 1-15
4: Ports 21-24
No
SFP+ enabled
QSFP+ enabled
15: Ports 1-14, 16
4: Ports 17-20
No
SFP+ enabled
SFP+ enabled
14: Ports 1-14
8: Ports 17-24
No
The hardware port-group command determines the interface configuration for the specified port
group. This command restarts the forwarding agent, which disrupts traffic on all switch ports. The
agent may require more than one minute to restart.
These commands enable the QSFP+ interfaces in both port groups:
switch(config)#hardware port-group 1 select Et15/1-4
switch(config)#hardware port-group 2 select Et16/1-4
These commands enable the SFP+ interfaces in both port groups:
switch(config)#hardware port-group 1 select Et17-20
switch(config)#hardware port-group 2 select Et21-24
Example
• These commands configure the switch to provide availability to 15 QSFP+ and four SFP+
interfaces by enabling the QSFP+ interface in port group 2 and the SFP+ interfaces in port group 1.
switch(config)#hardware port-group 1 select Et17-20
switch(config)#hardware port-group 2 select Et16/1-4
The show hardware port-group command displays the status of ports in the port groups.
430
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Procedures
Example
• This command displays the status of ports in the two port groups on a DCS-7050Q-16 switch.
switch>show hardware port-group
Portgroup: 1
Active Ports: Et15/1-4
Port
State
-----------------------------------------Ethernet17
ErrDisabled
Ethernet18
ErrDisabled
Ethernet19
ErrDisabled
Ethernet20
ErrDisabled
Ethernet15/1
Active
Ethernet15/2
Active
Ethernet15/3
Active
Ethernet15/4
Active
Portgroup: 2
Active Ports: Et16/1-4
Port
State
-----------------------------------------Ethernet16/1
Active
Ethernet16/2
Active
Ethernet16/3
Active
Ethernet16/4
Active
Ethernet21
ErrDisabled
Ethernet22
ErrDisabled
Ethernet23
ErrDisabled
Ethernet24
ErrDisabled
switch>
9.5.5
MXP Modules
The following sections describe the configuration of MXP ports.
9.5.5.1
MXP Ethernet Interface Configuration
Each MXP module Ethernet interface is configurable either as a single 100G port, up to three 40G ports,
or up to twelve 10G ports. The module contains twelve data lanes that can be combined to form the
higher speed interfaces.
100G Interface
The module is configured as a 100G interface by combining lanes 1 through 10. In this mode, ports /2
through /12 are errdisabled. No 40G or 10G interfaces are configurable in this mode.
40G Interface
The module can be configured into 40G interfaces by combining four data lanes. Valid 40G port
configurations include:
•
•
•
port /1 is configured as a 40G interface: ports /2, /3, and/4 are errdisabled.
port /5 is configured as a 40G interface: ports /6, /7, and /8 are errdisabled
port /9 is configured as a 40G interface: ports /10, /11, and /12 are errdisabled
Each 40G port is independently configurable. Ports that are not configured or errdisabled can operate
as 10G interfaces.
User Manual: Version 4.15.2F
29 September 2015
431
Ethernet Configuration Procedures
Chapter 9 Ethernet Ports
10G Interface
A port functions as a 10G interface when it is not included in a higher speed interface configuration,
either as an active or errdisabled port.
Example
• On a 7500E-72S-LC linecard, interface 50 is an MXP interface. When the linecard is in slot 5, these
MXP ports are listed as 5/50/1 through 5/50/12 . Port status depends on the interface configuration:
— 100G port configuration: 5/50/1 is connected or not connected; 5/50/2 through 5/50/12 are
error-disabled.
— 40G port configuration: 5/50/1, 5/50/5, and 5/50/9 are connected or not connected; 5/50/2, 5/50/3,
5/50/4, 5/50/6, 5/50/7, 5/50/8, 5/50/10, 5/50/11, and 5/50/ 12 are error-disabled.
Each 40G port is independently configurable.
— 10G port configuration: 5/50/1 through 5/50/12 are connected or not connected.
These speed commands configure MXP Ethernet interfaces:
•
The speed forced 100gfull command configures 12 MXP Ethernet ports as a 100G interface.
This command must be applied to the /1 port.
•
The speed forced 40gfull command configures 4 MXP Ethernet ports as a 40G port interface.
This command must be applied to the /1, /5 port, or /9 port. The speed forced 100gfull command on
/1 ports takes precedence over speed forced 40gfull commands on /5 and /9 ports.
•
The speed forced 10gfull command configures an MXP Ethernet interface as a 10G port. When
replacing a higher speed command, it also reverts the affiliated interfaces to their default state as
10G interfaces.
The no speed command performs the same task as the speed forced 10gfull command.
To configure an MXP Ethernet interface as a single 100G port:
Step 1 Enter Interface Ethernet configuration mode for port /1 of MXP Ethernet interface.
switch(config)#interface ethernet 5/49/1
Step 2 Enter speed force 100gfull command:
switch(config-if-Et5/49/1)#speed forced 100gfull
This step may restart the forwarding agent, which disrupts traffic on all switch ports. The agent
may require more than a minute to restart.
Step 3 Enter show interface status to confirm the change in configuration.
switch(config-if-Et5/49/1)#show interface status
Port
Name
Status
Vlan
Et3/1
connected
1
Duplex
full
Speed Type
10G 10GBASE-SRL
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Et5/48
Et5/49/1
Et5/49/2
Et5/49/3
Et5/49/4
Et5/49/5
Et5/49/6
Et5/49/7
Et5/49/8
432
connected
connected
errdisabled
errdisabled
errdisabled
errdisabled
errdisabled
errdisabled
errdisabled
29 September 2015
1
1
1
1
1
1
1
1
1
full
full
unconf
unconf
unconf
unconf
unconf
unconf
unconf
10G
100G
unconf
unconf
unconf
unconf
unconf
unconf
unconf
10GBASE-SRL
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Procedures
Et5/49/9
Et5/49/10
Et5/49/11
Et5/49/12
Et5/50/1
errdisabled
errdisabled
errdisabled
errdisabled
connected
1
1
1
1
1
unconf
unconf
unconf
unconf
full
unconf
unconf
unconf
unconf
10G
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config-if-Et5/49/1)#
To configure an MXP Ethernet interface as three 40G ports:
Step 1 Enter Interface Ethernet configuration mode for port /1 of the MXP Ethernet interface.
switch(config)#interface ethernet 5/49/1
Step 2 Enter speed force 40gfull command:
switch(config-if-Et5/49/1)#speed forced 40gfull
Step 3 Repeat for ports /5 and /9.
switch(config-if-Et5/49/1)#interface ethernet 5/49/5
switch(config-if-Et5/49/5)#speed forced 40gfull
switch(config-if-Et5/49/9)#interface ethernet 5/49/9
switch(config-if-Et5/49/9)#speed forced 40gfull
Step 4 Enter show interface status to confirm the change in configuration.
switch(config-if-Et5/49/9)#show interface status
Port
Name
Status
Vlan
Et3/1
connected
1
Duplex
full
Speed Type
10G 10GBASE-SRL
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Et5/48
Et5/49/1
Et5/49/2
Et5/49/3
Et5/49/4
Et5/49/5
Et5/49/6
Et5/49/7
Et5/49/8
Et5/49/9
Et5/49/10
Et5/49/11
Et5/49/12
Et5/50/1
connected
connected
errdisabled
errdisabled
errdisabled
connected
errdisabled
errdisabled
errdisabled
connected
errdisabled
errdisabled
errdisabled
connected
1
1
1
1
1
1
1
1
1
1
1
1
1
1
full
full
unconf
unconf
unconf
full
unconf
unconf
unconf
full
unconf
unconf
unconf
full
10G
40G
unconf
unconf
unconf
40G
unconf
unconf
unconf
40G
unconf
unconf
unconf
10G
10GBASE-SRL
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config-if-Et5/49/9)#
To configure an MXP Ethernet port that is configured as a 100G interface into twelve 10G port interfaces:
Step 1 Enter Interface Ethernet mode for port /1 of the MXP interface.
switch(config)#interface ethernet 5/49/1
Step 2 Enter no speed command.
switch(config-if-Et5/49/1)#no speed
This step may restart the forwarding agent, which disrupts traffic on all switch ports. The agent
may require more than a minute to restart.
User Manual: Version 4.15.2F
29 September 2015
433
Ethernet Configuration Procedures
Chapter 9 Ethernet Ports
Step 3 Enter show interface status to confirm the change in configuration.
switch(config-if-Et5/49/1)#show interface status
Port
Name
Status
Vlan
Et3/1
connected
1
Duplex
full
Speed Type
10G 10GBASE-SRL
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Et5/48
Et5/49/1
Et5/49/2
Et5/49/3
Et5/49/4
Et5/49/5
Et5/49/6
Et5/49/7
Et5/49/8
Et5/49/9
Et5/49/10
Et5/49/11
Et5/49/12
Et5/50/1
connected
connected
connected
connected
connected
connected
connected
connected
connected
connected
connected
connected
connected
connected
1
1
1
1
1
1
1
1
1
1
1
1
1
1
full
full
full
full
full
full
full
full
full
full
full
full
full
full
10G
10G
10G
10G
10G
10G
10G
10G
10G
10G
10G
10G
10G
10G
10GBASE-SRL
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
100GBASE-SR1
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config-if-Et5/49/1)#
9.5.6
Agile Ports
An agile port is an interface that can function as a 10G port or can subsume a predefined set of 10G
interfaces to form an interface with higher speed capabilities.
The set of interfaces that can be combined to form a higher speed port is restricted by the hardware
configuration. Only interfaces that pass through a common PHY component can be combined. One
interface within a combinable set is designated as the primary port.
•
To view the set of available agile ports and the subsumable interfaces that comprise them, enter
show platform fm6000 agileport map.
•
To configure the primary port as a higher speed port, enter speed forced 40gfull or speed auto
40gfull.
•
To revert the primary port and its subsumed ports to 10G interfaces, enter no speed.
Example
• These commands displays the agile port map for the switch, then configures ethernet interface 13
as a 40G port.
switch#show platform fm6000 agileport map
----------------------------------------------------------------Agile Ports
|
Interfaces subsumed in 40G link
----------------------------------------------------------------Ethernet1
| Ethernet3
Ethernet5
Ethernet7
Ethernet2
| Ethernet4
Ethernet6
Ethernet8
Ethernet13
| Ethernet15
Ethernet17
Ethernet19
Ethernet14
| Ethernet16
Ethernet18
Ethernet20
switch#config
switch(config)#interface ethernet 13
switch(config-if-Et13)#speed forced 40gfull
434
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
WARNING!
Ethernet Configuration Procedures
Executing this command will cause the forwarding agent
to be restarted. All interfaces will briefly drop links
and forwarding on all interfaces will momentarily stop.
Do you wish to proceed with this command? [y/N]
Ethernet17 configured for 40G.
Ethernet15, Ethernet17 and Ethernet19 are now subsumed.
switch(config-if-Et13)#
This command reverts the agile 40G port to a 10G port and frees its subsumed ports
as individual 10G ports.
switch(config-if-Et13)#no speed
WARNING!
Executing this command will cause the forwarding agent
to be restarted. All interfaces will briefly drop links
and forwarding on all interfaces will momentarily stop.
Do you wish to proceed with this command? [y/N]
Ethernet13 no longer configured for 40G.
Ethernet15, Ethernet17 and Ethernet19 are now free.
switch(config-if-Et13)#
9.5.7
Autonegotiated Settings
In autonegotiation, the transmission speed, duplex setting, and flow control parameters used for
Ethernet-based communication can be automatically negotiated between connected devices to establish
optimized common settings.
9.5.7.1
Speed and Duplex
The speed command configures the transmission speed and duplex setting for the configuration mode
interface. The scope and effect of this command depends on the interface type:
•
10GBASE-T: Default is 10G full. Speed command affects interface.
Default setting is autonegotiate, offering 10G full, 1G full, and 100M full; preferred setting is 10G full.
Half duplex and 10M are not supported. The interface accepts speed forced commands for the
supported speed and duplex settings.
•
10GBASE (SFP+): Operates as 10G full port. Speed command does not affect interface.
•
1000BASE (copper): Default is autonegotiate. Speed command affects interface.
Default setting is autonegotiate, offering 1G full and 100M; preferred setting is 1G full.
Autonegotiation that offers only 100M is available through speed auto 100full command. Half
duplex and 10M are not supported. The interface accepts speed forced commands for the
supported speed and duplex settings.
•
1000BASE (fiber): Operates as 1G full port. Speed command does not affect interface.
•
40GBASE (QSFP+): Default is 4x10G-full. Speed forced 40gfull affects interface.
Default setting is as four 10G full duplex ports. Speed forced 40gfull configures interface as a single
40G full duplex port.
•
100GBASE (MXP): Default is 12x10G-full. Speed forced 40gfull and Speed forced 100gfull affects
interface.
User Manual: Version 4.15.2F
29 September 2015
435
Ethernet Configuration Procedures
Chapter 9 Ethernet Ports
Default setting is as twelve 10G full duplex ports. Speed forced 40gfull configures interface as three
40G full duplex ports. Speed forced 100gfull configures interface as a 100G full duplex port.
•
10/100/1000: Default is autonegotiate. Speed command affects interface.
Default setting is autonegotiate, offering 1G full, 100M full, 10M full, 1G half, 100M half, and 10M
half; preferred setting is 1G full. The interface accepts speed forced commands for the supported
speed and duplex options.
Example
• This command configures a 40GBASE interface as a 40G port.
switch(config-if-Et49/1)#speed forced 40gfull
9.5.7.2
Flow Control
Flow control is a data transmission option that temporarily stops a device from sending data because of
a peer data overflow condition. If a device sends data faster than the receiver can accept it, the receiver's
buffer can overflow. The receiving device then sends a PAUSE frame, instructing the sending device to
halt transmission for a specified period.
Flowcontrol commands configure administrative settings for flow control packets.
•
The flowcontrol receive command configures the port's ability to receive flow control pause frames.
— off: port does not process pause frames that it receives.
— on: port processes pause frames that it receives
— desired: port autonegotiates; processes pause frames if peer is set to send or desired.
•
The flowcontrol send command configures the port's ability to transmit flow control pause frames.
— off: port does not send pause frames.
— on: port sends pause frames.
— desired: port autonegotiates; sends pause frames if peer is set to receive or desired.
Desired is not an available parameter option. Ethernet data ports cannot be set to desired. Management
ports are set to desired by default and with the no flowcontrol receive command.
The port linking process includes flow control negotiation. Ports must have compatible flow control
settings to create a link. Table 9-4 lists the compatible flow control settings.
Table 9-4
local port
Compatible Settings for Flow Control Negotiation
peer port
receive on
send on or send desired
receive off
send off or send desired
receive desired
send on , send off, or send desired
send on
receive on or receive desired
send off
receive off or receive desired
send desired
receive on , receive off, or receive desired
Example
• These commands set the flow control receive and send to on on Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#flowcontrol receive on
switch(config-if-Et5)#flowcontrol send on
switch(config-if-Et5)#
436
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
9.5.8
Ethernet Configuration Procedures
Displaying Ethernet Port Properties
Show commands are available to display various Ethernet configuration and operational status on each
interface. Ethernet settings that are viewable include:
•
•
•
•
•
Port Type
PHY Status
Negotiated Settings
Flow Control
Capabilities
Port Type
The port type is viewable from the output of show interfaces status, show interfaces capabilities, and
show interfaces transceiver properties commands.
Example
• This show interfaces status command displays the status of Ethernet interfaces 1-5.
switch>show interfaces status
Port
Name
Status
Et1
connected
Et2
connected
Et3
connected
Et4
connected
Et5
notconnect
switch>
•
Vlan
1
1
1
1
1
Duplex
full
full
full
full
full
Speed
10G
10G
10G
10G
10G
Type
10GBASE-SRL
10GBASE-SRL
10GBASE-SRL
10GBASE-SRL
Not Present
This show interfaces capabilities command displays the status of Ethernet interfaces 2 and 18.
switch>show interfaces ethernet 2,18 capabilities
Ethernet2
Model:
DCS-7150S-64-CL
Type:
10GBASE-CR
Speed/Duplex: 10G/full,40G/full,auto
Flowcontrol: rx-(off,on,desired),tx-(off,on,desired)
Ethernet18
Model:
DCS-7150S-64-CL
Type:
10GBASE-SR
Speed/Duplex: 10G/full
Flowcontrol: rx-(off,on),tx-(off,on)
switch>
•
This command displays the media type, speed, and duplex properties for Ethernet interfaces 1.
switch>show interfaces ethernet 1 transceiver properties
Name : Et1
Administrative Speed: 10G
Administrative Duplex: full
Operational Speed: 10G (forced)
Operational Duplex: full (forced)
Media Type: 10GBASE-SRL
PHY
PHY information for each Ethernet interface is viewed by entering the show interfaces phy command.
User Manual: Version 4.15.2F
29 September 2015
437
Ethernet Configuration Procedures
Chapter 9 Ethernet Ports
Example
• This command summarizes PHY information for Ethernet interfaces 1-3.
switch>show interfaces ethernet 1-3 phy
Key:
U
= Link up
D
= Link down
R
= RX Fault
T
= TX Fault
B
= High BER
L
= No Block Lock
A
= No XAUI Lane Alignment
0123 = No XAUI lane sync in lane N
Port
-------------Ethernet1
Ethernet2
Ethernet3
switch>
State
Reset
PHY state
Changes
Count PMA/PMD
--------------- -------- -------- ------linkUp
14518
1750 U..
linkUp
13944
1704 U..
detectingXcvr
3
1
PCS
----U....
U....
XAUI
-------U.......
U.......
D..A0123
Negotiated Settings
Speed, duplex, and flow control settings are displayed through the show interfaces capabilities, PHY
information for each Ethernet interface is viewed by entering the show interfaces capabilities, show
flowcontrol, and show interfaces status commands.
Example
• This command displays speed/duplex and flow control settings for Ethernet interface 1.
switch>show interfaces ethernet 1 capabilities
Ethernet1
Model:
DCS-7150S-64-CL
Type:
10GBASE-SR
Speed/Duplex: 10G/full
Flowcontrol: rx-(off,on),tx-(off,on)
switch>
•
This command shows the flow control settings for Ethernet interfaces 1-2.
switch>show flowcontrol interface ethernet 1-2
Port
Send FlowControl Receive FlowControl
admin
oper
admin
oper
--------- -------- -------- -------- -------Et1
off
off
off
off
Et2
off
off
off
off
switch>
•
TxPause
------------- ------------0
0
0
0
This command displays the speed type and duplex settings for management interfaces 1-2.
switch>show interfaces management 1-2 status
Port
Name
Status
Vlan
Ma1
connected
routed
Ma2
connected
routed
switch>
438
RxPause
29 September 2015
Duplex Speed Type
a-full a-100M 10/100/1000
a-full
a-1G 10/100/1000
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
9.6
Ethernet Configuration Commands
Ethernet Configuration Commands
Global Configuration Commands
• hardware port-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• interface ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• interface management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• transceiver qsfp default-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 442
Page 444
Page 445
Page 466
Interface Configuration Commands – Ethernet and Management Interfaces
• flowcontrol receive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• flowcontrol send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• link-debounce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• mac-address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• speed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 440
Page 441
Page 446
Page 447
Page 464
Interface Display Commands
• show flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show hardware port-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces counters bins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces counters errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces counters queue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces counters rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces phy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces status errdisabled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces transceiver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show interfaces transceiver properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show platform fm6000 agileport map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 448
Page 449
Page 450
Page 451
Page 452
Page 453
Page 454
Page 455
Page 456
Page 457
Page 459
Page 460
Page 461
Page 462
Page 463
User Manual: Version 4.15.2F
29 September 2015
439
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
flowcontrol receive
The flowcontrol receive command configures administrative settings for inbound flow control packets.
Ethernet ports use flow control to delay packet transmission when port buffers run out of space. Ports
transmit a pause frame when their buffers are full, signaling their peer ports to delay sending packets
for a specified period.
The flowcontrol receive command configures the configuration mode port's ability to receive flow
control pause frames.
•
•
•
off: port does not process pause frames that it receives.
on: port processes pause frames that it receives.
desired: port autonegotiates flow control; processes pause frames if the peer is set to send desired.
Desired is not an available parameter option. Ethernet data ports cannot be set to desired.
Management ports are set to desired by default and with the no flowcontrol receive command.
The port linking process includes flow control negotiation. Ports must have compatible flow control
settings to create a link. Table 9-5 lists the compatible flow control settings.
Table 9-5
Compatible Settings for Flow Control Negotiation – Local Port Receiving
local port
peer port
receive on
send on or send desired
receive off
send off or send desired
receive desired
send on , send off, or send desired
The no flowcontrol receive and default flowcontrol receive commands restore the default flow control
setting for the configuration mode interface by removing the corresponding flowcontrol receive
command from running-config. The default setting is off for Ethernet data ports and desired for
Management ports.
all
Command Mode
Interface-Ethernet Configuration
Interface-Management Configuration
Command Syntax
flowcontrol receive STATE
no flowcontrol receive
default flowcontrol receive
Parameters
•
STATE
flow control pause frame processing setting. Options include:
— on
— off
Examples
•
These commands set the flow control received on Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#flowcontrol receive on
switch(config-if-Et5)#
440
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
flowcontrol send
The flowcontrol send command configures administrative settings for outbound flow control packets.
Ethernet ports use flow control to delay packet transmission when port buffers run out of space. Ports
transmit a pause frame when their buffers are full, signaling their peer ports to delay sending packets
for a specified period.
The flowcontrol send command configures the configuration mode port's ability to transmit flow
control pause frames.
•
•
•
off: port does not send pause frames.
on: port sends pause frames.
desired: port autonegotiates flow control; sends pause frames if the peer is set to receive desired.
Desired is not an available parameter option. Ethernet data ports cannot be set to desired.
Management ports are set to desired by default and with the no flowcontrol send command.
The port linking process includes flow control negotiation. Ports must have compatible flow control
settings to create a link. Table 9-6 lists the compatible flow control settings.
Table 9-6
Compatible Settings for Flow Control Negotiation – Local Port Transmitting
local port
peer port
send on
receive on or receive desired
send off
receive off or receive desired
send desired
receive on , receive off, or receive desired
The no flowcontrol send and default flowcontrol send commands restore the default flow control
setting for the configuration mode interface by removing the corresponding flowcontrol send
command from running-config. The default setting is off for Ethernet data ports and desired for
Management ports.
all
Command Mode
Interface-Ethernet Configuration
Interface-Management Configuration
Command Syntax
flowcontrol send STATE
no flowcontrol send
default flowcontrol send
Parameters
•
STATE
flow control send setting. Options include
— on
— off
Examples
•
These commands set the flow control sent on Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#flowcontrol send on
switch(config-if-Et5)#
User Manual: Version 4.15.2F
29 September 2015
441
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
hardware port-group
The hardware port-group command configures a DCS-7050Q-16 port group to activate a 40GBASE
(QSFP+) interface or four 10GBASE (SFP+) interfaces, affecting QSFP+ and SFP+ availability.
The DCS-7050Q-16 contains the following interfaces:
•
16 QSFP+ interfaces, labeled 1-16. Each is configurable as one 40G port or four 10G ports.
Four ports are displayed for each interface. Port status depends on the interface configuration:
— The /1 port is active (connected or not connected), regardless of interface configuration.
— The /2, /3, and /4 ports are error-disabled when interface is configured as a single 40 port;
— all ports are active (connected or not connected), when interface is configured as four 10G ports.
•
8 SFP+ interfaces, labeled 17-24. Each is configurable as a 10G port.
The switch supports a maximum of 64 simultaneously enabled 10G data lanes, requiring that one
QSFP+ interface is disabled for every four enabled SFP+ interfaces. This limitation is enforced through
two port groups, each containing one QSFP+ interface and a set of four SFP+ interfaces. In each port
group, either the QSFP+ interface or the SFP+ interface set is enabled. The port groups are
independently configurable.
•
•
Port group 1 contains interface 15 (QSFP+) and interfaces 17-20 (SFP+).
Port group 2 contains interface 16 (QSFP+) and interfaces 21-24 (SFP+).
Table 9-7 displays the port group configuration options.
Table 9-7
Port Group Configuration Options
Port Group 1
Port Group 2
QSFP+ Ports enabled
SFP+ Ports enabled
Default
QSFP+ enabled
QSFP+ enabled
16: Ports 1-16
none
Yes
QSFP+ enabled
SFP+ enabled
15: Ports 1-15
4: Ports 21-24
No
SFP+ enabled
QSFP+ enabled
15: Ports 1-14, 16
4: Ports 17-20
No
SFP+ enabled
SFP+ enabled
14: Ports 1-14
8: Ports 17-24
No
The no hardware port-group and default hardware port-group commands restore a port group’s
default setting by removing the corresponding hardware port-group command from running-config.
The QSFP+ interface is active by default in each port group.
Trident (see Guidelines)
Command Mode
Global Configuration
Command Syntax
hardware port-group group_number select PORT_LIST
no hardware port-group group_number
default hardware port-group group_number
Parameters
•
group_number
•
PORT_LIST
—
—
—
—
442
label of the port group. Valid options are 1 and 2.
ports activated by command. Options depend on group_number value.
Et15/1-4 activates QSFP+ port on port group 1. Available when group_number is 1.
Et16/1-4 activates QSFP+ port on port group 2. Available when group_number is 2.
Et17-20 activates SFP+ ports on port group 1. Available when group_number is 1.
Et21-23 activates SFP+ ports on port group 2. Available when group_number is 2.
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
Guidelines
The hardware port-group command is available on on DCS-7050Q-16 switches.
Example
•
These commands enable the QSFP+ interface in port group 1 and SFP+ interfaces in port group 2,
display the port group status, and display interface status.
switch(config)#hardware port-group 1 select Et15/1-4
switch(config)#hardware port-group 2 select Et21-24
switch(config)#show hardware port-group
Portgroup: 1
Active Ports: Et17-20
Port
State
-----------------------------------------Ethernet17
ErrDisabled
Ethernet18
ErrDisabled
Ethernet19
ErrDisabled
Ethernet20
ErrDisabled
Ethernet15/1
Active
Ethernet15/2
Active
Ethernet15/3
Active
Ethernet15/4
Active
Portgroup: 2
Active Ports: Et16/1-4
Port
State
-----------------------------------------Ethernet16/1
Active
Ethernet16/2
Active
Ethernet16/3
Active
Ethernet16/4
Active
Ethernet21
ErrDisabled
Ethernet22
ErrDisabled
Ethernet23
ErrDisabled
Ethernet24
ErrDisabled
switch(config)#show interfaces status
Port
Name
Status
Vlan
Et1/1
connected
in Po621
Et1/2
errdisabled inactive
<-------OUTPUT OMITTED FROM EXAMPLE-------->
Et15/1
connected
in Po711
Et15/2
errdisabled inactive
Et15/3
errdisabled inactive
Et15/4
errdisabled inactive
Et16/1
errdisabled inactive
Et16/2
errdisabled inactive
Et16/3
errdisabled inactive
Et16/4
errdisabled inactive
Et17
errdisabled inactive
Et18
errdisabled inactive
Et19
errdisabled inactive
Et20
errdisabled inactive
Et21
connected
425
Et22
connected
611
Et23
connected
in Po998
Et24
connected
in Po998
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
Duplex Speed Type
full
40G 40GBASE-CR4
unconf unconf 40GBASE-CR4
full
unconf
unconf
unconf
unconf
unconf
unconf
unconf
unconf
unconf
unconf
unconf
full
full
full
full
40G
unconf
unconf
unconf
unconf
unconf
unconf
unconf
unconf
unconf
unconf
unconf
10G
10G
10G
10G
40GBASE-CR4
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
Not Present
10GBASE-SRL
10GBASE-SRL
10GBASE-SLR
10GBASE-SLR
443
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
interface ethernet
The interface ethernet command places the switch in Ethernet-interface configuration mode for the
specified interfaces. The command can specify a single interface or multiple interfaces.
Ethernet interfaces are physical interfaces and are not created or removed.
Interface management commands include:
•
•
•
•
•
description
exit
load-interval
mtu
shutdown (Interfaces)
Ethernet management commands include:
•
•
•
flowcontrol
mac-address
speed
Chapters describing supported protocols and other features list additional configuration commands
available from Ethernet interface configuration mode.
all
Command Mode
Global Configuration
Command Syntax
interface ethernet e_range
Parameters
•
e_range
Ethernet interfaces (number, range, or comma-delimited list of numbers and ranges).
Valid Ethernet numbers depend on the switch’s available Ethernet interfaces.
Example
•
This command enters interface configuration mode for Ethernet interfaces 1 and 2:
switch(config)#interface ethernet 1-2
switch(config-if-Et1-2)#
•
This command enters interface configuration mode for Ethernet interface 1:
switch(config)#interface ethernet 1
switch(config-if-Et1)#
444
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
interface management
The interface management command places the switch in management-interface configuration mode
for the specified interfaces. The list can specify a single interface or multiple interfaces if the switch
contains more than one management interface.
Management interfaces are physical interfaces and are not created or removed.
Interface management commands include:
•
•
•
•
•
description
exit
load-interval
mtu
shutdown (Interfaces)
Ethernet management commands include:
•
•
•
flowcontrol
mac-address
speed
Chapters describing supported protocols and other features list additional configuration commands
available from management-interface configuration mode.
all
Command Mode
Global Configuration
Command Syntax
interface management m_range
Parameters
•
m_range Management interfaces (number, range, or comma-delimited list of numbers and ranges).
Valid management numbers depend on the switch’s available management interfaces. A value of 0,
where available, configures the virtual management interface on a dual-supervisor modular switch.
Management interface 0 accesses management port 1 on the active supervisor of a dual-supervisor
modular switch.
Examples
•
This command enters interface configuration mode for management interfaces 1 and 2.
switch(config)#interface management 1-2
switch(config-if-Ma1-2)#
•
This command enters interface configuration mode for management interface 1:
switch(config)#interface management 1
switch(config-if-Ma1)#
User Manual: Version 4.15.2F
29 September 2015
445
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
link-debounce
The link-debounce command configures the link debounce time for the configuration mode interface.
Link debounce time is the time that advertisements for new link states are delayed after the link state is
established. By default, debounce time is set to zero, disabling link debounce.
Debounce times for link-up and link-down transitions can be independently configured.
•
•
Link-up debounce time: the delay before an interface advertises link down to link up transitions.
Link-down debounce time: the delay before an interface advertises link up to link down transitions.
The no link-debounce and default link-debounce commands restore the default debounce setting for
the configuration mode interface by removing the corresponding link-debounce command from
running-config.
all
Command Mode
Interface-Ethernet Configuration
Interface-Management Configuration
Command Syntax
link-debounce time WAIT_TIME
no link-debounce
default link-debounce
Parameters
•
WAIT_TIME
link debounce period (milliseconds). Options include
— <0 - 30000> One debounce value assigned as both link up and link down.
— <0 - 30000> <0 - 30000> Two debounce values: link up is first, link down is second.
All debounce values range from 0 (disabled) to 30000 (30 seconds).
Examples
•
These commands set the link-up and link-down debounce period to 10 seconds on Ethernet
interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#link-debounce time 10000
switch(config-if-Et5)#
•
These commands set the link-up debounce to 10 seconds and the link-down debounce period to
zero on Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#link-debounce time 10000 0
switch(config-if-Et5)#
•
These commands set the link-up debounce to zero and the link-down debounce period to 12.5
seconds on Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#link-debounce time 0 12500
switch(config-if-Et5)#
446
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
mac-address
The mac-address command assigns a MAC address to the configuration mode interface. An interface’s
default MAC address is its burn-in address.
The no mac-address and default mac-address commands revert the interface to its default MAC
address by removing the corresponding mac-address command from running-config.
all
Command Mode
Interface-Ethernet Configuration
Interface-Management Configuration
Command Syntax
mac-address address
no mac-address
default mac-address
Parameters
•
address MAC address assigned to the interface. Format is dotted hex notation (H.H.H).
Disallowed addresses are 0.0.0 and FFFF.FFFF.FFFF.
Example
•
This command assigns the MAC address of 001c.2804.17e1 to Ethernet interface 7, then displays
interface parameters, including the assigned address.
switch(config)#interface ethernet 7
switch(config-if-Et7)#mac-address 001c.2804.17e1
switch(config-if-Et7)#show interface ethernet 7
Ethernet3 is up, line protocol is up (connected)
Hardware is Ethernet, address is 001c.2804.17e1 (bia 001c.7312.02e2)
Description: b.e45
MTU 9212 bytes, BW 10000000 Kbit
Full-duplex, 10Gb/s, auto negotiation: off
Last clearing of "show interface" counters never
5 seconds input rate 7.84 kbps (0.0% with framing), 10 packets/sec
5 seconds output rate 270 kbps (0.0% with framing), 24 packets/sec
1363799 packets input, 222736140 bytes
Received 0 broadcasts, 290904 multicast
0 runts, 0 giants
0 input errors, 0 CRC, 0 alignment, 0 symbol
0 PAUSE input
2264927 packets output, 2348747214 bytes
Sent 0 broadcasts, 28573 multicast
0 output errors, 0 collisions
0 late collision, 0 deferred
0 PAUSE output
switch(config-if-Et7)#
User Manual: Version 4.15.2F
29 September 2015
447
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
show flowcontrol
The show interfaces flowcontrol command displays administrative and operational flow control data
for the specified interfaces. Administrative data is the parameter settings stored in running-config for the
specified interface; the switch uses these settings to negotiate flow control with the peer switch.
Operational data is the resolved flow control setting that controls the port’s behavior.
all
Command Mode
EXEC
Command Syntax
show flowcontrol [INTERFACE]
show [INTERFACE] flowcontrol
Parameters
•
INTERFACE Interface type and number for which flow control data is displayed.
— <no parameter> all interfaces.
— ethernet e_range Ethernet interfaces in the specified range.
— management m_range Management interfaces in the specified range.
Valid e_range and m_range formats include number, number range, or comma-delimited list of
numbers and ranges.
Example
•
This command shows the settings for Ethernet interfaces 1-10.
switch>show flowcontrol interface ethernet 1-10
Port
Send FlowControl Receive FlowControl
admin
oper
admin
oper
--------- -------- -------- -------- -------Et1
off
off
off
off
Et2
off
off
off
off
Et3
off
off
off
off
Et4
off
off
off
off
Et5
off
off
off
off
Et6
off
off
off
off
Et7
off
off
off
off
Et8
off
off
off
off
Et9
off
off
off
off
Et10
off
off
off
off
switch>
448
29 September 2015
RxPause
TxPause
------------0
0
0
0
0
0
0
0
0
0
------------0
0
0
0
0
0
0
0
0
0
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
show hardware port-group
The show hardware port-group command displays the status of DCS-7050Q-16 port-groups. Port
groups contain one QSFP+ interface and a set of four SFP+ interfaces. In each port group, either the
QSFP+ interface or the SFP+ interface set is enabled. The port groups are configured independent of
each other.
•
•
Port group 1 contains interface 15 (QSFP+) and interfaces 17-20 (SFP+).
Port group 2 contains interface 16 (QSFP+) and interfaces 21-24 (SFP+).
Trident (see Guidelines)
Command Mode
EXEC
Command Syntax
show hardware port-group
Guidelines
The hardware port-group command is available on on DCS-7050Q-16 switches.
Example
•
This command displays the status of ports in the two port groups on a DCS-7050Q-16 switch.
switch>show hardware port-group
Portgroup: 1
Active Ports: Et15/1-4
Port
State
-----------------------------------------Ethernet17
ErrDisabled
Ethernet18
ErrDisabled
Ethernet19
ErrDisabled
Ethernet20
ErrDisabled
Ethernet15/1
Active
Ethernet15/2
Active
Ethernet15/3
Active
Ethernet15/4
Active
Portgroup: 2
Active Ports: Et16/1-4
Port
State
-----------------------------------------Ethernet16/1
Active
Ethernet16/2
Active
Ethernet16/3
Active
Ethernet16/4
Active
Ethernet21
ErrDisabled
Ethernet22
ErrDisabled
Ethernet23
ErrDisabled
Ethernet24
ErrDisabled
switch>
User Manual: Version 4.15.2F
29 September 2015
449
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
show interfaces capabilities
The show interfaces capabilities command displays the model number, interface type, duplex mode,
and flow control settings of the specified interfaces. The capabilities command is available on Ethernet
and management interfaces.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] capabilities
Parameters
•
INTERFACE
Interface type and numbers. Options include:
— <no parameter> all interfaces.
— ethernet e_range Ethernet interface range specified by e_range.
— management m_range Management interface range specified by m_range.
Valid e_range and m_range formats include number, number range, or comma-delimited list of
numbers and ranges.
Examples
•
This command displays the model number, interface type, duplex mode and flow control settings
for Ethernet interfaces 2 and 18.
switch>show interfaces ethernet 2,18 capabilities
Ethernet2
Model:
DCS-7150S-64-CL
Type:
10GBASE-CR
Speed/Duplex: 10G/full,40G/full,auto
Flowcontrol: rx-(off,on,desired),tx-(off,on,desired)
Ethernet18
Model:
DCS-7150S-64-CL
Type:
10GBASE-SR
Speed/Duplex: 10G/full
Flowcontrol: rx-(off,on),tx-(off,on)
switch>
450
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
show interfaces counters
The show interfaces counters command displays packet and byte counters for the specified interfaces.
Counters displayed by the command include:
•
•
•
•
•
•
•
•
inbound bytes
inbound unicast packets
inbound multicast packets
inbound broadcast packets
outbound bytes
outbound unicast packets
outbound multicast packets
outbound broadcast packets
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] counters
Parameters
•
INTERFACE
—
—
—
—
Interface type and numbers. Options include:
<no parameter> all interfaces.
ethernet e_range Ethernet interface range specified by e_range.
management m_range Management interface range specified by m_range.
port-channel p_range Port-Channel Interface range specified by p_range.
Related Commands
•
•
•
•
show interfaces counters bins
show interfaces counters errors
show interfaces counters queue
show interfaces counters rates
Examples
•
This command displays byte and packet counters for Ethernet interfaces 1 and 2.
switch>show interfaces ethernet 1-2 counters
Port
InOctets
InUcastPkts
Et1
99002845169
79116358
Et2
81289180585
76278345
Port
Et1
Et2
switch>
User Manual: Version 4.15.2F
OutOctets
4347928323
4512762190
OutUcastPkts
6085482
5791718
29 September 2015
InMcastPkts
75557
86422
InBcastPkts
2275
11
OutMcastPkts
356173
110498
OutBcastPkts
2276
15
451
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
show interfaces counters bins
The show interfaces counters bins command displays packet counters, categorized by packet length,
for the specified interfaces. Packet length counters that the command displays include:
•
•
•
•
•
•
•
64 bytes
65-127 bytes
128-255 bytes
256-511 bytes
512-1023 bytes
1024-1522 bytes
larger than 1522 bytes
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] counters bins
Parameters
•
INTERFACE
—
—
—
—
Interface type and numbers. Options include:
<no parameter> all interfaces.
ethernet e_range Ethernet interface range specified by e_range.
management m_range Management interface range specified by m_range.
port-channel p_range Port-Channel Interface range specified by p_range.
Related Commands
•
•
•
•
show interfaces counters
show interfaces counters errors
show interfaces counters queue
show interfaces counters rates
Examples
•
This command displays packet counter results for Ethernet interfaces 1 and 2.
switch>show interfaces ethernet 1-2 counters bins
Input
Port
64 Byte
65-127 Byte
128-255 Byte
256-511 Byte
-----------------------------------------------------------------------------Et1
2503
56681135
1045154
1029152
Et2
8
50216275
1518179
1086297
Port
512-1023 Byte
1024-1522 Byte
1523-MAX Byte
------------------------------------------------------------Et1
625825
17157823
8246822
Et2
631173
27059077
5755101
switch>
452
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
show interfaces counters errors
The show interfaces counters errors command displays the error counters for the specified interfaces.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] counters errors
Parameters
•
INTERFACE
—
—
—
—
Interface type and numbers. Options include:
<no parameter> all interfaces.
ethernet e_range Ethernet interface range specified by e_range.
management m_range Management interface range specified by m_range.
port-channel p_range Port-Channel Interface range specified by p_range.
Display Values
The table displays the following counters for each listed interface:
•
•
•
•
•
•
•
FCS: Inbound packets with CRC error and proper size.
Align: Inbound packets with improper size (undersized or oversized).
Symbol: Inbound packets with symbol error and proper size.
Rx: Total inbound error packets.
Runts: Outbound packets that terminated early or dropped because of underflow.
Giants: Outbound packets that overflowed the receiver and were dropped.
Tx: Total outbound error packets.
Related Commands
•
•
•
•
show interfaces counters
show interfaces counters bins
show interfaces counters queue
show interfaces counters rates
Examples
•
This command displays the error packet counters on Ethernet interfaces 1-2.
switch>show interfaces ethernet 1-2 counters errors
Port
FCS
Align
Symbol
Rx
Et1
0
0
0
0
Et2
0
0
0
0
switch>
User Manual: Version 4.15.2F
29 September 2015
Runts
0
0
Giants
0
0
Tx
0
0
453
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
show interfaces counters queue
The show interfaces counters queue command displays the queue drop counters for the specified
interfaces.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] counters queue
Parameters
•
INTERFACE
—
—
—
—
Interface type and numbers. Options include:
<no parameter> all interfaces.
ethernet e_range Ethernet interface range specified by e_range.
management m_range Management interface range specified by m_range.
port-channel p_range Port-Channel Interface range specified by p_range.
Related Commands
•
•
•
•
show interfaces counters
show interfaces counters bins
show interfaces counters errors
show interfaces counters rates
Example
•
This command displays the queue drop counters for Ethernet interfaces 1 and 2.
switch>show interfaces ethernet 1-2 counters queue
Port
InDrops
Et1
180
Et2
169
switch>
454
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
show interfaces counters rates
The show interfaces counters rates command displays the received and transmitted packet rate
counters for the specified interfaces. Counter rates provided include megabits per second (Mbps),
kilopackets per second (Kpps) and utilization percentage.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] counters rates
Parameters
•
INTERFACE
—
—
—
—
Interface type and numbers. Options include:
<no parameter> all interfaces.
ethernet e_range Ethernet interface range specified by e_range.
management m_range Management interface range specified by m_range.
port-channel p_range Port-Channel Interface range specified by p_range.
Related Commands
•
•
•
•
show interfaces counters
show interfaces counters bins
show interfaces counters errors
show interfaces counters queue
Example
•
This command displays rate counters for Ethernet interfaces 1 and 2.
switch>show interfaces ethernet 1-2 counters rates
Port
Intvl
In Mbps
% In Kpps Out Mbps
Et1
0:05
53.3
0.5%
5
31.2
Et2
0:05
43.3
0.4%
4
0.1
switch>
User Manual: Version 4.15.2F
29 September 2015
% Out Kpps
0.3%
2
0.0%
0
455
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
show interfaces negotiation
The show interfaces negotiation command displays the speed, duplex, and flow control
auto-negotiation status for the specified interfaces.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] negotiation [INFO_LEVEL]
Parameters
•
INTERFACE
Interface type and numbers. Options include:
— <no parameter> Display information for all interfaces.
— ethernet e_range Ethernet interface range specified by e_range.
— management m_range Management interface range specified by m_range.
Valid e_range and m_range formats include number, number range, or comma-delimited list of
numbers and ranges.
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> displays status and negotiated setting of local ports.
— detail displays status and negotiated settings of local ports and their peers.
Examples
•
This command displays the negotiated status of management 1 and 2 interfaces
switch>show interface management 1-2 negotiation
Port
Autoneg
Negotiated Settings
Status
Speed
Duplex
Rx Pause
--------- ------- -------- -------- -------Ma1
success 100M
full
off
Ma2
success auto
auto
off
switch>
•
Tx Pause
-------off
off
This command displays the negotiated status of management 1 interface and its peer interface.
switch>show interface management 1 negotiation detail
Management1 :
Auto-Negotiation Mode
Auto-Negotiation Status
Advertisements
Local
Link Partner
Resolution
10/100/1000 BASE-T (IEEE Clause 28)
Success
Speed
--------------10M/100M/1G
None
Duplex
---------half/full
None
Pause
-------------------Disabled
None
100Mb/s
full
Rx=off,Tx=off
switch>
456
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
show interfaces phy
The show interfaces phy command displays physical layer characteristics for the specified interfaces.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] phy [INFO_LEVEL]
Parameters
•
INTERFACE
Interface type and numbers. Options include:
— <no parameter> All interfaces.
— ethernet e_range Ethernet interfaces in specified range.
Valid e_range formats include number, number range, or comma-delimited list of numbers and
ranges.
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> command displays table that summarizes PHY data.
— detail command displays data block for each specified interface.
Examples
•
This command summarizes PHY information for Ethernet interfaces 1-5.
switch>show interfaces ethernet 1-5 phy
Key:
U
= Link up
D
= Link down
R
= RX Fault
T
= TX Fault
B
= High BER
L
= No Block Lock
A
= No XAUI Lane Alignment
0123 = No XAUI lane sync in lane N
Port
-------------Ethernet1
Ethernet2
Ethernet3
Ethernet4
Ethernet5
switch>
User Manual: Version 4.15.2F
State
Reset
PHY state
Changes
Count PMA/PMD
--------------- -------- -------- ------linkUp
14518
1750 U..
linkUp
13944
1704 U..
linkUp
13994
1694 U..
linkUp
13721
1604 U..
detectingXcvr
3
1
29 September 2015
PCS
----U....
U....
U....
U....
XAUI
-------U.......
U.......
U.......
U.......
D..A0123
457
Ethernet Configuration Commands
•
Chapter 9 Ethernet Ports
This command displays detailed PHY information for Ethernet interface 1.
switch>show interfaces ethernet 1 phy detail
Current System Time: Mon Dec 5 11:32:57 2011
Ethernet1
Current State
Changes
PHY state
linkUp
14523
HW resets
1751
Transceiver
10GBASE-SRL
1704
Transceiver SN
C743UCZUD
Oper speed
10Gbps
Interrupt Count
71142
Diags mode
normalOperation
Model
ael2005c
Active uC image
microInit_mdio_SR_AEL2005C_28
Loopback
none
PMA/PMD RX signal detect
ok
11497
PMA/PMD RX link status
up
11756
PMA/PMD RX fault
ok
11756
PMA/PMD TX fault
ok
0
PCS RX link status
up
9859
PCS RX fault
ok
9832
PCS TX fault
ok
330
PCS block lock
ok
9827
PCS high BER
ok
8455
PCS err blocks
255
PCS BER
16
50092
XFI/XAUI TX link status
up
1282
XFI/XAUI RX fault
ok
585
XFI/XAUI TX fault
ok
2142
XFI/XAUI alignment status
ok
2929
XAUI lane 0-3 sync
(0123) = 1111
2932
XAUI sync w/o align HWM
0
XAUI sync w/o align max OK 5
XAUI excess sync w/o align 0
Xcvr EEPROM read timeout
46
4 days,
Spurious xcvr detection
0
DOM control/status fail
0
I2C snoop reset
0
I2C snoop reset (xcvr)
0
Margin count
5
last > 0
EDC resets
1
EDC FFE0 - FFE11
-4 -5 57 -6 -6 -2 1 0 -2 -1 1 -1
EDC FBE1 - FBE4
6 -1 5 -1
EDC TFBE1 - TFBE4
1 2 1 2
EDC VGA1, VGA3
12 115
TX path attenuation
3.0 dB
TX preemphasis
(0,63,4) (pre,main,post)
switch>
458
29 September 2015
Last Change
0:02:01 ago
0:02:07 ago
0:02:06 ago
0:37:24 ago
0:37:24 ago
0:37:24 ago
never
0:02:03 ago
0:02:03 ago
0:27:44 ago
0:02:03 ago
0:02:05 ago
0:02:03 ago
0:02:05 ago
0:27:44 ago
0:27:44 ago
0:02:05 ago
0:02:05 ago
0:02:05 ago
never
never
6:33:45 ago
never
0:00:00 ago
0:02:03 ago
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
show interfaces status
The show interfaces status command displays the interface name, link status, vlan, duplex, speed, and
type of the specified interfaces. When the command includes a link status, the results are filtered to
display only interfaces whose link status match the specified type.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] status [STATUS_TYPE]
Parameters
•
INTERFACE
—
—
—
—
Interface type and numbers. Options include:
<no parameter> All existing interfaces.
ethernet e_range Ethernet interfaces in the specified range.
management m_range Management interfaces in the specified range.
port-channel p_range All existing port-channel interfaces in the specified range.
Valid e_range, m_range, and p_range formats include number, number range, or
comma-delimited list of numbers and ranges.
•
STATUS_TYPE
—
—
—
—
interface status upon which the command filters output. Options include:
<no parameter> command does not filter on interface status.
connected interfaces connected to another port.
notconnect
unconnected interfaces that are capable of connecting to another port.
disabled interfaces that have been powered down or disabled.
Command may include multiple status types (connected notconnect disabled), which can be
placed in any order.
Example
•
This command displays the status of Ethernet interfaces 1-5.
switch>show interfaces ethernet 1-5 status
Port
Name
Status
Vlan
Et1
connected
1
Et2
connected
1
Et3
connected
1
Et4
connected
1
Et5
notconnect
1
switch>
User Manual: Version 4.15.2F
29 September 2015
Duplex
full
full
full
full
full
Speed
10G
10G
10G
10G
10G
Type
10GBASE-SRL
10GBASE-SRL
10GBASE-SRL
10GBASE-SRL
Not Present
459
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
show interfaces status errdisabled
The show interfaces status errdisabled command displays interfaces that are in errdisabled state,
including their link status and errdisable cause.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] status errdisabled
Parameters
•
INTERFACE
—
—
—
—
Interface type and numbers. Options include:
<no parameter> Display information for all interfaces.
ethernet e_range Ethernet interface range specified by e_range.
management m_range Management interface range specified by m_range.
port-channel p_range Port-Channel Interface range specified by p_range.
Valid e_range and m_range formats include number, number range, or comma-delimited list of
numbers and ranges.
Examples
•
This command displays the error-disabled ports.
switch>show interfaces status errdisabled
Port
Name
Status
------------ ---------------- ----------------Et49/2
errdisabled
Et49/3
errdisabled
Et49/4
errdisabled
switch>
460
29 September 2015
Reason
-----------------multi-lane-intf
multi-lane-intf
multi-lane-intf
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
show interfaces transceiver
The show interfaces transceiver command displays operational transceiver data for the specified
interfaces.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] transceiver [DATA_FORMAT]
Parameters
•
INTERFACE
Interface type and numbers. Options include:
— <no parameter> all interfaces.
— ethernet e_range Ethernet interface range specified by e_range.
— management m_range Management interface range specified by m_range.
Valid e_range, and m_range formats include number, number range, or comma-delimited list of
numbers and ranges.
•
DATA_FORMAT
format used to display the data. Options include:
— <no parameter> table entries separated by tabs.
— csv table entries separated by commas.
Related Commands
•
show interfaces transceiver properties
Examples
•
This command displays transceiver data on Ethernet interfaces 1 through 4.
switch>show interfaces ethernet 1-4 transceiver
If device is externally calibrated, only calibrated values
N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).
Bias
Optical
Optical
Temp
Voltage
Current
Tx Power Rx Power
Port
(Celsius) (Volts)
(mA)
(dBm)
(dBm)
------------- -------- -------- -------- -------Et1
34.17
3.30
6.75
-2.41
-2.83
Et2
35.08
3.30
6.75
-2.23
-2.06
Et3
36.72
3.30
7.20
-2.02
-2.14
Et4
35.91
3.30
6.92
-2.20
-2.23
switch>
User Manual: Version 4.15.2F
29 September 2015
are printed.
Last Update
(Date Time)
------------------2011-12-02 16:18:48
2011-12-02 16:18:42
2011-12-02 16:18:49
2011-12-02 16:18:45
461
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
show interfaces transceiver properties
The show interfaces transceiver properties command displays configuration information for the
specified interfaces. Information provided by the command includes the media type, interface
speed-duplex settings, speed-duplex operating state.
all
Command Mode
EXEC
Command Syntax
show interfaces [INTERFACE] transceiver properties
Parameters
•
INTERFACE
Interface type and numbers. Options include:
— <no parameter> Display information for all interfaces.
— ethernet e_range Ethernet interface range specified by e_range.
— management m_range Management interface range specified by m_range.
Valid e_range and m_range formats include number, number range, or comma-delimited list of
numbers and ranges.
Related Commands
•
show interfaces transceiver
Examples
•
This command displays the media type, speed, and duplex properties for Ethernet interfaces 1-3.
switch>show interfaces ethernet 1-3 transceiver properties
Name : Et1
Administrative Speed: 10G
Administrative Duplex: full
Operational Speed: 10G (forced)
Operational Duplex: full (forced)
Media Type: 10GBASE-SRL
Name : Et2
Administrative Speed: 10G
Administrative Duplex: full
Operational Speed: 10G (forced)
Operational Duplex: full (forced)
Media Type: 10GBASE-SRL
Name : Et3
Administrative Speed: 10G
Administrative Duplex: full
Operational Speed: 10G (forced)
Operational Duplex: full (forced)
Media Type: 10GBASE-SRL
switch>
462
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
show platform fm6000 agileport map
The show platform fm6000 agileport map command displays the list of Ethernet interfaces that are
combinable to form a higher speed port.
FM6000
Command Mode
Privileged EXEC
Command Syntax
show platform fm6000 agileport map
Example
•
These commands displays the agile port map for the switch, then configures Ethernet interface 13
as a 40G port, subsuming Ethernet interfaces 15, 17 and 19.
switch#show platform fm6000 agileport map
----------------------------------------------------------------Agile Ports
|
Interfaces subsumed in 40G link
----------------------------------------------------------------Ethernet1
| Ethernet3
Ethernet5
Ethernet7
Ethernet2
| Ethernet4
Ethernet6
Ethernet8
Ethernet13
| Ethernet15
Ethernet17
Ethernet19
Ethernet14
| Ethernet16
Ethernet18
Ethernet20
switch#config
switch(config)#interface ethernet 13
switch(config-if-Et13)#speed forced 40gfull
WARNING!
Executing this command will cause the forwarding agent
to be restarted. All interfaces will briefly drop links
and forwarding on all interfaces will momentarily stop.
Do you wish to proceed with this command? [y/N]
Ethernet13 configured for 40G.
Ethernet15, Ethernet17 and Ethernet19 are now subsumed.
switch(config-if-Et13)#
User Manual: Version 4.15.2F
29 September 2015
463
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
speed
The speed command configures the transmission speed and duplex setting for the configuration mode
interface. The scope and effect of this command depends on the interface type. Interface types include:
•
•
•
•
•
•
40GBASE (QSFP+): Default is 4x10G-full. Speed forced 40gfull and Speed auto_40gfull configure
interface as a 40G port.
10GBASE-T: Default is 10G-full. Speed command affects interface.
10GBASE (SFP+): Default is 10G-full. Speed command does not affect interface.
1000BASE (copper): Default is 1G-full. speed auto 100full affects interface.
1000BASE (fiber): Default is 1G-full. Speed command does not affect interface.
10/100/1000: Default is auto-negotiation. Speed command (10/100/1000 options) affects interface.
The speed forced 40gfull and auto 40gfull commands configure a QSFP+ Ethernet interface as a 40G
port. The no speed forced 40gfull and no auto 40gfull commands configure a QSFP+ Ethernet interface
as four 10G ports.
The no speed and default speed commands restore the default setting for the configuration mode
interface by removing the corresponding speed command from running-config.
all
Command Mode
Interface-Ethernet Configuration
Interface-Management Configuration
Command Syntax
speed MODE
no speed
default speed
Parameters
•
MODE
transmission speed and duplex setting. Options include:
— auto auto negotiation mode.
— auto_40gfull auto negotiation mode with clause 73 auto negotiation.
Important Interfaces using clause 73 auto negotiation must connect to a device that runs clause 73 auto
negotiation.
—
—
—
—
—
—
—
—
—
—
sfp-1000baset auto auto-negotiation mode (1000BASE-T interfaces only).
forced 10000full 10G full duplex.
forced 1000full 1G full duplex.
forced 1000half 1G half duplex.
forced 100full 100M full duplex.
forced 100gfull 100G full duplex.
forced 100half 100M half duplex.
forced 10full 10M full duplex.
forced 10half 10M half duplex.
forced 40gfull 40G full duplex.
On 40GBASE and 100GBASE interfaces, options that change the SFP+ and MXP interfaces (the auto
40gfull, the forced 40gfull, and the no speed options) may restart the forwarding agent on some switch
platforms, disrupting traffic on all ports for more than a minute.
464
29 September 2015
User Manual: Version 4.15.2F
Chapter 9 Ethernet Ports
Ethernet Configuration Commands
Examples
•
This command configures a 40GBASE interface as a 40G port.
switch(config)#interface ethernet 49/1
switch(config-if-Et49/1)#speed forced 40gfull
switch(config-if-Et49/1)#show interface ethernet
Port
Name
Status
Vlan
Et49/1
connected
in Po999
Et49/2
errdisabled inactive
Et49/3
errdisabled inactive
Et49/4
errdisabled inactive
switch(config-if-Et49/1)#
•
49/1 Duplex
full
unconf
unconf
unconf
49/4 status
Speed Type
40G 40GBASE-CR4
unconf 40GBASE-CR4
unconf 40GBASE-CR4
unconf 40GBASE-CR4
This command configures a 40GBASE interface as four 10G ports (default configuration).
switch(config-if-Et49/1)#no speed
switch(config-if-Et49/1)#show interface ethernet 49/1 - 49/4 status
Port
Name
Status
Vlan
Duplex Speed Type
Et49/1
connected
routed
full
10G 40GBASE-SR4
Et49/2
connected
routed
full
10G 40GBASE-SR4
Et49/3
connected
routed
full
10G 40GBASE-SR4
Et49/4
notconnect
inactive
full
10G 40GBASE-SR4
switch(config-if-Et49/1)#
User Manual: Version 4.15.2F
29 September 2015
465
Ethernet Configuration Commands
Chapter 9 Ethernet Ports
transceiver qsfp default-mode
The transceiver qsfp default-mode command specifies the transmission mode of all QSFP transceiver
modules that are not explicitly configured.
Each QSFP+ module Ethernet interface is configurable as a single 40G port or as four 10G ports. The
switch displays four ports for each interface. Each port’s status depends on the interface configuration:
•
•
•
The /1 port is active (connected or not connected), regardless of the interface configuration.
The /2, /3, and /4 ports are error-disabled when the interface is configured as a single 40G port.
all ports are active (connected or not connected), when the interface is configured as four 10G ports.
The only available default-mode value is 4x10G; QSFP modules that are not configured through a speed
command are operated as four 10G ports.
The no transceiver qsfp default-mode and default transceiver qsfp default-mode commands restore
the default-mode transceiver setting to its default value of 4x10G.
All (operational on switches with at least one QSFP module)
Command Mode
Global Configuration
Command Syntax
transceiver qsfp default-mode 4x10G
no transceiver qsfp default-mode
default transceiver qsfp default-mode
Guidelines
The transceiver qsfp default-mode 4x10g statement is always in running-config and cannot be modified
or removed in the current release.
466
29 September 2015
User Manual: Version 4.15.2F
Chapter 10
Port Channels and LACP
This chapter describes channel groups, port channels, port channel interfaces, and the Link Aggregation
Control Protocol (LACP). This chapter contains the following sections:
•
•
•
•
•
10.1
Section 10.1: Port Channel Introduction
Section 10.2: Port Channel Conceptual Overview
Section 10.3: Port Channel Configuration Procedures
Section 10.4: Load Balancing Hash Algorithms
Section 10.5: Port Channel and LACP Configuration Commands
Port Channel Introduction
Arista’s switching platforms support industry standard link aggregation protocols. Arista switches
optimize traffic throughput by using MAC, IP addressing and services fields to effectively load share
traffic across aggregated links. Managers can configure multiple ports into a logical port channel, either
statically or dynamically through the IEEE Link Aggregation Control Protocol (LACP). Various
negotiation modes are supported to accommodate any variety of configurations or peripheral
requirements, including LACP fallback to support devices that need simple network connectivity to
retrieve images or configurations prior to engaging port channel aggregation modes.
Arista’s Multi-chassis Link Aggregation protocol (MLAG) (Chapter 11, starting on page 523) supports
LAGs across paired Arista switches to provide both link aggregation and active/active redundancy.
10.2
Port Channel Conceptual Overview
10.2.1
Channel Groups and Port Channels
A port channel is a communication link between two switches that consists of matching channel group
interfaces on each switch. A port channel is also referred to as a Link Aggregation Group (LAG). Port
channels combine the bandwidth of multiple Ethernet ports into a single logical link.
A channel group is a collection of Ethernet interfaces on a single switch. A port channel interface is a
virtual interface that consists of a corresponding channel group and connects to a compatible interface
on another switch to form a port channel. Port channel interfaces can be configured and used in a
manner similar to Ethernet interfaces. Port channel interfaces are configurable as layer 2 interfaces, layer
3 (routable) interfaces, and VLAN members. Most Ethernet interface configuration options are available
to port channel interfaces.
User Manual: Version 4.15.2F
29 September 2015
467
Port Channel Conceptual Overview
10.2.2
Chapter 10 Port Channels and LACP
Link Aggregation Control Protocol (LACP)
The Link Aggregation Control Protocol (LACP), described by IEEE 802.3ad, defines a method for two
switches to automatically establish and maintain LAGs. When LACP is enabled, a switch can configure
LACP-compatible ports into a LAG (also called a channel group); the maximum number of ports per
LAG varies by platform (numbers for each platform in the latest EOS release are available here:
https://www.arista.com/en/support/product-documentation/supported-features).
LACP terminology refers to the local interface as the actor and the remote interface as the partner.
•
In static mode, switches create port channels without awareness of their partner’s port channels.
Packets may drop when port channel static aggregate configurations differ between switches.
The switch aggregates static links without LACP negotiation. The switches do not send LACP
packets nor process inbound LACP packets.
•
In dynamic mode, Link Aggregation Groups are aware of their partners’ port channel states.
Interfaces configured as dynamic LAGs are designated as active or passive.
— Active interfaces send LACP Protocol Data Units (LACP PDUs) at a rate of one per second
when forming a channel with an interface on the peer switch. An aggregate forms if the peer
runs LACP in active or passive mode.
— Passive interfaces only send LACP PDUs in response to PDUs received from the partner. The
partner switch must be in active mode and initiates negotiation by sending an LACP packet.
The passive mode switch receives and responds to the packet to form a LAG.
An active interface can form port channels with passive or active partner interfaces. Port channels are
not formed when the interface on each switch is passive. Table 10-1 summarizes the valid LACP mode
combinations:
Table 10-1
Switch 1
Valid LACP Mode Combinations
Switch 2
Comments
active
active
Links aggregate when LACP negotiation is successful.
active
passive
Links aggregate when LACP negotiation is successful.
passive
passive
Links aggregate without LACP.
on
—
Links aggregate without LACP.
During synchronization, interfaces transmit one LACP PDU per second. After synchronization is
complete, interfaces exchange one PDU every thirty seconds, facilitated by a default timeout of 30
seconds and a failure tolerance of three. Under these parameters, when the switch does not receive an
LACP PDU for an interface during a ninety second period, it records the partner interface as failed and
removes the interface from the port channel.
Fallback mode allows an active LACP interface to maintain a LAG without receiving PDUs from its peer.
The fallback timer specifies the period the LAG remains active without receiving a peer PDU. Upon
timer expiry, the interface reverts to static mode with one active port. An active interface that is not in
fallback mode does not form a LAG until it receives PDUs from it peer.
The switch uses a link aggregation hash algorithm to determine the forwarding path within a Link
Aggregation Group. The IP and MAC header fields can be selected as components of the hash
algorithm.
468
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
10.3
Port Channel Configuration Procedures
Port Channel Configuration Procedures
These sections describe channel group and port channel configuration procedures:
•
•
•
10.3.1
Section 10.3.1: Configuring a Channel Group
Section 10.3.2: Configuring a Port Channel Interface
Section 10.3.3: Configuring LACP
Configuring a Channel Group
Creating a Channel Group
The channel-group command assigns the configuration mode Ethernet interfaces to a channel group
and specifies LACP attributes for the channel.
Channel groups are associated with a port channel interface immediately upon their creation. A
command that creates a new channel group also creates a port channel with a matching ID. The port
channel is configured in port-channel configuration mode. Configuration changes to a port channel
interface propagate to all Ethernet interfaces in the corresponding channel group.
Example
• These commands assign Ethernet interfaces 1 and 2 to channel group 10, enable LACP, and place
the channel group in a negotiating state:
switch(config)#interface ethernet 1-2
switch(config-if-Et1-2)#channel-group 10 mode active
switch(config-if-Et1-2)#
Adding an Interface to a Channel Group
The channel-group command adds the configuration mode interface to the specified channel group if
the channel group exists. When adding channels to a previously created channel group, the LACP mode
for the new channel must match the mode for the existing group.
Example
• These commands add Ethernet interfaces 7 through 10 to previously created channel group 10,
using the LACP mode under which it was created.
switch(config)#interface ethernet 7-10
switch(config-if-Et7-10)#channel-group 10 mode active
switch(config-if-Et7-10)#
Removing an Interface from a Channel Group
The no channel-group command removes the configuration mode interface from the specified channel
group. Deleting all members of a channel group does not remove the associated port channel interface
from running-config.
Example
• These commands remove add Ethernet interface 8 from previously created channel group 10.
switch(config)#interface ethernet 8
switch(config-if-Et8)#no channel-group
switch(config-if-Et7-10)#
User Manual: Version 4.15.2F
29 September 2015
469
Port Channel Configuration Procedures
Chapter 10 Port Channels and LACP
Deleting a Channel Group
A channel group is deleted by removing all Ethernet interfaces from the channel group. A channel
group’s LACP mode can be changed only be deleting the channel group and then creating an
equivalent group with a different LACP mode. Deleting a channel group by removing all Ethernet
interfaces from the group preserves the port channel interface and its configuration settings.
View running-config to verify the deletion of all Ethernet interfaces from a channel group.
10.3.2
Configuring a Port Channel Interface
Creating a Port Channel Interface
The switch provides two methods for creating port channel interfaces:
•
creating a channel group simultaneously creates an associated port channel.
•
the interface port-channel command creates a port channel without assigning Ethernet channels to
the new interface.
The interface port-channel command places the switch in interface-port channel configuration mode.
Example
• This command creates port channel interface 8 and places the switch in port channel interface
configuration mode.
switch(config)#interface port-channel 8
switch(config-if-Po8)#
Deleting a Port Channel Interface
The no interface port-channel command deletes the configuration mode port channel interface and
removes the channel group assignment for each Ethernet channel assigned to the channel associated
with the port channel. Removing all Ethernet interfaces from a channel group does not remove the
associated port channel interface from running-config.
10.3.3
Configuring LACP
Configuring the LACP Mode
The LACP mode is configured when a channel group is created. A channel group’s LACP mode cannot
be modified without deleting the entire channel group. A channel group’s LACP mode can be altered
without deleting the port channel interface associated with the channel group.
Example
• These commands create a channel group and place it in LACP-active mode.
switch(config)#interface ethernet 1-2
switch(config-if-Et1-2)#channel-group 10 mode active
switch(config-if-Et1-2)#
Configuring the System Priority
Each switch is assigned a globally unique system identifier by concatenating the system priority (16 bits)
to the MAC address of one of its physical ports (48 bits). The system identifier is used by peer devices
when forming an aggregation to verify that all links are from the same switch. The system identifier is
also used when dynamically changing aggregation capabilities in response to LACP information; the
system with the numerically lower system identifier is permitted to dynamically change advertised
aggregation capabilities.
470
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel Configuration Procedures
The lacp system-priority command configures the switch’s LACP system priority.
Example
• This command assigns the system priority of 8192 to the switch.
switch(config)#lacp system-priority 8192
switch(config)#
Configuring Port Priority
LACP port priority determines the port that is active in a LAG in fallback mode. Numerically lower
values have higher priority. Priority is supported on port channels with LACP-enabled physical
interfaces.
The lacp port-priority command sets the aggregating port priority for the configuration mode interface.
Example
• This command assigns the port priority of 4096 to Ethernet interface 1.
switch(config-if-Et1)#lacp port-priority 4096
switch(config-if-Et1)#
Configuring the LACP Packet Transmission Rate
The LACP transmission interval sets the rate for LACP control packets. Supported values include
•
•
normal: 30 seconds on synchronized interfaces; one second on interfaces that are synchronizing.
fast: one second.
The lacp rate command configures the LACP transmission interval on the configuration mode interface.
Example
• This command sets the LACP rate to one second on Ethernet interface 4.
switch(config-if-Et4)#lacp rate fast
switch(config-if-Et4)#
Configuring LACP Fallback
Fallback mode is configured on a port channel interface with the port-channel lacp fallback command.
The fallback timeout interval is configured with the port-channel lacp fallback timeout command.
Fallback timeout settings persist in running-config without taking effect for interfaces that are not
configured into fallback mode. The default fallback timeout period is 90 seconds.
Example
• These commands enable LACP fallback mode, then configure an LACP fallback timeout of 100
seconds on port channel interface 13.
switch(config)#interface port-channel 13
switch(config-if-Po13)#port-channel lacp fallback
switch(config-if-Po13)#port-channel lacp fallback timeout 100
switch(config-if-Po13)#show active
interface Port-Channel13
port-channel lacp fallback
port-channel lacp fallback timeout 100
switch(config-if-Po13)#
User Manual: Version 4.15.2F
29 September 2015
471
Port Channel Configuration Procedures
Chapter 10 Port Channels and LACP
Configuring Minimum Links
The port-channel min-links command specifies the minimum number of interfaces that the
configuration mode LAG requires to be active. This command is supported only on LACP ports. If there
are fewer ports than specified by this command, the port channel interface does not become active.
Example
• This command sets four as the minimum number of ports required by port channel 5 to be active.
switch(config-if-Po5)#port-channel min-links 4
switch(config-if-Po5)#
472
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
10.4
Load Balancing Hash Algorithms
Load Balancing Hash Algorithms
The switch balances packet load across multiple links in a port channel by calculating a hash value based
on packet header fields. The hash value determines the active member link through which the packet
is transmitted. This method, in addition to balancing the load in the LAG, ensures that all packets in a
data stream follow the same network path.
In network topologies that include MLAGs or multiple paths with equal cost (ECMP), programming all
switches to perform the same hash calculation increases the risk of hash polarization, which leads to
uneven load distribution among LAG and MLAG member links. This uneven distribution is avoided by
performing different hash calculations on each switch routing the paths.
The port-channel load-balance command specifies the seed for hashing algorithms that balance the
load across ports comprising a port channel. Available seed values vary by switch platform.
Example
• This command configures the hash seed of 10 on 7150 Series (FM6000 platform) switches.
switch(config)#port-channel load-balance fm6000 10
switch(config)#
Hashing algorithm inputs varies by switch platform. These sections describe hashing algorithm inputs
for each platform.
•
•
•
•
10.4.1
Section 10.4.1: Load Balance Hash Algorithms on 7048 and 7500 Series Switches
Section 10.4.2: Load Balance Hash Algorithms on 7500E Series Switches
Section 10.4.3: Load Balance Hash Algorithms on 7050 Series Switches
Section 10.4.4: Load Balance Hash Algorithms on 7150 Series Switches
Load Balance Hash Algorithms on 7048 and 7500 Series Switches
One command configures the load balance hash algorithm on 7048 and 7500 Series switches:
•
port-channel load-balance petraA fields ip: controls the hash algorithm for IP packets by specifying
the algorithm’s use of IP and MAC header fields. Fields that the command can specify include
source and destination IP addresses, source and destination port fields (for TCP and UDP packets),
and the entire MAC address header.
The hash algorithm for non-IP packets is not configurable and always includes the entire MAC header.
Example
• These commands configure the load balance algorithm for IP packets by using the entire MAC
header.
switch(config)#port-channel load-balance petraA fields ip mac-header
switch(config)#
10.4.2
Load Balance Hash Algorithms on 7500E Series Switches
One command configures the load balance hash algorithm on 7500E Series switches:
•
port-channel load-balance arad fields ip: controls the hash algorithm for IP packets by specifying
the algorithm’s use of IP and MAC header fields. Fields that the command can specify include
source and destination IP addresses, source and destination port fields (for TCP and UDP packets),
and the entire MAC address header.
The hash algorithm for non-IP packets is not configurable and always includes the entire MAC header.
User Manual: Version 4.15.2F
29 September 2015
473
Load Balancing Hash Algorithms
Chapter 10 Port Channels and LACP
Example
• These commands configure the load balance algorithm for IP packets by using the entire MAC
header.
switch(config)#port-channel load-balance arad fields ip mac-header
switch(config)#
10.4.3
Load Balance Hash Algorithms on 7050 Series Switches
Three commands configure the load balance hash algorithm on 7050 Series switches:
•
port-channel load-balance trident fields ip controls the hash algorithm for IP packets by specifying
the algorithm’s use of IP and MAC header fields. Fields that the command can specify include
source and destination IP addresses, source and destination port fields (for TCP and UDP packets),
and fields specified by the port-channel load-balance fm6000 fields mac command.
•
port-channel load-balance trident fields ipv6 controls the hash algorithm for IPv6 packets by
specifying the algorithm’s use of IP and MAC header fields. Fields that the command can specify
include source and destination IP addresses, source and destination port fields (for TCP and UDP
packets), and fields specified by the port-channel load-balance fm6000 fields mac command.
•
port-channel load-balance trident fields mac controls the hash algorithm for non-IP packets b
specifying the algorithm’s use of MAC header fields. Fields that the command can specify include
include the MAC source address, MAC destination address, and Ethernet type fields.
Example
• These commands configure the switch’s port channel load balance for non IP packets by using the
MAC destination and Ethernet type fields in the hashing algorithm.
switch(config)#port-channel load-balance trident fields mac dst-mac eth-type
switch(config)#
10.4.4
Load Balance Hash Algorithms on 7150 Series Switches
Load balance profiles specify parameters used by hashing algorithms that distribute traffic across ports
comprising a port channel or among component ECMP routes. The switch supports 16 load balance
profiles, including the default profile. The default load balance profile is configured through
port-channel load-balance fm6000 fields ip and port-channel load-balance fm6000 fields mac
commands.
10.4.4.1
Load Balance Profiles
Load balance profiles are managed in load-balance-policies configuration mode. Load-balance-policies
mode provides commands that display the contents of all configured profiles and place the switch in
load-balance-profile command. Load balance profiles are created by entering load-balance-profile mode
and edited while in that mode.
The load-balance policies command places the switch in load-balance-policies configuration mode.
Load balance profiles specify the inputs used by the hashing algorithms that distribute traffic across
ports comprising a port channel or among ECMP routes.
Example
• This command places the switch in load-balance-policies configuration mode.
switch(config)#load-balance policies
switch(config-load-balance-policies)#
474
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
•
Load Balancing Hash Algorithms
This command displays the contents of the four load balance profiles configured on the switch.
switch(config-load-balance-policies)#show active
load-balance policies
load-balance fm6000 profile F-01
port-channel hash-seed 22
fields ip dscp
distribution random port-channel
!
load-balance fm6000 profile F-02
fields ip protocol dst-ip
distribution random port-channel
!
load-balance fm6000 profile F-03
fields ip protocol dst-ip
fields mac dst-mac eth-type
distribution random ecmp port-channel
!
load-balance fm6000 profile F-04
switch(config-load-balance-policies)#
Creating a Load Balance Profile
The load-balance fm6000 profile command places the switch in load-balance-profile configuration
mode to configure a specified load balance profile. The command specifies the name of the profile that
subsequent commands modify. It creates a profile if the profile it references does not exist.
Example
• These commands enter load-balance-profile configuration mode, creates the LB-5 profile, and lists
the default settings for the profile.
switch(config)#load-balance policies
switch(config-load-balance-policies)#load-balance fm6000 profile LB-5
switch(config-load-balance-profile-LB-5)#show active all
load-balance policies
load-balance fm6000 profile LB-5
port-channel hash-seed 0
fields mac dst-mac src-mac eth-type vlan-priority vlan-id
fields ip protocol dst-ip dst-port src-ip src-port dscp
no distribution symmetric-hash
no distribution random
switch(config-load-balance-profile-LB-5)#
Configuring a Load Balance Profile
These commands are available in load-balance-profile configuration mode to specify the parameters
that comprise a profile.
•
The fields ip command specifies the L3/L4 data fields used by the hash algorithm defined by the
configuration mode load balance profile.
•
The fields mac command specifies the L2 data fields used by the hash algorithm defined by the
configuration mode load balance profile.
•
The distribution symmetric-hash command enforces traffic symmetry on data distributed by the
hash algorithm defined by the configuration mode load balance profile. Symmetric traffic is the flow
of both directions of a data stream across the same physical link.
•
The distribution random command specifies the random distribution of data packets handled by
the hash algorithm defined by the configuration mode load balance profile.
User Manual: Version 4.15.2F
29 September 2015
475
Load Balancing Hash Algorithms
Chapter 10 Port Channels and LACP
Example
• These commands configure the following components of the hash algorithm defined by the LB-7
load balance profile:
— L2 header fields: MAC destination address, VLAN priority
— L3/L4 header fields: Source IP address, protocol field
— Symmetric hash distribution of IP and non-IP packets.
switch(config)#load-balance policies
switch(config-load-balance-policies)#load-balance fm6000 profile LB-7
switch(config-load-balance-profile-LB-7)#fields ip src-ip protocol
switch(config-load-balance-profile-LB-7)#fields mac dst-mac vlan-priority
switch(config-load-balance-profile-LB-7)#distribution symmetric-hash mac-ip
switch(config-load-balance-profile-LB-7)#show active
load-balance policies
load-balance fm6000 profile LB-7
fields mac dst-mac vlan-priority
fields ip protocol src-ip
distribution symmetric-hash mac-ip
switch(config-load-balance-profile-LB-7)#exit
switch(config-load-balance-policies)#exit
switch(config)#exit
Assigning a Load Balance Profile to an Interface
The ingress load-balance profile command applies a specified load-balance profile to the configuration
mode interface. Load balance profiles specify parameters used by hashing algorithms that distribute
traffic across ports comprising a port channel or among ECMP routes. The switch supports 16 load
balance profiles, including the default profile.
Example
• This command applies the LB-1 load balance profile to port channel interface 100.
switch(config)#interface port-channel 100
switch(config-if-Po100)#ingress load-balance profile LB-1
switch(config-if-Po100)#show active
interface Port-Channel100
ingress load-balance profile LB-1
switch(config-if-Po100)#
10.4.4.2
Default Load Balance Profile
Two commands configure the load balance default profile on 7150 Series switches:
•
port-channel load-balance fm6000 fields ip controls the hash algorithm for IP packets by specifying
the algorithm’s use of IP and MAC header fields. Fields that the command can specify include
source and destination IP addresses, source and destination port fields (for TCP and UDP packets).
•
port-channel load-balance fm6000 fields mac controls the hash algorithm for non-IP packets by
specifying the algorithm’s use of MAC header fields. Fields that the command can specify include
include the MAC source address, MAC destination address, and Ethernet type, VLAN-ID, and
VLAN-priority fields.
Example
• These commands configure the load balance default profile for IP packets by using source and
destination IP address fields, along with source and destination port fields for TCP, and UDP
packets.
switch(config)#port-channel load-balance fm6000 fields ip ip-tcp-udp-header
switch(config)#
476
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
•
Load Balancing Hash Algorithms
This command applies the default load balance profile to port channel interface 100.
switch(config)#interface port-channel 100
switch(config-if-Po100)#no ingress load-balance profile
switch(config-if-Po100)#show active
interface Port-Channel100
switch(config-if-Po100)#
User Manual: Version 4.15.2F
29 September 2015
477
Port Channel and LACP Configuration Commands
10.5
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
Global Port Channel and LACP Configuration Commands
• interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 486
• lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 489
478
Interface Configuration Commands – Ethernet Interface
• channel-group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• lacp rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel lacp fallback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel lacp fallback timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel min-links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 479
Page 487
Page 488
Page 494
Page 495
Page 505
Load Balance (Default) Commands
• port-channel load-balance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel load-balance arad fields ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel load-balance fm6000 fields ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel load-balance fm6000 fields mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel load-balance petraA fields ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel load-balance trident fields ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel load-balance trident fields ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel load-balance trident fields mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 496
Page 498
Page 499
Page 500
Page 501
Page 502
Page 503
Page 504
Load Balance Policies Commands
• distribution random . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• distribution symmetric-hash. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• fields ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• fields mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• ingress load-balance profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• load-balance fm6000 profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• load-balance policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• port-channel hash-seed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 481
Page 482
Page 483
Page 484
Page 485
Page 490
Page 492
Page 493
EXEC Commands
• show etherchannel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show lacp aggregates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show lacp counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show lacp interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show lacp internal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show lacp neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show lacp sys-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show load-balance profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show port-channel limits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show port-channel load-balance fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show port-channel summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• show port-channel traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 506
Page 507
Page 508
Page 509
Page 511
Page 512
Page 514
Page 515
Page 516
Page 518
Page 519
Page 520
Page 521
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
channel-group
The channel-group command assigns the configuration mode Ethernet interfaces to a channel group
and specifies LACP attributes for the channel. When adding channels to a previously created channel
group, the LACP mode for the new channel must match the mode for the existing group.
Channel groups are associated with a port channel interface immediately upon their creation. A
command that creates a new channel group also creates a port channel with a matching ID. The port
channel is configured in port-channel configuration mode. Configuration changes to a port channel
interface propagate to all Ethernet interfaces in the corresponding channel group. The interface
port-channel command places the switch in interface-port-channel configuration mode.
The no channel-group and default channel group commands remove the configuration mode interface
from the specified channel group.
all
Command Mode
Interface-Ethernet Configuration
Command Syntax
channel-group number LACP_MODE
no channel-group
default channel-group
Parameters
•
number
specifies a channel group ID. Values range from 1 through 2000.
•
LACP_MODE
specifies the interface LACP mode. Values include:
— mode on Interface is a static port channel, LACP disabled. Port neither verifies nor
negotiates port channel membership.
— mode active
packets.
— mode passive
packets.
Interface is an active LACP port that transmits and receives LACP negotiation
Interface is a passive LACP port that only responds to LACP negotiation
Guidelines: Port Channels
You can configure a port channel to contain many ports, but only a subset may be active at a time. All
active ports in a port channel must be compatible. Compatibility includes many factors and is
platform-specific. For example, compatibility may require identical operating parameters such as speed
and maximum transmission unit (MTU). Compatibility may only be possible between specific ports
because of the internal organization of the switch.
Guidelines: MLAG Configurations
Static LAG is not recommended in MLAG configurations. However, these considerations apply when
the channel group mode is on while configuring static MLAG:
•
When configuring multiple interfaces on the same static port channel:
— all interfaces must physically connect to the same neighboring switch.
— the neighboring switch must configure all interfaces into the same port channel.
The switches are misconfigured when these conditions are not met.
•
Disable the static port channel membership before moving any cables connected to these interfaces
or changing a static port channel membership on the remote switch.
User Manual: Version 4.15.2F
29 September 2015
479
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
Example
•
These commands assign Ethernet interfaces 8 and 9 to channel group 10, and enable LACP in
negotiating mode.
switch(config)#interface ethernet 8-9
switch(config-if-Et8-9)#channel-group 10 mode active
switch(config-if-Et8-9)#show active
interface Ethernet8
channel-group 10 mode active
interface Ethernet9
channel-group 10 mode active
switch(config-if-Et8-9)#
480
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
distribution random
The distribution random command specifies the random distribution of data packets handled by the
hash algorithm defined by the configuration mode load balance profile. All data fields and hash seeds
that are configured for the profile are used as seeds for the random number generator that defines the
distribution of individual packets.
Command options allow for the random distribution of traffic across port channel links and ECMP
routes. Random distribution can be enabled for either, both, or neither.
The no distribution random and default distribution random commands remove random distribution
on the configuration mode load balance profile by deleting the corresponding distribution random
command from the configuration.
FM6000
Command Mode
Load-balance-profile Configuration
Command Syntax
distribution random BALANCE_TYPE
no distribution random
default distribution random
Parameters
•
SCOPE
include:
—
—
—
—
—
Specifies use of random distribution for port channels and ECMP routes. Options
<no parameter> Random distribution is enabled for ECMP routes and port channel links.
ecmp Random distribution is enabled for ECMP routes.
port-channel Random distribution is enabled for port channel links.
ecmp port-channel Random distribution is enabled for ECMP routes and port channel links.
port-channel ecmp Random distribution is enabled for ECMP routes and port channel links.
Guidelines
The distribution random command takes precedence over the distribution symmetric-hash command
when both methods are simultaneously enabled.
Related Commands
•
load-balance fm6000 profile places the switch in load-balance-profile configuration mode.
Example
•
These commands configure symmetric hashing on all traffic distributed through the algorithm
defined by the LB-1 load balance profile.
switch(config)#load-balance policies
switch(config-load-balance-policies)#load-balance fm6000 profile LB-1
switch(config-load-balance-profile-LB-1)#distribution random ecmp port-channel
switch(config-load-balance-profile-LB-1)#show active
load-balance policies
load-balance fm6000 profile LB-1
distribution random ecmp port-channel
switch(config-load-balance-profile-LB-1)#
User Manual: Version 4.15.2F
29 September 2015
481
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
distribution symmetric-hash
The distribution symmetric-hash command enforces traffic symmetry on data distributed by the hash
algorithm defined by the configuration mode load balance profile. Symmetric traffic is the flow of both
directions of a data stream across the same physical link.
Two symmetric-hash options specify the traffic upon which symmetry is enforced:
•
distribution symmetric-hash mac specifies that only non-IP traffic is hashed symmetrically. IP
traffic is hashed normally without regard to symmetry.
•
distribution symmetric-hash mac-ip specifies that all traffic is hashed symmetrically.
The no distribution symmetric-hash and default distribution symmetric-hash commands remove the
specified hashing symmetry restriction on the configuration mode load balance profile by deleting the
corresponding distribution symmetric-hash command from running-config.
FM6000
Command Mode
Load-balance-profile Configuration
Command Syntax
distribution symmetric-hash FIELD_TYPE
no distribution symmetric-hash
default distribution symmetric-hash
Parameters
•
FIELD_TYPE
fields the hashing algorithm uses for layer 3 routing. Options include:
— mac non-IP traffic is hashed symmetrically.
— mac-ip all traffic is hashed symmetrically.
Guidelines
The distribution random command takes precedence over the distribution symmetric-hash command
when both methods are simultaneously enabled.
Related Commands
•
load-balance fm6000 profile places the switch in load-balance-profile configuration mode.
Example
•
These commands configure symmetric hashing on all traffic distributed through the algorithm
defined by the LB-1 load balance profile.
switch(config)#load-balance policies
switch(config-load-balance-policies)#load-balance fm6000 profile LB-1
switch(config-load-balance-profile-LB-1)#distribution symmetric-hash mac-ip
switch(config-load-balance-profile-LB-1)#show active
load-balance policies
load-balance fm6000 profile LB-1
distribution symmetric-hash mac-ip
switch(config-load-balance-profile-LB-1)#
482
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
fields ip
The fields ip command specifies the L3/L4 data fields used by the hash algorithm defined by the
configuration mode load balance profile. When a load balance profile is assigned to a port channel or
Ethernet interface, its associated hash algorithm determines the distribution of packets that ingress the
interface. Profile algorithms can load balance packets across port channel links or ECMP routes.
The switch calculates a hash value by using the packet header fields to balance packets across links. The
hash value determines the link through which the packet is transmitted. This method also ensures that
all packets in a flow follow the same network path. Packet flow is modified by changing the inputs to
the port channel hash algorithm.
In network topologies that include MLAGs, programming all switches to perform the same hash
calculation increases the risk of hash polarization, which leads to uneven load distribution among LAG
and MLAG member links in MLAG switches. This problem is avoided by performing different hash
calculations between the MLAG switch, and a non-peer switch connected to it.
The no fields ip configures the algorithm not to use L3/L4 data fields. The default fields ip command
restores the default data L3/L4 fields to the load balancing algorithm defined by the configuration mode
profile by removing the corresponding fields ip or no fields ip command from running-config.
FM6000
Command Mode
Load-balance-profile Configuration
Command Syntax
fields ip IP_FIELD
no fields ip
default fields ip
Parameters
•
IP_FIELD
—
—
—
—
—
—
specifies the L3/L4 fields the hashing algorithm uses. Options include:
dscp algorithm uses dscp field.
dst-ip algorithm uses destination IP address field.
dst-port algorithm uses destination TCP/UDP port field.
protocol algorithm uses protocol field.
src-ip algorithm uses source IP address field.
src-port algorithm uses source TCP/UDP port field.
Command may include from one to six fields, in any combination and listed in any order. The
default setting is the selection of all fields.
Related Commands
•
load-balance fm6000 profile places the switch in load-balance-profile configuration mode.
Example
•
These commands specify the IP source and protocol fields as components of the hash algorithm
defined by the LB-1 load balance profile.
switch(config)#load-balance policies
switch(config-load-balance-policies)#load-balance fm6000 profile LB-1
switch(config-load-balance-profile-LB-1)#fields ip src-ip protocol
switch(config-load-balance-profile-LB-1)#show active
load-balance policies
load-balance fm6000 profile LB-1
fields ip protocol src-ip
switch(config-load-balance-profile-LB-1)#
User Manual: Version 4.15.2F
29 September 2015
483
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
fields mac
The fields mac command specifies the L2 data fields used by the hash algorithm defined by the
configuration mode load balance profile. When a load balance profile is assigned to a port channel or
Ethernet interface, its associated hash algorithm determines the distribution of packets that ingress the
interface. Profile algorithms can load balance packets across port channel links or ECMP routes.
The switch calculates a hash value using the packet header fields to balance packets across links. The
hash value determines the link through which the packet is transmitted. This method also ensures that
all packets in a flow follow the same network path. Packet flow is modified by changing the inputs to
the port channel hash algorithm.
In network topologies that include MLAGs, programming all switches to perform the same hash
calculation increases the risk of hash polarization, which leads to uneven load distribution among LAG
and MLAG member links in MLAG switches. This problem is avoided by performing different hash
calculations between the MLAG switch, and a non-peer switch connected to it.
The no fields mac configures the algorithm not to use L2 data fields. The default fields mac command
restores the default data L2 fields to the load balancing algorithm defined by the configuration mode
profile by removing the corresponding fields mac or no fields mac command from running-config.
FM6000
Command Mode
Load-balance-profile Configuration
Command Syntax
fields mac MAC_FIELD
no fields mac
default fields mac
Parameters
•
MAC_FIELD
—
—
—
—
—
specifies the L2 fields the hashing algorithm uses. Options include:
dst-mac algorithm uses MAC destination field.
eth-type algorithm uses MAC destination field.
src-mac algorithm uses MAC source field.
vlan-id algorithm uses VLAN ID field.
vlan-priority algorithm uses VLAN priority field.
Related Commands
•
load-balance fm6000 profile places the switch in load-balance-profile configuration mode.
Example
•
These commands specify the MAC destination and VLAN priority fields as components of the hash
algorithm defined by the LB-1 load balance profile.
switch(config)#load-balance policies
switch(config-load-balance-policies)#load-balance fm6000 profile LB-1
switch(config-load-balance-profile-LB-1)#fields mac dst-mac vlan-priority
switch(config-load-balance-profile-LB-1)#show active
load-balance policies
load-balance fm6000 profile LB-1
fields mac dst-mac vlan-priority
switch(config-load-balance-profile-LB-1)#
484
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
ingress load-balance profile
The ingress load-balance profile command applies the specified load-balance profile to the
configuration mode interface. Load balance profiles specify parameters used by hashing algorithms that
distribute traffic across ports comprising a port channel or among ECMP routes. The switch supports 16
load balance profiles, including the default profile.
Load balance profiles can be assigned to Ethernet and port channel interfaces. Profiles define the
distribution method of traffic that ingresses the interface among the ports comprising a port channel or
routes comprising an ECMP.
The default load balance profile is configured through port-channel load-balance fm6000 fields ip and
port-channel load-balance fm6000 fields mac commands.
The no ingress load-balance profile and default ingress load-balance profile commands restore the
default load balance profile for the configuration mode interface by removing the corresponding
ingress load-balance profile command from running-config.
FM6000
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
ingress load-balance profile profile_name
no ingress load-balance profile
default ingress load-balance profile
Parameters
•
profile_name
name of profile assigned to interface.
Example
•
This command applies the LB-1 load balance profile to port channel interface 100.
switch(config)#interface port-channel 100
switch(config-if-Po100)#show active
interface Port-Channel100
switch(config-if-Po100)#ingress load-balance profile LB-1
switch(config-if-Po100)#show active
interface Port-Channel100
ingress load-balance profile LB-1
switch(config-if-Po100)#
User Manual: Version 4.15.2F
29 September 2015
485
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
interface port-channel
The interface port-channel command places the switch in port-channel interface configuration mode
for modifying parameters of specified link aggregation (LAG) interfaces. When entering configuration
mode to modify existing port channel interfaces, the command can specify multiple interfaces.
The command creates a port channel interface if the specified interface does not exist prior to issuing
the command. When creating an interface, the command can only specify a single interface.
The no interface port-channel and default interface port-channel commands delete the specified LAG
interfaces from running-config.
all
Command Mode
Global Configuration
Command Syntax
interface port-channel p_range
no interface port-channel p_range
default interface port-channel p_range
Parameter
•
p_range
port channel interfaces (number, range, or comma-delimited list of numbers and ranges).
Port channel numbers range from 1 to 2000.
Guidelines
When configuring a port channel, you do not need to issue the interface port-channel command before
assigning a port to the port channel (see the channel-group command). The port channel number is
implicitly created when a port is added to the specified port channel with the channel-group number
command.
To display ports that are members of a port channel, enter show port-channel. To view information
about hardware limitations for a port channel, enter show port-channel limits.
All active ports in a port channel must be compatible. Compatibility comprises many factors and is
specific to a given platform. For example, compatibility may require identical operating parameters such
as speed and/or maximum transmission unit (MTU). Compatibility may only be possible between
specific ports because of internal organization of the switch.
You can configure a port channel with a set of ports such that more than one subset of the member ports
are mutually compatible. Port channels in EOS are designed to activate the compatible subset of ports
with the largest aggregate capacity. A subset with two 40 Gbps ports (aggregate capacity 80 Gbps) has
preference to a subset with five active 10 Gbps ports (aggregate capacity 50 Gbps).
Example
•
This example creates port channel interface 3:
switch(config)#interface port-channel 3
switch(config-if-Po3)#
486
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
lacp port-priority
The lacp port-priority command sets the aggregating port priority for the configuration mode interface.
Priority is supported on port channels with LACP-enabled physical interfaces.
LACP port priority determines the port that is active in a LAG in fallback mode. Numerically lower
values have higher priority. Priority is supported on port channels with LACP-enabled physical
interfaces.
Each port in an aggregation is assigned a 32-bit port identifier by prepending the port priority (16 bits)
to the port number (16 bits). Port priority determines the ports that are placed in standby mode when
hardware limitations prevent a single aggregation of all compatible ports.
Priority numbers range from 0 to 65535. The default is 32768. Interfaces with higher priority numbers
are placed in standby mode before interfaces with lower priority numbers.
The no lacp port-priority and default lacp port-priority commands restore the default port-priority to
the configuration mode interface by removing the corresponding lacp port-priority command from
running-config.
all
Command Mode
Interface-Ethernet Configuration
Command Syntax
lacp port-priority priority_value
no lacp port-priority
default lacp port-priority
Parameters
•
priority_level
port priority. Values range from 0 to 65535. Default is 32768
Example
•
These commands assign the port priority of 4096 to Ethernet interface 8.
switch(config)#interface ethernet 8
switch(config-if-Et8)#lacp port-priority 4096
switch(config-if-Et8)#show active
interface Ethernet8
lacp port-priority 4096
switch(config-if-Et8)#
User Manual: Version 4.15.2F
29 September 2015
487
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
lacp rate
The lacp rate command configures the LACP transmission interval on the configuration mode interface.
The LACP timeout specifies the transmission rate of LACP control packets to interfaces supporting
LACP. Supported rates include:
•
•
normal: 30 seconds with synchronized interfaces; one second while interfaces are synchronizing.
fast: one second.
This command is supported on LACP-enabled interfaces. The default value is normal.
The no lacp rate and default lacp rate commands restore the default value of normal on the
configuration mode interface by deleting the corresponding lacp rate command from running-config.
all
Command Mode
Interface-Ethernet Configuration
Command Syntax
lacp rate RATE_LEVEL
no lacp rate
default lacp rate
Parameters
•
RATE_LEVEL
LACP transmission interval . Options include:
— fast one second.
— normal 30 seconds for synchronized interfaces; one second while interfaces synchronize.
Examples
•
This command sets the LACP rate to one second on Ethernet interface 4.
Switch(config-if-Et4)#lacp rate fast
Switch(config-if-Et4)#
488
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
lacp system-priority
The lacp system-priority command configures the switch’s LACP system priority. Values range between
0 and 65535. Default value is 32768.
Each switch is assigned a globally unique 64-bit system identifier by prepending the system priority (16
bits) to the MAC address of one of its physical ports (48 bits). Peer devices use the system identifier when
forming an aggregation to verify that all links are from the same switch. The system identifier is also
used when dynamically changing aggregation capabilities resulting from LACP data; the system with
the numerically lower system identifier can dynamically change advertised aggregation parameters.
The no lacp system-priority and default lacp system-priority commands restore the default system
priority by removing the lacp system-priority command from running-config.
all
Command Mode
Global Configuration
Command Syntax
lacp system-priority priority_value
no lacp system-priority
default lacp system-priority
Parameters
•
priority_value
system priority number. Values range from 0 to 65535. Default is 32768.
Example
•
This command assigns the system priority of 8192 to the switch.
switch(config)#lacp system-priority 8192
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
489
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
load-balance fm6000 profile
The load-balance fm6000 profile command places the switch in load-balance-profile configuration
mode to configure a specified load balance profile. The command specifies the name of the profile that
subsequent commands modify. It creates a profile if the profile it references does not exist.
Load balance profiles specify parameters used by hashing algorithms that distribute traffic across ports
comprising a port channel or among component ECMP routes. The switch supports 16 load balance
profiles, including the default profile. The default load balance profile is configured through
port-channel load-balance fm6000 fields ip and port-channel load-balance fm6000 fields mac
commands.
The load balance profile name is referenced when it is applied to an interface. The default profile is not
associated with a name and is applied to an interface in the absence of a named profile assignment.
The no load-balance fm6000 profile and default load-balance fm6000 profile commands delete the
specified load balance profile from running-config. Profiles that are assigned to an interface cannot be
deleted. Attempts to delete an assigned profile generate a profile in use error messages.
The load-balance fm6000 profile command is accessible from load-balance-policies configuration mode.
Load-balance-profile configuration mode is not a group change mode; running-config is changed
immediately upon entering commands. Exiting load-balance-policies configuration mode does not
affect the configuration. The exit command returns the switch to load-balance-policies configuration
mode.
FM6000
Command Mode
Load-balance-policies Configuration
Command Syntax
load-balance fm6000 profile profile_name
no load-balance fm6000 profile profile_name
default load-balance fm6000 profile profile_name
Parameters
•
profile_name
name of the load-balance profile.
Commands Available in Load-balance-profile Configuration Mode
•
•
•
•
•
•
fields ip
fields mac
distribution random
distribution symmetric-hash
port-channel hash-seed
show active displays the contents of the configuration mode profile.
Related Commands
•
•
•
490
load-balance policies places the switch in load-balance-policies configuration mode.
ingress load-balance profile applies a load-balance profile to an Ethernet or port channel interface.
show load-balance profile displays the contents of load balance profiles.
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
Example
•
These commands enter load-balance-profile configuration mode, creates the LB-1 profile, and lists
the default settings for the profile.
switch(config)#load-balance policies
switch(config-load-balance-policies)#load-balance fm6000 profile LB-1
switch(config-load-balance-profile-LB-1)#show active all
load-balance policies
load-balance fm6000 profile LB-1
port-channel hash-seed 0
fields mac dst-mac src-mac eth-type vlan-priority vlan-id
fields ip protocol dst-ip dst-port src-ip src-port dscp
no distribution symmetric-hash
no distribution random
switch(config-load-balance-profile-LB-1)#
User Manual: Version 4.15.2F
29 September 2015
491
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
load-balance policies
The load-balance policies command places the switch in load-balance-policies configuration mode.
Load-balance-policies configuration mode provides commands for managing load-balance profiles.
Load balance profiles specify the inputs used by the hashing algorithms that distribute traffic across
ports comprising a port channel or among ECMP routes.
The no load-balance policies and default load-balance policies commands delete all load balance
profiles from running-config. The command generates an error message when at least one profile is
assigned to an interface.
Load-balance-policies configuration mode is not a group change mode; running-config is changed
immediately upon entering commands. Exiting load-balance-policies configuration mode does not
affect running-config. The exit command returns the switch to global configuration mode.
FM6000
Command Mode
Global Configuration
Command Syntax
load-balance policies
no load-balance policies
default load-balance policies
Commands Available in Load-balance-policies Configuration Mode
•
•
load-balance fm6000 profile places the switch in load-balance-profile configuration mode.
show active displays contents of all load balance profiles.
Related Commands
•
•
ingress load-balance profile applies a load-balance profile to an Ethernet or port channel interface.
show load-balance profile displays the contents of load balance profiles.
Example
•
This command places the switch in load-balance-policies configuration mode.
switch(config)#load-balance policies
switch(config-load-balance-policies)#
•
This command displays the contents of the three configured load balance profiles.
switch(config-load-balance-policies)#show active
load-balance policies
load-balance fm6000 profile F-01
port-channel hash-seed 22
fields ip dscp
distribution random port-channel
!
load-balance fm6000 profile F-02
fields ip protocol dst-ip
fields mac dst-mac eth-type
distribution random ecmp port-channel
!
load-balance fm6000 profile F-03
switch(config-load-balance-policies)#
492
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
port-channel hash-seed
The port-channel hash-seed command specifies the seed used by the hash algorithm defined by the
configuration mode load balance profile when distributing the load across ports comprising a port
channel. When a load balance profile is assigned to a port channel or Ethernet interface, its associated
hash algorithm determines the distribution of packets that ingress the interface. Profile algorithms can
load balance packets across port channel links or ECMP routes.
The hash seed that the algorithm uses to select port channel links or ECMP routes is configured by the
ip load-sharing command.
The no port-channel hash-seed and default port-channel hash-seed commands restore the default
hash seed value of 0 to the load balancing algorithm defined by the configuration mode profile by
removing the corresponding port-channel hash-seed command from running-config.
FM6000
Command Mode
Load-balance-profile Configuration
Command Syntax
port-channel hash-seed number
no port-channel hash-seed
default port-channel hash-seed
Parameters
•
number
The hash seed. Value ranges from 0 to 39.
Related Commands
•
load-balance fm6000 profile places the switch in load-balance-profile configuration mode.
Example
•
Thes commands configure the port-channel hash seed of 22 for the hash algorithm defined by the
LB-1 load balance profile.
switch(config)#load-balance policies
switch(config-load-balance-policies)#load-balance fm6000 profile LB-1
switch(config-load-balance-profile-LB-1)#port-channel hash-seed 22
switch(config-load-balance-profile-LB-1)#show active
load-balance policies
load-balance fm6000 profile LB-1
port-channel hash-seed 22
switch(config-load-balance-profile-LB-1)#
User Manual: Version 4.15.2F
29 September 2015
493
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
port-channel lacp fallback
The port-channel lacp fallback command enables the LACP fallback mode on the interface.
LACP fallback is unconfigured and disabled by default. An interface that is not configured in fallback
mode cannot have fallback enabled. An LACP interface without fallback enabled does not form a LAG
until it receives PDUs from it peer.
The no port-channel lacp fallback and default port-channel lacp fallback commands disable LACP
fallback mode on the configuration mode interface by removing the corresponding port-channel lacp
fallback command from running-config.
all
Command Mode
Interface-Port-Channel Configuration
Command Syntax
port-channel lacp fallback
no port-channel lacp fallback
default port-channel lacp fallback
Related Commands
port-channel lacp fallback timeout configures the fallback timeout period for a port channel interface.
The default LACP fallback timeout period is 90 seconds.
Example
•
These commands enable LACP fallback mode on port-channel interface 13.
switch(config)#interface port-channel 13
switch(config-if-Po13)#port-channel lacp fallback
switch(config-if-Po13)#show active
interface Port-Channel13
port-channel lacp fallback
switch(config-if-Po13)#
494
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
port-channel lacp fallback timeout
The port-channel lacp fallback timeout command specifies the fallback timeout period for the
configuration mode interface.
Fallback timeout settings persist in running-config without taking effect for interfaces that are not
configured into fallback mode. The default fallback timeout period is 90 seconds.
The no port-channel lacp fallback timeout and default port-channel lacp fallback timeout commands
restore the default fallback timeout of 90 seconds for the configuration mode interface by removing the
corresponding port-channel lacp fallback timeout command from running-config.
all
Command Mode
Interface-Port-Channel Configuration
Command Syntax
port-channel lacp fallback timeout period
no port-channel lacp fallback timeout
default port-channel lacp fallback timeout
Parameters
•
period maximum interval between receipt of LACP PDU packets (seconds). Value ranges from 1 to
300 seconds. Default value is 90.
Related Commands
port-channel lacp fallback configures fallback mode for a port channel interface.
Guidelines
The fallback timeout period should not be shorter than the LACP transmision interval (lacp rate). The
default LACP transmission interval is 30 seconds.
Example
•
This command enables LACP fallback mode, then configures an LACP fallback timeout of 100
seconds on port channel interface 13.
switch(config)#interface port-channel 13
switch(config-if-Po13)#port-channel lacp fallback
switch(config-if-Po13)#port-channel lacp fallback timeout 100
switch(config-if-Po13)#show active
interface Port-Channel13
port-channel lacp fallback
port-channel lacp fallback timeout 100
switch(config-if-Po13)#
User Manual: Version 4.15.2F
29 September 2015
495
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
port-channel load-balance
The port-channel load-balance command specifies the seed in the hashing algorithm that balances the
load across ports comprising a port channel. Available seed values vary by switch platform.
The no port-channel load-balance and default port-channel load-balance commands remove the
port-channel load-balance command from running-config, restoring the default hash seed value of 0.
all
Command Mode
Global Configuration
Command Syntax
port-channel load-balance platform { hash_seed | fields ip fields | hash
hash_function }
no port-channel load-balance platform [hash_seed]
default port-channel load-balance platform [hash_seed]
Parameters
Important Parameter options vary by switch model. Verify available options with the ? command.
•
platform
•
hash_seed
—
—
—
—
ASIC switching device. Value depends on the switch model.
The numerical seed for the hash function. Value range varies by switch platform:
arad 0 to 65535.
fm6000 0 to 39.
petraA uses field inputs only.
trident 0 to 47.
For trident platform switches, algorithms using hash seeds between 0 and 15 typically result in
more effective distribution of data streams across the port channels.
•
fields
—
—
—
—
—
—
gre Configure which GRE fields are inputs to the hash.
ip Configure which fields are inputs to the hash for IPv4 packets.
ipv6 Configure which fields are inputs to the hash for IPv6 packets.
mac Configure which MAC fields are inputs to the hash.
mac-in-mac Configure which MAC-in-MAC fields are inputs to the hash.
mpls Configure which MPLS fields are inputs to the hash.
—
—
—
—
destination-ip Use the layer 3 IP destination address in the hash.
destination-port Use the layer 4 TCP/UDP destination port in the hash.
dst-ip Use the destination IP address in the hash.
dst-mac Use the destination Payload MAC in the hash (or the destination MAC address in
the MAC hash).
eth-type Use the Ethernet type in the MAC hash.
ip-in-ip Use the outer IP header in the hash for IPv4 over IPv4 GRE tunnel.
ip-in-ipv6 Use the outer IP header in the hash for IPv4 over IPv6 GRE tunnel.
ipv6-in-ip Use the outer IP header in the hash for IPv6 over IPv4 GRE tunnel.
ipv6-in-ipv6 Use the outer IP header in the hash for IPv6 over IPv6 GRE tunnel.
ip-tcp-udp-header Use the layer 3 and layer 4 hashes.
isid Use the MAC-in-MAC ISID in the hash.
label Use the MPLS label in the hash.
mac-header Use the MAC hash.
outer-mac Use the outer MAC of source and destination in the hash.
—
—
—
—
—
—
—
—
—
—
496
Which fields will be used as inputs to the port channel hash.
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
—
—
—
—
•
Port Channel and LACP Configuration Commands
source-ip Use the layer 3 IP source address in the hash.
src-ip Use the source IP address in the hash.
source-port Use layer 4 TCP/UDP source port in the hash.
src-mac Use the source payload MAC in the hash (or the source MAC address in the MAC
hash).
hash_function
Specifies the hash polynomial function. Values range from 0-2.
Example
•
This command configures a hash seed of 10 on an FM6000 platform switch.
switch(config)#port-channel load-balance fm6000 10
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
497
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
port-channel load-balance arad fields ip
The port-channel load-balance arad fields ip command specifies the data fields that the port channel
load balance hash algorithm uses for distributing IP packets on Arad platform switches. The hashing
algorithm fields used for IP packets differ from the fields used for non-IP packets.
The switch calculates a hash value using the packet header fields to load balance packets across links in
a port channel. The hash value determines the link through which the packet is transmitted. This
method also ensures that all packets in a flow follow the same network path. Packet flow is modified by
changing the inputs to the port channel hash algorithm.
In network topologies that include MLAGs, programming all switches to perform the same hash
calculation increases the risk of hash polarization, which leads to uneven load distribution among LAG
and MLAG member links in MLAG switches. This problem is avoided by performing different hash
calculations between the MLAG switch, and a non-peer switch connected to it.
The no port-channel load-balance arad fields ip and default port-channel load-balance arad fields ip
commands restore the default data fields for the IP packet load balancing algorithm by removing the
port-channel load-balance arad A fields ip command from running-config.
Arad
Command Mode
Global Configuration
Command Syntax
port-channel load-balance arad fields ip IP_FIELD_NAME
no port-channel load-balance arad fields ip
default port-channel load-balance arad fields ip
Parameters
•
IP_FIELD_NAME
fields the hashing algorithm uses for layer 3 routing. Options include:
— ip-tcp-udp-header algorithm uses source and destination IP address fields. Source and
destination port fields are included for TCP and UDP packets.
— mac-header
algorithm uses entire MAC header.
A command can only specify one option. The default setting is ip-tcp-udp-header.
Guidelines
The port channel hash algorithm for non-IP packets is not configurable and always includes the entire
MAC header.
Related Commands
•
port-channel load-balance configures the hash seed for the algorithm.
Example
•
These commands configure the switch’s port channel load balance hash algorithm for IP packets to
use source and destination IP address (and port) fields.
switch(config)#port-channel load-balance fm6000 fields ip ip-tcp-udp-header
switch(config)#
498
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
port-channel load-balance fm6000 fields ip
The port-channel load-balance fm6000 fields ip command specifies the data fields that the port channel
load balance hash algorithm uses for distributing IP packets on FM6000 platform switches. The hashing
algorithm fields used for IP packets differ from the fields used for non-IP packets.
The switch calculates a hash value using the packet header fields to load balance packets across links in
a port channel. The hash value determines the link through which the packet is transmitted. This
method also ensures that all packets in a flow follow the same network path. Packet flow is modified by
changing the inputs to the port channel hash algorithm.
In network topologies that include MLAGs, programming all switches to perform the same hash
calculation increases the risk of hash polarization, which leads to uneven load distribution among LAG
and MLAG member links in MLAG switches. This problem is avoided by performing different hash
calculations between the MLAG switch, and a non-peer switch connected to it.
The no port-channel load-balance fm6000 fields ip and default port-channel load-balance fm6000
fields ip commands restore the default data fields for the IP packet load balancing algorithm by
removing the port-channel load-balance fm6000 fields ip command from running-config.
FM6000
Command Mode
Global Configuration
Command Syntax
port-channel load-balance fm6000 fields ip IP_FIELD_NAME
no port-channel load-balance fm6000 fields ip
default port-channel load-balance fm6000 fields ip
Parameters
•
IP_FIELD_NAME
specifies fields the hashing algorithm uses for layer 3 routing. Options include:
— ip-tcp-udp-header algorithm uses source and destination IP address fields. Source and
destination port fields are included for TCP and UDP packets.
A command can only specify one option. The default setting is ip-tcp-udp-header.
Related Commands
•
•
port-channel load-balance configures the hash seed for the algorithm.
port-channel load-balance fm6000 fields mac controls the hash algorithm for non-IP packets
Example
•
These commands configure the switch’s port channel load balance for IP packets by source and
destination IP address and port fields.
switch(config)#port-channel load-balance fm6000 fields ip ip-tcp-udp-header
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
499
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
port-channel load-balance fm6000 fields mac
The port-channel load-balance fm6000 fields mac command specifies data fields that configure the port
channel load balance hash algorithm for non-IP packets on FM6000 platform switches. The hashing
algorithm fields used for balancing non-IP packets differ from the fields used for IP packets.
The switch calculates a hash value using the packet header fields to load balance packets across links in
a port channel. The hash value determines the link through which the packet is transmitted. This
method also ensures that all packets in a flow follow the same network path. Packet flow is modified by
changing the inputs to the port channel hash algorithm.
In network topologies that include MLAGs, programming all switches to perform the same hash
calculation increases the risk of hash polarization, which leads to uneven load distribution among LAG
and MLAG member links in MLAG switches. This problem is avoided by performing different hash
calculations between the MLAG switch, and a non-peer switch connected to it.
The no port-channel load-balance fm6000 fields mac and default port-channel load-balance fm6000
fields mac commands restore the default data fields for the non-IP packet load balancing algorithm by
removing the port-channel load-balance fm6000 fields mac command from running-config.
FM6000
Command Mode
Global Configuration
Command Syntax
port-channel load-balance fm6000 fields mac MAC_FIELD_NAME
no port-channel load-balance fm6000 fields mac
default port-channel load-balance fm6000 fields mac
Parameters
•
MAC_FIELD_NAME
—
—
—
—
—
fields the hashing algorithm uses for layer 2 routing. Options include
dst-mac MAC destination field
eth-type EtherType field
src-mac MAC source field
vlan-id VLAN ID field
vlan-priority VLAN priority field
Command may include from one to five fields, in any combination and listed in any order. The
default setting is the selection of all fields.
Related Commands
•
•
port-channel load-balance configures the hash seed for the algorithm.
port-channel load-balance fm6000 fields ip controls the hash algorithm for IP packets
Example
•
These commands configure the switch’s port channel load balance for non-IP packets by using the
MAC destination and Ethernet type fields in the hashing algorithm.
switch(config)#port-channel load-balance fm6000 fields mac dst-mac eth-type
switch(config)#
500
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
port-channel load-balance petraA fields ip
The port-channel load-balance petraA fields ip command specifies the data fields that the port channel
load balance hash algorithm uses for distributing IP packets on Petra platform switches. The hashing
algorithm fields used for IP packets differ from the fields used for non-IP packets.
The switch calculates a hash value using the packet header fields to load balance packets across links in
a port channel. The hash value determines the link through which the packet is transmitted. This
method also ensures that all packets in a flow follow the same network path. Packet flow is modified by
changing the inputs to the port channel hash algorithm.
In network topologies that include MLAGs, programming all switches to perform the same hash
calculation increases the risk of hash polarization, which leads to uneven load distribution among LAG
and MLAG member links in MLAG switches. This problem is avoided by performing different hash
calculations between the MLAG switch, and a non-peer switch connected to it.
The no port-channel load-balance petraA fields ip and default port-channel load-balance petraA
fields ip commands restore the default data fields for the IP packet load balancing algorithm by
removing the port-channel load-balance petraA fields ip command from running-config.
Petra
Command Mode
Global Configuration
Command Syntax
port-channel load-balance petraA fields ip IP_FIELD_NAME
no port-channel load-balance petraA fields ip
default port-channel load-balance petraA fields ip
Parameters
•
IP_FIELD_NAME
fields the hashing algorithm uses for layer 3 routing. Options include:
— ip-tcp-udp-header algorithm uses source and destination IP address fields. Source and
destination port fields are included for TCP and UDP packets.
— mac-header
algorithm uses entire MAC header.
A command can only specify one option. The default setting is ip-tcp-udp-header.
Guidelines
The port channel hash algorithm for non-IP packets is not configurable and always includes the entire
MAC header.
Related Commands
•
port-channel load-balance configures the hash seed for the algorithm.
Example
•
These commands configure the switch’s port channel load balance hash algorithm for IP packets to
use source and destination IP address (and port) fields.
switch(config)#port-channel load-balance fm6000 fields ip ip-tcp-udp-header
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
501
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
port-channel load-balance trident fields ip
The port-channel load-balance trident fields ip command specifies the data fields that the port channel
load balance hash algorithm uses for distributing IP packets on Trident platform switches. The hashing
algorithm fields used for IP packets differ from the fields used for non-IP packets.
The switch calculates a hash value using the packet header fields to load balance packets across links in
a port channel. The hash value determines the link through which the packet is transmitted. This
method also ensures that all packets in a flow follow the same network path. Packet flow is modified by
changing the inputs to the port channel hash algorithm.
In network topologies that include MLAGs, programming all switches to perform the same hash
calculation increases the risk of hash polarization, which leads to uneven load distribution among LAG
and MLAG member links in MLAG switches. This problem is avoided by performing different hash
calculations between the MLAG switch, and a non-peer switch connected to it.
The no port-channel load-balance trident fields ip and default port-channel load-balance trident
fields ip commands restore the default data fields for the IP packet load balancing algorithm by
removing the port-channel load-balance trident fields ip command from running-config.
Helix, Trident, Trident-II
Command Mode
Global Configuration
Command Syntax
port-channel load-balance trident fields ip IP_FIELD_NAME
no port-channel load-balance trident fields ip
default port-channel load-balance trident fields ip
Parameters
•
IP_FIELD_NAME
specifies fields the hashing algorithm uses for layer 3 routing. Options include:
Command may include from one to four of the following four options, in any combination and
listed in any order.
—
—
—
—
destination-ip algorithm uses destination IP address field.
source-ip algorithm uses source IP address field.
destination-port algorithm uses destination TCP/UDP port field.
source-port algorithm uses source TCP/UDP port field.
— ip-tcp-udp-header algorithm uses source and destination IP address fields. Source and
destination port fields are included for TCP and UDP packets. This option can’t be used in
combination with any other option.
— mac-header algorithm uses fields specified by port-channel load-balance trident fields mac.
This option can’t be used in combination with any other option.
Default setting is ip-tcp-udp-header
Related Commands
•
•
•
port-channel load-balance configures the hash seed for the algorithm.
port-channel load-balance trident fields ipv6 controls the hash algorithm for IPv6 packets
port-channel load-balance trident fields mac controls the hash algorithm for non-IP/IPv6 packets
Example
•
These commands configure the switch’s port channel load balance for IP packets by using the IPv6
destination field in the hashing algorithm.
switch(config)#port-channel load-balance trident fields ip destination-ip
switch(config)#
502
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
port-channel load-balance trident fields ipv6
The port-channel load-balance trident fields ipv6 command specifies the data fields that the port
channel load balance hash algorithm uses for distributing IPv6 packets on Trident platform switches.
The hashing algorithm fields used for IPv6 packets differ from the fields used for non-IPv6 packets.
The switch calculates a hash value using the packet header fields to load balance packets across links in
a port channel. The hash value determines the link through which the packet is transmitted. This
method also ensures that all packets in a flow follow the same network path. Packet flow is modified by
changing the inputs to the port channel hash algorithm.
In network topologies that include MLAGs, programming all switches to perform the same hash
calculation increases the risk of hash polarization, which leads to uneven load distribution among LAG
and MLAG member links in MLAG switches. This problem is avoided by performing different hash
calculations between the MLAG switch, and a non-peer switch connected to it.
The no port-channel load-balance trident fields ipv6 and default port-channel load-balance trident
fields ipv6 commands restore the default data fields for the IPv6 packet load balancing algorithm by
removing the port-channel load-balance trident fields ipv6 command from running-config.
Helix, Trident, Trident-II
Command Mode
Global Configuration
Command Syntax
port-channel load-balance trident fields ipv6 IP_FIELD_NAME
no port-channel load-balance trident fields ipv6
default port-channel load-balance trident fields ipv6
Parameters
•
IP_FIELD_NAME
specifies fields the hashing algorithm uses for layer 3 routing. Options include:
Command may include from one to four of the following four options, in any combination and
listed in any order.
—
—
—
—
destination-ip algorithm uses destination IPv6 address field.
source-ip algorithm uses source IPv6 address field.
destination-port algorithm uses destination TCP/UDP port field.
source-port algorithm uses source TCP/UDP port field.
— ip-tcp-udp-header algorithm uses source and destination IPv6 address fields. Source and
destination port fields are included for TCP and UDP packets. This option can’t be used in
combination with any other option.
— mac-header algorithm uses fields specified by port-channel load-balance trident fields mac.
This option can’t be used in combination with any other option.
Default setting is ip-tcp-udp-header
Related Commands
•
•
•
port-channel load-balance configures the hash seed for the algorithm.
port-channel load-balance trident fields ipv6 controls the hash algorithm for non-IP packets
port-channel load-balance trident fields mac controls the hash algorithm for non-IP packets
Example
•
These commands configure the switch’s port channel load balance for IP packets by using the IPv6
source field in the hashing algorithm.
switch(config)#port-channel load-balance trident fields ipv6 source-ip
switch(config)#
User Manual: Version 4.15.2F
29 September 2015
503
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
port-channel load-balance trident fields mac
The port-channel load-balance trident fields mac command specifies data fields that the port channel
load balance hash algorithm uses for distributing non-IP packets on Trident platform switches. The
hashing algorithm fields used for non-IP packets differ from the fields used for IP packets.
The switch calculates a hash value using the packet header fields to load balance packets across links in
a port channel. The hash value determines the link through which the packet is transmitted. This
method also ensures that all packets in a flow follow the same network path. Packet flow is modified by
changing the inputs to the port channel hash algorithm.
In network topologies that include MLAGs, programming all switches to perform the same hash
calculation increases the risk of hash polarization, which leads to uneven load distribution among LAG
and MLAG member links in MLAG switches. This problem is avoided by performing different hash
calculations between the MLAG switch, and a non-peer switch connected to it.
The no port-channel load-balance trident fields mac and default port-channel load-balance trident
fields mac commands restore the default data fields for the non-IP packet load balancing algorithm by
removing the port-channel load-balance trident fields mac command from running-config.
Helix, Trident, Trident-II
Command Mode
Global Configuration
Command Syntax
port-channel load-balance trident fields mac MAC_FIELD_NAME
no port-channel load-balance trident fields mac
default port-channel load-balance trident fields mac
Parameters
•
MAC_FIELD_NAME
fields the hashing algorithm uses for layer 2 routing. Options include
— dst-mac MAC destination field
— eth-type EtherType field
— src-mac MAC source field
Command may include from one to three fields, in any combination and listed in any order. The
default setting is the selection of all fields.
Related Commands
•
•
•
port-channel load-balance configures the hash seed for the algorithm.
port-channel load-balance trident fields ip controls the hash algorithm for IP packets
port-channel load-balance trident fields ipv6 controls the hash algorithm for IP packets
Example
•
These commands configure the switch’s port channel load balance for non-IP packets by using the
MAC destination and Ethernet type fields in the hashing algorithm.
switch(config)#port-channel load-balance trident fields mac dst-mac eth-type
switch(config)#
504
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
port-channel min-links
The port-channel min-links command specifies the minimum number of interfaces that the
configuration mode LAG requires to be active. This command is supported only on LACP ports. If there
are fewer ports than specified by this command, the port channel interface does not become active. The
default min-links value is 0.
The no port-channel min-links and default port-channel min-links commands restore the default
min-links setting for the configuration mode LAG by removing the corresponding port-channel
min-links command from the configuration.
all
Command Mode
Interface-Port-Channel Configuration
Command Syntax
port-channel min-links quantity
no port-channel min-links
default port-channel min-links
Parameters
•
quantity
minimum number of interfaces. Value range varies by platform. Default value is 0.
Example
•
This command sets four as the minimum number of ports required by port channel 13 to be active.
switch(config)#interface port-channel 13
switch(config-if-Po13)#port-channel min-links 4
switch(config-if-Po13)#show active
interface Port-Channel13
port-channel min-links 4
switch(config-if-Po13)#
User Manual: Version 4.15.2F
29 September 2015
505
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
show etherchannel
The show etherchannel command displays information about members of the specified port channels.
all
Command Mode
EXEC
Command Syntax
show etherchannel [MEMBERS] [PORT_LIST] [INFO_LEVEL]
Parameters
•
MEMBERS
list of port channels for which information is displayed. Options include:
— <no parameter> all configured port channels.
— p_range ports in specified channel list (number, number range, or list of numbers and ranges).
•
PORT_LEVEL
ports displayed, in terms of aggregation status. Options include:
— <no parameter> Displays information on ports that are active members of the LAG.
— active-ports Displays information on ports that are active members of the LAG.
— all-ports Displays information on all ports (active or inactive) configured for LAG.
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> Displays information at the brief level.
— brief Displays information at the brief level.
— detailed Displays information at the detail level.
Display Values
•
•
•
•
•
•
•
Port Channel Type and name of the port channel.
Time became active Time when the port channel came up.
Protocol Protocol operating on the port.
Mode Status of the Ethernet interface on the port. The status value is Active or Inactive.
No active ports Number of active ports on the port channel.
Configured but inactive ports Ports configured but that are not actively up.
Reason unconfigured Reason why the port is not part of the LAG.
Guidelines
The show etherchannel and show port-channel commands are identical. See show port-channel for
additional information.
506
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
show lacp aggregates
The show lacp aggregates command displays aggregate IDs and the list of bundled ports for all
specified port channels.
all
Command Mode
EXEC
Command Syntax
show lacp [PORT_LIST] aggregates [PORT_LEVEL] [INFO_LEVEL]
PORT_LEVEL and INFO_LEVEL parameters can be placed in any order.
Parameters
•
PORT_LIST
port channels for which aggregate information is displayed. Options include:
— <no parameter> all configured port channels.
— c_range channel list (number, range, or comma-delimited list of numbers and ranges).
•
PORT_LEVEL
ports displayed, in terms of aggregation status. Options include:
— <no parameter> ports bundled by LACP into the port channel.
— all-ports all channel group ports, including channel group members not bundled into the
port channel interface.
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> aggregate ID and bundled ports for each channel.
— brief aggregate ID and bundled ports for each channel.
— detailed aggregate ID and bundled ports for each channel.
Examples
•
This command lists aggregate information for all configured port channels.
switch>show lacp aggregates
Port Channel Port-Channel1:
Aggregate ID:
[(8000,00-1c-73-04-36-d7,0001,0000,0000),(8000,00-1c-73-09-a0-f3,0001,0000,0000)]
Bundled Ports: Ethernet43 Ethernet44 Ethernet45 Ethernet46
Port Channel Port-Channel2:
Aggregate ID:
[(8000,00-1c-73-01-02-1e,0002,0000,0000),(8000,00-1c-73-04-36-d7,0002,0000,0000)]
Bundled Ports: Ethernet47 Ethernet48
Port Channel Port-Channel3:
Aggregate ID:
[(8000,00-1c-73-04-36-d7,0003,0000,0000),(8000,00-1c-73-0c-02-7d,0001,0000,0000)]
Bundled Ports: Ethernet3 Ethernet4
Port Channel Port-Channel4:
Aggregate ID:
[(0001,00-22-b0-57-23-be,0031,0000,0000),(8000,00-1c-73-04-36-d7,0004,0000,0000)]
Bundled Ports: Ethernet1 Ethernet2
Port Channel Port-Channel5:
Aggregate ID:
[(0001,00-22-b0-5a-0c-51,0033,0000,0000),(8000,00-1c-73-04-36-d7,0005,0000,0000)]
Bundled Ports: Ethernet41
switch>
User Manual: Version 4.15.2F
29 September 2015
507
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
show lacp counters
The show lacp counters command displays LACP traffic statistics.
all
Command Mode
EXEC
Command Syntax
show lacp [PORT_LIST] counters [PORT_LEVEL] [INFO_LEVEL]
PORT_LEVEL and INFO_LEVEL parameters can be placed in any order.
Parameters
•
PORT_LIST
—
—
—
—
—
•
ports for which port information is displayed. Options include:
<no parameter> all configured port channels
c_range ports in specified channel list (number, number range, or list of numbers and ranges).
interface ports on all interfaces.
interface ethernet e_num port on Ethernet interface specified by e_num.
interface port-channel p_num port on port channel interface specified by p_num.
PORT_LEVEL
ports displayed, in terms of aggregation status. Options include:
— <no parameter> only ports bundled by LACP into an aggregate.
— all-ports all ports, including LACP candidates that are not bundled.
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> displays packet transmission (TX and RX) statistics.
— brief displays packet transmission (TX and RX) statistics.
— detailed displays packet transmission (TX and RX) statistics and actor-partner statistics.
Example
•
This command displays transmission statistics for all configured port channels.
switch>show lacp counters brief
LACPDUs
Markers
Marker Response
Port
Status
RX
TX
RX
TX
RX
TX
Illegal
---------------------------------------------------------------------------Port Channel Port-Channel1:
Et43
Bundled
396979
396959
0
0
0
0
0
Et44
Bundled
396979
396959
0
0
0
0
0
Et45
Bundled
396979
396959
0
0
0
0
0
Et46
Bundled
396979
396959
0
0
0
0
0
Port Channel Port-Channel2:
Et47
Bundled
396836
396883
0
0
0
0
0
Et48
Bundled
396838
396883
0
0
0
0
0
switch>
508
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
show lacp interface
The show lacp interface command displays port status for all port channels that include the specified
interfaces. Within the displays for each listed port channel, the output displays sys-id, partner port,
state, actor port, and port priority for each interface in the channel.
all
Command Mode
EXEC
Command Syntax
show lacp interface [INTERFACE_PORT] [PORT_LEVEL] [INFO_LEVEL]
INTERFACE_PORT is listed first when present. Other parameters can be listed in any order.
Parameters
•
INTERFACE_PORT interfaces for which information is displayed. Options include:
— <no parameter> all interfaces in channel groups.
— ethernet e_num Ethernet interface specified by e_num.
— port-channel p_num port channel interface specified by p_num.
•
PORT_LEVEL
ports displayed, in terms of aggregation status. Options include:
— <no parameter> command lists data for ports bundled by LACP into the aggregate.
— all-ports command lists data for all ports, including LACP candidates that are not bundled.
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> displays same information as brief option.
— brief displays LACP configuration data, including sys-id, actor, priorities, and keys.
— detailed includes brief option information plus state machine data.
Example
•
This command displays LACP configuration information for all ethernet interfaces.
switch>show lacp interface
State: A = Active, P = Passive; S=ShortTimeout, L=LongTimeout;
G = Aggregable, I = Individual; s+=InSync, s-=OutOfSync;
C = Collecting, X = state machine expired,
D = Distributing, d = default neighbor state
|
Partner
Actor
Port Status | Sys-id
Port# State
OperKey PortPri Port#
---------------------------------------------------------------------------Port Channel Port-Channel1:
Et43 Bundled | 8000,00-1c-73-09-a0-f3
43 ALGs+CD 0x0001
32768
43
Et44 Bundled | 8000,00-1c-73-09-a0-f3
44 ALGs+CD 0x0001
32768
44
Et45 Bundled | 8000,00-1c-73-09-a0-f3
45 ALGs+CD 0x0001
32768
45
Et46 Bundled | 8000,00-1c-73-09-a0-f3
46 ALGs+CD 0x0001
32768
46
Port Channel Port-Channel2:
Et47 Bundled | 8000,00-1c-73-01-02-1e
23 ALGs+CD 0x0002
32768
47
Et48 Bundled | 8000,00-1c-73-01-02-1e
24 ALGs+CD 0x0002
32768
48
|
Actor
Port Status |
State
OperKey
PortPriority
------------------------------------------------------Port Channel Port-Channel1:
Et43 Bundled |
ALGs+CD
0x0001
32768
Et44 Bundled |
ALGs+CD
0x0001
32768
Et45 Bundled |
ALGs+CD
0x0001
32768
Et46 Bundled |
ALGs+CD
0x0001
32768
User Manual: Version 4.15.2F
29 September 2015
509
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
Port Channel Port-Channel2:
Et47 Bundled |
ALGs+CD
Et48 Bundled |
ALGs+CD
0x0002
0x0002
32768
32768
switch>
510
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
show lacp internal
The show lacp internal command displays the local LACP state for all specified channels. Local state
data includes the state machines and LACP protocol information.
all
Command Mode
EXEC
Command Syntax
show lacp [PORT_LIST] internal [PORT_LEVEL] [INFO_LEVEL]
Parameters
•
PORT_LIST interface for which port information is displayed. Options include:
—
—
—
—
—
•
<no parameter> all configured port channels
c_range ports in specified channel list (number, number range, or list of numbers and ranges).
interface ports on all interfaces.
interface ethernet e_num Ethernet interface specified by e_num.
interface port-channel p_num port channel interface specified by p_num.
PORT_LEVEL
ports displayed, in terms of aggregation status. Options include:
— <no parameter> command lists data for ports bundled by LACP into an aggregate.
— all-ports command lists data for all ports, including LACP candidates that are not bundled.
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> displays same information as brief option.
— brief displays LACP configuration data, including sys-id, actor, priorities, and keys.
— detailed includes brief option information plus state machine data.
PORT_LEVEL and INFO_LEVEL parameters can be placed in any order.
Example
•
This command displays internal data for all configured port channels.
switch>show lacp internal
LACP System-identifier: 8000,00-1c-73-04-36-d7
State: A = Active, P = Passive; S=ShortTimeout, L=LongTimeout;
G = Aggregable, I = Individual; s+=InSync, s-=OutOfSync;
C = Collecting, X = state machine expired,
D = Distributing, d = default neighbor state
|Partner
Actor
Port Status | Sys-id
Port# State
OperKey PortPriority
---------------------------------------------------------------------------Port Channel Port-Channel1:
Et43 Bundled | 8000,00-1c-73-09-a0-f3
43 ALGs+CD
0x0001
32768
Et44 Bundled | 8000,00-1c-73-09-a0-f3
44 ALGs+CD
0x0001
32768
Et45 Bundled | 8000,00-1c-73-09-a0-f3
45 ALGs+CD
0x0001
32768
Et46 Bundled | 8000,00-1c-73-09-a0-f3
46 ALGs+CD
0x0001
32768
User Manual: Version 4.15.2F
29 September 2015
511
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
show lacp neighbor
The show lacp neighbor command displays the LACP protocol state of the remote neighbor for all
specified port channels.
all
Command Mode
EXEC
Command Syntax
show lacp [PORT_LIST] neighbor [PORT_LEVEL] [INFO_LEVEL]
PORT_LEVEL and INFO_LEVEL parameters can be placed in any order.
Parameters
•
PORT_LIST interface for which port information is displayed. Options include:
—
—
—
—
—
•
<no parameter> displays information for all configured port channels
c_range ports in specified channel list (number, number range, or list of numbers and ranges).
interface ports on all interfaces.
interface ethernet e_num Ethernet interface specified by e_num.
interface port-channel p_num port channel interface specified by p_num.
PORT_LEVEL
ports displayed, in terms of aggregation status. Options include:
— <no parameter> command lists data for ports bundled by LACP into an aggregate.
— all-ports command lists data for all ports, including LACP candidates that are not bundled.
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> displays same information as brief option.
— brief displays LACP configuration data, including sys-id, actor, priorities, and keys.
— detailed includes brief option information plus state machine data.
Example
•
This command displays the LACP protocol state of the remote neighbor for all port channels.
switch>show lacp neighbor
State: A = Active, P = Passive; S=ShortTimeout, L=LongTimeout;
G = Aggregable, I = Individual; s+=InSync, s-=OutOfSync;
C = Collecting, X = state machine expired,
D = Distributing, d = default neighbor state
|
Partner
Port
Status | Sys-id
Port#
State
OperKey PortPri
---------------------------------------------------------------------------Port Channel Port-Channel1:
Et1
Bundled | 8000,00-1c-73-00-13-19
1
ALGs+CD
0x0001
32768
Et2
Bundled | 8000,00-1c-73-00-13-19
2
ALGs+CD
0x0001
32768
Port Channel Port-Channel2:
Et23
Bundled | 8000,00-1c-73-04-36-d7
47
ALGs+CD
0x0002
32768
Et24
Bundled | 8000,00-1c-73-04-36-d7
48
ALGs+CD
0x0002
32768
Port Channel Port-Channel4*:
Et3
Bundled | 8000,00-1c-73-0b-a8-0e
45
ALGs+CD
0x0001
32768
Et4
Bundled | 8000,00-1c-73-0b-a8-0e
46
ALGs+CD
0x0001
32768
Port Channel Port-Channel5*:
Et19
Bundled | 8000,00-1c-73-0c-30-09
49
ALGs+CD
0x0005
32768
Et20
Bundled | 8000,00-1c-73-0c-30-09
50
ALGs+CD
0x0005
32768
Port Channel Port-Channel6*:
Et6
Bundled | 8000,00-1c-73-01-07-b9
49
ALGs+CD
0x0001
32768
512
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
Port Channel Port-Channel7*:
Et5
Bundled | 8000,00-1c-73-0f-6b-22
Port Channel Port-Channel8*:
Et10
Bundled | 8000,00-1c-73-10-40-fa
51
ALGs+CD
0x0001
32768
51
ALGs+CD
0x0001
32768
* - Only local interfaces for MLAGs are displayed. Connect to the peer to
see the state for peer interfaces.
switch>
User Manual: Version 4.15.2F
29 September 2015
513
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
show lacp sys-id
The show lacp sys-id command displays the System Identifier the switch uses when negotiating remote
LACP implementations.
all
Command Mode
EXEC
Command Syntax
show lacp sys-id [INFO_LEVEL]
Parameters
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> displays system identifier
— brief displays system identifier.
— detailed displays system identifier and system priority, including the MAC address.
Examples
•
This command displays the system identifier.
switch>show lacp sys-id brief
8000,00-1c-73-04-36-d7
•
This command displays the system identifier and system priority.
switch>show lacp sys-id detailed
System Identifier used by LACP:
System priority: 32768 Switch MAC Address: 00:1c:73:04:36:d7
802.11.43 representation: 8000,00-1c-73-04-36-d7
514
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
show load-balance profile
The show load-balance profile command displays the contents of the specified load balance profiles.
Load balance profiles specify parameters used by hashing algorithms that distribute traffic across ports
comprising a port channel or among component ECMP routes.
FM6000
Command Mode
EXEC
Command Syntax
show load-balance profile [PROFILES]
Parameters
•
PROFILES
Load balance profiles for which command displays contents. Options include:
— <no parameter> displays all load balance profiles.
— profile_name displays specified profile.
Related Commands
•
•
load-balance policies places the switch in load-balance-policies configuration mode.
ingress load-balance profile applies a load-balance profile to an Ethernet or port channel interface.
Example
•
This command displays the contents of the LB-1 load balance profile.
switch>show load-balance profile LB-1
---------- LB-1 ---------Source MAC address hashing
Destination MAC address hashing
Ethernet type hashing
VLAN ID hashing
VLAN priority hashing
IP source address hashing
IP destination address hashing
TCP/UDP source port hashing
TCP/UDP destination port hashing
IP protocol field hashing
DSCP field hashing is
Symmetric hashing for non-IP packets
Symmetric hashing for IP packets
Random distribution for port-channel
Random distribution for ecmp
ON
ON
ON
ON
ON
ON
ON
ON
ON
ON
ON
OFF
OFF
ON
ON
Profile LB-1 is applied on the following
Port-Channel100
switch>
User Manual: Version 4.15.2F
29 September 2015
515
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
show port-channel
The show port-channel command displays information about members the specified port channels.
all
Command Mode
EXEC
Command Syntax
show port-channel [MEMBERS] [PORT_LIST] [INFO_LEVEL]
Parameters
•
MEMBERS
list of port channels for which information is displayed. Options include:
— <no parameter> all configured port channels.
— p_range ports in specified channel list (number, number range, or list of numbers and ranges).
•
PORT_LEVEL
ports displayed, in terms of aggregation status. Options include:
— <no parameter> Displays information on ports that are active members of the LAG.
— active-ports Displays information on ports that are active members of the LAG.
— all-ports Displays information on all ports (active or inactive) configured for LAG.
•
INFO_LEVEL
amount of information that is displayed. Options include:
— <no parameter> Displays information at the brief level.
— brief Displays information at the brief level.
— detailed Displays information at the detail level.
Display Values
•
•
•
•
•
•
•
Port Channel Type and name of the port channel.
Time became active Time when the port channel came up.
Protocol Protocol operating on the port channel.
Mode Status of the Ethernet interface on the port. The status value is Active or Inactive.
No active ports Number of active ports on the port channel.
Configured but inactive ports Ports configured but that are not actively up.
Reason unconfigured Reason why the port is not part of the LAG.
Guidelines
The show etherchannel and show port-channel commands are identical.
You can configure a port channel to contain many ports, but only a subset may be active at a time. All
active ports in a port channel must be compatible. Compatibility includes many factors and is platform
specific. For example, compatibility may require identical operating parameters such as speed and
maximum transmission unit (MTU). Compatibility may only be possible between specific ports because
of the internal organization of the switch.
Examples
•
This command displays output from the show port-channel command:
switch>show port-channel 3
Port Channel Port-Channel3:
Active Ports:
Port
Time became active
Protocol
Mode
----------------------------------------------------------------------Ethernet3
15:33:41
LACP
Active
PeerEthernet3
15:33:41
LACP
Active
516
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
•
Port Channel and LACP Configuration Commands
This command displays output from the show port-channel active-ports command:
switch>show port-channel active-ports
Port Channel Port-Channel3:
No Active Ports
Port Channel Port-Channel11:
No Active Ports
switch>
•
This command displays output from the show port-channel all-ports command:
switch>show port-channel all-ports
Port Channel Port-Channel3:
No Active Ports
Configured, but inactive ports:
Port
Time became inactive
Reason unconfigured
---------------------------------------------------------------------------Ethernet3
Always
not compatible with aggregate
Port Channel Port-Channel11:
No Active Ports
Configured, but inactive ports:
Port
Time became inactive
Reason unconfigured
---------------------------------------------------------------------------Ethernet25
Always
not compatible with aggregate
Ethernet26
Always
not compatible with aggregate
switch>
User Manual: Version 4.15.2F
29 September 2015
517
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
show port-channel limits
The show port-channel limits command displays groups of ports that are compatible and may be joined
into port channels. Each group of compatible ports is called a LAG group. For each LAG group, the
command also displays Max interfaces and Max ports per interface.
•
Max interfaces defines the maximum number of active port channels that may be formed out of
these ports.
•
Max ports per interface defines the maximum number of active ports allowed in a port channel from
the compatibility group.
All active ports in a port channel must be compatible. Compatibility comprises many factors and is
specific to a given platform. For example, compatibility may require identical operating parameters such
as speed and/or maximum transmission unit (MTU). Compatibility may only be possible between
specific ports because of internal organization of the switch.
all
Command Mode
EXEC
Command Syntax
show port-channel limits
Example
•
This command displays show port-channel list output:
switch>show port-channel limits
LAG Group: focalpoint
-------------------------------------------------------------------------Max port-channels per group: 24, Max ports per port-channel: 16
24 compatible ports: Ethernet1 Ethernet2 Ethernet3 Ethernet4
Ethernet5 Ethernet6 Ethernet7 Ethernet8
Ethernet9 Ethernet10 Ethernet11 Ethernet12
Ethernet13 Ethernet14 Ethernet15 Ethernet16
Ethernet17 Ethernet18 Ethernet19 Ethernet20
Ethernet21 Ethernet22 Ethernet23 Ethernet24
-------------------------------------------------------------------------switch>
518
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
show port-channel load-balance fields
The show port-channel load-balance fields command displays the fields that the hashing algorithm
uses to distribute traffic across the interfaces that comprise the port channels.
all
Command Mode
EXEC
Command Syntax
show port-channel load-balance HARDWARE fields
Parameters
•
HARDWARE
—
—
—
—
ASIC switching device. Selection options depend on the switch model and include:
arad
fm6000
petraA
trident
Examples
•
This command displays the hashing fields used for balancing port channel traffic.
switch>show port-channel load-balance fm6000 fields
Source MAC address hashing for non-IP packets is ON
Destination MAC address hashing for non-IP packets is ON
Ethernet type hashing for non-IP packets is ON
VLAN ID hashing for non-IP packets is ON
VLAN priority hashing for non-IP packets is ON
Source MAC address hashing for IP packets is ON
Destination MAC address hashing for IP packets is ON
Ethernet type hashing for IP packets is ON
VLAN ID hashing for IP packets is ON
VLAN priority hashing for IP packets is ON
IP source address hashing is ON
IP destination address hashing is ON
IP protocol field hashing is ON
TCP/UDP source port hashing is ON
TCP/UDP destination port hashing is ON
switch>
User Manual: Version 4.15.2F
29 September 2015
519
Port Channel and LACP Configuration Commands
Chapter 10 Port Channels and LACP
show port-channel summary
The show port-channel summary command displays the port-channels on the switch and lists their
component interfaces, LACP status, and set flags.
all
Command Mode
EXEC
Command Syntax
show port-channel summary
Examples
•
This command displays show port-channel summary output:
switch>show port-channel summary
Flags
---------------------------------------------------------------------------a - LACP Active
p - LACP Passive
U - In Use
D - Down
+ - In-Sync
- - Out-of-Sync
i - incompatible with agg
P - bundled in Po
s - suspended
G - Aggregable
I - Individual
S - ShortTimeout
w - wait for agg
Number of channels in use: 2
Number of aggregators:2
Port-Channel
Protocol
Ports
------------------------------------------------------Po1(U)
LACP(a)
Et47(PG+) Et48(PG+)
Po2(U)
LACP(a)
Et39(PG+) Et40(PG+)
520
29 September 2015
User Manual: Version 4.15.2F
Chapter 10 Port Channels and LACP
Port Channel and LACP Configuration Commands
show port-channel traffic
The show port-channel traffic command displays the traffic distribution between the member ports of
the specified port channels. The command displays distribution for unicast, multicast, and broadcast
streams.
all
Command Mode
EXEC
Command Syntax
show port-channel [MEMBERS] traffic
Parameters
•
MEMBERS
list of port channels for which information is displayed. Options include:
— <no parameter> all configured port channels.
— c_range ports in specified channel list (number, number range, or list of numbers and ranges).
Examples
•
This command displays traffic distribution for all configured port channels.
switch>show port-channel
ChanId
Port Rx-Ucst
------ --------- ------8
Et10 100.00%
------ --------- ------1
Et1 13.97%
1
Et2 86.03%
------ --------- ------2
Et23 48.27%
2
Et24 51.73%
------ --------- ------4
Et3 55.97%
4
Et4 44.03%
------ --------- ------5
Et19 39.64%
5
Et20 60.36%
------ --------- ------6
Et6 100.00%
------ --------- ------7
Et5 100.00%
switch>
User Manual: Version 4.15.2F
traffic
Tx-Ucst
------100.00%
------42.37%
57.63%
------50.71%
49.29%
------63.29%
36.71%
------37.71%
62.29%
------100.00%
------0.00%
Rx-Mcst
------100.00%
------47.71%
52.29%
------26.79%
73.21%
------51.32%
48.68%
------50.00%
50.00%
------100.00%
------100.00%
29 September 2015
Tx-Mcst
------100.00%
------30.94%
69.06%
------73.22%
26.78%
------73.49%
26.51%
------90.71%
9.29%
------100.00%
------100.00%
Rx-Bcst
------0.00%
------0.43%
99.57%
------0.00%
0.00%
------0.00%
0.00%
------0.00%
0.00%
------0.00%
------0.00%
Tx-Bcst
------100.00%
------99.84%
0.16%
-----