CLI Reference - AskF5

CLI Reference - AskF5
ARX® CLI Reference
810-0025-00
Publication Date
This manual was published on May 31, 2012.
Legal Notices
Copyright
Copyright 2004-5/31/12, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicable
user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
3DNS, Access Policy Manager, Acopia, Acopia Networks, Advanced Client Authentication, Advanced
Routing, APM, Application Security Manager, ARX, AskF5, ASM, BIG-IP, Cloud Extender,
CloudFucious, CMP, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express, DSC, DSI, Edge
Client, Edge Gateway, Edge Portal, EM, Enterprise Manager, F5, F5 [DESIGN], F5 Management Pack, F5
Networks, F5 World, Fast Application Proxy, Fast Cache, FirePass, Global Traffic Manager, GTM, IBR,
Intelligent Browser Referencing, Intelligent Compression, IPv6 Gateway, iApps, iControl, iHealth,
iQuery, iRules, iRules OnDemand, iSession, IT agility. Your way., L7 Rate Shaping, LC, Link Controller,
Local Traffic Manager, LTM, Message Security Module, MSM, Netcelera, OneConnect, Packet Velocity,
Protocol Security Module, PSM, Real Traffic Policy Builder, ScaleN, SSL Acceleration, StrongBox,
SuperVIP, SYN Check, TCP Express, TDR, TMOS, Traffic Management Operating System,
TrafficShield, Transparent Data Reduction, VIPRION, vCMP, WA, WAN Optimization Manager,
WANJet, WebAccelerator, WOM, and ZoneRunner, are trademarks or service marks of F5 Networks, Inc.,
in the U.S. and other countries, and may not be used without F5's express written consent.
All other product and company names herein may be trademarks of their respective owners.
Patents
This product may be protected by U.S. Patents 7,877,511; 7,958,347. This list is believed to be current as
of May 31, 2012.
Export Regulation Notice
This product may include cryptographic software. Under the Export Administration Act, the United States
government may consider it a criminal offense to export this product from the United States.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's
authority to operate this equipment under part 15 of the FCC rules.
CLI Reference
iii
Canadian Regulatory Compliance
This Class A digital apparatus complies with Canadian ICES-003.
Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to
Information Technology products at the time of manufacture.
Acknowledgments
This product includes software from several third-party vendors. Each vendor is listed below with the
applicable copyright.
Copyright (c) 1990, 1993, 1994, 1995 The Regents of the University of California. All rights reserved.
Copyright 2000 by the Massachusetts Institute of Technology. All Rights Reserved.
Export of this software from the United States of America may require a specific license from the United
States Government. It is the responsibility of any person or organization contemplating export to obtain
such a license before exporting.
Copyright 1993 by OpenVision Technologies, Inc.
Copyright (C) 1998 by the FundsXpress, INC.
All rights reserved.
Export of this software from the United States of America may require a specific license from the United
States Government. It is the responsibility of any person or organization contemplating export to obtain
such a license before exporting.
Copyright (c) 1995-2001 International Business Machines Corporation and others
All rights reserved.
Copyright (c) 1990-2003 Sleepycat Software. All rights reserved.
Copyright (c) 1995, 1996 The President and Fellows of Harvard University. All rights reserved.
Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
Unless otherwise noted, the companies, organizations, products, domain names, email addresses, logos,
people, places, and events depicted in examples herein are fictitious. No association with any real
company, organization, product, domain name, email address, logo, person, place, or event is intended or
should be inferred.
Revision History
October 2005 - Rev A
March 2006 - Rev B, updates for Software Release 2.1.4
April 2006 - Rev C, Software Release 2.3
August 2006 - Rev D, updates for Software Release 2.4
September 2006 - Rev E, updates for Software Release 2.4.1
October 2006 - Rev F, updates for Software Release 2.4.2
January 2007 - Rev G, updates for Software Release 2.4.3
March 2007 - Rev H, updates for Software Release 2.5.0
May 2007 - Rev J, updates for Software Release 2.5.1
August 2007 - Rev K, add forest-to-forest trusts for Software Release 2.6.0
November 2007 - Rev L, minor output changes for Software Release 2.7.0
February 2008 - Rev M, minor show-policy changes for Software Release 2.7.1
March 2008 - Rev N, convert to F5 format; updates for Software Release 3.1.0
June 2008 - Rev P, updates for Software Release 3.2.0
June 2008 - Rev Q, updates for Software Release 4.0.0
July 2008 - Rev R, formatting change and minor updates for Software Release 4.0.1
September 2008 - Rev S, minor updates for Software Release 3.2.1
October 2008 - Rev T, CIFS features for Software Release 4.1.0
June 2009 - Rev U, updates for Software Release 5.00.000
November 2009 - Rev V, updates for Software Release 5.01.000
iv
January 2010 - Rev W, changes for Release 5.01.000 update
March 2010 - Rev X, updates for Software Release 5.01.005
August 2010 - Rev Y, updates for Software Release 5.01.007
October 2010 - Rev Z, updates for Software Release 5.02.000
January 2011 - Rev AA, updates for Software Release 5.03.000
April 2011 - Rev AB, updates for Software Release 6.00.000
September 2011 - Rev AC, updates for Software Release 6.01.000
December 2011 - Rev AD, updates for Software Release 6.01.001
January 2012 - Rev AE, minor updates for Software Release 6.01.001, hot fix
April 2012 - Rev AF, updates for Software Release 6.02.000
CLI Reference
v
vi
Table of Contents
Table of Contents
1
Introduction
The ARX ...........................................................................................................................................1-3
Back-end Storage and Servers ............................................................................................1-3
Front-end Services .................................................................................................................1-3
Policy .........................................................................................................................................1-3
Resilient Overlay Network (RON) ...................................................................................1-4
Audience for this Manual ..............................................................................................................1-5
CLI Overview ...................................................................................................................................1-6
Exec Mode ...............................................................................................................................1-6
Priv-exec Mode ......................................................................................................................1-6
Exiting a Mode ........................................................................................................................1-7
Prompts ....................................................................................................................................1-7
The no Convention ...............................................................................................................1-7
The enable/no enable Convention .....................................................................................1-7
Getting Started ................................................................................................................................1-9
Entering Cfg or Gbl Mode ...................................................................................................1-9
Document Conventions ............................................................................................................. 1-10
Command Definitions ................................................................................................................. 1-11
Contacting Customer Service ................................................................................................... 1-12
2
Command Keys and Shortcuts
Keys ....................................................................................................................................................2-3
3
Terminal Control
save profile ........................................................................................................................................3-3
show history .....................................................................................................................................3-4
show terminal ..................................................................................................................................3-5
terminal beta ....................................................................................................................................3-7
terminal character-set ....................................................................................................................3-8
terminal clear ...................................................................................................................................3-9
terminal confirmation .................................................................................................................. 3-10
terminal expand-prompt ............................................................................................................ 3-11
terminal expert ............................................................................................................................. 3-12
terminal history ............................................................................................................................ 3-13
terminal length .............................................................................................................................. 3-14
terminal logging ............................................................................................................................ 3-15
terminal stop-on-error ............................................................................................................... 3-16
terminal timeout ........................................................................................................................... 3-17
terminal width ............................................................................................................................... 3-18
4
Administrative Users
group ..................................................................................................................................................4-3
group (gbl-user) ...............................................................................................................................4-5
password ...........................................................................................................................................4-6
password (gbl-user) ........................................................................................................................4-7
role .....................................................................................................................................................4-8
ssh-key ...............................................................................................................................................4-9
show group all .............................................................................................................................. 4-11
show group roles ......................................................................................................................... 4-12
CLI Reference
ix
Table of Contents
show group users ......................................................................................................................... 4-13
show ssh-user ............................................................................................................................... 4-14
show users ..................................................................................................................................... 4-16
user .................................................................................................................................................. 4-17
user (gbl-group) ............................................................................................................................ 4-18
windows-domain (gbl-group) .................................................................................................... 4-19
5
Chassis Management
Slot Locations ..................................................................................................................................5-3
clear metalog usage ........................................................................................................................5-4
clear nvr ............................................................................................................................................5-5
clock set ............................................................................................................................................5-7
clock timezone .................................................................................................................................5-8
dual-reboot .................................................................................................................................... 5-10
hostname ........................................................................................................................................ 5-11
login-banner ................................................................................................................................... 5-12
probe metalog latency ................................................................................................................ 5-13
reload .............................................................................................................................................. 5-14
resource-profile ............................................................................................................................ 5-16
show baudrate .............................................................................................................................. 5-18
show chassis .................................................................................................................................. 5-19
show clock ..................................................................................................................................... 5-35
show hostname ............................................................................................................................ 5-36
show memory usage .................................................................................................................... 5-37
show metalog usage .................................................................................................................... 5-39
show processors .......................................................................................................................... 5-43
show processors usage ............................................................................................................... 5-47
show uptime .................................................................................................................................. 5-52
show version ................................................................................................................................. 5-53
shutdown ....................................................................................................................................... 5-57
6
RAID Management
raid offline .........................................................................................................................................6-3
raid rebuild .......................................................................................................................................6-4
raid rebuild-rate ..............................................................................................................................6-6
raid silence ........................................................................................................................................6-7
raid verification-mode ....................................................................................................................6-8
raid verification-rate .................................................................................................................... 6-10
raid verify ....................................................................................................................................... 6-12
7
File Management
at .........................................................................................................................................................7-3
clear at ...............................................................................................................................................7-5
copy ftp ..............................................................................................................................................7-6
copy {nfs|cifs} ...................................................................................................................................7-8
copy ron ......................................................................................................................................... 7-11
copy scp .......................................................................................................................................... 7-13
copy smtp ...................................................................................................................................... 7-16
copy tftp ......................................................................................................................................... 7-18
delete .............................................................................................................................................. 7-20
x
Table of Contents
grep ................................................................................................................................................. 7-22
ip ftp-user ....................................................................................................................................... 7-26
ip ron-user ..................................................................................................................................... 7-27
ip scp-user ...................................................................................................................................... 7-28
move ............................................................................................................................................... 7-29
move ... ftp ..................................................................................................................................... 7-31
move ... {nfs|cifs} ........................................................................................................................... 7-33
move ... scp .................................................................................................................................... 7-35
move ... tftp ................................................................................................................................... 7-37
pause ............................................................................................................................................... 7-39
remark ............................................................................................................................................ 7-40
rename ............................................................................................................................................ 7-41
run ................................................................................................................................................... 7-42
show at ........................................................................................................................................... 7-43
show capture ................................................................................................................................ 7-44
show configs .................................................................................................................................. 7-48
show cores .................................................................................................................................... 7-50
show diag-info ............................................................................................................................... 7-52
show directories .......................................................................................................................... 7-53
show license .................................................................................................................................. 7-57
show logs ....................................................................................................................................... 7-59
show releases ................................................................................................................................ 7-60
show replicated-configs .............................................................................................................. 7-62
show reports ................................................................................................................................. 7-64
show reports status ..................................................................................................................... 7-70
show scripts .................................................................................................................................. 7-71
show software .............................................................................................................................. 7-73
show stats-logs ............................................................................................................................. 7-75
tail .................................................................................................................................................... 7-79
truncate-report ............................................................................................................................ 7-80
wait-for report .............................................................................................................................. 7-81
8
Master Key
show master-key .............................................................................................................................8-3
9
Layer 2
blocked-vlan (cfg-vlan) ...................................................................................................................9-3
channel ...............................................................................................................................................9-4
clear counters channel ...................................................................................................................9-6
clear counters gigabit .....................................................................................................................9-7
clear counters lacp ..........................................................................................................................9-8
clear counters ten-gigabit ..............................................................................................................9-9
clear counters redundancy network ....................................................................................... 9-10
description (cfg-channel) ............................................................................................................ 9-11
description (cfg-if-gig) .................................................................................................................. 9-12
description (cfg-if-ten-gig) .......................................................................................................... 9-13
description (cfg-vlan) ................................................................................................................... 9-14
forward-delay ................................................................................................................................ 9-15
flowcontrol .................................................................................................................................... 9-16
hello-time ....................................................................................................................................... 9-17
interface gigabit ............................................................................................................................. 9-18
interface ten-gigabit ..................................................................................................................... 9-19
CLI Reference
xi
Table of Contents
ip private vlan ................................................................................................................................ 9-20
jumbo mtu ..................................................................................................................................... 9-22
lacp active ...................................................................................................................................... 9-23
lacp passive .................................................................................................................................... 9-25
lacp rate .......................................................................................................................................... 9-27
load-balance ................................................................................................................................... 9-29
mac-address aging-time .............................................................................................................. 9-31
max-age .......................................................................................................................................... 9-32
members (cfg-channel) ................................................................................................................ 9-33
members (cfg-vlan) ...................................................................................................................... 9-35
priority (cfg-channel) ................................................................................................................... 9-37
priority (cfg-stp) ........................................................................................................................... 9-38
protocol (cfg-stp) ......................................................................................................................... 9-39
redundancy protocol ................................................................................................................... 9-40
redundancy protocol (cfg-channel) .......................................................................................... 9-42
show channel ................................................................................................................................. 9-44
show channel ... stats .................................................................................................................. 9-51
show interface gigabit .................................................................................................................. 9-54
show interface ten-gigabit .......................................................................................................... 9-57
show load-balancing ..................................................................................................................... 9-59
show mac-address-table ............................................................................................................. 9-60
show mac-address-table summary ........................................................................................... 9-62
show redundancy network ........................................................................................................ 9-63
show spanning-tree detailed ...................................................................................................... 9-65
show spanning-tree interface .................................................................................................... 9-66
show spanning-tree summary ................................................................................................... 9-67
show vlan ....................................................................................................................................... 9-68
show vlan summary ..................................................................................................................... 9-70
shutdown (cfg-channel) ............................................................................................................... 9-71
shutdown (cfg-if-gig) .................................................................................................................... 9-72
shutdown (cfg-if-ten-gig) ............................................................................................................. 9-73
shutdown (cfg-stp) ....................................................................................................................... 9-74
spanning-tree ................................................................................................................................. 9-75
spanning-tree cost ........................................................................................................................ 9-77
spanning-tree edgeport ............................................................................................................... 9-78
spanning-tree priority ................................................................................................................. 9-79
spanning-tree shutdown ............................................................................................................. 9-80
speed (cfg-if-gig) ............................................................................................................................ 9-81
switch-forwarding enable ........................................................................................................... 9-82
tag .................................................................................................................................................... 9-83
trap shutdown ............................................................................................................................... 9-85
vlan .................................................................................................................................................. 9-86
vlan (cfg-channel) .......................................................................................................................... 9-88
vlan-tag ............................................................................................................................................ 9-89
10
Layer 3 (Network Layer)
arp .................................................................................................................................................... 10-3
arp gratuitous ................................................................................................................................ 10-4
clear arp ......................................................................................................................................... 10-5
description (cfg-if-vlan) ............................................................................................................... 10-6
description (cfg-mgmt) ................................................................................................................ 10-7
interface mgmt .............................................................................................................................. 10-8
interface vlan ............................................................................................................................... 10-10
ip address (cfg-if-vlan) ............................................................................................................... 10-11
xii
Table of Contents
ip address (cfg-mgmt) ................................................................................................................ 10-13
ip domain-list ............................................................................................................................... 10-14
ip name-server ............................................................................................................................ 10-15
ip proxy-address ......................................................................................................................... 10-16
ip route ......................................................................................................................................... 10-18
ip route ... per-vlan .................................................................................................................... 10-20
ip route ... source-ip .................................................................................................................. 10-22
ntp server ..................................................................................................................................... 10-24
redundancy (cfg-if-vlan) ............................................................................................................. 10-25
show arp ...................................................................................................................................... 10-27
show interface ............................................................................................................................ 10-33
show interface mgmt ................................................................................................................. 10-41
show interface vlan .................................................................................................................... 10-43
show ip address .......................................................................................................................... 10-44
show ip domain .......................................................................................................................... 10-45
show ip proxy-addresses .......................................................................................................... 10-46
show ip route .............................................................................................................................. 10-48
show ntp servers ........................................................................................................................ 10-54
show ntp status .......................................................................................................................... 10-55
shutdown (cfg-if-vlan) ................................................................................................................ 10-57
shutdown (cfg-mgmt) ................................................................................................................ 10-59
speed (cfg-mgmt) ........................................................................................................................ 10-60
wait-for ip-routes ....................................................................................................................... 10-61
11
Licensing
clear active-license ....................................................................................................................... 11-3
license activate .............................................................................................................................. 11-4
license activate file ....................................................................................................................... 11-6
license create license-dossier .................................................................................................... 11-8
ping license-server ..................................................................................................................... 11-10
show active-license .................................................................................................................... 11-11
show license-dossier ................................................................................................................. 11-14
12
SNMP
show snmp-server ....................................................................................................................... 12-3
snmp-server community ............................................................................................................. 12-5
snmp-server contact .................................................................................................................... 12-6
snmp-server host ......................................................................................................................... 12-7
snmp-server location ................................................................................................................... 12-8
snmp-server name ....................................................................................................................... 12-9
snmp-server traps ...................................................................................................................... 12-10
snmp-server trusthost .............................................................................................................. 12-11
13
Email Notifications (SMTP)
clear smtp queue .......................................................................................................................... 13-3
description (cfg-email-event) ..................................................................................................... 13-4
email-event .................................................................................................................................... 13-5
email-severity ................................................................................................................................ 13-7
enable (cfg-email-event) .............................................................................................................. 13-8
from (cfg-smtp) ............................................................................................................................. 13-9
CLI Reference
xiii
Table of Contents
group (cfg-email-event) ............................................................................................................. 13-10
group ... event ............................................................................................................................. 13-12
mail-server ................................................................................................................................... 13-14
mail-to (cfg-email-event) ........................................................................................................... 13-15
maximum age .............................................................................................................................. 13-16
retry interval ............................................................................................................................... 13-17
show email-event ....................................................................................................................... 13-18
show email-severity ................................................................................................................... 13-21
show smtp queue ....................................................................................................................... 13-26
show smtp status ....................................................................................................................... 13-28
show smtp welcome ................................................................................................................. 13-31
smtp ............................................................................................................................................... 13-32
smtp retry .................................................................................................................................... 13-34
smtp test email-event ................................................................................................................ 13-35
smtp test message ...................................................................................................................... 13-37
smtp test server ......................................................................................................................... 13-38
smtp welcome ............................................................................................................................. 13-39
to .................................................................................................................................................... 13-41
14
RON
heartbeat failure ........................................................................................................................... 14-3
heartbeat interval ......................................................................................................................... 14-4
interface ron .................................................................................................................................. 14-5
ip address (cfg-ron) ...................................................................................................................... 14-6
ip private subnet reassign ........................................................................................................... 14-7
peer address .................................................................................................................................. 14-8
rconsole .......................................................................................................................................... 14-9
ron evict ....................................................................................................................................... 14-10
ron tunnel .................................................................................................................................... 14-11
show ron ...................................................................................................................................... 14-12
show ron conflicts ..................................................................................................................... 14-14
show ron database ..................................................................................................................... 14-15
show ron route .......................................................................................................................... 14-18
show ron tunnel ......................................................................................................................... 14-19
shutdown (cfg-if-vlan-ron-tnl) ................................................................................................. 14-23
15
Redundant Pairs (HA)
clear counters redundancy ........................................................................................................ 15-3
critical route .................................................................................................................................. 15-5
enable (cfg-redundancy) .............................................................................................................. 15-7
nsm binary-core-files ................................................................................................................... 15-9
nsm recovery .............................................................................................................................. 15-10
nsm warm-restart ...................................................................................................................... 15-11
peer ............................................................................................................................................... 15-13
quorum-disk ................................................................................................................................ 15-14
redundancy .................................................................................................................................. 15-16
redundancy force-active ........................................................................................................... 15-19
resilver-timeout .......................................................................................................................... 15-21
show nsm ..................................................................................................................................... 15-22
show nsm warm-restart history ............................................................................................. 15-24
show redundancy ....................................................................................................................... 15-27
show redundancy all .................................................................................................................. 15-28
xiv
Table of Contents
show redundancy ballots .......................................................................................................... 15-31
show redundancy critical-services ......................................................................................... 15-33
show redundancy history ......................................................................................................... 15-35
show redundancy license ......................................................................................................... 15-36
show redundancy metalog ....................................................................................................... 15-37
show redundancy peer ............................................................................................................. 15-40
show redundancy quorum-disk .............................................................................................. 15-41
show redundancy reboot-history ........................................................................................... 15-44
show redundancy resilver-timeout ........................................................................................ 15-45
suspend-failover .......................................................................................................................... 15-46
16
Active Directory Discovery
active-directory update seed-domain ...................................................................................... 16-3
description (gbl-proxy-user) ...................................................................................................... 16-8
proxy-user ..................................................................................................................................... 16-9
show active-directory ............................................................................................................... 16-11
show active-directory status ................................................................................................... 16-15
show proxy-user ........................................................................................................................ 16-20
user (gbl-proxy-user) ................................................................................................................ 16-22
windows-domain (gbl-proxy-user) ......................................................................................... 16-24
17
Management Access
authentication ............................................................................................................................... 17-3
auth-port (gbl-radius) .................................................................................................................. 17-6
clear session .................................................................................................................................. 17-7
clear statistics authentication .................................................................................................... 17-8
key (gbl-radius) ............................................................................................................................. 17-9
management access ................................................................................................................... 17-10
permit ........................................................................................................................................... 17-12
radius-server ............................................................................................................................... 17-13
retries (gbl-radius) ..................................................................................................................... 17-14
show management access ........................................................................................................ 17-15
show radius-server .................................................................................................................... 17-16
show sessions ............................................................................................................................. 17-17
show ssh-host-key ..................................................................................................................... 17-19
show statistics authentication ................................................................................................. 17-21
ssh-host-key ................................................................................................................................ 17-22
ssh-host-key generate ............................................................................................................... 17-24
ssh-v1 enable ............................................................................................................................... 17-25
timeout (gbl-radius) ................................................................................................................... 17-26
18
CIFS Authentication
active-directory-forest ................................................................................................................ 18-3
active-directory forest-trust ...................................................................................................... 18-5
active-directory update forest .................................................................................................. 18-7
child-domain ................................................................................................................................ 18-11
forest-root ................................................................................................................................... 18-13
ip address (gbl-ntlm-auth-srv) ................................................................................................. 18-15
kerberos auto-realm-traversal ................................................................................................ 18-17
kerberos health-check threshold ........................................................................................... 18-18
CLI Reference
xv
Table of Contents
name-server ................................................................................................................................ 18-19
ntlm-auth-db ................................................................................................................................ 18-20
ntlm-auth-server ......................................................................................................................... 18-22
password ...................................................................................................................................... 18-24
permit (gbl-mgmt-auth) ............................................................................................................ 18-25
port ................................................................................................................................................ 18-27
show ntlm-auth-db ..................................................................................................................... 18-28
show ntlm-auth-server ............................................................................................................. 18-29
show windows-mgmt-auth ....................................................................................................... 18-34
tree-domain ................................................................................................................................. 18-36
user (gbl-mgmt-auth) ................................................................................................................. 18-38
user (gbl-ntlm-auth-db) ............................................................................................................. 18-40
windows-domain (gbl-ntlm-auth-srv) .................................................................................... 18-41
windows-mgmt-auth .................................................................................................................. 18-43
19
NFS Access Lists
anonymous-gid .............................................................................................................................. 19-3
anonymous-uid ............................................................................................................................. 19-4
deny ................................................................................................................................................. 19-5
description (gbl-nfs-acl) .............................................................................................................. 19-6
ip address (gbl-nis-dom) ............................................................................................................. 19-7
nfs-access-list ................................................................................................................................. 19-8
nis domain .................................................................................................................................... 19-10
nis domain (gbl-nfs-acl) ............................................................................................................. 19-11
nis update ..................................................................................................................................... 19-12
permit (gbl-nfs-acl) ..................................................................................................................... 19-14
show nfs-access-list ................................................................................................................... 19-17
show nis domain ......................................................................................................................... 19-20
show nis netgroup ..................................................................................................................... 19-22
20
External Filer
cifs connection-limit .................................................................................................................... 20-3
cifs-port .......................................................................................................................................... 20-4
description (gbl-filer) ................................................................................................................... 20-5
external-filer .................................................................................................................................. 20-6
ext-filer-ip-addrs activate ........................................................................................................... 20-8
filer-type ......................................................................................................................................... 20-9
ignore-name ................................................................................................................................ 20-12
ip address ..................................................................................................................................... 20-14
ip address ... change-to ............................................................................................................. 20-16
manage snapshots ...................................................................................................................... 20-18
nfs tcp connections .................................................................................................................... 20-19
probe authentication ................................................................................................................. 20-20
probe exports ............................................................................................................................. 20-22
proxy-user (gbl-filer) ................................................................................................................. 20-25
show exports .............................................................................................................................. 20-27
show external-filer ..................................................................................................................... 20-34
spn ................................................................................................................................................. 20-46
21
Namespace
xvi
Table of Contents
character-encoding nfs ................................................................................................................ 21-3
cifs anonymous-access ................................................................................................................ 21-5
cifs authentication ........................................................................................................................ 21-6
cifs filer-signatures ....................................................................................................................... 21-8
description (gbl-ns, gbl-ns-...) .................................................................................................. 21-10
enable (gbl-ns, gbl-ns-vol) ......................................................................................................... 21-11
metadata cache-size ................................................................................................................... 21-14
namespace .................................................................................................................................... 21-16
ntlm-auth-db (gbl-ns) ................................................................................................................. 21-18
ntlm-auth-server (gbl-ns) .......................................................................................................... 21-19
protocol ....................................................................................................................................... 21-21
proxy-user (gbl-ns) .................................................................................................................... 21-22
remove namespace .................................................................................................................... 21-23
sam-reference ............................................................................................................................. 21-25
show namespace ........................................................................................................................ 21-27
show namespace mapping ........................................................................................................ 21-68
show namespace status ............................................................................................................ 21-70
windows-mgmt-auth (gbl-ns) ................................................................................................... 21-75
22
Volume
attach .............................................................................................................................................. 22-3
auto reserve files .......................................................................................................................... 22-4
auto sync files ................................................................................................................................ 22-5
cancel import ................................................................................................................................ 22-7
cifs access-based-enum ............................................................................................................... 22-8
cifs access-based-enum (priv-exec) ........................................................................................ 22-11
cifs access-based-enum exclude .............................................................................................. 22-14
cifs case-sensitive ....................................................................................................................... 22-16
cifs deny-symlinks ....................................................................................................................... 22-18
cifs file-system-name .................................................................................................................. 22-19
cifs notify-change-mode ............................................................................................................ 22-21
cifs oplocks-disable .................................................................................................................... 22-22
cifs path-cache ............................................................................................................................. 22-23
compressed-files ......................................................................................................................... 22-24
critical ........................................................................................................................................... 22-25
direct ............................................................................................................................................. 22-26
enable (gbl-ns-vol-shr) .............................................................................................................. 22-27
filer ................................................................................................................................................ 22-31
filer-subshares ............................................................................................................................. 22-34
freespace adjust .......................................................................................................................... 22-41
freespace apparent-size ............................................................................................................ 22-43
freespace calculation dir-master-only ................................................................................... 22-45
freespace calculation manual ................................................................................................... 22-47
freespace cifs-quota ................................................................................................................... 22-49
freespace ignore ......................................................................................................................... 22-52
ignore-sid-errors ........................................................................................................................ 22-53
import priority ............................................................................................................................ 22-54
import rename-directories ...................................................................................................... 22-56
import rename-files ................................................................................................................... 22-59
import skip-managed-check ..................................................................................................... 22-61
import sync-attributes .............................................................................................................. 22-62
managed-volume ........................................................................................................................ 22-64
max-volume-groups ................................................................................................................... 22-65
metadata critical ......................................................................................................................... 22-66
CLI Reference
xvii
Table of Contents
metadata share ........................................................................................................................... 22-67
modify ........................................................................................................................................... 22-69
named-streams ........................................................................................................................... 22-71
nfs-param ..................................................................................................................................... 22-73
persistent-acls ............................................................................................................................. 22-74
reimport-modify ......................................................................................................................... 22-76
replica-snap .................................................................................................................................. 22-77
reserve files ................................................................................................................................. 22-79
restart namespace ... volume ................................................................................................... 22-80
share .............................................................................................................................................. 22-81
show share status ...................................................................................................................... 22-84
show sid-translation .................................................................................................................. 22-86
show volume-group ................................................................................................................... 22-87
sid-translation ............................................................................................................................. 22-92
sparse-files ................................................................................................................................... 22-93
unicode-on-disk .......................................................................................................................... 22-94
volume .......................................................................................................................................... 22-96
volume-group .............................................................................................................................. 22-98
wait-for shares-online .............................................................................................................22-100
wait-for volume-disable ..........................................................................................................22-101
wait-for volume-enable ...........................................................................................................22-102
23
Global Server
active-directory alias ................................................................................................................... 23-3
active-directory proxy-user ....................................................................................................... 23-5
description (gbl-gs) ...................................................................................................................... 23-6
enable (gbl-gs, gbl-gs-vs) ............................................................................................................. 23-7
global server .................................................................................................................................. 23-8
show global server ..................................................................................................................... 23-10
show server-mapping ................................................................................................................ 23-13
virtual server ............................................................................................................................... 23-20
wait-for vip-disable .................................................................................................................... 23-22
wait-for vip-enable ..................................................................................................................... 23-23
windows-domain (gbl-gs) ......................................................................................................... 23-24
wins ............................................................................................................................................... 23-25
wins-alias ...................................................................................................................................... 23-26
wins-name .................................................................................................................................... 23-28
24
Front-End Services
browsing ......................................................................................................................................... 24-3
cifs .................................................................................................................................................... 24-5
cifs rekey ........................................................................................................................................ 24-7
clear dynamic-dns ........................................................................................................................ 24-9
clear nlm locks ............................................................................................................................ 24-10
description (gbl-cifs) .................................................................................................................. 24-11
description (gbl-nfs) ................................................................................................................... 24-12
domain-join .................................................................................................................................. 24-13
dynamic-dns ................................................................................................................................. 24-18
dynamic-dns update ................................................................................................................... 24-20
enable (gbl-cifs, gbl-nfs) ............................................................................................................. 24-21
export (gbl-cifs) .......................................................................................................................... 24-22
export (gbl-nfs) ........................................................................................................................... 24-26
xviii
Table of Contents
export offline-access ................................................................................................................. 24-28
nfs .................................................................................................................................................. 24-30
nfs tcp timeout ............................................................................................................................ 24-32
nlm enable .................................................................................................................................... 24-33
offline-behavior ........................................................................................................................... 24-35
probe delegate-to ...................................................................................................................... 24-39
remove namespace ... volume ... exports-only .................................................................... 24-43
show cifs-service ........................................................................................................................ 24-44
show cifs-service subshares ..................................................................................................... 24-52
show dynamic-dns ...................................................................................................................... 24-56
show global service .................................................................................................................... 24-58
show nfs-service ......................................................................................................................... 24-59
show nfs-service mounts .......................................................................................................... 24-64
show nfs tcp ................................................................................................................................ 24-66
show nlm client .......................................................................................................................... 24-67
show nlm file ............................................................................................................................... 24-69
show nlm statistics ..................................................................................................................... 24-71
show virtual service ................................................................................................................... 24-73
signatures ..................................................................................................................................... 24-75
sync cifs delegation .................................................................................................................... 24-76
wins-name-encoding .................................................................................................................. 24-77
25
Schedules
description (gbl-schedule) .......................................................................................................... 25-3
duration .......................................................................................................................................... 25-4
every ............................................................................................................................................... 25-5
schedule .......................................................................................................................................... 25-7
show schedule .............................................................................................................................. 25-8
start ............................................................................................................................................... 25-10
stop ................................................................................................................................................ 25-11
26
Filesets
age-fileset ....................................................................................................................................... 26-3
every (...-fs-age) ............................................................................................................................ 26-4
filename-fileset .............................................................................................................................. 26-6
filesize-fileset ................................................................................................................................. 26-7
from fileset (gbl-...-fs-...) .............................................................................................................. 26-8
intersection-fileset ....................................................................................................................... 26-9
last ................................................................................................................................................. 26-10
name .............................................................................................................................................. 26-11
path ................................................................................................................................................ 26-13
policy-age-fileset ......................................................................................................................... 26-16
policy-filename-fileset ................................................................................................................ 26-17
policy-filesize-fileset ................................................................................................................... 26-18
policy-intersection-fileset ......................................................................................................... 26-19
policy-union-fileset ..................................................................................................................... 26-20
recurse .......................................................................................................................................... 26-21
select-files (...-fs-filesize) ........................................................................................................... 26-22
select-files (...-fs-age) ................................................................................................................. 26-23
show policy filesets .................................................................................................................... 26-25
start ............................................................................................................................................... 26-29
union-fileset ................................................................................................................................. 26-30
CLI Reference
xix
Table of Contents
27
Place Rules
enable (gbl-ns-vol-plc) ................................................................................................................. 27-3
from (gbl-ns-vol-plc) .................................................................................................................... 27-4
inline notify .................................................................................................................................... 27-6
inline report .................................................................................................................................. 27-7
limit-migrate ................................................................................................................................ 27-10
migrate close-file ........................................................................................................................ 27-11
migrate hard-links ...................................................................................................................... 27-12
migrate retain-files ..................................................................................................................... 27-13
place-rule ..................................................................................................................................... 27-14
policy freespace .......................................................................................................................... 27-18
policy freespace (gbl-ns, gbl-ns-vol) ....................................................................................... 27-20
policy migrate-attempts ............................................................................................................ 27-22
policy migrate-delay ................................................................................................................... 27-23
policy migrate-method .............................................................................................................. 27-24
policy migrate-retry-delay ........................................................................................................ 27-26
policy order-rule ........................................................................................................................ 27-27
policy pause ................................................................................................................................. 27-29
policy pause (gbl-ns-vol) ........................................................................................................... 27-30
policy treewalk-threads ............................................................................................................ 27-31
remove namespace ... policy-only .......................................................................................... 27-32
report (gbl-ns-vol-plc) ............................................................................................................... 27-34
schedule (gbl-ns-vol-plc) ........................................................................................................... 27-36
show policy .................................................................................................................................. 27-37
show policy files-closed ............................................................................................................ 27-48
source ........................................................................................................................................... 27-50
target ............................................................................................................................................. 27-51
tentative ....................................................................................................................................... 27-52
volume-scan ................................................................................................................................. 27-53
wait-for migration ...................................................................................................................... 27-54
28
Share Farms
auto-migrate .................................................................................................................................. 28-3
balance ............................................................................................................................................ 28-4
constrain-directories ................................................................................................................... 28-6
constrain-files ................................................................................................................................ 28-8
enable (gbl-ns-vol-sfarm) .......................................................................................................... 28-10
policy freespace (gbl-ns-vol-sfarm) ........................................................................................ 28-11
share (gbl-ns-vol-sfarm) ............................................................................................................ 28-13
share-farm .................................................................................................................................... 28-14
29
Shadow Volume
bandwidth-limit ............................................................................................................................. 29-3
cifs-8dot3-resolution ................................................................................................................... 29-4
database-location ......................................................................................................................... 29-5
delta-threshold ............................................................................................................................. 29-6
enable (gbl-ns-vol-shdwcp) ........................................................................................................ 29-7
from fileset (gbl-ns-vol-shdwcp) ............................................................................................... 29-8
inline-notify .................................................................................................................................... 29-9
prune-target ................................................................................................................................ 29-10
publish ........................................................................................................................................... 29-11
xx
Table of Contents
report (gbl-ns-vol-shdwcp) ...................................................................................................... 29-12
retry attempts ............................................................................................................................. 29-16
retry delay .................................................................................................................................... 29-17
schedule (gbl-ns-vol-shdwcp) .................................................................................................. 29-18
shadow .......................................................................................................................................... 29-19
shadow-copy-rule ...................................................................................................................... 29-21
show shadow .............................................................................................................................. 29-24
sid-translation (gbl-ns-vol-shdwcp) ........................................................................................ 29-29
target (gbl-ns-vol-shdwcp) ....................................................................................................... 29-31
30
Snapshots
clear statistics snapshot .............................................................................................................. 30-3
enable (gbl-ns-vol-...snap) ........................................................................................................... 30-4
exclude ........................................................................................................................................... 30-5
report (gbl-ns-vol-...snap) ........................................................................................................... 30-7
retain ............................................................................................................................................. 30-11
schedule (gbl-ns-vol-...snap) ..................................................................................................... 30-12
show snapshots .......................................................................................................................... 30-14
snapshot clear ............................................................................................................................. 30-22
snapshot consistency ................................................................................................................. 30-24
snapshot create .......................................................................................................................... 30-25
snapshot directory cifs-name .................................................................................................. 30-27
snapshot directory display ....................................................................................................... 30-29
snapshot directory nfs-name ................................................................................................... 30-31
snapshot manage ........................................................................................................................ 30-32
snapshot privileged-access ....................................................................................................... 30-34
snapshot remove ........................................................................................................................ 30-36
snapshot replica-snap-rule ....................................................................................................... 30-39
snapshot rule ............................................................................................................................... 30-46
snapshot verify ............................................................................................................................ 30-53
snapshot vss-mode .................................................................................................................... 30-56
wait-for snapshot create .......................................................................................................... 30-58
wait-for snapshot remove ........................................................................................................ 30-59
wait-for snapshot verify ............................................................................................................ 30-60
31
File Tracking
archive ............................................................................................................................................ 31-3
cancel snapshot archive .............................................................................................................. 31-4
clear file-history archive ............................................................................................................. 31-5
contents .......................................................................................................................................... 31-7
description (gbl-archive) ............................................................................................................. 31-9
file-history archive ..................................................................................................................... 31-10
find ................................................................................................................................................. 31-12
location ......................................................................................................................................... 31-16
show file-history archive .......................................................................................................... 31-18
show file-history archive ... contents ..................................................................................... 31-21
show file-history virtual-service .............................................................................................. 31-25
show virtual path-history ......................................................................................................... 31-31
32
Restore Data
CLI Reference
xxi
Table of Contents
cancel restore data ...................................................................................................................... 32-3
clear restore data ......................................................................................................................... 32-4
restore data ................................................................................................................................... 32-6
show restore data ...................................................................................................................... 32-11
wait-for restore data ................................................................................................................. 32-14
33
Running and Global-Configs
clear global-config ........................................................................................................................ 33-3
copy global-config ........................................................................................................................ 33-4
copy running-config ..................................................................................................................... 33-8
copy startup-config .................................................................................................................... 33-12
delete startup-config ................................................................................................................. 33-16
restore startup-config ............................................................................................................... 33-17
save boot-config ......................................................................................................................... 33-18
show global-config ..................................................................................................................... 33-19
show running-config .................................................................................................................. 33-40
34
ARX API and Notification Rules
clear statistics api ......................................................................................................................... 34-3
clear statistics notification .......................................................................................................... 34-4
enable (gbl-ns-vol-ntfy) ............................................................................................................... 34-5
notification rule ............................................................................................................................ 34-6
report (gbl-ns-vol-ntfy) ............................................................................................................. 34-11
retain (gbl-ns-vol-ntfy) ............................................................................................................... 34-13
schedule (gbl-ns-vol-ntfy) ......................................................................................................... 34-14
show notification ........................................................................................................................ 34-15
show statistics api ...................................................................................................................... 34-21
35
Disaster Recovery Between ARX Clusters
activate configs .............................................................................................................................. 35-3
cluster-name ................................................................................................................................ 35-13
config-replication ........................................................................................................................ 35-15
description (gbl-cfg-repl) .......................................................................................................... 35-18
enable (gbl-cfg-repl) ................................................................................................................... 35-19
load configs .................................................................................................................................. 35-20
remove cluster-config ............................................................................................................... 35-31
report (gbl-cfg-repl) ................................................................................................................... 35-32
schedule (gbl-cfg-repl) ............................................................................................................... 35-34
show cluster ................................................................................................................................ 35-35
show config-replication ............................................................................................................. 35-36
target-cluster ............................................................................................................................... 35-39
target-file ...................................................................................................................................... 35-40
user (gbl-cfg-repl) ....................................................................................................................... 35-41
36
Software Upgrades
boot system ................................................................................................................................... 36-3
firmware upgrade ......................................................................................................................... 36-5
show boot ...................................................................................................................................... 36-7
show chassis software ................................................................................................................. 36-8
xxii
Table of Contents
show firmware upgrade .............................................................................................................. 36-9
37
Namespace Check (nsck) and Sync
cancel migrate-metadata ............................................................................................................. 37-3
cancel migrate-volume ................................................................................................................ 37-4
cancel nsck report ....................................................................................................................... 37-5
cancel sync ..................................................................................................................................... 37-6
clear nsck ....................................................................................................................................... 37-7
clear sync ....................................................................................................................................... 37-8
nsck ... destage ............................................................................................................................ 37-10
nsck ... migrate-metadata .......................................................................................................... 37-12
nsck ... migrate-volume ............................................................................................................. 37-14
nsck ... rebuild ............................................................................................................................. 37-16
nsck ... report dir-structure ..................................................................................................... 37-18
nsck ... report inconsistencies ................................................................................................. 37-22
nsck ... report metadata-only .................................................................................................. 37-27
nsck ... report symlinks ............................................................................................................. 37-30
nsck ... sync directories ............................................................................................................ 37-33
nsck ... sync files ......................................................................................................................... 37-34
show nsck .................................................................................................................................... 37-36
show sync .................................................................................................................................... 37-40
sync directories .......................................................................................................................... 37-43
sync files ....................................................................................................................................... 37-46
sync subshares from-namespace ............................................................................................ 37-51
sync subshares from-service .................................................................................................... 37-55
wait-for nsck ............................................................................................................................... 37-59
wait-for sync ................................................................................................................................ 37-60
38
Basic Troubleshooting Tools
Log Components .......................................................................................................................... 38-3
additional-command .................................................................................................................. 38-13
auto-diagnostics .......................................................................................................................... 38-15
auto-diagnostics test .................................................................................................................. 38-17
clear health .................................................................................................................................. 38-18
collect ........................................................................................................................................... 38-19
collect logs ................................................................................................................................... 38-23
expect monitor ........................................................................................................................... 38-25
logging destination ..................................................................................................................... 38-26
logging level ................................................................................................................................. 38-27
mail-to (gbl-auto-diag) ............................................................................................................... 38-29
management source .................................................................................................................. 38-30
moving-average ........................................................................................................................... 38-31
notify ............................................................................................................................................. 38-33
sampling interval ......................................................................................................................... 38-35
schedule (gbl-auto-diag) ............................................................................................................ 38-36
show auto-diagnostics ............................................................................................................... 38-37
show documentation ................................................................................................................. 38-39
show health ................................................................................................................................. 38-40
show health time-skew ............................................................................................................. 38-42
show id-mappings ....................................................................................................................... 38-44
show logging destination .......................................................................................................... 38-46
show logging levels .................................................................................................................... 38-47
CLI Reference
xxiii
Table of Contents
show stats-monitor ................................................................................................................... 38-49
show system tasks ..................................................................................................................... 38-51
stats-monitor .............................................................................................................................. 38-53
trap ................................................................................................................................................ 38-54
39
Network Troubleshooting Tools
Network-Log Components ....................................................................................................... 39-3
capture merge ............................................................................................................................... 39-5
capture session ............................................................................................................................. 39-6
clear statistics filer connections ................................................................................................ 39-8
clear statistics global server ....................................................................................................... 39-9
drop filer-connections .............................................................................................................. 39-10
expect nslookup ......................................................................................................................... 39-12
expect show firewall ................................................................................................................. 39-13
expect show ifconfig .................................................................................................................. 39-16
expect show netstat .................................................................................................................. 39-19
expect traceroute ...................................................................................................................... 39-20
expect ttcp ................................................................................................................................... 39-21
logging fastpath component ..................................................................................................... 39-23
logging fastpath component ... filter ....................................................................................... 39-25
logging fastpath processor ....................................................................................................... 39-27
monitor ........................................................................................................................................ 39-29
ping ................................................................................................................................................ 39-31
show capture sessions .............................................................................................................. 39-34
show fastpath logging ................................................................................................................ 39-36
show fastpath resources ........................................................................................................... 39-38
show filer connections .............................................................................................................. 39-43
show monitor ............................................................................................................................. 39-45
show statistics filer connections ............................................................................................. 39-46
show statistics global server .................................................................................................... 39-51
40
Managed-Volume Troubleshooting Tools
cancel migration ........................................................................................................................... 40-3
cancel remove ............................................................................................................................... 40-4
clear statistics filer ....................................................................................................................... 40-5
clear statistics metadata ............................................................................................................. 40-6
clear statistics metalog ................................................................................................................ 40-7
clear statistics migration ............................................................................................................. 40-8
export-mapping ............................................................................................................................ 40-9
find ................................................................................................................................................. 40-12
remove service ........................................................................................................................... 40-15
remove-share migrate ............................................................................................................... 40-17
remove-share nomigrate .......................................................................................................... 40-19
remove-share offline ................................................................................................................. 40-21
show policy history .................................................................................................................... 40-23
show policy queue ..................................................................................................................... 40-25
show statistics filer .................................................................................................................... 40-27
show statistics metadata ........................................................................................................... 40-37
show statistics metalog ............................................................................................................. 40-41
show statistics migration .......................................................................................................... 40-45
show statistics namespace ... fastpath ................................................................................... 40-49
show statistics namespace ... request-detail ........................................................................ 40-52
xxiv
Table of Contents
show statistics namespace ... response-detail ...................................................................... 40-61
show statistics namespace ... summary ................................................................................. 40-65
strict-attribute-consistency ...................................................................................................... 40-70
wait-for remove ......................................................................................................................... 40-72
41
CIFS-Service Troubleshooting Tools
cifs promote-subshares ............................................................................................................... 41-3
clear statistics cifs authentication ............................................................................................. 41-6
clear statistics cifs path-cache ................................................................................................... 41-7
clear statistics cifs symlinks ........................................................................................................ 41-8
clear statistics cifs work-queues ............................................................................................... 41-9
clear statistics domain-controller ........................................................................................... 41-10
clear statistics domain-controller load-balancing ............................................................... 41-11
clear subshare-cache ................................................................................................................. 41-12
close cifs file ................................................................................................................................ 41-13
drop cifs-service user-session ................................................................................................. 41-14
show cifs-service client-activity .............................................................................................. 41-15
show cifs-service exports ......................................................................................................... 41-20
show cifs-service kerberos-tickets ......................................................................................... 41-23
show cifs-service open-files ..................................................................................................... 41-26
show cifs-service path-cache ................................................................................................... 41-31
show cifs-service transactions ................................................................................................. 41-34
show cifs-service user-sessions .............................................................................................. 41-35
show fastpath cifs-signatures ................................................................................................... 41-39
show statistics cifs authentication .......................................................................................... 41-43
show statistics cifs fastpath ...................................................................................................... 41-48
show statistics cifs path-cache ................................................................................................ 41-50
show statistics cifs symlinks ..................................................................................................... 41-54
show statistics cifs work-queues ............................................................................................ 41-58
show statistics domain-controller .......................................................................................... 41-66
show statistics domain-controller load-balancing .............................................................. 41-70
show subshare-cache ................................................................................................................ 41-73
42
ARX Manager (GUI) Maintenance
cipher .............................................................................................................................................. 42-3
gui .................................................................................................................................................... 42-4
ssl ..................................................................................................................................................... 42-5
ssl-key-store .................................................................................................................................. 42-6
CLI Reference
xxv
Table of Contents
xxvi
Table of Contents
xxviii
Table of Contents
Alphabetical Command List
activate configs .............................................................................................................................. 35-3
active-directory alias ................................................................................................................... 23-3
active-directory forest-trust ...................................................................................................... 18-5
active-directory proxy-user ....................................................................................................... 23-5
active-directory update forest .................................................................................................. 18-7
active-directory update seed-domain ...................................................................................... 16-3
active-directory-forest ................................................................................................................ 18-3
additional-command .................................................................................................................. 38-13
age-fileset ....................................................................................................................................... 26-3
anonymous-gid .............................................................................................................................. 19-3
anonymous-uid ............................................................................................................................. 19-4
archive ............................................................................................................................................ 31-3
arp .................................................................................................................................................... 10-3
arp gratuitous ................................................................................................................................ 10-4
at .........................................................................................................................................................7-3
attach .............................................................................................................................................. 22-3
Audience for this Manual ..............................................................................................................1-5
authentication ............................................................................................................................... 17-3
auth-port (gbl-radius) .................................................................................................................. 17-6
auto reserve files .......................................................................................................................... 22-4
auto sync files ................................................................................................................................ 22-5
auto-diagnostics .......................................................................................................................... 38-15
auto-diagnostics test .................................................................................................................. 38-17
auto-migrate .................................................................................................................................. 28-3
balance ............................................................................................................................................ 28-4
bandwidth-limit ............................................................................................................................. 29-3
blocked-vlan (cfg-vlan) ...................................................................................................................9-3
boot system ................................................................................................................................... 36-3
browsing ......................................................................................................................................... 24-3
cancel import ................................................................................................................................ 22-7
cancel migrate-metadata ............................................................................................................. 37-3
cancel migrate-volume ................................................................................................................ 37-4
cancel migration ........................................................................................................................... 40-3
cancel nsck report ....................................................................................................................... 37-5
cancel remove ............................................................................................................................... 40-4
cancel restore data ...................................................................................................................... 32-3
cancel snapshot archive .............................................................................................................. 31-4
cancel sync ..................................................................................................................................... 37-6
capture merge ............................................................................................................................... 39-5
capture session ............................................................................................................................. 39-6
channel ...............................................................................................................................................9-4
character-encoding nfs ................................................................................................................ 21-3
child-domain ................................................................................................................................ 18-11
cifs .................................................................................................................................................... 24-5
cifs access-based-enum ............................................................................................................... 22-8
cifs access-based-enum (priv-exec) ........................................................................................ 22-11
cifs access-based-enum exclude .............................................................................................. 22-14
cifs anonymous-access ................................................................................................................ 21-5
cifs authentication ........................................................................................................................ 21-6
cifs case-sensitive ....................................................................................................................... 22-16
cifs connection-limit .................................................................................................................... 20-3
cifs deny-symlinks ....................................................................................................................... 22-18
cifs filer-signatures ....................................................................................................................... 21-8
cifs file-system-name .................................................................................................................. 22-19
CLI Reference
xxix
Table of Contents
cifs notify-change-mode ............................................................................................................ 22-21
cifs oplocks-disable .................................................................................................................... 22-22
cifs path-cache ............................................................................................................................. 22-23
cifs promote-subshares ............................................................................................................... 41-3
cifs rekey ........................................................................................................................................ 24-7
cifs-8dot3-resolution ................................................................................................................... 29-4
cifs-port .......................................................................................................................................... 20-4
cipher .............................................................................................................................................. 42-3
clear active-license ....................................................................................................................... 11-3
clear arp ......................................................................................................................................... 10-5
clear at ...............................................................................................................................................7-5
clear counters channel ...................................................................................................................9-6
clear counters gigabit .....................................................................................................................9-7
clear counters lacp ..........................................................................................................................9-8
clear counters redundancy ........................................................................................................ 15-3
clear counters redundancy network ....................................................................................... 9-10
clear counters ten-gigabit ..............................................................................................................9-9
clear dynamic-dns ........................................................................................................................ 24-9
clear file-history archive ............................................................................................................. 31-5
clear global-config ........................................................................................................................ 33-3
clear health .................................................................................................................................. 38-18
clear metalog usage ........................................................................................................................5-4
clear nlm locks ............................................................................................................................ 24-10
clear nsck ....................................................................................................................................... 37-7
clear nvr ............................................................................................................................................5-5
clear restore data ......................................................................................................................... 32-4
clear session .................................................................................................................................. 17-7
clear smtp queue .......................................................................................................................... 13-3
clear statistics api ......................................................................................................................... 34-3
clear statistics authentication .................................................................................................... 17-8
clear statistics cifs authentication ............................................................................................. 41-6
clear statistics cifs path-cache ................................................................................................... 41-7
clear statistics cifs symlinks ........................................................................................................ 41-8
clear statistics cifs work-queues ............................................................................................... 41-9
clear statistics domain-controller ........................................................................................... 41-10
clear statistics domain-controller load-balancing ............................................................... 41-11
clear statistics filer ....................................................................................................................... 40-5
clear statistics filer connections ................................................................................................ 39-8
clear statistics global server ....................................................................................................... 39-9
clear statistics metadata ............................................................................................................. 40-6
clear statistics metalog ................................................................................................................ 40-7
clear statistics migration ............................................................................................................. 40-8
clear statistics notification .......................................................................................................... 34-4
clear statistics snapshot .............................................................................................................. 30-3
clear subshare-cache ................................................................................................................. 41-12
clear sync ....................................................................................................................................... 37-8
CLI Overview ...................................................................................................................................1-6
clock set ............................................................................................................................................5-7
clock timezone .................................................................................................................................5-8
close cifs file ................................................................................................................................ 41-13
cluster-name ................................................................................................................................ 35-13
collect ........................................................................................................................................... 38-19
collect logs ................................................................................................................................... 38-23
Command Definitions ................................................................................................................. 1-11
compressed-files ......................................................................................................................... 22-24
config-replication ........................................................................................................................ 35-15
xxx
Table of Contents
constrain-directories ................................................................................................................... 28-6
constrain-files ................................................................................................................................ 28-8
Contacting Customer Service ................................................................................................... 1-12
contents .......................................................................................................................................... 31-7
copy {nfs|cifs} ...................................................................................................................................7-8
copy ftp ..............................................................................................................................................7-6
copy global-config ........................................................................................................................ 33-4
copy ron ......................................................................................................................................... 7-11
copy running-config ..................................................................................................................... 33-8
copy scp .......................................................................................................................................... 7-13
copy smtp ...................................................................................................................................... 7-16
copy startup-config .................................................................................................................... 33-12
copy tftp ......................................................................................................................................... 7-18
critical ........................................................................................................................................... 22-25
critical route .................................................................................................................................. 15-5
database-location ......................................................................................................................... 29-5
delete .............................................................................................................................................. 7-20
delete startup-config ................................................................................................................. 33-16
delta-threshold ............................................................................................................................. 29-6
deny ................................................................................................................................................. 19-5
description (cfg-channel) ............................................................................................................ 9-11
description (cfg-email-event) ..................................................................................................... 13-4
description (cfg-if-gig) .................................................................................................................. 9-12
description (cfg-if-ten-gig) .......................................................................................................... 9-13
description (cfg-if-vlan) ............................................................................................................... 10-6
description (cfg-mgmt) ................................................................................................................ 10-7
description (cfg-vlan) ................................................................................................................... 9-14
description (gbl-archive) ............................................................................................................. 31-9
description (gbl-cfg-repl) .......................................................................................................... 35-18
description (gbl-cifs) .................................................................................................................. 24-11
description (gbl-filer) ................................................................................................................... 20-5
description (gbl-gs) ...................................................................................................................... 23-6
description (gbl-nfs) ................................................................................................................... 24-12
description (gbl-nfs-acl) .............................................................................................................. 19-6
description (gbl-ns, gbl-ns-...) .................................................................................................. 21-10
description (gbl-proxy-user) ...................................................................................................... 16-8
description (gbl-schedule) .......................................................................................................... 25-3
direct ............................................................................................................................................. 22-26
Document Conventions ............................................................................................................. 1-10
domain-join .................................................................................................................................. 24-13
drop cifs-service user-session ................................................................................................. 41-14
drop filer-connections .............................................................................................................. 39-10
dual-reboot .................................................................................................................................... 5-10
duration .......................................................................................................................................... 25-4
dynamic-dns ................................................................................................................................. 24-18
dynamic-dns update ................................................................................................................... 24-20
email-event .................................................................................................................................... 13-5
email-severity ................................................................................................................................ 13-7
enable (cfg-email-event) .............................................................................................................. 13-8
enable (cfg-redundancy) .............................................................................................................. 15-7
enable (gbl-cfg-repl) ................................................................................................................... 35-19
enable (gbl-cifs, gbl-nfs) ............................................................................................................. 24-21
enable (gbl-gs, gbl-gs-vs) ............................................................................................................. 23-7
enable (gbl-ns, gbl-ns-vol) ......................................................................................................... 21-11
enable (gbl-ns-vol-...snap) ........................................................................................................... 30-4
enable (gbl-ns-vol-ntfy) ............................................................................................................... 34-5
CLI Reference
xxxi
Table of Contents
enable (gbl-ns-vol-plc) ................................................................................................................. 27-3
enable (gbl-ns-vol-sfarm) .......................................................................................................... 28-10
enable (gbl-ns-vol-shdwcp) ........................................................................................................ 29-7
enable (gbl-ns-vol-shr) .............................................................................................................. 22-27
every ............................................................................................................................................... 25-5
every (...-fs-age) ............................................................................................................................ 26-4
exclude ........................................................................................................................................... 30-5
expect monitor ........................................................................................................................... 38-25
expect nslookup ......................................................................................................................... 39-12
expect show firewall ................................................................................................................. 39-13
expect show ifconfig .................................................................................................................. 39-16
expect show netstat .................................................................................................................. 39-19
expect traceroute ...................................................................................................................... 39-20
expect ttcp ................................................................................................................................... 39-21
export (gbl-cifs) .......................................................................................................................... 24-22
export (gbl-nfs) ........................................................................................................................... 24-26
export offline-access ................................................................................................................. 24-28
export-mapping ............................................................................................................................ 40-9
external-filer .................................................................................................................................. 20-6
ext-filer-ip-addrs activate ........................................................................................................... 20-8
file-history archive ..................................................................................................................... 31-10
filename-fileset .............................................................................................................................. 26-6
filer ................................................................................................................................................ 22-31
filer-subshares ............................................................................................................................. 22-34
filer-type ......................................................................................................................................... 20-9
filesize-fileset ................................................................................................................................. 26-7
find ................................................................................................................................................. 31-12
find ................................................................................................................................................. 40-12
firmware upgrade ......................................................................................................................... 36-5
flowcontrol .................................................................................................................................... 9-16
forest-root ................................................................................................................................... 18-13
forward-delay ................................................................................................................................ 9-15
freespace adjust .......................................................................................................................... 22-41
freespace apparent-size ............................................................................................................ 22-43
freespace calculation dir-master-only ................................................................................... 22-45
freespace calculation manual ................................................................................................... 22-47
freespace cifs-quota ................................................................................................................... 22-49
freespace ignore ......................................................................................................................... 22-52
from (cfg-smtp) ............................................................................................................................. 13-9
from (gbl-ns-vol-plc) .................................................................................................................... 27-4
from fileset (gbl-...-fs-...) .............................................................................................................. 26-8
from fileset (gbl-ns-vol-shdwcp) ............................................................................................... 29-8
Getting Started ................................................................................................................................1-9
global server .................................................................................................................................. 23-8
grep ................................................................................................................................................. 7-22
group ..................................................................................................................................................4-3
group ... event ............................................................................................................................. 13-12
group (cfg-email-event) ............................................................................................................. 13-10
group (gbl-user) ...............................................................................................................................4-5
gui .................................................................................................................................................... 42-4
heartbeat failure ........................................................................................................................... 14-3
heartbeat interval ......................................................................................................................... 14-4
hello-time ....................................................................................................................................... 9-17
hostname ........................................................................................................................................ 5-11
ignore-name ................................................................................................................................ 20-12
ignore-sid-errors ........................................................................................................................ 22-53
xxxii
Table of Contents
import priority ............................................................................................................................ 22-54
import rename-directories ...................................................................................................... 22-56
import rename-files ................................................................................................................... 22-59
import skip-managed-check ..................................................................................................... 22-61
import sync-attributes .............................................................................................................. 22-62
inline notify .................................................................................................................................... 27-6
inline report .................................................................................................................................. 27-7
inline-notify .................................................................................................................................... 29-9
interface gigabit ............................................................................................................................. 9-18
interface mgmt .............................................................................................................................. 10-8
interface ron .................................................................................................................................. 14-5
interface ten-gigabit ..................................................................................................................... 9-19
interface vlan ............................................................................................................................... 10-10
intersection-fileset ....................................................................................................................... 26-9
ip address ..................................................................................................................................... 20-14
ip address ... change-to ............................................................................................................. 20-16
ip address (cfg-if-vlan) ............................................................................................................... 10-11
ip address (cfg-mgmt) ................................................................................................................ 10-13
ip address (cfg-ron) ...................................................................................................................... 14-6
ip address (gbl-nis-dom) ............................................................................................................. 19-7
ip address (gbl-ntlm-auth-srv) ................................................................................................. 18-15
ip domain-list ............................................................................................................................... 10-14
ip ftp-user ....................................................................................................................................... 7-26
ip name-server ............................................................................................................................ 10-15
ip private subnet reassign ........................................................................................................... 14-7
ip private vlan ................................................................................................................................ 9-20
ip proxy-address ......................................................................................................................... 10-16
ip ron-user ..................................................................................................................................... 7-27
ip route ......................................................................................................................................... 10-18
ip route ... per-vlan .................................................................................................................... 10-20
ip route ... source-ip .................................................................................................................. 10-22
ip scp-user ...................................................................................................................................... 7-28
jumbo mtu ..................................................................................................................................... 9-22
kerberos auto-realm-traversal ................................................................................................ 18-17
kerberos health-check threshold ........................................................................................... 18-18
key (gbl-radius) ............................................................................................................................. 17-9
Keys ....................................................................................................................................................2-3
lacp active ...................................................................................................................................... 9-23
lacp passive .................................................................................................................................... 9-25
lacp rate .......................................................................................................................................... 9-27
last ................................................................................................................................................. 26-10
license activate .............................................................................................................................. 11-4
license activate file ....................................................................................................................... 11-6
license create license-dossier .................................................................................................... 11-8
limit-migrate ................................................................................................................................ 27-10
load configs .................................................................................................................................. 35-20
load-balance ................................................................................................................................... 9-29
location ......................................................................................................................................... 31-16
Log Components .......................................................................................................................... 38-3
logging destination ..................................................................................................................... 38-26
logging fastpath component ..................................................................................................... 39-23
logging fastpath component ... filter ....................................................................................... 39-25
logging fastpath processor ....................................................................................................... 39-27
logging level ................................................................................................................................. 38-27
login-banner ................................................................................................................................... 5-12
mac-address aging-time .............................................................................................................. 9-31
CLI Reference
xxxiii
Table of Contents
mail-server ................................................................................................................................... 13-14
mail-to (cfg-email-event) ........................................................................................................... 13-15
mail-to (gbl-auto-diag) ............................................................................................................... 38-29
manage snapshots ...................................................................................................................... 20-18
managed-volume ........................................................................................................................ 22-64
management access ................................................................................................................... 17-10
management source .................................................................................................................. 38-30
max-age .......................................................................................................................................... 9-32
maximum age .............................................................................................................................. 13-16
max-volume-groups ................................................................................................................... 22-65
members (cfg-channel) ................................................................................................................ 9-33
members (cfg-vlan) ...................................................................................................................... 9-35
metadata cache-size ................................................................................................................... 21-14
metadata critical ......................................................................................................................... 22-66
metadata share ........................................................................................................................... 22-67
migrate close-file ........................................................................................................................ 27-11
migrate hard-links ...................................................................................................................... 27-12
migrate retain-files ..................................................................................................................... 27-13
modify ........................................................................................................................................... 22-69
monitor ........................................................................................................................................ 39-29
move ............................................................................................................................................... 7-29
move ... {nfs|cifs} ........................................................................................................................... 7-33
move ... ftp ..................................................................................................................................... 7-31
move ... scp .................................................................................................................................... 7-35
move ... tftp ................................................................................................................................... 7-37
moving-average ........................................................................................................................... 38-31
name .............................................................................................................................................. 26-11
named-streams ........................................................................................................................... 22-71
name-server ................................................................................................................................ 18-19
namespace .................................................................................................................................... 21-16
Network-Log Components ....................................................................................................... 39-3
nfs .................................................................................................................................................. 24-30
nfs tcp connections .................................................................................................................... 20-19
nfs tcp timeout ............................................................................................................................ 24-32
nfs-access-list ................................................................................................................................. 19-8
nfs-param ..................................................................................................................................... 22-73
nis domain .................................................................................................................................... 19-10
nis domain (gbl-nfs-acl) ............................................................................................................. 19-11
nis update ..................................................................................................................................... 19-12
nlm enable .................................................................................................................................... 24-33
notification rule ............................................................................................................................ 34-6
notify ............................................................................................................................................. 38-33
nsck ... destage ............................................................................................................................ 37-10
nsck ... migrate-metadata .......................................................................................................... 37-12
nsck ... migrate-volume ............................................................................................................. 37-14
nsck ... rebuild ............................................................................................................................. 37-16
nsck ... report dir-structure ..................................................................................................... 37-18
nsck ... report inconsistencies ................................................................................................. 37-22
nsck ... report metadata-only .................................................................................................. 37-27
nsck ... report symlinks ............................................................................................................. 37-30
nsck ... sync directories ............................................................................................................ 37-33
nsck ... sync files ......................................................................................................................... 37-34
nsm binary-core-files ................................................................................................................... 15-9
nsm recovery .............................................................................................................................. 15-10
nsm warm-restart ...................................................................................................................... 15-11
ntlm-auth-db ................................................................................................................................ 18-20
xxxiv
Table of Contents
ntlm-auth-db (gbl-ns) ................................................................................................................. 21-18
ntlm-auth-server ......................................................................................................................... 18-22
ntlm-auth-server (gbl-ns) .......................................................................................................... 21-19
ntp server ..................................................................................................................................... 10-24
offline-behavior ........................................................................................................................... 24-35
password ...................................................................................................................................... 18-24
password ...........................................................................................................................................4-6
password (gbl-user) ........................................................................................................................4-7
path ................................................................................................................................................ 26-13
pause ............................................................................................................................................... 7-39
peer ............................................................................................................................................... 15-13
peer address .................................................................................................................................. 14-8
permit ........................................................................................................................................... 17-12
permit (gbl-mgmt-auth) ............................................................................................................ 18-25
permit (gbl-nfs-acl) ..................................................................................................................... 19-14
persistent-acls ............................................................................................................................. 22-74
ping ................................................................................................................................................ 39-31
ping license-server ..................................................................................................................... 11-10
place-rule ..................................................................................................................................... 27-14
policy freespace .......................................................................................................................... 27-18
policy freespace (gbl-ns, gbl-ns-vol) ....................................................................................... 27-20
policy freespace (gbl-ns-vol-sfarm) ........................................................................................ 28-11
policy migrate-attempts ............................................................................................................ 27-22
policy migrate-delay ................................................................................................................... 27-23
policy migrate-method .............................................................................................................. 27-24
policy migrate-retry-delay ........................................................................................................ 27-26
policy order-rule ........................................................................................................................ 27-27
policy pause ................................................................................................................................. 27-29
policy pause (gbl-ns-vol) ........................................................................................................... 27-30
policy treewalk-threads ............................................................................................................ 27-31
policy-age-fileset ......................................................................................................................... 26-16
policy-filename-fileset ................................................................................................................ 26-17
policy-filesize-fileset ................................................................................................................... 26-18
policy-intersection-fileset ......................................................................................................... 26-19
policy-union-fileset ..................................................................................................................... 26-20
port ................................................................................................................................................ 18-27
priority (cfg-channel) ................................................................................................................... 9-37
priority (cfg-stp) ........................................................................................................................... 9-38
probe authentication ................................................................................................................. 20-20
probe delegate-to ...................................................................................................................... 24-39
probe exports ............................................................................................................................. 20-22
probe metalog latency ................................................................................................................ 5-13
protocol ....................................................................................................................................... 21-21
protocol (cfg-stp) ......................................................................................................................... 9-39
proxy-user ..................................................................................................................................... 16-9
proxy-user (gbl-filer) ................................................................................................................. 20-25
proxy-user (gbl-ns) .................................................................................................................... 21-22
prune-target ................................................................................................................................ 29-10
publish ........................................................................................................................................... 29-11
quorum-disk ................................................................................................................................ 15-14
radius-server ............................................................................................................................... 17-13
raid offline .........................................................................................................................................6-3
raid rebuild .......................................................................................................................................6-4
raid rebuild-rate ..............................................................................................................................6-6
raid silence ........................................................................................................................................6-7
raid verification-mode ....................................................................................................................6-8
CLI Reference
xxxv
Table of Contents
raid verification-rate .................................................................................................................... 6-10
raid verify ....................................................................................................................................... 6-12
rconsole .......................................................................................................................................... 14-9
recurse .......................................................................................................................................... 26-21
redundancy .................................................................................................................................. 15-16
redundancy (cfg-if-vlan) ............................................................................................................. 10-25
redundancy force-active ........................................................................................................... 15-19
redundancy protocol ................................................................................................................... 9-40
redundancy protocol (cfg-channel) .......................................................................................... 9-42
reimport-modify ......................................................................................................................... 22-76
reload .............................................................................................................................................. 5-14
remark ............................................................................................................................................ 7-40
remove cluster-config ............................................................................................................... 35-31
remove namespace .................................................................................................................... 21-23
remove namespace ... policy-only .......................................................................................... 27-32
remove namespace ... volume ... exports-only .................................................................... 24-43
remove service ........................................................................................................................... 40-15
remove-share migrate ............................................................................................................... 40-17
remove-share nomigrate .......................................................................................................... 40-19
remove-share offline ................................................................................................................. 40-21
rename ............................................................................................................................................ 7-41
replica-snap .................................................................................................................................. 22-77
report (gbl-cfg-repl) ................................................................................................................... 35-32
report (gbl-ns-vol-...snap) ........................................................................................................... 30-7
report (gbl-ns-vol-ntfy) ............................................................................................................. 34-11
report (gbl-ns-vol-plc) ............................................................................................................... 27-34
report (gbl-ns-vol-shdwcp) ...................................................................................................... 29-12
reserve files ................................................................................................................................. 22-79
resilver-timeout .......................................................................................................................... 15-21
resource-profile ............................................................................................................................ 5-16
restart namespace ... volume ................................................................................................... 22-80
restore data ................................................................................................................................... 32-6
restore startup-config ............................................................................................................... 33-17
retain ............................................................................................................................................. 30-11
retain (gbl-ns-vol-ntfy) ............................................................................................................... 34-13
retries (gbl-radius) ..................................................................................................................... 17-14
retry attempts ............................................................................................................................. 29-16
retry delay .................................................................................................................................... 29-17
retry interval ............................................................................................................................... 13-17
role .....................................................................................................................................................4-8
ron evict ....................................................................................................................................... 14-10
ron tunnel .................................................................................................................................... 14-11
run ................................................................................................................................................... 7-42
sampling interval ......................................................................................................................... 38-35
sam-reference ............................................................................................................................. 21-25
save boot-config ......................................................................................................................... 33-18
save profile ........................................................................................................................................3-3
schedule .......................................................................................................................................... 25-7
schedule (gbl-auto-diag) ............................................................................................................ 38-36
schedule (gbl-cfg-repl) ............................................................................................................... 35-34
schedule (gbl-ns-vol-...snap) ..................................................................................................... 30-12
schedule (gbl-ns-vol-ntfy) ......................................................................................................... 34-14
schedule (gbl-ns-vol-plc) ........................................................................................................... 27-36
schedule (gbl-ns-vol-shdwcp) .................................................................................................. 29-18
select-files (...-fs-age) ................................................................................................................. 26-23
select-files (...-fs-filesize) ........................................................................................................... 26-22
xxxvi
Table of Contents
shadow .......................................................................................................................................... 29-19
shadow-copy-rule ...................................................................................................................... 29-21
share .............................................................................................................................................. 22-81
share (gbl-ns-vol-sfarm) ............................................................................................................ 28-13
share-farm .................................................................................................................................... 28-14
show active-directory ............................................................................................................... 16-11
show active-directory status ................................................................................................... 16-15
show active-license .................................................................................................................... 11-11
show arp ...................................................................................................................................... 10-27
show at ........................................................................................................................................... 7-43
show auto-diagnostics ............................................................................................................... 38-37
show baudrate .............................................................................................................................. 5-18
show boot ...................................................................................................................................... 36-7
show capture ................................................................................................................................ 7-44
show capture sessions .............................................................................................................. 39-34
show channel ................................................................................................................................. 9-44
show channel ... stats .................................................................................................................. 9-51
show chassis .................................................................................................................................. 5-19
show chassis software ................................................................................................................. 36-8
show cifs-service ........................................................................................................................ 24-44
show cifs-service client-activity .............................................................................................. 41-15
show cifs-service exports ......................................................................................................... 41-20
show cifs-service kerberos-tickets ......................................................................................... 41-23
show cifs-service open-files ..................................................................................................... 41-26
show cifs-service path-cache ................................................................................................... 41-31
show cifs-service subshares ..................................................................................................... 24-52
show cifs-service transactions ................................................................................................. 41-34
show cifs-service user-sessions .............................................................................................. 41-35
show clock ..................................................................................................................................... 5-35
show cluster ................................................................................................................................ 35-35
show config-replication ............................................................................................................. 35-36
show configs .................................................................................................................................. 7-48
show cores .................................................................................................................................... 7-50
show diag-info ............................................................................................................................... 7-52
show directories .......................................................................................................................... 7-53
show documentation ................................................................................................................. 38-39
show dynamic-dns ...................................................................................................................... 24-56
show email-event ....................................................................................................................... 13-18
show email-severity ................................................................................................................... 13-21
show exports .............................................................................................................................. 20-27
show external-filer ..................................................................................................................... 20-34
show fastpath cifs-signatures ................................................................................................... 41-39
show fastpath logging ................................................................................................................ 39-36
show fastpath resources ........................................................................................................... 39-38
show file-history archive .......................................................................................................... 31-18
show file-history archive ... contents ..................................................................................... 31-21
show file-history virtual-service .............................................................................................. 31-25
show filer connections .............................................................................................................. 39-43
show firmware upgrade .............................................................................................................. 36-9
show global server ..................................................................................................................... 23-10
show global service .................................................................................................................... 24-58
show global-config ..................................................................................................................... 33-19
show group all .............................................................................................................................. 4-11
show group roles ......................................................................................................................... 4-12
show group users ......................................................................................................................... 4-13
show health ................................................................................................................................. 38-40
CLI Reference
xxxvii
Table of Contents
show health time-skew ............................................................................................................. 38-42
show history .....................................................................................................................................3-4
show hostname ............................................................................................................................ 5-36
show id-mappings ....................................................................................................................... 38-44
show interface ............................................................................................................................ 10-33
show interface gigabit .................................................................................................................. 9-54
show interface mgmt ................................................................................................................. 10-41
show interface ten-gigabit .......................................................................................................... 9-57
show interface vlan .................................................................................................................... 10-43
show ip address .......................................................................................................................... 10-44
show ip domain .......................................................................................................................... 10-45
show ip proxy-addresses .......................................................................................................... 10-46
show ip route .............................................................................................................................. 10-48
show license .................................................................................................................................. 7-57
show license-dossier ................................................................................................................. 11-14
show load-balancing ..................................................................................................................... 9-59
show logging destination .......................................................................................................... 38-46
show logging levels .................................................................................................................... 38-47
show logs ....................................................................................................................................... 7-59
show mac-address-table ............................................................................................................. 9-60
show mac-address-table summary ........................................................................................... 9-62
show management access ........................................................................................................ 17-15
show master-key .............................................................................................................................8-3
show memory usage .................................................................................................................... 5-37
show metalog usage .................................................................................................................... 5-39
show monitor ............................................................................................................................. 39-45
show namespace ........................................................................................................................ 21-27
show namespace mapping ........................................................................................................ 21-68
show namespace status ............................................................................................................ 21-70
show nfs tcp ................................................................................................................................ 24-66
show nfs-access-list ................................................................................................................... 19-17
show nfs-service ......................................................................................................................... 24-59
show nfs-service mounts .......................................................................................................... 24-64
show nis domain ......................................................................................................................... 19-20
show nis netgroup ..................................................................................................................... 19-22
show nlm client .......................................................................................................................... 24-67
show nlm file ............................................................................................................................... 24-69
show nlm statistics ..................................................................................................................... 24-71
show notification ........................................................................................................................ 34-15
show nsck .................................................................................................................................... 37-36
show nsm ..................................................................................................................................... 15-22
show nsm warm-restart history ............................................................................................. 15-24
show ntlm-auth-db ..................................................................................................................... 18-28
show ntlm-auth-server ............................................................................................................. 18-29
show ntp servers ........................................................................................................................ 10-54
show ntp status .......................................................................................................................... 10-55
show policy .................................................................................................................................. 27-37
show policy files-closed ............................................................................................................ 27-48
show policy filesets .................................................................................................................... 26-25
show policy history .................................................................................................................... 40-23
show policy queue ..................................................................................................................... 40-25
show processors .......................................................................................................................... 5-43
show processors usage ............................................................................................................... 5-47
show proxy-user ........................................................................................................................ 16-20
show radius-server .................................................................................................................... 17-16
show redundancy ....................................................................................................................... 15-27
xxxviii
Table of Contents
show redundancy all .................................................................................................................. 15-28
show redundancy ballots .......................................................................................................... 15-31
show redundancy critical-services ......................................................................................... 15-33
show redundancy history ......................................................................................................... 15-35
show redundancy license ......................................................................................................... 15-36
show redundancy metalog ....................................................................................................... 15-37
show redundancy network ........................................................................................................ 9-63
show redundancy peer ............................................................................................................. 15-40
show redundancy quorum-disk .............................................................................................. 15-41
show redundancy reboot-history ........................................................................................... 15-44
show redundancy resilver-timeout ........................................................................................ 15-45
show releases ................................................................................................................................ 7-60
show replicated-configs .............................................................................................................. 7-62
show reports ................................................................................................................................. 7-64
show reports status ..................................................................................................................... 7-70
show restore data ...................................................................................................................... 32-11
show ron ...................................................................................................................................... 14-12
show ron conflicts ..................................................................................................................... 14-14
show ron database ..................................................................................................................... 14-15
show ron route .......................................................................................................................... 14-18
show ron tunnel ......................................................................................................................... 14-19
show running-config .................................................................................................................. 33-40
show schedule .............................................................................................................................. 25-8
show scripts .................................................................................................................................. 7-71
show server-mapping ................................................................................................................ 23-13
show sessions ............................................................................................................................. 17-17
show shadow .............................................................................................................................. 29-24
show share status ...................................................................................................................... 22-84
show sid-translation .................................................................................................................. 22-86
show smtp queue ....................................................................................................................... 13-26
show smtp status ....................................................................................................................... 13-28
show smtp welcome ................................................................................................................. 13-31
show snapshots .......................................................................................................................... 30-14
show snmp-server ....................................................................................................................... 12-3
show software .............................................................................................................................. 7-73
show spanning-tree detailed ...................................................................................................... 9-65
show spanning-tree interface .................................................................................................... 9-66
show spanning-tree summary ................................................................................................... 9-67
show ssh-host-key ..................................................................................................................... 17-19
show ssh-user ............................................................................................................................... 4-14
show statistics api ...................................................................................................................... 34-21
show statistics authentication ................................................................................................. 17-21
show statistics cifs authentication .......................................................................................... 41-43
show statistics cifs fastpath ...................................................................................................... 41-48
show statistics cifs path-cache ................................................................................................ 41-50
show statistics cifs symlinks ..................................................................................................... 41-54
show statistics cifs work-queues ............................................................................................ 41-58
show statistics domain-controller .......................................................................................... 41-66
show statistics domain-controller load-balancing .............................................................. 41-70
show statistics filer .................................................................................................................... 40-27
show statistics filer connections ............................................................................................. 39-46
show statistics global server .................................................................................................... 39-51
show statistics metadata ........................................................................................................... 40-37
show statistics metalog ............................................................................................................. 40-41
show statistics migration .......................................................................................................... 40-45
show statistics namespace ... fastpath ................................................................................... 40-49
CLI Reference
xxxix
Table of Contents
show statistics namespace ... request-detail ........................................................................ 40-52
show statistics namespace ... response-detail ...................................................................... 40-61
show statistics namespace ... summary ................................................................................. 40-65
show stats-logs ............................................................................................................................. 7-75
show stats-monitor ................................................................................................................... 38-49
show subshare-cache ................................................................................................................ 41-73
show sync .................................................................................................................................... 37-40
show system tasks ..................................................................................................................... 38-51
show terminal ..................................................................................................................................3-5
show uptime .................................................................................................................................. 5-52
show users ..................................................................................................................................... 4-16
show version ................................................................................................................................. 5-53
show virtual path-history ......................................................................................................... 31-31
show virtual service ................................................................................................................... 24-73
show vlan ....................................................................................................................................... 9-68
show vlan summary ..................................................................................................................... 9-70
show volume-group ................................................................................................................... 22-87
show windows-mgmt-auth ....................................................................................................... 18-34
shutdown ....................................................................................................................................... 5-57
shutdown (cfg-channel) ............................................................................................................... 9-71
shutdown (cfg-if-gig) .................................................................................................................... 9-72
shutdown (cfg-if-ten-gig) ............................................................................................................. 9-73
shutdown (cfg-if-vlan) ................................................................................................................ 10-57
shutdown (cfg-if-vlan-ron-tnl) ................................................................................................. 14-23
shutdown (cfg-mgmt) ................................................................................................................ 10-59
shutdown (cfg-stp) ....................................................................................................................... 9-74
sid-translation ............................................................................................................................. 22-92
sid-translation (gbl-ns-vol-shdwcp) ........................................................................................ 29-29
signatures ..................................................................................................................................... 24-75
Slot Locations ..................................................................................................................................5-3
smtp ............................................................................................................................................... 13-32
smtp retry .................................................................................................................................... 13-34
smtp test email-event ................................................................................................................ 13-35
smtp test message ...................................................................................................................... 13-37
smtp test server ......................................................................................................................... 13-38
smtp welcome ............................................................................................................................. 13-39
snapshot clear ............................................................................................................................. 30-22
snapshot consistency ................................................................................................................. 30-24
snapshot create .......................................................................................................................... 30-25
snapshot directory cifs-name .................................................................................................. 30-27
snapshot directory display ....................................................................................................... 30-29
snapshot directory nfs-name ................................................................................................... 30-31
snapshot manage ........................................................................................................................ 30-32
snapshot privileged-access ....................................................................................................... 30-34
snapshot remove ........................................................................................................................ 30-36
snapshot replica-snap-rule ....................................................................................................... 30-39
snapshot rule ............................................................................................................................... 30-46
snapshot verify ............................................................................................................................ 30-53
snapshot vss-mode .................................................................................................................... 30-56
snmp-server community ............................................................................................................. 12-5
snmp-server contact .................................................................................................................... 12-6
snmp-server host ......................................................................................................................... 12-7
snmp-server location ................................................................................................................... 12-8
snmp-server name ....................................................................................................................... 12-9
snmp-server traps ...................................................................................................................... 12-10
snmp-server trusthost .............................................................................................................. 12-11
xl
Table of Contents
source ........................................................................................................................................... 27-50
spanning-tree ................................................................................................................................. 9-75
spanning-tree cost ........................................................................................................................ 9-77
spanning-tree edgeport ............................................................................................................... 9-78
spanning-tree priority ................................................................................................................. 9-79
spanning-tree shutdown ............................................................................................................. 9-80
sparse-files ................................................................................................................................... 22-93
speed (cfg-if-gig) ............................................................................................................................ 9-81
speed (cfg-mgmt) ........................................................................................................................ 10-60
spn ................................................................................................................................................. 20-46
ssh-host-key ................................................................................................................................ 17-22
ssh-host-key generate ............................................................................................................... 17-24
ssh-key ...............................................................................................................................................4-9
ssh-v1 enable ............................................................................................................................... 17-25
ssl ..................................................................................................................................................... 42-5
ssl-key-store .................................................................................................................................. 42-6
start ............................................................................................................................................... 25-10
start ............................................................................................................................................... 26-29
stats-monitor .............................................................................................................................. 38-53
stop ................................................................................................................................................ 25-11
strict-attribute-consistency ...................................................................................................... 40-70
suspend-failover .......................................................................................................................... 15-46
switch-forwarding enable ........................................................................................................... 9-82
sync cifs delegation .................................................................................................................... 24-76
sync directories .......................................................................................................................... 37-43
sync files ....................................................................................................................................... 37-46
sync subshares from-namespace ............................................................................................ 37-51
sync subshares from-service .................................................................................................... 37-55
tag .................................................................................................................................................... 9-83
tail .................................................................................................................................................... 7-79
target ............................................................................................................................................. 27-51
target (gbl-ns-vol-shdwcp) ....................................................................................................... 29-31
target-cluster ............................................................................................................................... 35-39
target-file ...................................................................................................................................... 35-40
tentative ....................................................................................................................................... 27-52
terminal beta ....................................................................................................................................3-7
terminal character-set ....................................................................................................................3-8
terminal clear ...................................................................................................................................3-9
terminal confirmation .................................................................................................................. 3-10
terminal expand-prompt ............................................................................................................ 3-11
terminal expert ............................................................................................................................. 3-12
terminal history ............................................................................................................................ 3-13
terminal length .............................................................................................................................. 3-14
terminal logging ............................................................................................................................ 3-15
terminal stop-on-error ............................................................................................................... 3-16
terminal timeout ........................................................................................................................... 3-17
terminal width ............................................................................................................................... 3-18
The ARX ...........................................................................................................................................1-3
timeout (gbl-radius) ................................................................................................................... 17-26
to .................................................................................................................................................... 13-41
trap ................................................................................................................................................ 38-54
trap shutdown ............................................................................................................................... 9-85
tree-domain ................................................................................................................................. 18-36
truncate-report ............................................................................................................................ 7-80
unicode-on-disk .......................................................................................................................... 22-94
union-fileset ................................................................................................................................. 26-30
CLI Reference
xli
Table of Contents
user .................................................................................................................................................. 4-17
user (gbl-cfg-repl) ....................................................................................................................... 35-41
user (gbl-group) ............................................................................................................................ 4-18
user (gbl-mgmt-auth) ................................................................................................................. 18-38
user (gbl-ntlm-auth-db) ............................................................................................................. 18-40
user (gbl-proxy-user) ................................................................................................................ 16-22
virtual server ............................................................................................................................... 23-20
vlan .................................................................................................................................................. 9-86
vlan (cfg-channel) .......................................................................................................................... 9-88
vlan-tag ............................................................................................................................................ 9-89
volume .......................................................................................................................................... 22-96
volume-group .............................................................................................................................. 22-98
volume-scan ................................................................................................................................. 27-53
wait-for ip-routes ....................................................................................................................... 10-61
wait-for migration ...................................................................................................................... 27-54
wait-for nsck ............................................................................................................................... 37-59
wait-for remove ......................................................................................................................... 40-72
wait-for report .............................................................................................................................. 7-81
wait-for restore data ................................................................................................................. 32-14
wait-for shares-online .............................................................................................................22-100
wait-for snapshot create .......................................................................................................... 30-58
wait-for snapshot remove ........................................................................................................ 30-59
wait-for snapshot verify ............................................................................................................ 30-60
wait-for sync ................................................................................................................................ 37-60
wait-for vip-disable .................................................................................................................... 23-22
wait-for vip-enable ..................................................................................................................... 23-23
wait-for volume-disable ..........................................................................................................22-101
wait-for volume-enable ...........................................................................................................22-102
windows-domain (gbl-group) .................................................................................................... 4-19
windows-domain (gbl-gs) ......................................................................................................... 23-24
windows-domain (gbl-ntlm-auth-srv) .................................................................................... 18-41
windows-domain (gbl-proxy-user) ......................................................................................... 16-24
windows-mgmt-auth .................................................................................................................. 18-43
windows-mgmt-auth (gbl-ns) ................................................................................................... 21-75
wins ............................................................................................................................................... 23-25
wins-alias ...................................................................................................................................... 23-26
wins-name .................................................................................................................................... 23-28
wins-name-encoding .................................................................................................................. 24-77
xlii
1
Introduction
This manual is a reference for F5’s Command Line Interface (CLI). The
book is organized as a companion to the CLI user’s guides (ARX® CLI
Network-Management Guide, ARX® CLI Storage-Management Guide, and
ARX CLI Maintenance Guide, in that order); for each chapter in the user
guides there is a companion chapter in this book. This manual also has some
additional chapters for CLI commands outside the scope of the user’s
guides.
The ARX
The ARX
The Adaptive Resource Switch (ARX®) is a highly available and scalable
solution that brings resource awareness to a file storage infrastructure, and
adapts these resources to meet the demands of users and applications in real
time. The ARX provides a file-virtualization layer that aggregates the total
capacity and performance of your file storage. A namespace provides
location-independent, transparent mapping of user requests onto the
appropriate storage resource. You can configure policies that the switch
enforces for the placement, replication and migration of files. Through
policy configuration, the ARX adapts to the real-time demands of users and
applications. The ARX thereby serves as a resource proxy for the files and
services behind it.
Back-end Storage and Servers
The Adaptive Resource Switch aggregates heterogeneous file systems and
storage into a unified pool of file storage resources. Through this
unification, you can manage these resources to adapt to user demands and
client applications. File storage assets can be differentiated based on
user-defined attributes, enabling a class-of-storage model. You can reclaim
stranded capacity through policy implementation for more effective storage
utilization, and you can add capacity without disruption. Back-end resources
are monitored for availability and performance, as well as user-access
patterns that drive policy decisions.
Front-end Services
The Adaptive Resource Switch acts as an in-band file proxy for the Network
File System (NFS) and Microsoft's Common Internet File System (CIFS)
protocols.
Front-end services provide the file virtualization layer that masks the
physical file storage from the user and application. The switch becomes the
file access point, as opposed to the actual physical resource, providing file
access through a namespace. Users and applications maintain a single
consistent file path that is transparently mapped to the proper physical
resource where the information resides.
Policy
The Adaptive Resource Switch provides policy-based resource switching.
Through policy configuration, you can optimize the placement of files onto
the appropriate storage resources and automatically adapt these resources
based on user and application demand. The ARX performs file replication
and migration based on performance, usage or other life-cycle
characteristics, enabling you to implement a flexible file services strategy.
CLI Reference
1-3
Chapter 1
Introduction
Examples of policies include: migrating files to reclaim stranded capacity;
migrating files across different tiers of storage based on access patterns
and/or value; and replicating frequently accessed files for performance. The
result is more efficient utilization and greater flexibility in file storage
management.
Resilient Overlay Network (RON)
You can connect multiple ARXes with a Resilient Overlay Network (RON),
which can reside on top of any IP network. This provides a network for
distributing and accessing file storage. ARXes can replicate storage to other
switches in the same RON, updating the replicas periodically as the writable
master files change. This is called a shadow copy, where a source volume on
one switch periodically copies its files to one or more shadow volumes on
other switches. Clients can access the shadow volumes at multiple
geographic locations, independent to where the source volume resides.
1-4
Audience for this Manual
Audience for this Manual
This manual is intended for
• network technicians responsible for layer 1 and 2 networks,
• network engineers responsible for the Internet Protocol (IP) layer (layer
3),
• storage engineers who design and manage storage systems (SANs,
NASes, and DASes), and
• crypto officers who manage all of the Critical Security Parameters
(CSPs) of a network.
The text presumes that all readers are comfortable with a command-line
interface (CLI), especially one based on the Cisco IOS.
CLI Reference
1-5
Chapter 1
Introduction
CLI Overview
The Command-Line Interface (CLI) has its commands grouped into modes.
Modes are structured as a tree with a single root, exec mode. This section
summarizes the mode structure and explains some CLI conventions.
Exec Mode
When you log into the CLI, you begin in exec mode. If the hostname is
“bstnA,” the prompt appears as shown below:
bstnA>
You can access all global commands (such as show commands) from exec
mode, and you can use the enable command to enter priv-exec mode.
bstnA> enable
Global Commands
You can access global commands from any mode, not just exec. Global
commands include all show commands and terminal-control commands.
Priv-exec Mode
Priv-exec mode has the following prompt:
bstnA#
Priv-exec mode contains chassis-management commands, clock commands,
and other commands that require privileges but do not change the network
or storage configuration.
Priv-exec has two sub modes, cfg and gbl.
Cfg Mode
To enter cfg mode, use the config command:
bstnA# config
bstnA(cfg)#
Config mode contains all modes and commands for changing the
configuration of the local switch, such as network configuration.
Gbl Mode
To enter gbl mode, use the global command:
bstnA# global
bstnA(gbl)#
Gbl mode controls all parameters that are shared in a redundant pair, such as
namespaces and global servers.
1-6
CLI Overview
Exiting a Mode
From any mode, use the exit command to return to its parent mode. From
priv-exec mode, this command exits the CLI; to go from priv-exec mode
back to exec mode, use the no enable command.
From any submode of cfg or gbl mode, you can return immediately to
priv-exec mode by using the end command or pressing <Ctrl-z>.
Prompts
Prompts contain information about your position in the mode hierarchy as
well as the name of the object you are configuring. For example, suppose
you use the following command in gbl mode:
bstnA(gbl)# namespace wwmed
bstnA(gbl‐ns[wwmed])#
This command places you into a new mode, as indicated by the new CLI
prompt. The prompt shows the name of the mode, “gbl-ns,” and the name of
the configuration object, a namespace called “wwmed.” Abbreviations are
used for mode names (for example, “ns” instead of “namespace”) to
conserve space on the command line.
When you descend to lower modes in the config tree, the prompt offers
more information. To extend the previous example, suppose you enter the
following command to configure the “/local” volume in the wwmed
namespace:
bstnA(gbl‐ns[wwmed])# volume /local
bstnA(gbl‐ns‐vol[wwmed~/local])#
The tilde character (~) separates a parent object from its child:
“wwmed~/local” shows that you are in the “/local” volume under the
“wwmed” namespace.
The no Convention
Most config commands have the option to use the “no” keyword to negate
the command. For commands that create an object, the no form removes the
object. For commands that change a default setting, the no form reverts back
to the default. As an example,
bstnA(gbl‐ns[wwmed])# no volume /local
removes the “/local” volume from the “wwmed” namespace.
The enable/no enable Convention
Many objects and configurations require you to enable them using the
enable command before they can take effect. Likewise, many objects and
configurations require you to first disable them using the no enable
command before you can complete a related command or function. The no
CLI Reference
1-7
Chapter 1
Introduction
enable command does not remove an object; it only disables it until you
re-enable it. The enable/no enable commands exist in many modes and
submodes in the CLI.
For example, the following command sequence enables the namespace
named “wwmed:”
bstnA(gbl)# namespace wwmed
bstnA(gbl‐ns[wwmed])# enable
bstnA(gbl‐ns[wwmed])# ...
1-8
Getting Started
Getting Started
For the initial login, refer to the instructions for booting and configuring the
switch in the appropriate Hardware Installation Guide.
For subsequent logins, use the following steps to log into the F5 CLI:
1. If you are on-site, you can connect a serial line to the serial console
port. This port is labeled ‘Console’ or ‘10101’ (depending on your
ARX platform). By default, the port is set for 9600 baud, 8, N, 1.
You can also telnet to the switch’s management interface. For
example:
telnet 10.10.10.10
In either case, a login prompt appears:
Username:
2. Enter your username and password. For example:
Username: admin
Password: acopia
The CLI prompt appears:
SWITCH>
The name, “SWITCH,” is the default hostname. The hostname is
reset as part of the initial-boot process, so it is likely that yours will
differ.
Entering Cfg or Gbl Mode
The CLI uses two high-level modes for switch configuration: cfg mode for
switch configuration and gbl mode for global configuration. Switch
configuration applies to the local switch only; chassis, layer-2, and layer-3
commands are all under cfg mode. Global configuration applies to settings
that can be shared by both switches in a redundant pair; for example,
namespace-configuration commands all appear under gbl mode.
To enter cfg mode, use the config command from priv-exec mode:
SWITCH> enable
SWITCH# config
SWITCH(cfg)#
To enter gbl mode instead, use the global command:
SWITCH> enable
SWITCH# global
SWITCH(gbl)#
The command sequences in this manual all begin in either cfg or gbl mode.
CLI Reference
1-9
Chapter 1
Introduction
Document Conventions
This manual uses the following conventions:
this font represents screen input and output;
• bold text represents input, and
• italic text appears for variable input or output.
this font is used for command-syntax definitions, which use the same rules
for bold and italic.
Command-syntax definitions also use the following symbols:
• [optional-argument] - square brackets ([ ]) surround optional arguments;
• choice1 | choice2 - the vertical bar ( | ) separates argument choices;
• {choice1 | choice2 | choice3} - curly braces ({ }) surround a required
choice;
• [choice1 | choice2]* - an asterisk (*) means that you can choose none of
them, or as many as desired (for example, “choice1 choice2” chooses
both);
• {choice1 | choice2}+ - a plus sign (+) means that you must choose one or
more.
For commands nested in multiple layers of modes, the following convention
illustrates the mode path to reach the command:
mode1 ‐> mode2 ‐> mode3 ‐> command
1 - 10
Command Definitions
Command Definitions
Purpose
Mode
Security Roles
describes the reason for using the command.
is the mode in the CLI (for example, exec, priv-exec, or cfg).
is the set of administrative roles that are allowed to access the command. Any number
of administrative roles can be assigned to a command; and administrator who has one
of these roles can access the command. The roles are
1.
operator,
2.
backup operator,
3.
network-technician,
4.
network-engineer,
5.
storage-engineer, and
6.
crypto-officer.
A command that is accessible to the operator is also accessible by an administrator with
any other role.
Each administrative group has one or more of these roles, assigned by using the role
command.
Syntax
Default(s)
Valid Platforms
Guidelines
describes the syntax of the command. This shows all keywords, arguments, and flags,
and provides ranges.
lists all default states affected by the command and its arguments.
lists the platforms (ARX-VE, ARX-500, ARX-1500, ARX-2000, ARX-2500, and/or
ARX-4000) where this command is supported. This row is omitted for
universally-supported commands.
provides context for the command, including references to related commands.
For show commands, this section describes the output of the command.
Samples
Related Commands
CLI Reference
show sample input and output. For situations where the output is too wide for this table,
it appears in a separate figure below.
are links to commands that you can use in conjunction with the current command.
1 - 11
Chapter 1
Introduction
Contacting Customer Service
You can use the following methods to contact F5 Networks Customer
Service:
F5 Networks Online
Knowledge Base
http://support.f5.com
Online repository of answers
to frequently-asked questions.
F5 Networks Services
Support Online
https://websupport.f5.com
Online customer support
request system
Telephone
Follow this link for a list of Support
numbers:
http://www.f5.com/training-support/cust
omer-support/contact/
1 - 12
2
Command Keys and Shortcuts
Keys
Keys
The CLI supports the following key combinations:
<Arrows>
Move the cursor: <Up-Arrow> and <Down Arrow> go to next/previous line in command history.
<Tab>
Expand the command or keyword abbreviation.
\
Ignore any special meaning for the next character.
<Ctrl‐a>
Move cursor to beginning of line.
<Ctrl‐b>
Move cursor left one character.
<Ctrl‐c>
Abort the current command, or exit cfg/gbl mode.
<Ctrl‐d>
Delete character at cursor.
<Ctrl‐e>
Move cursor to end of line.
<Ctrl‐f>
Move cursor right one character.
<Ctrl‐h>
Delete character to left of cursor.
<Ctrl‐i>
Expand command or keyword abbreviation (same as <Tab>).
<Ctrl‐k>
Delete from cursor to end of line.
<Ctrl‐l>
Re-display the current line.
<Ctrl‐m>
Same as <Enter> or <Return>.
<Ctrl‐n>
Display next line in command history.
<Ctrl‐p>
Display previous line in command history.
<Ctrl‐r>
Re-display the current line.
<Ctrl‐t>
Transpose current character with one to left.
<Ctrl‐u>
Delete from cursor to beginning of line.
<Ctrl‐w>
Delete word to left of cursor.
<Ctrl‐x>
Delete everything on the current line without pressing <Enter>.
<Ctrl‐z>
Return to priv mode from cfg or gbl mode.
<Esc‐b>
Move cursor left one word.
<Esc‐d>
Delete from cursor to end of word.
<Esc‐f>
Move cursor right one word.
CLI Reference
2-3
Chapter 2
Command Keys and Shortcuts
<Esc‐c>
Capitalize character at cursor.
<Esc‐m>
Toggle more support.
<Esc‐l>
Change word at cursor to lower case.
<Esc‐s>
Toggle line logging suppression.
<Esc‐u>
Change word at cursor to upper case.
<Esc‐bs>
Delete word to left of cursor.
2-4
3
Terminal Control
save profile
save profile
Purpose
Modes
Security Role(s)
Syntax
Default(s)
Guidelines
Use the save profile command to save the current terminal settings for future login
sessions.
exec and priv-exec
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
save profile
None
This command saves your current terminal settings. The settings reside in a file in the
configs directory, admin-profile.scr. The next time you log in to the switch, the CLI
automatically starts with the same terminal settings. If you later change the profile and
use this command again to save the change, the CLI prompts for confirmation before
overwriting the admin-profile.scr file; enter yes to proceed.
Use the show terminal command to view the current terminal settings. To remove the
profile, run delete configs admin-profile.scr.
Since an administrator with a role of “operator” does not have privileges to access
priv-exec mode, exec mode also supports this command. The command operates
identically in both modes.
Sample
bstnA# save profile
saves your current terminal settings.
Related Commands
CLI Reference
show terminal
3-3
Chapter 3
Terminal Control
show history
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Sample
Use the show history command to see the list of CLI commands from the current CLI
session.
(any)
operator
show history
None
You can set the number of commands kept in the history with the terminal history
command.
bstnA> show history
Command History
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
show terminal
no cli‐more
show running‐config
show namespace
bstnA>
Related Commands
3-4
terminal history
show terminal
show terminal
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Use the show terminal command to see the terminal settings for the current CLI
session.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show terminal
None
To save your current terminal settings, use the save profile command.
If Terminal Idle Timeout is enabled, the system logs you out of the CLI after the idle
time shown in the Terminal Idle Timeout Value field. Use terminal timeout to set
the idle-timeout time.
Terminal Expand Prompt shows the current object name in the CLI prompt. For
example, if you are configuring a namespace volume, the volume name appears in the
CLI prompt. Use [no] terminal expand-prompt to disable/enable the expanded
prompt.
Terminal Confirmation, if enabled, causes the CLI to prompt for confirmation at
sensitive configuration commands. If disabled, the CLI performs all commands
without prompting for confirmation. Use [no] terminal confirmation to
disable/enable Terminal Confirmation.
Expert Mode, if enabled, stops the CLI from prompting for confirmation when a user
creates a new global-configuration object. If disabled, the CLI prompts for
confirmation for every new policy, namespace, or global-server object. Use [no]
terminal expert to disable/enable Expert Mode.
Terminal Length is the number of lines for each page of the CLI’s more output. (By
default, the CLI pipes all of its output through more.) Use terminal length to reset the
number of lines; use terminal length 0 to disable the more feature.
Terminal Width is the maximum number of characters in each line of CLI output. Use
terminal width to reset this maximum.
Logfile Directory only appears if terminal logging is enabled. This shows the
directory where the current CLI-log file is being written; currently, this is always
“reports.”
Terminal Logfile is enabled if the CLI is recording its output to a report file. Use
terminal logging to enable CLI logging.
Terminal History is the number of CLI commands kept in a history buffer. Use
terminal history to set this number. To access the commands, use show history or
<up-arrow>.
Script History Logging indicates whether the CLI keeps terminal history for
commands in CLI scripts, too. This is enabled or disabled with the script flag in the
terminal history command.
Terminal Character Set is either ISO 8859-1 or Unicode/UTF-8. If the latter, the
terminal supports multi-byte characters (for Japanese, Chinese, and other languages
with multi-byte characters). Use terminal character-set to change this.
CLI Reference
3-5
Chapter 3
Terminal Control
Guidelines (Cont.)
Stop Scripts on error is disabled if CLI scripts continue on error. Use terminal
stop-on-error to stop CLI scripts that encounter an error.
If terminal beta is enabled, you can preview and test the CLI beta test commands
available in later versions of F5 software. Contact your F5 representative for more
information on these commands. Use [no] terminal beta to disable/enable previewing
the beta test commands.
Sample
bstnA> show terminal
Terminal Options
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Terminal Idle Timeout: disabled Terminal Idle Timeout value: Terminal Expand Prompt: enabled Terminal Confirmation: enabled Expert Mode: disabled Terminal Length: 24 lines, more disabled Terminal Width: 80 Terminal Logfile: disabled Terminal History: 10 lines Script History Logging: disabled Terminal Character Set: ISO 8859‐1 Stop Scripts on error: disabled Beta Commands: disabled
Related Commands
3-6
terminal timeout
terminal expand-prompt
terminal confirmation
terminal length
terminal width
terminal logging
terminal history
show history
terminal character-set
terminal beta
terminal beta
terminal beta
Purpose
Use the terminal beta command to unlock CLI beta test commands.
Use the no form of the command to lock these commands.
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
terminal beta
no terminal beta
no terminal beta
The terminal beta command provides access to the CLI beta test commands to be
released in later versions of F5 software. Use terminal beta to unlock these
commands for previewing and testing purposes only. Contact your F5 representative
for more information on the availability of these commands.
Entering terminal beta causes the beta test commands to appear in Help.
Use show terminal to find the current setting (locked or unlocked) for the beta test
commands.
Samples
bstnA> terminal beta
This command unlocks UNSUPPORTED features. Are you sure? [yes/no] yes
unlocks the beta test commands and features.
bstnA> no terminal beta
hides all beta commands and features.
Related Commands
CLI Reference
show terminal
3-7
Chapter 3
Terminal Control
terminal character-set
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Use this command to enable or disable CLI support for Unicode characters (such as
the characters used in Chinese or Japanese languages). Match this to the character set
used in the local network.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
terminal character‐set {iso‐8859‐1 | unicode‐utf‐8}
no terminal character‐set
iso‐8859‐1
The terminal character set is the one that was used in your network before the ARX
was installed. The correct character setting is required so that you can enter back-end
filer names into the CLI, and so that the CLI can properly display filer names and
service names in its show commands.
The iso-8859-1 setting is for single-byte-character languages like English. The other
setting, unicode-utf-8, supports all languages including those with characters larger
than one byte.
You can use Unicode characters for naming objects such as filers and back-end shares.
They are not used in CLI prompts, help, or error messages.
To view the current character set, use show terminal.
Samples
bstnA> terminal character‐set unicode‐utf‐8
allows multi-byte characters.
bstnA> no terminal character‐set
restricts the CLI to single-byte characters only.
Related Commands
3-8
show terminal
terminal clear
terminal clear
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Sample
Use this command to clear the screen of all text entries. It is also useful in writing
scripts.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
terminal clear
None
Use this command when you want to clear the screen and start over. It is also useful
for capturing screen output, scripting, and pausing a CLI operation.
bstnA> terminal clear
clears the screen of all entries and returns you to the CLI prompt (in the same
mode) at the top of the screen.
Related Commands
CLI Reference
show terminal
reload
3-9
Chapter 3
Terminal Control
terminal confirmation
Purpose
Some sensitive configuration commands require user confirmation (for example, “Are
you sure? [y/n]”). For non-interactive scripts, you can disable the confirmations with
no terminal confirmation.
Use the affirmative form, terminal confirmation, to make the CLI start prompting for
confirmations again.
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Samples
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
terminal confirmation
no terminal confirmation
Enabled
Use show terminal to find the current setting for terminal confirmation.
bstnA(cfg)# no terminal confirmation
disables terminal-confirmation prompts. For example, if you reboot the ARX the
confirmation message (“Are you sure? [y/n]”) will be skipped.
bstnA(cfg)# terminal confirmation
reinstates terminal-confirmation.
Related Commands
3 - 10
show terminal
terminal expand-prompt
terminal expand-prompt
Purpose
Use the terminal expand-prompt command to display the fully expanded CLI
command prompt.
Use the no version of the command to shorten the CLI command prompt (mode only).
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Samples
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
terminal expand‐prompt
no terminal expand‐prompt
Enabled
The expand-prompt feature shows the name of the current object (such as the
namespace or volume) in the prompt. The show terminal command indicates whether
or not this feature is enabled.
bstnA(gbl‐ns[[nfsNamespace1])#no terminal expand‐prompt disables the expanded prompt:
bstnA(gbl‐ns[nfsNamespace1])# terminal expand‐prompt bstnA(gbl‐ns[nfsNamespace1])# reinstates the expanded prompt.
Related Commands
CLI Reference
show terminal
3 - 11
Chapter 3
Terminal Control
terminal expert
Purpose
Commands that create new configuration objects (such as namespaces and global
servers) prompt for confirmation before creating the object. Use the terminal expert
command to remove these confirmation prompts.
Use the no version of the command to bring back the confirmation prompts.
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
terminal expert
no terminal expert
no terminal expert
This command only applies to confirmations for new configuration objects; use no
terminal confirmation to eliminate all confirmation prompts in the CLI.
The CLI prompts for all new configuration objects by default. This is a feature for
safeguarding against typing mistakes.
Samples
bstnA(gbl‐ns[nfsNamespace1])# terminal expert disables prompts for new objects (like namespaces).
bstnA(gbl‐ns[[nfsNamespace1])# no terminal expert re-enables the safe prompts.
Related Commands
3 - 12
terminal confirmation
show terminal
terminal history
terminal history
Purpose
The CLI keeps a configurable number of CLI commands in a list, so that you can
display the list with the show history command. Use the terminal history command
to set the number of CLI commands to keep.
Use the no form of this command stop saving any CLI history.
Mode
Security Role(s)
Syntax
(any)
operator
terminal history number
terminal history script
no terminal history [script]
number (0-255) is the number of CLI commands to keep in the terminal-history list.
script (optional) enables logging for CLI scripts. If the run command invokes a script,
the CLI keeps terminal history for the commands in the script, too.
Default(s)
10 lines
script history is not kept
Guidelines
Samples
Use show history to view the terminal history. You can also use the up-arrow key to
view the history one command at a time.
bstnA(cfg)# terminal history 100
keeps 100 CLI commands in the terminal history.
bstnA(cfg)# terminal history script
keeps terminal history for commands in CLI scripts as well as those entered by an
administrator.
bstnA(cfg)# no terminal history
disables terminal history.
Related Commands
CLI Reference
show history
show terminal
3 - 13
Chapter 3
Terminal Control
terminal length
Purpose
By default, the CLI pipes all of its output through the more paging program. Each page
of more output has a configurable number of lines; use the terminal length command
to set the number of lines in each CLI page.
Use no terminal length to return to the default length and enable the more feature.
Mode
Security Role(s)
Syntax
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
terminal length number
no terminal length
number (0-255) is the number of lines in each page of CLI output. 0 (zero) means
“infinite;” this effectively disables the CLI more feature.
Default(s)
Guidelines
24 (and see the Guidelines below)
The default terminal length applies to serial connections to the Console port as well as
remote connections to one of the IP-based management ports. However, if a remote
connection (such as a Telnet session) has a length setting, it overrides the default. If
this command sets a specific length, it overrides both.
Use terminal length 0 to disable the more feature. The no terminal length command
enables the more feature and returns the length to the default.
Use terminal width to determine the number of characters in each line of CLI output.
Use show terminal to find the current terminal length, and to find whether or not
more is disabled.
Samples
bstnA(cfg)# terminal length 200
sets each page of CLI output to 200 lines.
bstnA(cfg)# terminal length 0
allows for unlimited output. This effectively disables the more paging feature.
bstnA(cfg)# no terminal length
reverts the page length to the default.
Related Commands
3 - 14
terminal width
show terminal
terminal logging
terminal logging
Purpose
Use the terminal logging command to capture output from CLI show commands to a
report file. This starts a session where the output of all subsequent CLI commands is
recorded in the report file.
Use the no form of this command to stop the current terminal-logging session.
Mode
Security Role(s)
Syntax
(any)
operator (any, including backup-operator)
terminal logging [report‐prefix]
no terminal logging
report-prefix (optional, 1-1024 characters) is the prefix for a report file. The CLI logs
its output to a report file named as follows:
report-prefix_yyyymmddHHMM.rpt, where report-prefix is chosen here, yyyy is
the current year, mm is the current month, dd is the day, HH is the hour, and MM is
the minute.
The default prefix is “cli_.”
Default(s)
Disabled
report-prefix -”cli_.”
Guidelines
The CLI displays the name of the report file when you enter the command. Use show
reports type CLI to view all CLI-log reports, or show reports report-name to view
a specific CLI-log file.
The show terminal command indicates whether or not terminal logging is enabled.
Samples
bstnA(cfg)# terminal logging showoutput
Generating CLI output report: 'showoutput_200903301531.rpt'..
enables terminal logging and captures show command output to the named log
file.
bstnA(cfg)# no terminal logging
disables terminal logging.
Related Commands
CLI Reference
show reports
show terminal
3 - 15
Chapter 3
Terminal Control
terminal stop-on-error
Purpose
In CLI scripts, use terminal stop-on-error to stop script processing if the CLI
responds with an error.
Use no terminal stop-on-error to continue processing the CLI script through all
errors.
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Samples
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
terminal stop‐on‐error
no terminal stop‐on‐error
no terminal stop-on-error
Use show terminal to find the current setting (enabled or disabled) for stop-on-error.
Use copy ... scripts script-name to download a CLI script onto the switch.
bstnA(cfg)# terminal stop‐on‐error
stops processing on a CLI error.
bstnA(cfg)# no terminal stop‐on‐error
allows a CLI script to continue processing through all errors.
Related Commands
3 - 16
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
show terminal
terminal timeout
terminal timeout
Purpose
By default, a CLI terminal logs off after 15 minutes of idle time, where idle time is
time without any user input. Use no terminal timeout to allow infinite idle time.
Use the affirmative form, terminal timeout, to re-instate time-outs.
Mode
Security Role(s)
Syntax
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
no terminal timeout
terminal timeout
terminal timeout seconds
seconds (0-2048) is the number of idle seconds before timing out the current CLI
session. If you omit this value with the terminal timeout command, you set the
default timeout of 900 (seconds, or 15 minutes).
Default(s)
Guidelines
Samples
900 (seconds, or 15 minutes) of idle time
Use show terminal to find the current setting (enabled or disabled) for terminal
time-out.
bstnA(cfg)# no terminal timeout
allows the terminal to be idle for infinite time without logging off.
bstnA(cfg)# terminal timeout
reinstates terminal-timeout at its default, 900 seconds.
bstnA(cfg)# terminal timeout 1800
sets the terminal-timeout 1800 seconds, or 30 minutes.
Related Commands
CLI Reference
show terminal
3 - 17
Chapter 3
Terminal Control
terminal width
Purpose
Use the terminal width command to set the maximum number of characters in each
line of CLI output.
Use no terminal width to return to the default width.
Mode
Security Role(s)
Syntax
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
terminal width number
no terminal width
number (0-255) is the maximum number of characters in each line of CLI output.
Default(s)
Guidelines
80 (and see the Guidelines, below)
The default terminal width applies to serial connections to the Console port as well as
remote connections to one of the IP-based management ports. However, if a remote
connection (such as a Telnet session) has a width setting, it overrides the default. If
this command sets a specific width, it overrides both.
Use terminal length to determine the number of lines in each page of CLI output. Use
show terminal to find the current terminal width.
Samples
bstnA(cfg)# terminal width 120
sets each line of CLI output to 120 characters.
bstnA(cfg)# no terminal width
returns to the default line width.
Related Commands
3 - 18
terminal length
show terminal
4
Administrative Users
group
group
Purpose
An administrative group defines the access privileges for a list of administrative users.
Use the group command to add a new group to the ARX, or to edit an existing group.
You can also use this command to re-create or edit a Windows group, so that you can
assign administrative privileges to the group’s Windows users.
Use the no form of this command to remove a group.
Mode
Security Role(s)
Syntax
gbl
crypto-officer
group name
no group name
name (1-64 characters) is a name that you choose for the group. Surround this with
quotation marks (“”) if it contains any spaces.
Default(s)
Guidelines
Several default groups are defined, each with different access privileges:
crypto-officer, storage-engineer, network-engineer, network-technician,
backup-operator, and operator.
This command puts you into gbl-group mode. From gbl-group mode, you can use the
role command to select a role for all the group’s users. Each role is associated with a
set of CLI commands; you can use the role command multiple times to assign multiple
roles to a group. You must set at least one role for the group to function. Default
groups (such as network-engineer) already have their roles configured.
For a group of Windows administrators, defined externally in your Active Directory,
you can choose a group name that is the same as an existing Windows group. For
example, you could create a group named “Domain Admins.” Then use the
windows-domain (gbl-group) command to specify one or more domains where the
group is allowed access; Domain Admins in “medarch.org” may be allowed to access
the CLI, but Domain Admins in “competitor.com” may not. Finally, use the
authentication command to allow Active-Directory authentications at the CLI and/or
GUI. Windows users in the group/domain can then log into the CLI or GUI with their
Windows username and password, and they get the access privileges assigned by the
role command. This type of group does not require any users; all users are established
externally, on your Windows Domain Controllers.
For a locally-defined group of administrators, use the user (gbl-group) command to
add each administrator to the group.
Use the show group all command for a list of existing groups.
Samples
bstnA(gbl)# group superusers
bstnA(gbl‐group[superusers])#
creates the group, “superusers.”
bstnA(gbl)# group "Domain Users"
creates another group, “Domain Users.”
CLI Reference
4-3
Chapter 4
Administrative Users
Related Commands
4-4
role
windows-domain (gbl-group)
authentication
user (gbl-group)
show group all
group (gbl-user)
group (gbl-user)
Purpose
Mode
Security Role(s)
Syntax
Use the group command to add the current user to an additional group. Use no group
to remove the current user from a group.
gbl-user
crypto-officer
group name
no group name
name (1-64 characters) is a name of an existing group.
Default(s)
Guidelines
None
A user can belong to multiple groups, where each group is associated with a role. The
group’s role determines the access privileges for its users. Every command in this
manual is labeled with the role or roles that are permitted to use the command. See
Security Role(s), above, as an example: this command can only be used by users who
belong to groups with the “crypto-officer” role.
The ARX is shipped with several pre-defined groups. Use the show group all
command to show all groups, and use show group roles to show the role associated
with each group. You can add new groups with the group command.
Samples
bstnA(gbl‐user[newuser])# group storage‐engineer
adds the “newuser” account to a group, “storage-engineer.”
bstnA(gbl‐user[newuser])# no group testgroup2
removes the “newuser” account from the “testgroup2” group.
Related Commands
CLI Reference
group
show group all
show group roles
4-5
Chapter 4
Administrative Users
password
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Use this command to change the password for your administrative-user account, the
one used for your current login session.
priv-exec
crypto-officer, storage-engineer, network-engineer, or network-technician
password
None
The CLI first authenticates you by prompting for the old password. Then it prompts
for the new password that you want, followed by a prompt to re-enter the new
password. The maximum number of characters is 28. For maximum security, choose a
password with at least one of each of the following:
•
lower-case letter (a-z),
•
upper-case letter (A-Z),
•
number (0-9), and
•
non alpha-numeric symbol ($, #, *, @, and so forth). You cannot use any of the
following characters: | & ; ( ) < > ` -.
An administrator with the crypto-officer role can use the password (gbl-user)
command to change the password for any user account.
Sample
bstnA# password
Old Password: acopia
New Password: myNewPa$$wd
Validate Password: myNewPa$$wd
bstnA#
changes the password for the current account.
Related Commands
4-6
password (gbl-user)
password (gbl-user)
password (gbl-user)
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Use the password command to change the password for an administrative-user
account.
gbl-user
crypto-officer
password
None
This command changes the password for an administrative-user account that is not
necessarily your own. A crypto officer can use this command to manage
administrative accounts on the ARX. To change the password on the current account,
any administrator can use the password command from priv-exec mode.
This only applies to locally-defined accounts. It has no effect on user accounts defined
externally in the Windows Active Directory. (See windows-domain (gbl-group) for
information about allowing externally-defined users to access the ARX as
administrators.)
The CLI prompts for a new password for the account, then prompts you to re-enter the
same password. The maximum number of characters is 28. For maximum security,
choose a password with at least one of each of the following:
•
lower-case letter (a-z),
•
upper-case letter (A-Z),
•
number (0-9), and
•
non alpha-numeric symbol ($, #, *, @, and so forth). You cannot use any of the
following characters: | & ; ( ) < > ` -.
Use the show users command to show all administrative users.
Sample
bstnA(gbl‐user[newuser])# password
Password: n3wcrypt1cPa$$wd
Validate Password: n3wcrypt1cPa$$wd
bstnA(gbl‐user[newuser])#
changes the password for the “newuser” account.
Related Commands
CLI Reference
user
show users
4-7
Chapter 4
Administrative Users
role
Purpose
A group’s role determines the accessible CLI commands for its administrative users.
Each group can have multiple roles. Use the role command to set a role for the current
group.
Use the no role command to remove a role from the group.
Mode
Security Role(s)
Syntax
gbl-group
crypto-officer
role {operator | backup‐operator | network‐technician | network‐engineer | storage‐engineer | crypto‐officer}
no role {operator | backup‐operator | network‐technician | network‐engineer | storage‐engineer | crypto‐officer}
Select one of the following roles:
operator is a clerical administrator,
backup-operator runs backup and restore operations on volumes (see restore
data),
network-technician configures layer-2 and IP networks under the guidance of a
network-engineer,
network-engineer designs network topologies,
storage-engineer designs and configures network storage, and
crypto-officer keeps passwords and manages network security.
Default(s)
Guidelines
None
Each role is associated with a set of CLI commands. Administrators with the
storage-engineer role, for example, have access to commands that are associated with
storage management. Use show group roles to show all configured groups and roles.
Each CLI command has one or more Security Roles that are listed in this manual. If an
administrator’s group has one of the roles that can access a command, the
administrator can use the command. For example, an administrator with the
network-technician role can see a command that is assigned to network-engineer
and network-technician, but cannot see a command that allows only
storage-engineers.
Administrators with the crypto-officer role can log into a booting ARX sooner than
administrators with other roles. Other roles wait until gbl mode is accessible before
allowing a login, whereas a crypto officer can log in as soon as cfg mode is available.
Samples
bstnA(gbl‐group[Domain Admins])# role crypto‐officer
adds the “crypto-officer” role to the “Domain Admins” group.
bstnA(gbl‐group[superusers])# no role network‐technician
removes the “network-technician” role from the “superusers” group.
Related Commands
4-8
group
show group roles
ssh-key
ssh-key
Purpose
Use the ssh-key command to paste a public SSH key into the current administrative
account.
Use the no ssh-key command to remove one or more SSH keys from the current
account.
Mode
Security Role(s)
Syntax
gbl-user
crypto-officer
ssh‐key {dsa | rsa | rsa1} [“public‐key”]
dsa | rsa | rsa1 is a required choice, which selects the encryption type and SSH version
for the key:
dsa is DSA over SSHv2,
rsa is RSA over SSHv2, and
rsa1 is RSA over SSHv1. By default, SSHv1 is not supported, use ssh-v1 enable
to enable SSHv1 support.
public-key (optional, 1-2500 characters) is a public SSH key, pasted from the client.
Use quotation marks around this string, as it invariably contains spaces. Take care that
the copy/paste operation does not add any <Return> or <Line-Feed> characters to
break up the string. If you omit the public-key, the CLI prompts for it on the next line.
Syntax: No Form
no ssh‐key id key‐id
no ssh‐key fingerprint fingerprint
no ssh‐key {dsa | rsa | rsa1}
no ssh‐key all
key-id (1-2,147,483,647) identifies the SSH key by an ID number assigned at the
switch. Use show ssh-user to see all key IDs for all SSH keys.
fingerprint (1-50) identifies the SSH key by its fingerprint. Use show ssh-user to see
all fingerprints.
dsa | rsa | rsa1 identifies the type of key to remove. This removes all SSH keys of the
given type from the current administrative account.
all removes all SSH keys from the current administrative account.
Default(s)
Guidelines
None
When administrators access the CLI through SSH, they are typically challenged for the
account password. The SSH protocol supports public-key authentication, which skips
this challenge. When an administrator accesses SSH on the switch, the switch’s SSH
server attempts to use the administrator’s public-key first. If the public key is
configured properly for this administrator, he or she never sees a password challenge.
An administrator’s SSH keys are unique to every client machine that they use. You
can therefore configure multiple SSH keys for each administrative user account.
The show ssh-user command shows all administrative accounts with SSH public
keys.
CLI Reference
4-9
Chapter 4
Administrative Users
Samples
bstnA(gbl‐user[su])# ssh‐key dsa “ssh‐dss AAAAB3NzaC1kc3MAAACBAPqSVxs6Soxs5D9G7Ul8dQrf7Eo7vNdTawaH0K7DsyV2ND0Rqx
ttRtNpw/fdIcm5cHOrYW4OYL6HJesMeJPguAzY8hbTkwsz+uRJLFnmRTy236DXDFiTc38E
r6UQCoa1On9VrKWhoEGNe1YCn+cIsb3S+s44QPOx9GPFSVN1hqdVAAAAFQC8x+2VKzUH16
xrAMKuvVh50c53lwAAAIEAvOgRX8Ek2e/uCCJXlme0n7EsL3+yTEsOP7C9Bsl05KoCAgCS
YP8G/1rc372Vy0xF3PGL9QsI/bj+48SEAuJJTpJR1eB9MLpwmraVa/IsX16Xhr34eLDwH3
NwtlwqRH9fhkjnWwhEoLRC7Bf/g493HoXPD2dNjbKvqiMgq+s7CBEAAACAcAF+a+S/0OUN
fpuv6QPV+SX9WoaazJthtUiP8pI4yl6sVAhp3Op5LxWT58Xl4ed+F0vUR2cfdjAF23YGYR
wK2c2h4FjnoBjLuoodhXJ+xAC/DPb4EvwEcBtqlPnpWzsPlAFX/I1pPA4fUyUOOifCrP12
etsoZ9mnxawLRAAEa+A= juser@clientLinux”
adds an SSH key to the “su” user account.
bstnA(gbl‐user[su])# ssh‐key dsa
Enter user's public key: “ssh‐dss AAAAB3NzaC1kc3MAAACBAPqSVxs6Soxs5D9G7Ul8dQrf7Eo7vNdTawaH0K7DsyV2ND0Rqx
ttRtNpw/fdIcm5cHOrYW4OYL6HJesMeJPguAzY8hbTkwsz+uRJLFnmRTy236DXDFiTc38E
r6UQCoa1On9VrKWhoEGNe1YCn+cIsb3S+s44QPOx9GPFSVN1hqdVAAAAFQC8x+2VKzUH16
xrAMKuvVh50c53lwAAAIEAvOgRX8Ek2e/uCCJXlme0n7EsL3+yTEsOP7C9Bsl05KoCAgCS
YP8G/1rc372Vy0xF3PGL9QsI/bj+48SEAuJJTpJR1eB9MLpwmraVa/IsX16Xhr34eLDwH3
NwtlwqRH9fhkjnWwhEoLRC7Bf/g493HoXPD2dNjbKvqiMgq+s7CBEAAACAcAF+a+S/0OUN
fpuv6QPV+SX9WoaazJthtUiP8pI4yl6sVAhp3Op5LxWT58Xl4ed+F0vUR2cfdjAF23YGYR
wK2c2h4FjnoBjLuoodhXJ+xAC/DPb4EvwEcBtqlPnpWzsPlAFX/I1pPA4fUyUOOifCrP12
etsoZ9mnxawLRAAEa+A= juser@clientLinux”
adds the same SSH key by responding to a CLI prompt.
bstnA(gbl‐user[su])# no ssh‐key rsa
removes all RSA/SSHv2 keys from the “su” user account.
bstnA(gbl‐user[admin])# no ssh‐key id 7
removes SSH-key 7 from the “admin” user account.
Related Commands
4 - 10
user
show ssh-user
ssh-v1 enable
show group all
show group all
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show group all command to display all administrative groups configured for
the ARX.
(any)
crypto-officer
show group all
This shows all administrative groups. Use the show group users command to find
the locally-defined administrative users in each group.
Use the show group roles command to find the administrative role assigned to each
group. This shows the access privileges for the group’s users.
Related Commands
group
show group users
show group roles
Figure 4.1 Sample Output: show group all
bstnA(gbl‐group[superusers])# show group all
Configured Groups
Group Name
‐‐‐‐‐‐‐‐‐‐‐‐‐
backup‐operator
operator
network‐technician
storage‐engineer
network‐engineer
crypto‐officer
admins
Domain Users
Backup Operators
Administrators
Domain Admins
Enterprise Admins
CLI Reference
4 - 11
Chapter 4
Administrative Users
show group roles
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Each group has a role which defines CLI-access privileges for the group’s users. Use
the show group roles command to show all administrative groups and their roles.
(any)
crypto-officer
show group roles
This shows a table with two columns: administrative groups in the left column and
their roles in the right column.
Use the group command to configure a new group.
Use the role command to set a group’s role.
Use the show group users command to find the administrative users in each
locally-defined group.
Sample
bstnA(gbl‐group[admins])# show group roles
Group Roles
‐‐‐‐‐‐‐‐‐‐‐
Group Roles
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Administrators backup‐operator
Administrators operator
Administrators network‐engineer
Administrators storage‐engineer
Administrators crypto‐officer
admins storage‐engineer
Backup Operators backup‐operator
Backup Operators operator
backup‐operator backup‐operator
crypto‐officer crypto‐officer
Domain Admins backup‐operator
Domain Admins operator
Domain Admins network‐engineer
Domain Admins storage‐engineer
Domain Admins crypto‐officer
Domain Users operator
Enterprise Admins backup‐operator
Enterprise Admins operator
Enterprise Admins network‐engineer
Enterprise Admins storage‐engineer
Enterprise Admins crypto‐officer
network‐engineer network‐engineer
network‐technician network‐technician
operator operator
storage‐engineer storage‐engineer
Related Commands
4 - 12
group
role
show group users
show group users
show group users
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show group users command to cross-reference the switch’s administrative
groups and their locally-defined users.
(any)
crypto-officer
show group users
This shows a table with two columns: administrative groups in the left column and
their users in the right column. This only shows groups with locally-defined users; it
does not include groups that are defined externally in your Active Directory.
Use the user command to configure a new administrative user.
Use the group command to create (or edit) a group. Use the user (gbl-group)
command to add a user to the group.
Use the show group roles command to find the administrative role assigned to each
group.
Samples
bstnA(gbl‐group[admins])# show group users
lists all users in their groups. See Figure 4.2 for sample output.
Related Commands
user
group
user (gbl-group)
show group roles
Figure 4.2 Sample Output: show group users
bstnA(gbl‐group[admins])# show group users
Group Users
‐‐‐‐‐‐‐‐‐‐‐
Group User
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
admins adm1
admins adm12
crypto‐officer admin
crypto‐officer newadmin
operator newadmin
operator admin
CLI Reference
4 - 13
Chapter 4
Administrative Users
show ssh-user
Purpose
Mode
Security Role(s)
Syntax
Use the show ssh-user command to show the SSH public keys entered for
administrative users, if any.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, and operator
show ssh‐user [account‐name]
account-name (optional, 1-32 characters) identifies a particular administrative account
to show. If you omit this, the SSH keys are shown for all administrative accounts.
Guidelines
Each administrative account can store multiple SSH public keys. Each public key
corresponds to one administrator on one SSH-client machine; if the administrator’s
public key is copied from the client machine to the administrative account, the
administrator can access the account through SSH without providing a password.
This shows a table with one row per SSH public key. Each row has the following
information:
User is the name of the administrative-user account, set with the user command.
KeyId is an internally-assigned ID for this public key. You can use this with no
ssh-key id to remove the SSH key from the account.
Type is “dsa” (DSA encryption over SSHv2), “rsa” (RSA encryption over SSHv2), or
“rsa1” (RSA encryption over SSHv1).
Fingerprint is used by SSH as a shorter equivalent to the public key. This is a unique
identifier for a particular user at a particular host. You can use this with no ssh-key
fingerprint to remove the SSH key from the account.
Samples
bstnA# show ssh‐user
lists the SSH public keys configured for all administrative accounts. See
Figure 4.3 for sample output.
bstnA# show ssh‐user admin
lists the SSH public keys for one account only, “admin.” See Figure 4.4.
Related Commands
user
ssh-key
Figure 4.3 Sample Output: show ssh-user
bstnA# show ssh‐user
User KeyId Type Fingerprint
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
newadmin 1 dsa 1e:ca:4b:9f:0d:51:97:98:1f:d8:26:81:8e:ab:3d:9b
adm12 2 dsa 8d:45:67:07:53:5f:61:9c:54:47:a8:76:4c:9a:93:05
admin 3 dsa 0b:fa:85:93:15:f9:ff:7e:8a:4c:1b:16:ba:4a:de:e7
admin 4 dsa 1e:ca:4b:9f:0d:51:97:98:1f:d8:26:81:8e:ab:3d:9c
bstnA#
4 - 14
show ssh-user
Figure 4.4 Sample Output: show ssh-user admin
bstnA# show ssh‐user admin
User KeyId Type Fingerprint
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
admin 3 dsa 0b:fa:85:93:15:f9:ff:7e:8a:4c:1b:16:ba:4a:de:e7
admin 4 dsa 1e:ca:4b:9f:0d:51:97:98:1f:d8:26:81:8e:ab:3d:9b
bstnA#
CLI Reference
4 - 15
Chapter 4
Administrative Users
show users
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show users command to display all administrative users that have been
locally configured for the ARX.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show users
The output contains two tables.
Configured Users is a list of all local administrative users. Use the user
command to configure a new local user. This does not show any users defined
externally in the Windows Active Directory.
Current User shows login name used for the current administrative session. The
first set of rows under the user name is the group(s) to which the current user
belongs. Each of these rows is labeled “group.” If you logged in through Active
Directory, using your Windows credentials, there is another set of rows labeled
“role:” these are the administrative roles, or privileges, assigned to you.
Use the show group all command to show all administrative groups.
Sample
bstnA(gbl)# show users
Users
Configured Users
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
adm1
adm12
admin
newadmin
Current User
‐‐‐‐‐‐‐‐‐‐‐‐
medarch\administrator
group Domain Admins
group Enterprise Admins
group Domain Users
role operator
role network‐engineer
role storage‐engineer
role crypto‐officer
role backup‐operator
Related Commands
4 - 16
user
show group all
user
user
Purpose
Use the user command to add a new, local administrative user to the ARX.
Use the no form of this command to remove a user account.
Mode
Security Role(s)
Syntax
gbl
crypto-officer
user username
no user username
username (1-32 characters) is a username that you choose.
Default(s)
Guidelines
operator is the default group for a new user
If the user account is new, the CLI prompts for a password. The maximum number of
characters is 28. For maximum security, choose a password with at least one of each of
the following:
•
lower-case letter (a-z),
•
upper-case letter (A-Z),
•
number (0-9), and
•
non alpha-numeric symbol ($, #, *, @, and so forth). Avoid the characters listed
above for username.
If you use this command to edit an existing account, there is no password prompt.
This puts you into gbl-user mode, which has commands for editing the user account.
Use the password command to change the password for the account. For
administrators that use SSH to access this account, you can use the ssh-key command
to add their public key to the account; if they log in from a management station with
the same public key, they do not have to enter the account password.
A user’s group determines its CLI-access privileges. A new user’s default group,
operator, has minimal access privileges. Each user can belong to multiple groups,
thereby expanding his access privileges. After you create the user account with this
command, you can use the group (gbl-user) command to add this user to another
group.
Use the show users command to show all administrative users.
Samples
bstnA(gbl)# user newuser
Password: crypt1cPa$$wd
Validate Password: crypt1cPa$$wd
bstnA(gbl‐user[newuser])#
creates the user, “newuser,” with the password, “crypt1cPa$$wd.”
Related Commands
CLI Reference
password
ssh-key
group (gbl-user)
show users
4 - 17
Chapter 4
Administrative Users
user (gbl-group)
Purpose
Use the gbl-group user command to add a local administrative user to the current
group.
Use no user to remove a local user from the current group.
Mode
Security Role(s)
Syntax
gbl-group
crypto-officer
user username
no user username
username (1-64 characters) identifies an administrative user account on this ARX.
Use show group users for a list of all available user accounts.
Default(s)
Guidelines
None
This command adds a user to the current group. The no form of the command removes
a user, thus revoking the group privileges for that user. These administrative users are
locally defined on the ARX.
This command is unnecessary for a Windows group that is defined in your Active
Directory (AD). For a group defined in the AD, you can use the windows-domain
(gbl-group) command to specify the domain(s) where the group’s users can gain
access to the ARX. Any valid Windows user in the group and domain can use their
Windows username and password to gain access. The users are defined externally, on
your Windows Domain Controllers.
Sample
bstnA(gbl‐group[superusers])# user newuser
adds “newuser” to the current group.
Related Commands
4 - 18
group
show group users
windows-domain (gbl-group)
windows-domain (gbl-group)
Purpose
An administrative group can be equivalent to one or more Windows groups in your Active
Directory. If the group name is the same as a valid Windows-group name, you can allow
the group’s Windows users to log into the CLI and/or GUI with their Windows
credentials. This command declares a valid Windows domain for the current Windows
group. You can re-issue the command multiple times to allow access to this group in
multiple trusted domains.
Use the no form of the command to remove a Windows domain from the group
configuration. This prevents the Windows users from the given domain/group from
logging in with their Windows credentials.
Mode
Security Role(s)
Syntax
gbl-group
crypto-officer
windows‐domain domain‐name
no windows‐domain domain‐name
no windows‐domain all
domain-name (1-256 characters) is the name of the Windows domain for this Windows
group. This must be a Fully-Qualified-Domain Name (FQDN) so Windows users can log
in with it. This makes it possible for Windows users to authenticate with Kerberos.
all (optional with the no form) removes all of the Windows domains that have been
associated with this group.
Default(s)
Guidelines
None
This command establishes a Windows domain where the group has administrative
privileges. This implies that the group name exists in the Active-Directory configuration
(outside the ARX), that the group is valid in this Windows domain, and that one or more
of the group’s users should have administrative access to the ARX.
The role command establishes the administrative permissions for members of this group.
To see the current roles for the group, use show group roles.
You must also configure the GUI and/or the CLI to allow Active-Directory (AD)
authentication. To open a given access point (such as HTTP or HTTPS for the GUI) for
AD authentication, use the authentication command.
Sample
bstnA(gbl‐group[Domain Users])# windows‐domain medarch.org
declares that Windows clients from the “Domain Users” group in “medarch.org” can
gain administrative access to the ARX.
Related Commands
CLI Reference
group
role
show group roles
show group all
authentication
4 - 19
Chapter 4
Administrative Users
4 - 20
5
Chassis Management
This chapter contains an alphabetical list of commands for managing the
chassis of the ARX.
Slot Locations
Slot Locations
Some of these commands require module identification by slot ID.
The ARX-4000 has two “slots,” 1 and 2. The smaller ARX-500, and
ARX-2000 platforms have a single “slot,” slot 1. The virtual ARX-VE is
said to also have a single, virtual slot: also slot 1.
CLI Reference
5-3
Chapter 5
Chassis Management
clear metalog usage
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
Namespace software and networking software record important log information, called
metalog data, to be used by a redundant peer in the event of a failover. The ARX-1500
and ARX-2500 store their metalog data on internal disk partitions. You can use the
show metalog usage command to view the usage of these metalog partitions over
time. Use this command to clear the metalog-usage statistics for the current ARX.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clear metalog usage
None
ARX-1500 and ARX-2500
The show metalog usage command shows up-to-date usage statistics for all metalog
partitions in the ARX. Use this command to clear those usage statistics for the entire
system.
The CLI prompts for confirmation before clearing any statistics; enter yes to continue.
The show metalog usage command is unavailable for a minute after you issue this
command.
Sample
stoweA# clear metalog usage
Clear metalog statistics? [yes/no] yes
Metalog driver usage statistics will not be available for a minute.
clears the metalog-usage statistics for the ARX named “stoweA.”
Related Commands
5-4
show metalog usage
clear nvr
clear nvr
Purpose
Mode
Security Role(s)
Syntax
The Non-Volatile RAM (NVRAM) is battery-backed memory on the ACM. The
NVRAM stores all database transactions for the namespace processes; if the processes
fail, they can recover by replaying these transactions. These transactions are called
metalog data. If the NVRAM gets corrupted somehow, use the clear nvr command to
erase it and reboot the chassis.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clear nvr [reload]
reload (optional) causes the switch to come back online after halting. If you omit this
option, the switch halts until you manually restore power.
Default(s)
Valid Platforms
Guidelines
None
ARX-500, ARX-2000, or ARX-4000
The CLI prompts you with a warning before it clears the NVRAM. Enter yes to
continue, then enter your username at the next prompt. The switch then halts. If you
omitted the reload option, you must turn the power back on to restore the ARX to
service.
Important
This causes namespace corruption in a running switch, in addition to a
service interruption. Only use this command on the advice of F5
personnel.
The following events are appropriate for clearing the NVRAM:
CLI Reference
•
When the system is first booted. This brings the NVRAM battery online for the
first time, so there may some garbled data and pre-startup ECC errors.
•
After a hardware failure where the NVRAM got corrupted with ECC errors. Use
the show chassis [nvram] command to check for non-recoverable ECC errors.
•
(Optional) After clearing all namespaces with delete startup-config and
rebooting. This eliminates stale namespace data in the NVRAM.
5-5
Chapter 5
Chassis Management
Sample
bstnA# clear nvr reload
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
This will erase the non‐volatile RAM (NVRAM).
The effects are:
All pending namespace transactions will be lost.
Any data that is in transition may become corrupted.
The chassis will reload immediately after clearing the NVRAM.
This should only be done on a switch that has been completely
unconfigured and removed from the network,
or on the advice of technical support.
Are you sure you want to clear non‐volatile RAM and reload the system? [yes/no] yes
Please enter your userid to confirm clearing the non‐volatile RAM: admin
% INFO: Success clearing non‐volatile RAM. Rebooting system....
System is resetting.
...
Related Commands
5-6
delete startup-config
clock set
clock set
Purpose
Mode
Security Role(s)
Syntax
Use the clock set command to set the time and/or date at the ARX.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clock set HH:MM:SS
clock set HH:MM:SS mm/dd/yyyy
HH:MM:SS is the time (for example, 06:00:00). Enter the local time, not the UTC
time.
mm/dd/yyyy (optional) sets the date (for example, 12/31/2003 for the 31st of
December, 2003).
Default(s)
Guidelines
If you omit the date specification, the date is unchanged.
Several processes, including those for RON, redundancy, and policy, have
clock-dependant algorithms that can be confused by a major change in time. In
general, you should avoid this command and use an NTP server instead (see below).
For this reason, the CLI prompts for confirmation before changing the time; enter yes
to proceed.
This command is unnecessary if you use the ntp server command to synchronize the
time to an accurate time source. An NTP server overrides the time you set with this
command. For the reason stated above, NTP is strongly recommended.
Use the show clock command to view the current time and date setting.
Samples
bstnA# clock set 11:00:00
Changing the time may have an adverse impact on the switch.
Are you sure? [yes/no] yes
sets the clock to 11 AM, local time.
bstnA# clock set 23:30:00
Changing the time may have an adverse impact on the switch.
Are you sure? [yes/no] yes
sets the clock to 11:30 PM.
bstnA# clock set 23:30:00 10/24/2004
Changing the time may have an adverse impact on the switch.
Are you sure? [yes/no] yes
sets the clock to 11:30 PM on October 24, 2004.
Related Commands
CLI Reference
ntp server
show clock
5-7
Chapter 5
Chassis Management
clock timezone
Purpose
Mode
Security Role(s)
Syntax
Use the clock timezone command to set the time zone at the ARX.
cfg
network-engineer or crypto-officer
clock timezone region city
clock timezone time‐zone‐name
clock timezone offset
region (1-64 characters) is the continent or ocean of the closet major city. Use <Tab>
to see a list of possible options.
city (1-64 characters) is the closet major city. As above, use <Tab> to see a list of
possible options.
time-zone-name (1-64 characters) is the name of the local time zone, if known (for
example, EDT, EST, or CDT). The CLI uses this to look up the region and city. Many
time-zone names are ambiguous; for example, CST maps to Central Standard Time,
China Standard Time, and Australian Central Standard Time. The CLI chooses a
region and city based on the current customer base. You can use show clock to see the
chosen region and city.
offset (optional; -1400 to 1200) is the offset from Coordinated Universal Time (UTC),
in hours and minutes (for example, five hours back is -0500 and 7.5 hours forward is
0730). As with the time-zone-name, the CLI uses this to look up the region and city.
Many offsets are ambiguous, too; they essentially choose a longitude, and many
longitudes cross through multiple cities with different time-keeping rules. The CLI
chooses a region and city based on the current customer base. After you set this
number, you can use show clock to see the time zone that corresponds to the offset.
Default(s)
Guidelines
None
A drastic clock change may have an adverse effect on policy or a number of other
time-dependent applications. The CLI issues a warning before changing the time; enter
yes to continue.
Use the show clock command to view the current time, date, and time zone settings.
Samples
bstnA# clock timezone America New_York
Changing the time may have an adverse impact on the switch.
Are you sure? [yes/no] yes
sets the time zone to that of New York City in the U.S.
bstnA# clock timezone EDT
...
sets the time zone to Eastern Daylight Time.
bstnA# clock timezone +0900
...
sets the time zone to 9 hours East of the Prime Meridian.
5-8
clock timezone
Related Commands
CLI Reference
show clock
5-9
Chapter 5
Chassis Management
dual-reboot
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Use the dual-reboot command to simultaneously reboot both peers in a redundant
pair. Use this command only on the advice of F5 Support.
priv-exec
network-engineer, storage-engineer, or crypto-officer
dual‐reboot
None
Guidelines
Important
This causes a service outage.
The CLI prompts for confirmation before rebooting both peers. Enter yes to proceed.
This command does not work on a standalone switch, where you can use reload to
reboot.
Sample
prtlndB# dual‐reboot
This command initiates a simultaneous reboot of both chassis in the redundant pair.
Do you wish to proceed? [yes/no] yes
06‐16 16:02:36 Rebooting: Dual reboot request was issued
...
Related Commands
5 - 10
reload
hostname
hostname
Purpose
Mode
Security Role(s)
Syntax
A hostname is set for the ARX as part of the initial boot process. Use the hostname
command to rename the ARX.
cfg
network-engineer or crypto-officer
hostname name
name (up to 32 characters) is the hostname that you choose for the ARX. Use only
alpha-numeric characters (0-9, a-z, A-Z), hyphens (-), and/or periods (.), as specified
in RFC 1035.
Default(s)
Guidelines
None
The hostname appears in the CLI prompt; consequently, this command changes the
prompt. All ARXes in your RON should have unique hostnames. The hostname is
case-sensitive: “BSTNA” is a different hostname than “bstnA.”
This is not the fully-qualified domain name (FQDN) for the ARX; use the ip
domain-list command to set one or more domains for the switch.
To create a login message for administrators, use the login-banner command.
Sample
bstnA(cfg)# hostname usaax11
usaax11(cfg)# changes the name of the current switch to “usaax11.”
Related Commands
CLI Reference
show hostname
ip domain-list
login-banner
5 - 11
Chapter 5
Chassis Management
login-banner
Purpose
After an administrator accesses the CLI or the GUI, a configurable text string appears.
You can use the login-banner command to create or edit this text string.
The no login-banner command removes the text string.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
login‐banner post‐auth {message | configs msg‐file}
no login‐banner
message (1-2000 characters) is the string to show after a successful authentication.
Quote this string if it contains any spaces.
configs msg-file (1-1024 characters) selects a file in the configs directory and uses its
text. Use the show configs command for a list of files in the configs directory, and
you can use the copy command to download a file to that directory. This file should be
no more than 768 bytes.
Default(s)
Guidelines
None
The login banner can contain access rules and/or a broadcast message to all ARX
administrators.
In a redundant pair of ARX peers, the login banner is unique for each chassis; use this
command on both peers if you want a login banner in each.
Samples
bstnA(cfg)# login‐banner post‐auth “Running‐config last saved 1/7 by J. User”
uses an informational message as a login banner.
bstnA(cfg)# login‐banner post‐auth configs banner.txt
uses a file in the configs directory, “banner.txt.”
Related Commands
5 - 12
hostname
probe metalog latency
probe metalog latency
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
The ARX-VE installation requires a “datastore” where the ARX stores important files,
including its metalog data. Namespace software records important information in the
metalog, possibly to be used later for a failure recovery. Namespace performance may
suffer unless the latency to this metalog datastore is 400 micro-seconds or less. Use the
probe metalog latency command to measure the latency between the ARX-VE and
its datastore.
priv-exec
crypto-officer or storage-engineer
probe metalog latency
None
ARX-VE only
Use this command after installing the ARX-VE, to confirm that the latency between
the ARX-VE is sufficiently small to ensure good performance. This runs a series of
I/O operations and measures the latency from each, then it shows the following values:
I/O Count is the number of I/O operations that the CLI ran.
Latency (usecs) is the average latency for all of those I/O operations, in
micro-seconds.
If the latency is consistently greater than 400 micro-seconds, we recommend
re-installing the ARX-VE and choosing another datastore. 250 micro-seconds or less
is recommended for best performance, if that latency is feasible. The ARX®-VE
Installation Guide contains instructions for installing the ARX-VE.
The show redundancy metalog command shows similar statistics, but it applies to
all platforms except the ARX-VE. The ARX-1500 and ARX-2500 store their metalog
data on their internal disks. On those platforms, you can use the show metalog usage
command to see the usage statistics for the internal metalog driver.
On all platforms, the namespace software keeps metalog read/write statistics. You can
use the show statistics metalog command to see these metalog-usage statistics from
a namespace-software perspective.
Sample
stkbrgA# probe metalog latency
Statistics:
I/O Count Latency (usecs)
‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1000 340
measures and displays the latency between the current ARX-VE and its metalog
datastore. This latency is acceptable.
Related Commands
CLI Reference
show redundancy metalog
show metalog usage
show statistics metalog
5 - 13
Chapter 5
Chassis Management
reload
Purpose
Mode
Security Role(s)
Syntax
Use the reload command to reboot the ARX. The ARX then comes up with the
current “armed” software release. (By default, the “armed” release is the
currently-running release; you can change it to a new release with the boot system
command.)
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
reload [collect‐diags] [reason]
collect-diags (optional) causes a diagnostic-collection process before the reload. This
is useful for capturing the state of the ARX in case of a failure that requires further
diagnosis.
reason (optional, 1-255 characters) is a comment you can enter to appear in syslog.
This is useful when reviewing the logs during testing and diagnostics.
Default(s)
Guidelines
None
The following prompt appears for confirmation:
Reload the entire chassis? [yes/no/diags] Enter yes to reboot.
Enter diags if you want to collect diagnostic information and then reboot. This is
equivalent to using the collect-diags option in the command. The collected
information is a subset of the information captured by the standard collect state
command. After the ARX reloads, use collect diags to gather other relevant
information (along with the data collected before reboot) and upload the full
diagnostic package to F5 Support.
To power off the system and prepare it for a planned power outage, you can use the
shutdown command.
Guidelines: Other
Applications
This command can be the final step for upgrading software on the switch. Use reload
to restart all modules after you use boot system to arm the switch with a new release
file. You can use show boot or show version to verify that the switch is armed with
the desired release file.
If someone deleted the full configuration (with delete startup-config) before running
this command, all configuration changes are lost after the ARX reloads. The CLI
warns you of this and prompts for confirmation; you can enter no and run restore
startup-config to preserve your configuration. To remove all configuration
parameters, enter yes.
5 - 14
reload
Samples
bstnA# reload
Reload the entire chassis? [yes/no/diags] yes
...
reloads the ARX, perhaps to complete a software upgrade.
bstnA# reload collect‐diags
Reload the entire chassis? [yes/no] yes
...
collects diagnostic-state information and then reloads the ARX. After the reboot,
this next command uploads that state information along with additional
diagnostics:
bstnA# collect diag‐info ftp://jpublic:jpwd@ftp.wwmed.com/diags
Collect diagnostic information? [yes/no] yes
...
Related Commands
CLI Reference
collect
boot system
show boot
shutdown
restore startup-config
5 - 15
Chapter 5
Chassis Management
resource-profile
Purpose
The resource profile of an ARX is the allocation of its processes amongst its CPU
cores, where each CPU core is dedicated to one process type: system processes,
fastpath processes, or volume-group processes. Software Release 6.2.0 introduced an
optimized resource profile for the ARX-2500. An ARX-2500 with an earlier software
release retains the legacy profile. The new, optimized profile is recommended. Use the
no resource-profile legacy command to upgrade the resource profile on the current
chassis.
On the advice of F5 personnel only, you can use resource-profile legacy to return to
the legacy profile.
Mode
Security Role(s)
Syntax
Default(s)
cfg
crypto-officer or network-engineer
no resource‐profile legacy
resource‐profile legacy
resource‐profile legacy
after an upgrade from a pre-6.2.0 release.
no resource‐profile legacy
for any ARX-2500 shipped with 6.2.0 or a later release.
Valid Platforms
Guidelines
ARX-2500 only
After you use this command, you must reload the ARX-2500 for the change to take
effect. If you have a redundant pair of ARX-2500 devices (see redundancy), run this
command on both peers and then use the dual-reboot command to reboot both of
them at once.
The above is also true if you replay a running-config script with the resource-profile
legacy setting. (One method of replaying a running-config is to save the file on the
ARX-2500 and use the run command.) After replaying the config script, you must
reload the ARX-2500 for resource-profile legacy to take effect.
The optimized resource profile assigns 3 cores, each running on separate hardware, to
fastpath processes. It assigns 3 more to volume-group processing, and the remaining 2
cores to system processes.
The legacy resource profile assigns 4 cores to fastpath processes, 2 on one hardware
module and 2 on another. The cores share their hardware resources in this
configuration. The legacy profile also assigns 2 more to volume-group processes and
the final 2 cores to system processes.
You can use the show processors command to see the current resource profile on
your chassis.
5 - 16
resource-profile
Sample
stoweA(cfg)# no resource‐profile legacy
stoweA(cfg)# end
stoweA# reload
Reload the entire chassis? [yes/no/diags] yes
...
upgrades the current ARX-2500, “stoweA,” to an optimized resource profile. This
resource profile is generally recommended.
Related Commands
CLI Reference
reload
dual-reboot
show processors
5 - 17
Chapter 5
Chassis Management
show baudrate
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Sample
Related Commands
5 - 18
Use the show baudrate command to show the baud rate for the Console (serial)
interface.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show baudrate
The serial interface is the port labeled “Console” on the front panel.
bstnA# show baudrate
The serial port baud rate is 9600.
show chassis
show chassis
Purpose
Mode
Security Role(s)
Syntax
Use the show chassis command to display chassis, disk, slot, module, port, and/or
temperature information.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show chassis [chassinfo | private‐subnet | diskuse | slotinfo | moduleinfo | temperature | metalog | nvr | summary] chassinfo | ... | nvr is an optional choice to focus on one group of chassis tables. If you
omit this, the command shows all groups.
chassinfo - specifies chassis-related tables (as opposed to slot- or module-related)
with high-level environment, disk, and power supply information.
private-subnet - displays the private subnet that the switch uses for inter-process
communication in the chassis. Every chassis in the RON (see ron tunnel) must
have a unique private subnet.
diskuse - displays disk usage and directories on the system drive.
slotinfo - focuses on the slots.
moduleinfo - shows model information and firmware versions for each module.
temperature - specifies a table of sensor temperatures.
metalog - is only available on the ARX-1500 and ARX-2500. This option shows
the statistics for metalog-driver software on this chassis. The metalog driver
records important recovery data for namespace software, and (in a redundant pair)
copies the data to the peer ARX.
nvr - is only available on the ARX-500, ARX-2000, and ARX-4000. This option
shows the NVRAM-battery state and whether or not there are any ECC errors.
The ARX-1500 and ARX-2500 store their metalog data on the RAID instead of
the NVRAM; use the metalog option (above) to monitor the metalog-protection
mechanism for those device types.
summary - shows a summary of the chassis state.
Guidelines
The show chassis command displays several tables. You can focus on a smaller
group of tables by using one of the optional keywords. Each group of tables is
described in its own section, below.
These tables only appear if they are relevant to the current chassis type.
CLI Reference
5 - 19
Chapter 5
Chassis Management
Guidelines: chassinfo
The chassinfo section contains the following tables:
Identification — the hostname and the Universally-Unique ID (UUID) for the chassis.
Use hostname to change the hostname. You can only change the UUID through the
initial-startup script.
Chassis shows the chassis type, a model number, hardware version (where
applicable), and the serial number.
Chassis Environment contains the base MAC address for all modules (for a chassis
with multiple modules, the individual modules’ MACs appear in moduleinfo), power
status, fan status, and chassis temperature:
•
Power can be “Online,” “Online Partial” (one power supply is working, the other
is absent), or “Failed Partial” (one is working, the other failed).
•
Fan(setting) shows the fan status and its speed setting. The fan status can be
“Online,” “Not Present,” “Fault” (the fan tray failed), or “Ctr Fail” (the control to
the fan-tray failed). The speed setting is in parentheses, and is “high,” “medium,”
“low,” or “Unk” (unknown).
•
The temperature setting(s) next are customized for certain chassis types:
–
System Temp., CPU Temp. and CPU show the ambient chassis
temperature, the temperature of the CPU chip, and the current CPU speed.
This appears only for the platforms that support both ambient and CPU
temperature readings (such as the ARX-2500). The System Temp can be
“Normal,” “Too high,” or “Failed” (temperature monitoring failed), followed
by both temperatures in Celsius.
The CPU speed is relevant because these chassis types automatically reduce
the CPU speed if the temperature is too high. This shows the current CPU
speed followed by an indication of whether or not the speed has been
reduced; “(Normal)” means that the CPU is running at 100%, a percentage
(such as “85%”) indicates that the CPU has been throttled back.
–
Temperature appears for other chassis types. This is the same as the
System Temp. described above.
Power Details appears for the ARX-1500, ARX-2000, ARX-2500, and ARX-4000,
which have redundant power supplies. This has one row for each power supply
showing the power-supply state (“Online,” “Absent,” or “Failed”).
The ARX-1500 and ARX-2500 each have redundant power supplies, A and B.
They are accessible from the back of the chassis, on the left side. Each power
supply has a plug for its power cable.
The ARX-2000 also has redundant power supplies, 1/1 (on top) and 1/2 (under
1/1). They are accessible from the back of the chassis, on the right side. Each
power supply has a plug for its power cable.
The ARX-4000 has redundant power supplies in both the control plane and the
dataplane; these are numbered 1/1 and 1/2 for the control plane (in the top half of
the chassis) and 2/1 and 2/2 for the data plane (on the bottom half). All power
supplies are accessible from the back of the chassis, on the right side. Each power
supply has a plug for its power cable.
Guidelines:
private-subnet
5 - 20
This shows the VLAN (where applicable; for example, the ARX-VE uses only VLAN
1 and the ARX-1500 and ARX-2500 have no private VLAN, so this does not appear
for those platforms), Subnet, and Subnet Mask for the private subnet on this chassis.
You set this when you install the switch. You can reset it with ip private vlan or ip
private subnet reassign. This subnet must be unique for all switches in a Resilient
Overlay Network (RON); see ron tunnel for more information about a RON.
show chassis
Guidelines: diskuse
The first three tables only appear for a chassis with replaceable disks (any platform
except the ARX-500 or the ARX-VE). The SATA Drive Details table appears for the
ARX-500. The Disk Usage table appears for all chassis types.
Logical Disk Details shows the status of the RAID as a single, logical disk.
Disk is always 1. This represents the single, logical disk comprised of the disks in
the table below.
Status is “Optimal” (both disks are working), “Degraded” (one disk failed or is
degraded), “Verifying n%” (someone issued the raid verify command to verify
disk integrity; the percentage shows the progress of the verification test), or
“Failed.”
Verification Mode is “Manual” or “Automatic,” as set by the raid
verification-mode command.
Verification Rate is the percentage of CPU that the RAID can use for verifying a
disk. You can change this for manual verifications with raid verification-rate.
Disk Details shows the location and size of each disk, disk state, the data-transfer rate,
and the model number.
Disk indicates the location of the physical disk: Bay 1 is on top of Bay 2 in all
chassis types with replaceable disks.
Size is the full capacity of the disk.
State is “Online,” “Degraded,” (the disk may fail soon), “Rebuild n%” (someone
used raid rebuild to add the disk to the RAID; the percentage shows the progress
of the rebuild), “Not Present,” “Failed,” or “Unknown.”
Transfer Rate is the current throughput on the disk’s bus channel. This is
negotiated at startup between the disk controller and the disks themselves. The
next table shows the maximum rate allowed by the controller.
Model is the specific model number of the disk drive.
RAID Controller Details displays the current RAID settings.
Rebuild Rate is the percentage of CPU that the RAID can use for rebuilding a
disk. You can change this with raid rebuild-rate.
Max Transfer Rate is the maximum throughput allowed on the disk’s bus
channel.
Firmware is firmware version running on the disk controller.
RAID Alarm is “Enabled” or “Disabled.” You can disable the alarm with the raid
silence command.
SATA Drive Details appears for an ARX-500 with a Serial ATA (SATA) disk drive.
Firmware is firmware version running on the disk.
Model and
Serial identify the disk drive.
Disk Usage shows the switch’s software directories and their total space (in MB),
used space (MB), free space (MB), and used percentage (%).
CLI Reference
5 - 21
Chapter 5
Chassis Management
Guidelines: slotinfo
Slot Environment, the only table in the slotinfo group, shows each slot’s contents and
status:
•
Slot is the location of the module in the chassis. This is1 (the control plane on the
top half) or 2 (the data plane on the bottom) for the ARX-4000. It is always 1 for
the ARX-500 or ARX-2000.
•
Type is “ACM“ (for the control plane on top) or “NSM” (for the data plane on the
bottom) on the ARX-4000. For the ARX-500 or ARX-2000, the single slot
contains an “ACM.”
•
State is the current state of the module. This is one of the module states
documented for the show version command; see Guidelines: Module States,
on page 5-54.
•
Power can be “Online,” “Degraded,” or “Failed.”
•
Temperature is the aggregate of all temperature-sensor readings in the module.
This is either “Normal” or “Too High,” along with the current temperature range
on the module.
•
NVR Battery appears for the NSM on the ARX-4000 or the ACM on the
ARX-500 or ARX-2000. This is the battery status for Non-Volatile RAM
(NVRAM). The possible values in this field are “Good,” “Missing,” “Charging,”
“Testing,” “Degraded,” or “Failed.” The NVRAM stores transaction logs from the
ACM, which are critical for failure recovery. The battery provides extra protection
for these logs. Contact F5 Support if the status is “Missing,” “Degraded,” or
“Failed;” you may need a battery upgrade.
•
Drive appears only for the ACM. This shows the drive type (LSI, IDE, or SATA)
and status for the internal disk(s). The possible status values are “Good,”
“Degraded,” “Error,” or “Unknown.” If the status is “Degraded” or “Error,”
replace the drive (for an ARX-1500, ARX-2000, ARX-2500, or ARX-4000)
and/or contact F5 personnel (for an ARX-500). An “Unknown” status would
likely be caused by an error in the drive-detection software.
The ARX-VE has no hardware, so this option generates no output when you run it on
that platform. This option also generates no output when you run it on the ARX-1500
or the ARX-2500.
Guidelines: Port
Media Details Table
Port Media Details only appears in the summary view (without any options) for the
platforms that support 10G optics. These are the ARX-2500 and the ARX-4000. Each
of these platforms supports up to two transceivers. Each row shows the following
details about one of the transceivers:
Slot/Port, also identified on the front panel, identify the transceiver’s port,
Type, is the particular transceiver model,
Vendor shows the manufacturer of the transceiver, and
Status, which is Good, Bad, Present, Not Present, Absent, or Unknown.
5 - 22
show chassis
Guidelines:
moduleinfo
The VM Information table only appears for the ARX-VE, which is a Virtual
Appliance (VA, which is similar to a VM):
vMAC Address is the virtual MAC address assigned to the ARX-VE.
Adapter describes the network controller used by the ARX-VE.
Module is the heading for several tables with details of each module.
The first table describes the hardware in each module:
Slot is the module’s slot number.
Ports is the number of ports on the module.
Procs is the number of processors.
Card is the card type: SCM_40, NSM, NSM_TX/FX, ASM/ASM_FC, or ACM.
This does not appear on the ARX-VE.
Hardware only appears for the ARX-VE. This describes the CPU and memory
resources reserved for the ARX-VE.
Xeon is the CPU speed for all Xeon processors (used in every module except the
NSM) and memory that is allocated to each Xeon processor. This does not appear
on the ARX-VE.
Sibyte is the CPU speed for all SiByte processors (used on the NSM and
standalone ACMs) and the memory allocated to each SiByte complex. Each
SiByte complex has two MIPS-processor cores. This does not appear for the
ARX-VE, ARX-1500, or ARX-2500; none of these systems contain SiByte
processors.
Serial is the module’s serial number. This does not appear for the ARX-VE,
ARX-1500, or ARX-2500; for those systems, refer to the overall chassis serial
number in the show chassis chassinfo output.
The second table shows the range of MAC addresses assigned to the module and its
current hardware revision (the major-revision letter and minor-revision number, along
with any Rework or Deviation on the module). For the ARX-1500 and ARX-2500, this
shows the BIOS version. This table does not appear for the ARX-VE.
The final tables do not appear for the ARX-VE, ARX-1500, or ARX-2500.
The third table displays the revisions for the Complex Programmable Logic Devices
(CPLDs) on the module, the Reset CPLD, the Keeper CPLD, the Power CPLD
(ARX-4000 only), and the MUX CPLD (also ARX-4000 only):
CLI Reference
•
The Reset CPLD coordinates hardware resets when the chassis powers up.
•
The Keeper CPLD, in conjunction with an FPGA, ensures that all
client-transaction logs are stored safely in NVRAM before the chassis powers
down.
•
The Power CPLD (ARX-4000 only) coordinates the distribution of power from
multiple power supplies to the chassis components.
•
The MUX CPLD (ARX-4000 only) multiplexes status signals from various
internal components and sends a unified signal to the NVR FPGA (described
below). This also activates/deactivates various LEDs on the external panels.
•
The BIOS Version appears for the control plane (or ACM) on the ARX-500 and
the ARX-4000.
5 - 23
Chapter 5
Chassis Management
Guidelines:
moduleinfo (cont.)
The next table shows versions for bootstrap, diagnostics, and boot-loader firmware.
These components manage the module’s boot process: the bootstrap software starts the
hardware, then the diagnostics run to verify the hardware functions, and finally the
boot-loader loads and starts all of the system software. These come bundled with each
software release; to install the versions that came with the latest release, use the
firmware upgrade command.
The final table presents FPGA information, which varies from platform to platform:
ARX-4000 and ARX-2000 - the table contains the versions of the LBA FPGA and
the NVR FPGA. The LBA (Load-Balancing Algorithm) FPGA merges inbound
packets from the external interfaces to the NSM cores. The NVR FPGA manages
the NVR, monitors chassis status through the MUX CPLD, and runs a watchdog
process that reboots the chassis in the event of a serious failure.
ARX-500 - the versions for one FPGA and the boot-related firmware on the NSM
processors. The FPGA is a hybrid of the NVR and MTL FPGAs.
Guidelines:
temperature
Temperature Details shows temperature-sensor information from each module.
For the ARX-1500 and ARX-2500, the table shows the following fields:
Slot is always “1.”
Module is always “ACM.”
System Temp. shows the ambient chassis temperature in Celsius.
CPU Temp. shows the temperature of the CPU chip in Celsius.
CPU shows the current CPU speed. These chassis types automatically reduce the
CPU speed if the temperature is too high. This field shows the current CPU speed
followed by an indication of whether or not the speed has been reduced;
“(Normal)” means that the CPU is running at 100%, a percentage (such as “85%”)
indicates that the CPU has been throttled back.
Fan Status shows the fan status and its speed setting. The fan status can be
“Online,” “Not Present,” “Fault” (the fan tray failed), or “Ctr Fail” (the control to
the fan-tray failed). The speed setting is in parentheses, and is “high,” “medium,”
“low,” or “Unk” (unknown).
For all other hardware platforms, each processor has one temperature sensor
positioned near the processor. The sensor takes its own “local” reading for the ambient
temperature of the processor, and it takes a “remote” reading from the processor itself.
The remote reading is the temperature of the processor’s silica.
5 - 24
show chassis
Guidelines: metalog
Metalog Usage shows the statistics for metalog usage on this chassis.
Status is the status of the metalog driver software, which writes metalog packets to an
internal NFS export and duplicates them to a twin driver in the redundant peer (if there
is one). The possible options are “Standalone” (there is no redundant peer), “Active”
(the driver is duplicating all metalog packets to the redundant peer), and “Standby”
(the driver is receiving all metalog packets from the Active peer).
Statistics is a table with metalog-usage statistics:
I/O Count is the number of metalog packets sent to local storage (and remote
storage, if this is the Active chassis in a redundant pair).
Retransmit Count only increments on the Active peer in a redundant pair. This is
the number of metalog transmissions to the Standby peer that required a retry.
Hourly Latency (usecs) is the average latency in micro-seconds between the
ARX and its local metalog storage. This number is updated once per hour. On the
“Active” peer, this is the longer of two events that occur in parallel: writing the
data to the local partition and writing the same data to the Standby peer’s
partition.
You can use show metalog usage to show all of the hourly metalog statistics since
the last ARX reboot. The clear metalog usage command clears these statistics and
restarts them at 0 (zero).
This output only appears on a chassis with an internal metalog driver, but namespace
software keeps metalog read/write statistics on all chassis types. On any platform, you
can use the show statistics metalog command to see these read/write statistics from
a namespace perspective.
Guidelines: NVR
The NVR table shows the following information about the state of the hardware that
protects Non-Volatile RAM:
NVR Battery is the battery status for Non-Volatile RAM (NVR or NVRAM). The
possible values in this field are “Good,” “Missing,” “Charging,” “Testing,”
“Degraded,” or “Failed.” The NVRAM stores transaction logs from the control
plane, called metalog data, which are critical for failure recovery. The battery
provides extra protection for these logs in the event of a power outage.
ECC State is the state of the Error-Correction Circuitry (ECC). The ECC checks
all data as it is read from NVRAM, and generates errors if it detects any
corruption. This can be “No Error,” “Pending,” “Non-Correctable Error,” or
“Unknown.” A “Non-Correctable Error” state is serious; contact F5 personnel if
you see this.
NVR Size (MB) is the size of the NVRAM region, in MegaBytes.
The ARX-VE has no NVRAM hardware, so this option generates no output when you
run it on that platform. The nvr option does not even appear on the ARX-1500 and
ARX-2500, which also do not support NVRAM hardware.
Samples
Related Commands
CLI Reference
Figure 5.1 on page 5-26, Figure 5.2 on page 5-27, Figure 5.3 on page 5-30,
Figure 5.4 on page 5-31, Figure 5.5 on page 5-31, and Figure 5.6 on page 5-33
show sample output for the show chassis command on the ARX-4000, ARX-2500,
ARX-1500, ARX-VE, ARX-2000, and ARX-500 respectively.
show processors
5 - 25
Chapter 5
Chassis Management
Figure 5.1 Sample Output: show chassis (ARX-4000)
bstnA> show chassis
Identification:
Hostname UUID
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
bstnA d9bdece8‐9866‐11d8‐91e3‐f48e42637d58
Chassis:
Chassis Type Model Number HW Ver. Serial Number
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
ARX‐4000 SR2500ALLXR BZDS80701617
Private Subnet:
VLAN Subnet Subnet Mask
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1010 169.254.66.0 255.255.255.0
Chassis Environment:
Base MAC Address Power Fan(setting) System Temp. CPU Temp.
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
00:0a:49:17:9e:00 Online Partial Online (Unk) Normal(<62 C)
Power Details:
Supply State
‐‐‐‐‐‐ ‐‐‐‐‐
1/1 Failed
1/2 Online
2/1 Failed
2/2 Online
Logical Disk Details:
Disk Status Verification Mode Verification Rate
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Degraded Manual 50 %
Disk Details:
Disk Size State Transfer Rate Model
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Bay 1 136.73G Failed 3.0Gb/sec ST3146855SS
Bay 2 136.73G Online 3.0Gb/sec ST3146855SS
RAID Controller Details:
Rebuild Rate Max Transfer Rate Firmware RAID Alarm
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
85 % 3.0Gb/sec 7.0.1‐0075 Enabled
Slot Environment:
Slot Type State Power Temperature NVR Battery Drive
‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐
1 ACM Online Degraded Normal N/A LSI Degraded
2 NSM Online Degraded Normal Good
Module:
Slot Ports Procs Card Xeon Sibyte Serial
‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
1 0 1 ACM 2.6 GHz 16128 MB N/A BZDS80701617
2 14 12 NSM N/A 900 MHz 4096 MB 006046
Slot MAC Address HW Version Rework Deviation
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 000A49179E00 to 000A49179E3F
5 - 26
show chassis
2 000A49179E40 to 000A49179E9F B 0
Slot Reset Keeper Power Mux BIOS Version
CPLD CPLD CPLD CPLD
‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 N/A N/A N/A N/A S5000.86B.10.00.0094.101320081858
2 14 3 5 4
Slot Boot Version Diag Version BootLdr Version
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 N/A N/A N/A
2 5.02.000.12627 5.02.000.12627
FPGA Version
Slot LBA NVR
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 N/A N/A
2 65 71
Port Media Details:
Slot/Port Type Vendor Status
‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2/1 10GBASE‐SR X2 Intel Good
2/2 10GBASE‐SR X2 Intel Bad
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 2331 1754 459 80%
Releases 5285 3402 1614 68%
Logs 54951 125 52033 1%
Cores; DiagInfo; Lists 21133 342 19717 2%
Scripts 3172 67 2944 3%
Reports 8458 36 7991 1%
Temperature Details:
Sensor 1 (C) Sensor 2 (C) Sensor 3 (C) Sensor 4 (C)
Slot Module Local Remote Local Remote Local Remote Local Remote
‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐
1 ACM 31 22 N/A N/A N/A N/A N/A N/A
2 ACM 28 46 29 42 39 46 N/A N/A
NVR:
NVR Battery ECC State NVR Size (MB)
‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
Good No Error 2048
Figure 5.2 Sample Output: show chassis (ARX-2500)
stoweA> show chassis
Identification:
Hostname UUID
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
stoweA 05d5a0fa‐f2fb‐11df‐8daf‐af50d57e388e
Chassis:
Chassis Type Model Number Serial Number
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
ARX‐2500 ARX2500HE‐F5 XX‐ABCD‐0447
CLI Reference
5 - 27
Chapter 5
Chassis Management
Private Subnet:
Subnet Subnet Mask
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
169.254.96.0 255.255.255.0
Chassis Environment:
Base MAC Address Power Fan(setting) System Temp. CPU Temp. CPU
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
00:0a:49:75:44:00 Online Online (high) Normal 29 C 36 C 2.6 GHz (Normal)
Power Details:
Supply State
‐‐‐‐‐‐ ‐‐‐‐‐
A Online
B Online
Logical Disk Details:
Disk Status Verification Mode Verification Rate
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Optimal Automatic 10 %
Disk Details:
Disk Size State Transfer Rate Model
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Bay 1 136.91G Online 3.0Gb/sec HUC103014CSS600
Bay 2 136.91G Online 3.0Gb/sec HUC103014CSS600
RAID Controller Details:
Rebuild Rate Max Transfer Rate Firmware RAID Alarm
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
90 % 3.0Gb/sec 5.2‐0[17945] Enabled
Module:
Slot Ports Procs Card Xeon ECC State
‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 6 1 ACM 2.6 GHz 16128 MB Good
Slot MAC Address BIOS Version
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 000A49754400 to 000A497544FF 080015.20110308.1.3.00004
Port Media Details:
Slot/Port Type Vendor Status
‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2/1 OPT‐0016(Short Reach) Finisar Present
2/2 OPT‐0016(Short Reach) Finisar Present
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 3173 1813 1198 61%
Releases 6345 3434 2588 58%
Logs 52838 217 49936 1%
Cores; DiagInfo; Lists 21133 3959 16100 20%
Scripts 3172 68 2943 3%
Reports 8458 34 7994 1%
Metalog Usage:
Status: STANDALONE
Statistics:
5 - 28
show chassis
I/O Count Retransmit Count Hourly Latency (usecs)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
7545 0 36
CLI Reference
5 - 29
Chapter 5
Chassis Management
Figure 5.3 Sample Output: show chassis (ARX-1500)
canbyA> show chassis
Identification:
Hostname UUID
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
canbyA 64a6417e‐cc3d‐11df‐80ca‐a73fbeb72ef8
Chassis:
Chassis Type Model Number Serial Number
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
ARX‐1500 ARX1500LE‐F5 XX‐ABCD‐0446
Private Subnet:
Subnet Subnet Mask
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
169.254.90.0 255.255.255.0
Chassis Environment:
Base MAC Address Power Fan(setting) System Temp. CPU Temp. CPU.
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
00:0a:49:75:41:00 Online Online (high) Normal 30 C 39 C 2.6 GHz (Normal)
Power Details:
Supply State
‐‐‐‐‐‐ ‐‐‐‐‐
A Online
B Online
Logical Disk Details:
Disk Status Verification Mode Verification Rate
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Optimal Automatic 10 %
Disk Details:
Disk Size State Transfer Rate Model
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Bay 1 136.91G Online 3.0Gb/sec HUC103014CSS600
Bay 2 136.91G Online 3.0Gb/sec HUC103014CSS600
RAID Controller Details:
Rebuild Rate Max Transfer Rate Firmware RAID Alarm
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
90 % 3.0Gb/sec 5.2‐0[17945] Enabled
Module:
Slot Ports Procs Card Xeon ECC State
‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 8 1 ACM 2.6 GHz 8192 MB Good
Slot MAC Address BIOS Version
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 000A49754100 to 000A497541FF 080015.20110308.1.3.00004
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 3173 1813 1199 61%
Releases 6345 3523 2500 59%
Logs 52838 67 50086 1%
Cores; DiagInfo; Lists 21133 485 19574 3%
Scripts 3172 62 2949 3%
5 - 30
show chassis
Reports 8458 34 7994 1%
Metalog Usage:
Status: STANDALONE
Statistics:
I/O Count Retransmit Count Hourly Latency (usecs)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
77332 0 37
Figure 5.4 Sample Output: show chassis (ARX-VE)
stkbrgA# show chassis
Identification:
Hostname UUID
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
stkbrgA e9e786f6‐cb13‐11df‐a230‐7f4d2a0b939d
Chassis:
Chassis Type Model Serial Number
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
ARX‐VE VMware 7530570
Private Subnet:
Subnet Subnet Mask
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
169.254.221.0 255.255.255.0
VM Information:
vMAC Address Adapter
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
00:50:56:88:00:6e VMXNET3 Ethernet Controller
Module:
Slot Ports Card Hardware
‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 1 ACM (1) Intel(R) Xeon(R) CPU E5520 @ 2.27GHz, 2048 MB
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 3173 1684 1328 56%
Releases 6353 3128 2902 52%
Logs 7238 70 6799 2%
Cores; DiagInfo; Lists 9508 39 8986 1%
Scripts 3169 48 2959 2%
Reports 6339 33 5983 1%
Figure 5.5 Sample Output: show chassis (ARX-2000)
prtlndA> show chassis
Identification:
Hostname UUID
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
prtlndA 876616f6‐79ac‐11d8‐946f‐958fcb4e6e35
Chassis:
Chassis Type Model Number HW Ver. Serial
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
CLI Reference
5 - 31
Chapter 5
Chassis Management
ARX‐2000 SR2500ALLXR BZDS75100014
Private Subnet:
VLAN Subnet Subnet Mask
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1008 169.254.100.0 255.255.255.0
Chassis Environment:
Base MAC Address Power Fan(setting) System Temp. CPU Temp.
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
00:0a:49:27:84:00 Online Partial Online (Unk) Normal(<62 C)
Power Details:
Supply State
‐‐‐‐‐‐ ‐‐‐‐‐
1/1 Online
1/2 Unknown
Logical Disk Details:
Disk Status Verification Mode Verification Rate
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Optimal Automatic 10 %
Disk Details:
Disk Size State Transfer Rate Model
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Bay 1 136.73G Online 3.0Gb/sec ST3146855SS
Bay 2 136.73G Online 3.0Gb/sec ST3146855SS
RAID Controller Details:
Rebuild Rate Max Transfer Rate Firmware RAID Alarm
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
90 % 3.0Gb/sec 7.0.1‐0061 Enabled
Slot Environment:
Slot Type State Power Temperature NVR Battery Drive
‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐
1 ACM Online Degraded Normal Missing LSI Good
Module:
Slot Ports Procs Card Xeon Sibyte Serial
‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
1 13 5 ACM 2.3 GHz 12032 MB 1.2 GHz 4096 MB 0306063
Slot MAC Address HW Version Rework Deviation
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 000A4917AF00 to 000A4917AF9F B 0
Slot Reset Keeper Power Mux BIOS Version
CPLD CPLD CPLD CPLD
‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 14 3 5 4 S5000.86B.10.00.0094.101320081858
Slot Boot Version Diag Version BootLdr Version
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 5.01.000.11908 5.01.000.11908
FPGA Version
Slot LBA NVR
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 66 71
5 - 32
show chassis
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 2331 1404 808 64%
Releases 5285 2673 2343 54%
Logs 54951 180 51978 1%
Cores; DiagInfo; Lists 21133 142 19917 1%
Scripts 3172 47 2963 2%
Reports 8458 33 7994 1%
Temperature Details:
Sensor 1 (C) Sensor 2 (C) Sensor 3 (C) Sensor 4 (C)
Slot Module Local Remote Local Remote Local Remote Local Remote
‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐
1 ACM 30 23 25 39 N/A N/A N/A N/A
NVR:
NVR Battery ECC State NVR Size (MB)
‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
Missing No Error 1024
Battery Charger:
Power Sensor Status
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Charging Current 0 mA Normal ( <1200 mA)
Pack Voltage 0 mV Normal ( <17200 mV)
Cell Voltage 0 mV Normal ( <4300 mV)
Figure 5.6 Sample Output: show chassis (ARX-500)
provA> show chassis
Identification:
Hostname UUID
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
provA 876616f6‐79ac‐11d8‐946f‐958fcb4e6e35
Chassis:
Chassis Type Model Number HW Ver. Serial
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
ARX‐500 SR1500ALR (Alcolu) BZDG80502043C
Private Subnet:
VLAN Subnet Subnet Mask
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1006 169.254.245.128 255.255.255.192
Chassis Environment:
Base MAC Address Power
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
00:0a:49:0f:58:00 Online
SATA Drive Details:
Firmware Model Serial
‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
04.04V02 WDC_WD1500HLFS‐01G6U0 WD‐WXL708114721
Slot Environment:
Slot Type State Power Temperature NVR Battery Drive
‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐
1 ACM Online Online Normal ( <45 C) Good SATA Good
CLI Reference
5 - 33
Chapter 5
Chassis Management
Module:
Slot Ports Procs Card Xeon Sibyte Serial
‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
1 2 2 ACM 2.0 GHz 4096 MB 700 MHz 512 MB 3928
Slot MAC Address HW Version Rework Deviation
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 000A490F580F to 000A490F5810 C 6 0 0
Slot Reset CPLD Keeper CPLD BIOS Version
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 5 5 S5000.86B.10.00.0094.101320081858
Slot FPGA Version NSM Boot Version NSM Diag Version NSM BootLdr Version
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 macau 11 5.01.000.11898 5.01.000.11898 5.01.000.11898
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 2331 1408 804 64%
Releases 5285 2646 2370 53%
Logs 54951 58 52100 1%
Cores; DiagInfo; Lists 21133 69 19990 1%
Scripts 3172 101 2910 4%
Reports 8458 33 7994 1%
Temperature Details:
Sensor 1 (C) Sensor 2 (C) Sensor 3 (C) Sensor 4 (C)
Slot Module Local Remote Local Remote Local Remote Local Remote
‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐
1 ACM 0 0 26 44 0
NVR:
NVR Battery ECC State NVR Size (MB)
‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
Good No Error 128
5 - 34
show clock
show clock
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show clock command to see the current time/date setting on the ARX.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show clock
The ARX has a separate clock in each module, synchronized internally through NTP.
The clock display is from the ACM, which has the master clock for all processes in the
switch.
Use the clock set command to reset the clock. Use the clock timezone command to
reset the time zone. Use the ntp server command to synchronize the clock with an
external NTP server.
Sample
stoweA# show clock
Local time: Mon 03 Nov 2008 01:48:45 AM EST ‐0500 America New_York
Universal time: Mon 03 Nov 2008 06:48:45 AM UTC
Related Commands
CLI Reference
clock set
clock timezone
ntp server
5 - 35
Chapter 5
Chassis Management
show hostname
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Sample
Related Commands
5 - 36
Use the show hostname command to see the ARX’s hostname.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show hostname
To set the hostname, use the cfg-mode hostname command.
bstnA(cfg)# show hostname
bstnA
bstnA(cfg)# hostname
show memory usage
show memory usage
Purpose
Mode
Security Role(s)
Syntax
The show memory usage command shows usage statistics for ARX memory.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show memory usage [report]
report (optional) causes the CLI to create a report instead of showing output on the
command line. The CLI shows the report name after you type the command. The
report is named “memory_usage_yyyymmddHHMMSS.rpt,” where
yyyymmddHHMMSS is the date and time when the report was created. Use show
reports to list all reports and view the report’s contents.
Platforms
Guidelines
ARX-1500 and ARX-2500
The output contains a table with 3-hour samples of memory usage, where the
most-recent sample is at the top. Every row of the table shows the memory usage for
one 3-hour sample:
Date
MM/DD is the month and day of the 3-hour sample.
Time Interval is the start time and end time for the 3-hour sample.
%Memory shows the low, average (Avg), and high percentages of memory used
during the sample period.
Use the show processors usage command to show similar statistics for all
processors on the switch; for other platform types, such as the ARX-2000, this also
includes memory-usage statistics. The show system tasks command shows the
currently-running tasks on one or more processors.
Samples
stoweA# show memory usage
shows the memory-usage statistics for all processors on an ARX-2500. See
Figure 5.7 on page 5-38 for sample output.
canbyA# show memory usage report
Scheduling report: memory_usage_201103220344.rpt
canbyA#
sends the processor-usage statistics for an ARX-1500 to a report. See Figure 5.8
on page 5-38 for a sample report.
Related Commands
CLI Reference
show processors usage
show system tasks
5 - 37
Chapter 5
Chassis Management
Figure 5.7 Sample Output: show memory usage
stoweA# show memory usage
Memory Usage:
Date %Memory
MM/DD Time Interval Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
03/22 01:00 ‐ 03:27 11 12 12
03/21 22:00 ‐ 01:00 11 11 11
Figure 5.8 Sample Report: memory_usage...
canbyA# show reports memory_usage_201103220344.rpt
**** Memory Usage Report: Started at Tue Mar 22 03:44:23 2011 ****
**** Software Version: 6.00.000.13561 (Mar 20 2011 22:55:54) [nbuilds]
**** Hardware Platform: ARX‐1500
**** Report Destination:
Memory Usage:
Date %Memory
MM/DD Time Interval Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
03/22 01:00 ‐ 03:42 18 19 20
03/21 22:00 ‐ 01:00 18 18 18
**** Total processed: 2
**** Elapsed time: 00:00:00
**** Memory Usage Report: DONE at Tue Mar 22 03:44:23 2011 ****
5 - 38
show metalog usage
show metalog usage
Purpose
Mode
Security Role(s)
Syntax
Namespace software and network software each record important log information,
called metalog data, to be shared with the ARX device’s redundant peer. This metalog
data facilitates a failover from the active ARX to its backup ARX. The ARX-1500
and ARX-2500 each store this data on internal disk partitions, one partition per
volume group plus one partition per fastpath processor. The show metalog usage
command shows usage statistics for these metalog-storage partitions.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show metalog usage [report]
report (optional) causes the CLI to create a report instead of showing output on the
command line. The CLI shows the report name after you type the command. The
report is named “metalog_usage_yyyymmddHHMMSS.rpt,” where
yyyymmddHHMMSS is the date and time when the report was created. Use show
reports to list all reports and view the report’s contents.
Valid Platforms
Guidelines
ARX-1500 and ARX-2500
The output contains one table per metalog partition. At the top of each table is the
following label:
Metalog Usage for Disk Partition id used by {Volume‐Group n | Fastpath slot.proc}
Where
CLI Reference
–
Disk Partition id shows the ID of the internal-disk partition to store this
metalog data.
–
Volume-Group n is the volume group that stores its metalog information on
partition id. The show volume-group command lists all volume groups on
the chassis.
–
Fastpath slot.proc indicates that the fastpath (or network) processor at
slot.proc is using this internal partition to store its metalog data. The show
processors command lists all processors on the chassis and shows which of
them run the Fastpath (network) processes.
5 - 39
Chapter 5
Chassis Management
Guidelines (Cont.)
Each table shows 1-hour samples of memory usage, where the oldest sample is at the
top. Every row of the table shows the metalog-partition usage for a single one-hour
sample:
Date is the month and day of the sample.
Time Interval is the start time and end time for the sample.
I/O Count is the number of metalog packets sent to the local partition. If this
ARX is in a redundant pair, this is the sum of the packets sent to the local partition
and the duplicate packets sent to the partition on the backup peer. You can use the
show redundancy command to check the redundancy status of this chassis.
Retransmit Count only increments on the active peer in a redundant pair. This is
the number of metalog transmissions to the backup peer that required a retry.
Latency (usecs) is the minimum, maximum, and average latency in
micro-seconds between the ARX and its local metalog partition. These numbers
are updated once per hour. On the active peer in a redundant pair, this is the
longer of two events that occur in parallel: writing the data to the local partition
and writing the same data to the backup peer’s partition.
The ARX keeps these statistics from the most-recent time it has booted. You can use
the clear metalog usage command to clear these statistics immediately.
The show redundancy metalog command shows similar statistics, but it applies to
all platforms (except the ARX-VE). To find similar statistics on the ARX-VE
platform, use the probe metalog latency command.
On all platforms, the namespace software keeps metalog read/write statistics. You can
use the show statistics metalog command to see these metalog-usage statistics from
a namespace-software perspective.
Samples
stoweA# show metalog usage
shows the metalog-usage statistics for all processors on an ARX-2500. See
Figure 5.9 on page 5-41 for sample output.
canbyA# show metalog usage report
Scheduling report: metalog_usage_201104110152.rpt
canbyA#
sends the metalog-usage statistics for an ARX-1500 to a report. See Figure 5.10
on page 5-41 for a sample report.
Related Commands
5 - 40
clear metalog usage
show processors
probe metalog latency
show statistics metalog
show redundancy metalog
show metalog usage
Figure 5.9 Sample Output: show metalog usage
stoweA# show metalog usage
Metalog Usage for Disk Partition 24 used by Fastpath 1.3
Date Time Interval I/O Count Retransmit Latency (usecs)
Count Min Max Avg
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐
03/04 00:15‐01:15 3 0 32 46 38
03/04 01:15‐02:15 0 0 0 0 0
03/04 02:15‐03:15 0 0 0 0 0
03/04 03:15‐03:57 0 0 0 0 0
Metalog Usage for Disk Partition 25 used by Fastpath 1.4
Date Time Interval I/O Count Retransmit Latency (usecs)
Count Min Max Avg
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐
03/04 00:15‐01:15 3 0 31 42 35
03/04 01:15‐02:15 0 0 0 0 0
03/04 02:15‐03:15 0 0 0 0 0
03/04 03:15‐03:57 0 0 0 0 0
Metalog Usage for Disk Partition 26 used by Fastpath 1.5
Date Time Interval I/O Count Retransmit Latency (usecs)
Count Min Max Avg
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐
03/04 00:15‐01:15 3 0 34 57 42
03/04 01:15‐02:15 0 0 0 0 0
03/04 02:15‐03:15 0 0 0 0 0
03/04 03:15‐03:57 0 0 0 0 0
Metalog Usage for Disk Partition 27 used by Fastpath 1.6
Date Time Interval I/O Count Retransmit Latency (usecs)
Count Min Max Avg
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐
03/04 00:15‐01:15 3 0 32 46 36
03/04 01:15‐02:15 0 0 0 0 0
03/04 02:15‐03:15 0 0 0 0 0
03/04 03:15‐03:57 0 0 0 0 0
Figure 5.10 Sample Report: metalog_usage...
canbyA# show reports metalog_usage_201104110152.rpt
**** Metalog Usage Report: Started at Mon Apr 11 01:52:27 2011 ****
**** Software Version: 6.00.000.13571 (Apr 6 2011 20:15:54) [nbuilds]
**** Hardware Platform: ARX‐1500
**** Report Destination:
Metalog Usage for Disk Partition 0 used by Volume‐Group 1
Date Time Interval I/O Count Retransmit Latency (usecs)
Count Min Max Avg
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐
03/11 00:21‐01:21 0 0 0 0 0
03/11 01:21‐01:51 59759 0 28 96547 1
Metalog Usage for Disk Partition 24 used by Fastpath 1.3
Date Time Interval I/O Count Retransmit Latency (usecs)
CLI Reference
5 - 41
Chapter 5
Chassis Management
Count Min Max Avg
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐
03/11 00:21‐01:21 3 0 33 50 39
03/11 01:21‐01:51 12 0 36 43 0
Metalog Usage for Disk Partition 25 used by Fastpath 1.4
Date Time Interval I/O Count Retransmit Latency (usecs)
Count Min Max Avg
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐
03/11 00:21‐01:21 3 0 31 51 38
03/11 01:21‐01:51 0 0 0 0 0
**** Total processed: 0
**** Elapsed time: 00:00:00
**** Metalog Usage Report: DONE at Mon Apr 11 01:52:27 2011 ****
5 - 42
show processors
show processors
Purpose
Mode
Security Role(s)
Syntax
Guidelines: Output on
the ARX-1500,
ARX-2500, and
ARX-VE
Use the show processors command to list the processors (CPUs) installed on the
ARX.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show processors
The ARX-1500 and ARX-2500 use a multi-core processor, where each core is
primarily dedicated to either network (fastpath) processing, storage (volume-group)
processing, or CLI/GUI (system-management) processing. The output for this
command shows two tables to describe the current state of these processor cores.
The first table shows the role and CPU usage of each core, where each core appears on
a separate row. The ARX-1500 uses fewer cores than the ARX-2500, and the
ARX-VE has one:
Proc is in processor.core format. The processor is always 1, and the core number
identifies the particular core.
Role is either “Fastpath” (network processing), “Volume-Group” (storage-related
processing), or “System” (CLI, GUI, and other management processing). This
indicates the type of process that primarily runs on this core.
CPU1M is the average CPU usage over the last 60 seconds. This number is a
percentage.
CPU5M is the average CPU usage over the last 5 minutes. As above, this is a
percentage.
The second table shows a summary for the entire processor. This table only appears on
the ARX-1500 and ARX-2500:
Up Time is time since the last reboot. You can use the reload command to
manually reboot. For the ARX-VE, you can also reboot from your VM-client
console.
Memory (MB) is a heading for the following processor-memory measures, in
MegaBytes:
–
Total is the processor’s total memory.
–
Free is the processor’s available memory.
Swap (MB) is a heading for similar swap-space measures, also in MegaBytes.
This is space on the internal hard disk that is used as a memory region when free
memory is low:
Guidelines: Output on
Other Platforms
–
Total is the processor’s total swap space.
–
Free is the processor’s available swap space.
For the other platforms (not the ARX-1500, ARX-2500, or ARX-VE), the output is a
table with one row per processor. Each row contains the following fields:
Proc shows the slot location of the processor in slot.processor format. Processor
1.1 is the management processor for all platforms.
Module is the processor’s module type (ACM only on the ARX-500 or
ARX-2000; ACM or NSM on the ARX-4000).
CLI Reference
5 - 43
Chapter 5
Chassis Management
State is the current processor state:
–
Up
–
Reset - should appear very briefly, just before Boot.
–
Boot - the processor is running its diagnostic tests, invoked during boot.
–
Init - the processor passed its diagnostic tests and is being provisioned.
–
Waiting - the processor is waiting for configuration parameters before it can
begin processing. If all NSM and/or ACM processors are in the “Waiting”
state, they require proper configuration for the interfaces. Minimally, each
interface must be started with no shutdown (cfg-if-gig), and each NSM
processor requires a proxy-IP address (see ip proxy-address).
–
Downloading - if (during “Init”) the processor discovers that it needs new
software, it enters this state to fetch and install the software.
–
Unknown - the CLI cannot ascertain the processor’s state.
–
Standby - appears for an NSM processor that failed over to a peer processor
and then came back online. The peer processor is now handling this
processor’s traffic, and this processor is in a hot-standby state. If the peer
processor fails, this processor takes control. The nsm recovery command
configures the NSM processors to go into this state if they experience a
failure. NSM processors also go into this state after a full-chassis failover
(you prepare an ARX for failovers with the redundancy command).
–
Failed
–
FW Upgrade - indicates that the module is upgrading its firmware. You can
start a firmware upgrade after installing a software release with new
firmware; see the documentation for the firmware upgrade command.
–
FW Upgrade Failed - means that the module failed an attempted firmware
upgrade. Call F5 Support if you see this state.
Up Time is time since the last reboot. Use the reload command to reboot.
Memory (MB) is a heading for the following processor-memory measures, in
MegaBytes:
–
Total is the processor’s total memory.
–
Free is the processor’s available memory.
CPU1M is the current CPU usage in a 1-minute period.
CPU5M is the current CPU usage in a 5-minute period.
Guidelines: Related
Commands
5 - 44
Use the show system tasks command to view the tasks that are currently running on
one or more processors. For statistics on CPU and memory usage over time, use the
show processors usage command.
show processors
Samples
stoweA> show processors
shows the processors on an ARX-2500. See Figure 5.11 on page 5-45 for
sample output.
stkbrgA# show processors
shows the processors on an ARX-VE. See Figure 5.12 on page 5-45 for sample
output.
bstnA# show processors
shows the processors on an ARX-4000. See Figure 5.13 on page 5-46 for
sample output.
prtlndA# show processors
shows the processors on an ARX-2000. See Figure 5.14 on page 5-46.
Related Commands
show chassis
show system tasks
show processors usage
nsm recovery
resource-profile
Figure 5.11 Sample Output: show processors (ARX-2500)
stoweA> show processors
Proc Role CPU 1m CPU 5m
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐
1.1 System 3 1
1.2 System 3 1
1.3 FastPath 2 1
1.4 FastPath 2 1
1.5 FastPath 2 2
1.6 Volume‐Group 2 3
1.7 Volume‐Group 2 2
1.8 Volume‐Group 3 1
Summary:
Memory (MB) Swap (MB)
Up Time Total Free Total Free
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐
0 days, 00:20:44 16041 13540 32773 32773
Figure 5.12 Sample Output: show processors (ARX-VE)
stkbrgA# show processors
Proc Role CPU 1m CPU 5m
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐
1.1 Volume‐Group 25 19
CLI Reference
5 - 45
Chapter 5
Chassis Management
Figure 5.13 Sample Output: show processors (ARX-4000)
bstnA# show processors
Memory (MB)
Proc Module State Up Time Total Free CPU 1m CPU 5m
‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐
1.1 ACM Up 0 days, 01:21:34 16030 15121 4 3
2.1 NSM Up 0 days, 01:17:35 2650 2093 0 0
2.2 NSM Up 0 days, 01:17:35 2650 2093 0 0
2.3 NSM Up 0 days, 01:17:35 2650 2093 0 0
2.4 NSM Up 0 days, 01:17:35 2650 2093 1 1
2.5 NSM Up 0 days, 01:17:30 2650 2093 0 0
2.6 NSM Up 0 days, 01:17:30 2650 2093 0 0
2.7 NSM Up 0 days, 01:17:30 2650 2093 0 0
2.8 NSM Up 0 days, 01:17:30 2650 2093 1 1
2.9 NSM Up 0 days, 01:17:30 2650 2091 0 0
2.10 NSM Up 0 days, 01:17:30 2650 2091 0 0
2.11 NSM Up 0 days, 01:17:30 2650 2091 0 0
2.12 NSM Up 0 days, 01:17:30 2650 2091 1 1
Figure 5.14 Sample Output: show processors (ARX-2000)
prtlndA# show processors
Memory (MB)
Proc Module State Up Time Total Free CPU 1m CPU 5m
‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐
1.1 ACM Up 0 days, 02:29:46 11940 11211 2 3
1.2 ACM Up 0 days, 02:20:40 2650 2093 0 0
1.3 ACM Up 0 days, 02:20:40 2650 2093 1 3
1.4 ACM Up 0 days, 02:20:40 2650 2093 0 0
1.5 ACM Up 0 days, 02:20:40 2650 2093 0 0
5 - 46
show processors usage
show processors usage
Purpose
Mode
Security Role(s)
Syntax
The show processors usage command shows usage statistics for the processors
(CPUs) installed on the ARX.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show processors usage
show processors usage {slot.processor | all} [report]
slot.processor (optional) specifies one processor.
slot is the slot number.
processor is the processor number. Use the show processors command to show
all processors and their associated slot.processor IDs.
all (optional) specifies all processors.
report (optional) is only an option if you select one processor or use the all keyword.
This causes the CLI to create a report instead of showing output on the command line.
The CLI shows the report name after you type the command. The report is named
“processor_usage_yyyymmddHHMMSS.rpt,” where yyyymmddHHMMSS is the date
and time when the report was created. Use show reports to list all reports and view
the report’s contents.
Guidelines
The output contains a table for each chosen processor. Each table shows 3-hour
samples of CPU usage, with the most-recent sample at the top. The tables are labeled
as follows:
Processor Usage for slot.proc appears for each processor on most platforms,
and
Processor Usage for slot.proc role appears instead on the ARX-1500 and
ARX-2500. The role describes the types of processes that used the CPU cycles in
the table:
CLI Reference
–
FastPath is for network-related processes, similar to those that run on the
NSM in other platforms. These are also called data plane processes.
–
Volume-Group is for storage-related processes, such as managed-volume
processes and the policy engine.
–
System is for the CLI and GUI (or manager) processes, and other processes
related to system administration.
5 - 47
Chapter 5
Chassis Management
Guidelines (Cont.)
Every row of the table shows the CPU usage for one 3-hour sample:
Date is the month and day of the 3-hour sample.
Time Interval is the start time and end time for the 3-hour sample.
%CPU shows the low, average (Avg), and high percentages of CPU cycles used
during the sample period.
%Memory shows the same measures for memory. This does not appear in the
output for the ARX-1500 or ARX-2500; you can use show memory usage to
get these measures on either of those platforms.
%Swap shows the percentages for swap-space usage. An ACM only uses swap
space when a large portion of standard memory is used up. On the ARX-1500 and
ARX-2500, this command omits the %Swap table.
Use the show processors command to show the current state of all processors on the
switch. The show system tasks command shows the currently-running tasks on one
or more processors.
Samples
bstnA# show processors usage
shows the processor-usage statistics for all processors on an ARX-4000. See
Figure 5.15 on page 5-48 for sample output.
canbyA# show processors usage
shows the processor-usage statistics for all processors on an ARX-1500. See
Figure 5.16 on page 5-50 for sample output.
bstnA# show processors usage 1.1 report
Scheduling report: processor_usage_201104010144.rpt
sends the processor-usage statistics to a report. See Figure 5.17 on page 5-51
for a sample report.
Related Commands
show processors
show system tasks
show memory usage
Figure 5.15 Sample Output: show processors usage
bstnA# show processors usage
Processor Usage for 1.1
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 1 2 3 2 4 5 0 0 0
Processor Usage for 2.1
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 0 0 21 21 22 0 0 0
Processor Usage for 2.2
Date %CPU %Memory %Swap
5 - 48
show processors usage
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 0 0 21 21 22 0 0 0
Processor Usage for 2.3
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 0 4 21 21 22 0 0 0
Processor Usage for 2.4
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 1 1 21 21 22 0 0 0
Processor Usage for 2.5
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 0 0 21 21 21 0 0 0
Processor Usage for 2.6
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 0 0 21 21 21 0 0 0
Processor Usage for 2.7
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 0 0 21 21 21 0 0 0
Processor Usage for 2.8
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 1 1 21 21 21 0 0 0
Processor Usage for 2.9
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 0 0 21 21 22 0 0 0
Processor Usage for 2.10
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 0 0 21 21 22 0 0 0
Processor Usage for 2.11
CLI Reference
5 - 49
Chapter 5
Chassis Management
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 0 0 21 21 22 0 0 0
Processor Usage for 2.12
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02/23 23:00 ‐ 01:56 0 1 1 21 21 22 0 0 0
Figure 5.16 Sample Output: show processors usage (ARX-1500)
canbyA# show processors usage
Processor Usage for 1.1 System
Date %CPU
MM/DD Time Interval Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
04/01 02:00 ‐ 04:09 0 0 1
03/31 23:00 ‐ 02:00 0 0 2
Processor Usage for 1.2 System
Date %CPU
MM/DD Time Interval Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
04/01 02:00 ‐ 04:09 0 2 3
03/31 23:00 ‐ 02:00 0 4 3
Processor Usage for 1.3 FastPath
Date %CPU
MM/DD Time Interval Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
04/01 02:00 ‐ 04:09 2 2 2
03/31 23:00 ‐ 02:00 1 2 2
Processor Usage for 1.4 FastPath
Date %CPU
MM/DD Time Interval Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
04/01 02:00 ‐ 04:09 2 2 2
03/31 23:00 ‐ 02:00 1 2 2
Processor Usage for 1.5 Volume‐Group
Date %CPU
MM/DD Time Interval Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
04/01 02:00 ‐ 04:09 0 0 2
03/31 23:00 ‐ 02:00 0 0 2
Processor Usage for 1.6 Volume‐Group
5 - 50
show processors usage
Date %CPU
MM/DD Time Interval Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
04/01 02:00 ‐ 04:09 0 0 1
03/31 23:00 ‐ 02:00 0 1 1
Figure 5.17 Sample Report: processor_usage_...
bstnA# show reports processor_usage_201104010144.rpt
**** Processor Usage Report: Started at Fri Apr 1 01:44:24 2011 ****
**** Software Version: 6.00.000.13568 (Mar 30 2011 20:17:43) [nbuilds]
**** Hardware Platform: ARX‐4000
**** Report Destination:
Processor Usage for 1.1
Date %CPU %Memory %Swap
MM/DD Time Interval Low Avg High Low Avg High Low Avg High
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐
03/31 23:00 ‐ 01:39 1 2 4 2 4 6 0 0 0
**** Total processed: 1
**** Elapsed time: 00:00:00
**** Processor Usage Report: DONE at Fri Apr 1 01:44:24 2011 ****
CLI Reference
5 - 51
Chapter 5
Chassis Management
show uptime
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Sample
Related Commands
5 - 52
Use the show uptime command to see how long the system has been “up” since the
last reboot.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show uptime
This command displays the length of time since the last reboot in weeks, days, hours,
and minutes, as shown in the sample below.
bstnA> show uptime
bstnA uptime is 0 weeks, 0 days, 0 hours, 27 minutes. show processors
show version
show version
show version
Purpose
Mode
Security Role(s)
Syntax
Guidelines: Release
Table
Use the show version command to display the installed-software versions and a
summary of the chassis’ configuration and state.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show version
Running Release is the software version that is currently running. This appears in
the following format:
release‐file : Version version‐num (build‐date) username
where release-file is in the local “releases” directory, which you can see with the
show releases command.
Armed Release is the software to be loaded on the next reboot, if any. This appears
in the same format as the Running Release. Use boot system to arm the switch with a
new release file. Use reload to reboot and put the new release file into service.
Backup Release is the software release that was running prior to the current release,
if any. F5 personnel can roll the switch back to this release if needed.
Guidelines: System
Configuration Table
System Configuration is a table of module information for the hardware platforms,
one row per module.
Slot is only 1 for all chassis except the ARX-4000, which has a second slot
devoted to data-plane processes.
Admin is “enabled.”
ModuleType is ACM (which runs management processes, control-plane
processes, and possibly data-plane processes) or NSM (which exclusively runs
data-plane processes).
ModuleState values appear in Guidelines: Module States, below.
FW Upgrade is “enabled” or “disabled.” If enabled, a chassis-software upgrade
automatically upgrades the module’s firmware. To enable this feature, contact F5
personnel. To install firmware manually, after a software upgrade, use the
firmware upgrade command.
For the ARX-VE, ARX-1500, and ARX-2500, the System Configuration table
contains a single row showing how long it has been since the last reboot.
Guidelines: Resource
Table
The Resource table only appears for the ARX-500, ARX-2000, or ARX-4000
platforms. This table shows the high-level state of the switch, and whether it supports
packet forwarding (like a MAC bridge) or not (like an end station).
State is “Up” or an error message. If there is an error, use show chassis for
details.
Forwarding is “Enabled” (meaning the ARX can forward packets from one
client/server port to another, performing the functions of a MAC bridge) or
“Disabled.” You can set this with the switch-forwarding enable command.
CLI Reference
5 - 53
Chapter 5
Chassis Management
Guidelines: Module
States
Related Commands
The ModuleState field can contain any of the following values:
•
Online
•
Empty
•
Removed - the slot previously had a module, but it has been removed.
•
Discovery - the chassis is finding all module states, very early in the boot
process.
•
Boot - the module is running its diagnostic tests, invoked during boot.
•
Init - the module passed its diagnostic tests and is provisioning its internal
processors.
•
Downloading - if (during “Init”) the module discovers that it needs new software,
it enters this state to fetch and install the software.
•
Online Partial - at least one processor is up, but not all of them are online yet. If a
processor does not come up after 5 minutes, this changes to “Failed Partial” state.
•
Failed Partial - at least one processor is up, but at least one processor failed.
•
Failed
•
Offline - applies to the network processors. This indicates that the ACM has not
provided the network processors with important configuration parameters, so the
processors cannot come online. Any of the following issues can result in this state
on an ARX-500, ARX-2000, or ARX-4000:
–
The NVRAM battery failed on the ACM. Use show chassis nvr to confirm
this; if the issue persists, contact F5 Support.
–
The NVRAM is not up yet. As above, you should contact F5 Support if the
NVRAM issue persists.
•
Poweroff - the slot has no power.
•
FW Upgrade - the module is installing new firmware from the installed software
release. The firmware upgrade command starts a firmware installation.
•
FW Upgrade Failed - a firmware upgrade failed on this module.
boot system
show releases
reload
Figure 5.18 Sample Output: show version (ARX-4000)
bstnA> show version
Copyright (c) 2002‐2011 by F5 Networks, Inc. All rights reserved.
Running Release
test1.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Armed Release
test1.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Backup Release
test3.rel : Version 6.00.000.13541 (Feb 8 2011 14:29:34) [nbuilds]
System Configuration: Version 600000.29
bstnA uptime is 0 weeks, 0 days, 1 hours, 3 minutes.
5 - 54
show version
Slot Admin ModuleType ModuleState FW Upgrade
‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
1 Enabled ACM Online Disabled
2 Enabled NSM Online Disabled
Resource State Forwarding
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
Switch Up Disabled
Figure 5.19 Sample Output: show version (ARX-2500)
stoweA> show version
Copyright (c) 2002‐2011 by F5 Networks, Inc. All rights reserved.
Running Release
test3.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Armed Release
test3.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Backup Release
test2.rel : Version 6.00.000.13542 (Feb 10 2011 20:57:05) [nbuilds]
System Configuration: Version 600000.29
stoweA uptime is 0 weeks, 0 days, 4 hours, 39 minutes.
Figure 5.20 Sample Output: show version (ARX-1500)
canbyA> show version
Copyright (c) 2002‐2011 by F5 Networks, Inc. All rights reserved.
Running Release
test1.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Armed Release
test1.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Backup Release
test3.rel : Version 6.00.000.13542 (Feb 10 2011 20:09:40) [nbuilds]
System Configuration: Version 600000.29
canbyA uptime is 0 weeks, 0 days, 4 hours, 53 minutes.
Figure 5.21 Sample Output: show version (ARX-2000)
prtlndA> show version
Copyright (c) 2002‐2011 by F5 Networks, Inc. All rights reserved.
Running Release
test3.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Armed Release
test3.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Backup Release
test1.rel : Version 5.02.000.12642 (Feb 11 2011 16:00:53) [nbuilds]
System Configuration: Version 600000.29
prtlndA uptime is 0 weeks, 0 days, 0 hours, 19 minutes.
Slot Admin ModuleType ModuleState FW Upgrade
‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
CLI Reference
5 - 55
Chapter 5
Chassis Management
1 Enabled ACM Online Disabled
Resource State Forwarding
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
Switch Up Disabled
Figure 5.22 Sample Output: show version (ARX-500)
provA> show version
Copyright (c) 2002‐2011 by F5 Networks, Inc. All rights reserved.
Running Release
test1.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Armed Release
test1.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Backup Release
test2.rel : Version 6.00.000.13541 (Feb 8 2011 09:00:16) [nbuilds]
System Configuration: Version 600000.29
provA uptime is 0 weeks, 0 days, 3 hours, 16 minutes.
Slot Admin ModuleType ModuleState FW Upgrade
‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
1 Enabled ACM Online Disabled
Resource State Forwarding
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
Switch Up Disabled
Figure 5.23 Sample Output: show version (ARX-VE)
stkbrgA# show version
Copyright (c) 2002‐2011 by F5 Networks, Inc. All rights reserved.
Running Release
test3.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Armed Release
test3.rel : Version 6.00.000.13543 (Feb 11 2011 20:13:05) [nbuilds]
Backup Release
test1.rel : Version 6.00.000.13541 (Feb 8 2011 11:11:19) [nbuilds]
System Configuration: Version 600000.29
stkbrgA uptime is 0 weeks, 0 days, 0 hours, 6 minutes.
5 - 56
shutdown
shutdown
Purpose
Mode
Security Role(s)
Syntax
Use the shutdown command to halt the ARX, perhaps from a remote location. This
gracefully stops all power on the system.
priv-exec
crypto-officer, storage-engineer, network-engineer, or network-technician
shutdown
Default(s)
None.
Platforms
ARX-500, ARX-2000, ARX-4000, or ARX-VE
Guidelines
This command prepares the ARX for a planned power outage. After you run this
command on one of the hardware platforms, you have up to 72 hours before the
battery drains for the Non-Volatile RAM (NVRAM). The NVRAM is memory on the
ACM that stores all database transactions for the namespace processes; if the
processes fail, they can recover by replaying these transactions. This is called metalog
data. A managed volume requires its metalog data when it starts up.
You must manually power on the chassis to restore it to service. If you restore power
after the NVRAM battery drains, all of the managed volumes on the ARX must
re-import.
The CLI warns you that you must manually restore power to the chassis; enter yes to
proceed with the power-off sequence. You can restore power on site by flipping the
power switch or pushing the power button. Refer to the Hardware Installation Guide
for your chassis to find the location of the power button or switch. The ARX-VE is a
software-only platform that runs as a Virtual Appliance (VA, similar to a VM); use
your VM client to restart the ARX-VE.
The ARX-VE has no NVRAM hardware, and stores its metalog data in one of the
hypervisor’s disk partitions. A re-import of managed volumes is therefore unnecessary
for the ARX-VE, no matter how long it is shut down. (The same is true of the
ARX-1500 and ARX-2500, which store their metalog data on their internal disk
drives.)
You can use the reload command to reboot the ARX. To clear the NVRAM (in case
of an unrecoverable corruption), use clear nvr.
Sample
provB# shutdown
This command turns off the chassis and powers it down.
You will need to manually restore power to return the chassis to service.
Are you sure? [yes/no] yes
shuts down an ARX named “provB.”
Related Commands
CLI Reference
reload
clear nvr
5 - 57
Chapter 5
Chassis Management
5 - 58
6
RAID Management
This chapter contains an alphabetical list of commands for managing the
redundant array of independent disks (RAID) in the ARX chassis.
raid offline
raid offline
Purpose
Mode
Security Role(s)
Syntax
Valid Platforms
Guidelines
Use the raid offline command to set a disk drive offline in the switch chassis.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
raid offline { disk1 | disk2 }
ARX-2000 and ARX-4000
After issuing the command, enter the show chassis diskuse command to verify
changes and to view disk status.
Note
The following sample output shows the disk and raid details from the
show chassis diskuse command. See Figure 5.1 on page 5-26 and
Figure 5.6 on page 5-33 for complete show chassis output samples.
Sample
bstnA# raid offline disk1
Set disk drive in Bay 1 offline ? [yes/no] yes
bstnA# show chassis diskuse
Logical Disk Details:
Disk Status Verification Mode Verification Rate
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Optimal Manual 50 %
Disk Details:
Disk Size State Transfer Rate Model
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Bay 1 136.73G Online 3.0Gb/sec ST3146855SS
Bay 2 136.73G Offline 3.0Gb/sec ST3146855SS
RAID Controller Details:
Rebuild Rate Max Transfer Rate Firmware RAID Alarm
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
85 % 3.0Gb/sec 7.0.1‐0061 Enabled
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 2331 1408 804 64%
Releases 5285 2687 2328 54%
Logs 54951 87 52071 1%
Cores; DiagInfo; Lists 21133 219 19840 2%
Scripts 3172 59 2951 2%
Reports 8458 35 7992 1%
Related Commands
CLI Reference
raid rebuild
show chassis 6-3
Chapter 6
RAID Management
raid rebuild
Purpose
Mode
Security Role(s)
Syntax
Use this command to rebuild a RAID configuration on a disk in the switch chassis.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
raid rebuild { disk1 | disk2 }
disk1 is the drive in Bay 1
disk2 is the drive in Bay 2
Valid Platforms
Guidelines
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
This command is required after installing a disk, so that it can rejoin the RAID.
This process slows down various internal processes, so we recommend running it on
the backup peer in a redundant pair (see redundancy for information on redundant
pairs).
The ARX-1500 and ARX-2500 write their metalog data to the RAID, and
managed-volume performance is affected if these writes are slowed. Those platforms
write all of their metalog data both to the active peer and the backup peer at the same
time, so a raid rebuild on the backup peer still affects managed-volume processing on
the active peer. For the ARX-1500 and ARX-2500, we recommend performing the
rebuild during off hours only. You can use the show metalog usage command to
view usage statistics for the metalog driver.
After issuing the command, enter the show chassis diskuse command to verify the
change and to view the rebuild progress.
Sample
bstnA# raid rebuild disk1
bstnA# show chassis diskuse
Logical Disk Details:
Disk Status Verification Mode Verification Rate
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Optimal Manual 50 %
Disk Details:
Disk Size State Transfer Rate Model
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Bay 1 136.73G Rebuild 22% 3.0Gb/sec ST3146855SS
Bay 2 136.73G Online 3.0Gb/sec ST3146855SS
RAID Controller Details:
Rebuild Rate Max Transfer Rate Firmware RAID Alarm
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
85 % 3.0Gb/sec 7.0.1‐0061 Enabled
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 2331 1408 804 64%
...
6-4
raid rebuild
Related Commands
CLI Reference
raid offline
raid rebuild-rate
show chassis
6-5
Chapter 6
RAID Management
raid rebuild-rate
Purpose
Mode
Security Role(s)
Syntax
This command specifies how much of the system’s RAID-controller resources to use
in rebuilding the RAID.
cfg
network-engineer or crypto-officer
raid rebuild‐rate rate
rate (1-99) is the percentage of the system’s RAID controller, an internal CPU used
for managing access to the internal disks. A higher number ensures a faster rebuild, but
slower disk access during the rebuild.
Default(s)
Valid Platforms
Guidelines
Sample
90
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
The CLI and the GUI access the internal disks for many operations, as do several
processes that create reports. Whenever a raid rebuild occurs, this command
determines the division of RAID-controller cycles between these disk-access
operations and the RAID-rebuild operation. After issuing the command, enter the
show chassis diskuse command to verify changes and to view the rebuild rate.
bstnA(cfg)# raid rebuild‐rate 85
sets the RAID-rebuild rate to 85% of the RAID-controller’s time. This leaves 15%
of the controller’s cycles to manage disk I/O operations, such as recording the
running configuration or writing reports.
Related Commands
6-6
raid rebuild
show chassis diskuse
raid silence
raid silence
Purpose
Mode
Security Role(s)
Syntax
Valid Platforms
Guidelines
Use this command to silence the audible RAID alarm. Use the no form to re-activate
the alarm.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
raid silence
no raid silence
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
The RAID subsystem sounds an alarm on disk failure. Use show chassis to find the
disk drive that failed. Replace the failed disk as instructed in the ARX®–4000
Hardware Installation Guide, the ARX®–2000 Hardware Installation Guide, or
the instructions that come with the replacement disk.
Use this command to silence the alarm while you replace the drive. Once done,
re-enable the alarm with no raid silence.
Samples
bstnA# raid silence
silences the alarm.
bstnA# no raid silence
reactivates a silenced alarm.
Related Commands
CLI Reference
show chassis
6-7
Chapter 6
RAID Management
raid verification-mode
Purpose
Mode
Security Role(s)
Syntax
Use the raid verification-mode command to determine whether or not the RAID
verification test runs automatically.
cfg
network-engineer or crypto-officer
raid verification‐mode manual
raid verification‐mode automatic [at start every {num days | day‐of‐week}]
at start every {num days | day-of-week}] (optional) is only available on the
ARX-1500 and ARX-2500.
start is the scheduled start time for verifications to run each day. The time is in the
following format:
HH:MM[:00]
where the only possible value for seconds is “00.”
every num days (optional) chooses some number of days between automatic
verifications. We recommend a num of 1, so that the verifications run daily.
every day-of-week (optional) chooses a single day of the week to run automatic
verifications. The options are “sunday,” “monday,” “tuesday,” and so on. This
makes the automatic verifications run weekly instead of daily; it is not generally
recommended.
Default(s)
Valid Platforms
Guidelines
automatic
at 23:00 every 1 days
on ARX-1500 and ARX-2500 only. On all other platforms, automatic
verification is continuous.
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
The verification test checks the integrity of every block on each disk. Whenever a bad
block is found, the test attempts to replace it with its counterpart on the other disk. The
verification fails if any block is corrupted on both disks. It also checks the disk
controller for errors.
If the verification mode is manual, you can use the raid verification-rate command to
determine the CPU cycles used by the verification process. If the verification mode is
automatic, the verification rate is set by a system default: on the ARX-1500 and
ARX-2500, it runs once at 11PM (see below); on all other chassis types, it runs
continuously, every 5 minutes.
Whether or not the verification mode is manual, you can use the raid verify command
to run the verification manually.
After issuing the command, you can use the show chassis diskuse command to
verify the change.
6-8
raid verification-mode
Guidelines: Use
Manual Verification
for the ARX-1500 and
ARX-2500
The ARX-1500 and ARX-2500 write their metalog data to the RAID, and
managed-volume performance is affected if these writes are slowed. Constant,
automatic RAID verification may have an adverse affect on storage processing for
those platforms. For the ARX-1500 and ARX-2500, we recommend using the at
option with raid verification-mode automatic, and choose a schedule that runs
verifications during slow business hours. If you choose automatic on these platforms,
the verification runs daily at 11PM by default.
You can use the show metalog usage command to monitor the internal metalog
driver’s usage of the RAID.
Samples
bstnA# raid verification‐mode manual
bstnA# show chassis diskuse
Logical Disk Details:
Disk Status Verification Mode Verification Rate
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Optimal Manual 50 %
Disk Details:
Disk Size State Transfer Rate Model
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Bay 1 136.73G Online 3.0Gb/sec ST3146855SS
Bay 2 136.73G Online 3.0Gb/sec ST3146855SS
RAID Controller Details:
Rebuild Rate Max Transfer Rate Firmware RAID Alarm
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
85 % 3.0Gb/sec 7.0.1‐0061 Enabled
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 2331 1408 804 64%
Releases 5285 2687 2328 54%
Logs 54951 87 52071 1%
Cores; DiagInfo; Lists 21133 219 19840 2%
Scripts 3172 59 2951 2%
Reports 8458 35 7992 1%
sets manual verification in the “bstnA” ARX.
stoweA# raid verification‐mode automatic at 02:00:00 every 1 days
sets automatic verification in the “stoweA” ARX, an ARX-2500, and schedules
the verification for 2 AM every morning. This is a best practice for the ARX-1500
and ARX-2500, where the RAID verifications may slow the performance of
managed volumes.
Related Commands
CLI Reference
raid verify
raid verification-rate
show chassis
6-9
Chapter 6
RAID Management
raid verification-rate
Purpose
Mode
Security Role(s)
Syntax
This command specifies how much of the system’s RAID-controller resources to use
in verifying the integrity of the RAID.
cfg
network-engineer or crypto-officer
raid verification‐rate rate
rate (1-99) is the percentage of the system’s RAID-controller resources; the higher the
number, the heavier the burden on the RAID controller.
Default(s)
Valid Platforms
Guidelines
10
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
The RAID controller is a separate CPU from the CPUs used for data-plane (network)
processing or control-plane processing. This controller is used for the internal disks,
and runs when the internal disks are used. The system uses the internal disks for the
various copy commands (such as copy ftp) and move commands (such as move ...
ftp). This CPU is also required when internal processes write to their log files (see
show logs), create reports (see show reports), write packet-capture files (see
capture session), collect diagnostic information and put it into a local file, or
otherwise write to the internal disks.
You cannot change the default for automatic verification tests. These run continuously
on the system; a higher rate would degrade system performance. This command
changes the RAID-controller percentage used for manual (user-invoked) verification
tests. You can stop the test from running automatically with the raid
verification-mode manual command, and then use the raid verify command to
manually run the test.
The verification test checks the integrity of every block on each disk. Whenever it
finds a bad block, it attempts to replace the block with its twin block on the other disk.
The verification fails if any block is corrupted on both disks. The test also checks the
RAID controller for errors.
After issuing this command, enter the show chassis diskuse command to verify the
change.
6 - 10
raid verification-rate
Sample
bstnA# raid verification‐rate 50
bstnA# show chassis diskuse
Logical Disk Details:
Disk Status Verification Mode Verification Rate
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Optimal Manual 50 %
Disk Details:
Disk Size State Transfer Rate Model
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Bay 1 136.73G Online 3.0Gb/sec ST3146855SS
Bay 2 136.73G Online 3.0Gb/sec ST3146855SS
RAID Controller Details:
Rebuild Rate Max Transfer Rate Firmware RAID Alarm
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
85 % 3.0Gb/sec 7.0.1‐0061 Enabled
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 2331 1408 804 64%
Releases 5285 2687 2328 54%
Logs 54951 87 52071 1%
Cores; DiagInfo; Lists 21133 219 19840 2%
Scripts 3172 59 2951 2%
Reports 8458 35 7992 1%
Related Commands
CLI Reference
raid verify
show chassis
6 - 11
Chapter 6
RAID Management
raid verify
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
This command invokes a verification test for both disks in the RAID. Use the no form
of the command, no raid verify, to stop a RAID verification that is currently in
progress.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
raid verify
no raid verify
None.
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
You cannot use this command while another RAID-verify operation is running, and
another RAID-verify operation is frequently running when the raid verification-mode
command is at its default (automatic). The show chassis diskuse command shows
the current mode, manual or automatic. Use raid verification-mode manual to allow
manual verification at any time, and guarantee that no RAID-verify process is running
in the background. You can also use no raid verify to cancel the current RAID-verify
operation, whether it was invoked automatically or manually.
The verification test checks the integrity of every block on each disk. Whenever it
finds a bad block, it attempts to replace the block with its twin block on the other disk.
The verification fails if any block is corrupted on both disks. The test also checks the
disk controller for errors.
After issuing the command, enter the show chassis diskuse command to view the
progress of the test, and its final results. Refer to the Status of the Logical Disk (that is,
the full RAID), in the first table of the output. The test takes more than one hour. If the
verification fails, you can replace one or both disks as instructed in the ARX®–4000
Hardware Installation Guide, the ARX®–2000 Hardware Installation Guide, or
in the instructions that come with the replacement disk.
6 - 12
raid verify
Sample
bstnA# raid verify
% INFO: RAID verification has started.
bstnA# show chassis diskuse
Logical Disk Details:
Disk Status Verification Mode Verification Rate
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Verifying 17% Manual 50 %
Disk Details:
Disk Size State Transfer Rate Model
‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Bay 1 136.73G Online 3.0Gb/sec ST3146855SS
Bay 2 136.73G Online 3.0Gb/sec ST3146855SS
RAID Controller Details:
Rebuild Rate Max Transfer Rate Firmware RAID Alarm
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
85 % 3.0Gb/sec 7.0.1‐0061 Enabled
Disk Usage:
Name Total MB Used MB Free MB Used%
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
System 2331 1408 804 64%
Releases 5285 2687 2328 54%
Logs 54951 87 52071 1%
Cores; DiagInfo; Lists 21133 219 19840 2%
Scripts 3172 59 2951 2%
Reports 8458 35 7992 1%
Related Commands
CLI Reference
raid rebuild
show chassis chassinfo
6 - 13
Chapter 6
RAID Management
6 - 14
7
File Management
at
at
Purpose
Mode
Security Role(s)
Syntax
Use the at command to schedule a CLI command or script to run at a later time.
cfg
crypto-officer
at start [every interval] do action [report report‐prefix]
is the high-level syntax for this command.
start is the scheduled start time. This cannot be in the past unless you specify the
optional date (below) and use every interval to run the job regularly. It breaks down
into the following format:
[date mm/dd/yyyy] HH:MM[:00]
–
mm/dd/yyyy (optional) specifies a date (for example, 01/07/2005 for January
7, 2005).
–
HH:MM[:00] is the hours and minutes on a 24-hour clock (for example,
04:00 means 4AM). The only possible value for seconds is “00.”
every interval (optional) creates a regular interval at which the CLI jobs run. This
breaks down into one of two formats:
every count {minutes | hours | days | weeks | months}
–
count (1-4,294,967,295) is the number of minutes, hours, days, etc. between
CLI runs. For example, every 10 minutes or every 6 months.
–
minutes | ... months is a required choice.
every {sunday | monday | tuesday | ... | saturday}
creates a weekly interval that runs on the given day of the week.
do action is required. The action is either a CLI command or a directive to run a
script:
do cli-command | do run cli-script
–
cli-command (1-255 characters) is a valid CLI command. Surround this with
quotation marks if it contains any spaces. For example, do “show
cifs-service user-sessions all”.
–
cli-script (1-255 characters) identifies a script of CLI commands in the
scripts directory. Use the show scripts command for a full listing of
available scripts.
report report-prefix (optional, 1-255 characters) creates a report for the scheduled job.
The report is named as follows:
report-prefix_yyyymmddHHMM.rpt, where report-prefix is chosen here, yyyy is
the year of the scheduled run, mm is the month, dd is the day, HH is the hour, and
MM is the minute. Each run of the CLI job generates a report (if you specify an
interval with the every option), so the date makes it possible to differentiate
multiple reports for the same job.
CLI Reference
7-3
Chapter 7
File Management
Default(s)
every interval - none; the CLI command or script runs only once.
report report-prefix - none; the at command does not generate a report (though the
command itself may generate one).
Guidelines
The CLI displays the scheduled execution time after you enter this command. Use
show at to view all pending CLI jobs. You can remove a job from the schedule with
the clear at command.
To run a script immediately, you can use the run command. To download a CLI-script
file from an FTP, SCP, or TFTP site, use the copy command. You can use expect
monitor to repeat any show command until a certain string appears in its output.
Samples
bstnA(cfg)# at 01:06 every 5 minutes do "show sessions" report adminSessions
The scheduled execution time for AT job ID '1' is: 8/26/10 1:06 AM
runs the show sessions command every 5 minutes. Each run generates a report
with the prefix, “adminSessions.” See Figure 7.1 for a sample report.
bstnA(cfg)# at 10:30:00 do “expect show firewall timeout 30”
The scheduled execution time for AT job ID '2' is: 12/6/05 10:30 AM.
runs the expect show firewall command at 10:30 in the morning, once only.
bstnA(cfg)# at date 05/05/2011 03:45:00 every 1 days do "active‐directory update forest medarch.org proxy‐user acoProxy2"
The scheduled execution time for AT job ID '3' is: 5/5/11 3:45 AM.
runs the active-directory update forest command at 3:45 AM, daily.
Related Commands
show at
clear at
copy ftp, copy scp, copy {nfs|cifs}, and copy tftp
show scripts
Figure 7.1 Sample Report: adminSessions_....rpt
bstnA# show reports adminSessions_201008260431.rpt
bstnA‐ terminal character‐set unicode‐utf‐8
bstnA‐ remark notice "Cli commands from AT command scheduler"
bstnA‐ no terminal confirmation
bstnA‐ enable
bstnA‐ show sessions
Connected Sessions
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Session ID: 14465
Username: admin
Access: ssh
Connect Time: 0 days, 00:01:32
Source IP: 172.16.100.183
bstnA‐ remark notice "Cli commands complete AT command scheduler"
7-4
clear at
clear at
Purpose
Mode
Security Role(s)
Syntax
Every time someone uses the at command, one CLI job is added to the command
schedule. Use the clear at command to remove one CLI job from this schedule, or to
remove all of them.
priv-exec
crypto-officer
clear at [job‐id]
job-id (optional, 1-2,147,483,647) identifies a specific CLI job to clear. If you omit
this, the command clears all CLI jobs. Use the show at command for a list of all
scheduled CLI jobs, with their job IDs.
Default(s)
Guidelines
clear all scheduled CLI jobs if no job-id is used.
If you clear all scheduled jobs, the CLI prompts for confirmation. Enter yes to
proceed.
Use the at command to schedule a CLI command (or script) to run in the future, once
or periodically. Use show at to view all pending CLI jobs.
Samples
bstnA# clear at
Remove all 2 jobs from the command scheduler? [yes/no] yes
bstnA#
clears all scheduled CLI jobs.
bstnA# clear at 3
removes one scheduled CLI job, with job ID 3.
Related Commands
CLI Reference
at
show at
7-5
Chapter 7
File Management
copy ftp
Purpose
Mode
Security Role(s)
Use the copy ftp command to transfer a file (such as a software-release file or a log
file) to or from the ARX via FTP.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
(A backup-operator can copy reports.)
Syntax: Download to
the Switch
copy ftp://[user[:password]@]server/source‐file dir file
ftp://[user[:password]@]server/source-file (1-1024 characters) is the URL for the
source file:
user[:password]@ (optional) are the credentials for FTP access. If you omit them,
they default to the credentials set by the ip ftp-user command. If you omit the
password, the CLI prompts for one.
server is the IP address or hostname for the FTP server.
source-file is the source-file path. Lead with an extra slash (“/”) if the path is
absolute (for example, “ftp://10.1.1.5//var/rels/aco4665.rel”). Use only one slash
if the path is local to the home directory for user (for example,
“ftp://10.1.1.5/basic_ns.scr”). This conforms with the specification for FTP URLs
in RFC 1738. You cannot use wildcards (such as *).
dir is the destination directory. Choose one of the following: configs, scripts, license,
or releases.
file (1-1024 characters) is the name you choose for the copy.
Syntax: Upload
copy directory file ftp://[user:password@]server/dest‐path
[format {text|report|csv|xml}]
directory is one of the following: logs, stats-logs, cores, configs, replicated-configs,
reports, diag-info, software, scripts, capture, or license.
file (1-1024 characters) identifies the source file from the above directory. You can use
wildcards (such as *) to select multiple files.
ftp://[user:password@]server/dest-path (1-1024 characters) is the URL for the
destination directory or file (see above).
format {text|report|csv|xml} (optional) applies to the “reports” directory only. This
chooses the output format for the external copy of the report. The “xml” option
converts the report to XML format, “csv” converts the report to a
Comma-Separated-Value format (useful for spreadsheets), and the “text” and “report”
options leave the reports in plain-text format.
Default(s)
7-6
user:password from the URL - the default set by ip ftp-user.
copy ftp
Guidelines
If you enter a user name without a password, the CLI prompts for the password before
continuing. Enter the password for the user you included in the URL.
Use copy scp to upload or download over a secure connection, using SCP. The copy
tftp command uses TFTP (Trivial FTP) as a transport. To send out a file as an E-mail
attachment, use copy smtp. The copy {nfs|cifs} command transfers files between the
maintenance directories on the ARX and its client-accessible volumes.
For a download to the local disks, you can use show directories directory-name to
verify that the copy was successful.
To move a file from the local disk to an FTP server, thereby removing it from the local
disk, you can use the move ... ftp command.
To manage local files, use delete and/or rename. To view ASCII files, use show
directory file-name, tail, and/or grep.
Guidelines:
Reformatting Reports
to XML or CSV
For copies from the reports directory, you can reformat the copy to XML or CSV
(comma-separated value) format. Use a .xml or .csv extension for the
destination-file-name, and the copy assumes the chosen format. A .txt or .rpt extension
leaves the destination file in plain-text format.
Guidelines: Wildcards
You can use several wildcard characters to select multiple source-file names for an
upload:
Samples
•
* matches any string, including an empty string.
•
? matches any single character. This is also a special meta character in the CLI, so
you must quote the file-path string to use it; for example, copy logs traplog.? ftp
... would fail, but copy logs “traplog.?” ftp ... would succeed.
•
[] surrounds a class of characters (for example, [abcz]), and matches any one of
the characters inside the square brackets (a, b, c, or z).
•
[a-z] matches any single character from the range a through z (all lower-case).
bstnA# copy ftp://jpublic@arxftp.f5.com/rel6.0.rel releases rel6.0.rel
Password: jpassword
downloads a release file, rel6.0.rel, from the FTP server at arxftp.f5.com.
bstnA# copy logs syslog ftp://noc.phredco.com/syslog‐switch10
uploads the syslog to the FTP server at noc.phredco.com. This example uses the
default username and password, set by ip ftp-user.
Related Commands
CLI Reference
ip ftp-user
copy scp
copy tftp
copy smtp
copy {nfs|cifs}
move ... ftp
delete
rename
grep
tail
show directories
7-7
Chapter 7
File Management
copy {nfs|cifs}
Purpose
Mode
Security Role(s)
Use the copy {nfs|cifs} command to transfer a file (such as a software-release file or a
log file) between the ARX and one of its managed volumes.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
(A backup-operator can copy reports.)
Syntax: From Volume
to Switch
copy {nfs|cifs} namespace vol‐path source‐file directory file
nfs | cifs is a required choice. This chooses the protocol for the file transfer.
namespace (1-30 characters) identifies the namespace that holds the file.
vol (1-1024 characters) is the name of the volume that holds the source file.
source-file-path (1-1024 characters) is path to the source file, starting at the root of the
above volume. You can use wildcards (such as *, ?, or [a-z]) to select multiple files;
see the Guidelines: Wildcards below.
directory is the destination directory. Choose one of the following: configs, scripts,
license, or releases.
file (1-255 characters) is the name you choose for the copy. If you copy a file into the
releases directory, its extension must be “.rel” (for example, “lastestRelease.rel”).
Syntax: From Switch
to Volume
copy directory file {nfs|cifs} namespace vol [dest‐file‐path]
[format {text|report|csv|xml}]
directory is one of the following: logs, stats-logs, cores, configs, replicated-configs,
reports, diag-info, software, scripts, capture, or license.
file (1-1024 characters) identifies the source file from the above directory. As above,
you can use wildcards (such as *) to specify multiple files.
nfs | cifs is a required choice. This chooses the protocol for the file transfer.
namespace (1-30 characters) identifies the namespace to hold the copy.
vol (1-1024 characters) is the volume to hold the copy.
dest-file-path (optional, 1-1024 characters) is the path to the destination file, starting at
the volume root. If you omit this, the destination file appears in the volume root, and
has the same name as the source file.
format {text|report|csv|xml} (optional) applies to the “reports” directory only. This
chooses the output format for the external copy of the report. The “xml” option
converts the report to XML format, “csv” converts the report to a
Comma-Separated-Value format (useful for spreadsheets), and the “text” and “report”
options leave the reports in plain-text format.
Default(s)
7-8
None
copy {nfs|cifs}
Guidelines
This command is useful on a site that prohibits FTP access to the datacenter, or
otherwise restricts network connections between the ARX and the Internet. You can
go to a host in the client network to access the Internet, download a desired file to an
ARX volume, and then use this copy command to copy the file into an ARX directory.
For example, you could use this method to download a new release file from
https://downloads.f5.com/esd/productlines.jsp and then copy it to the “releases”
directory.
The CLI chooses a user identity based on the transfer protocol. For NFS, the CLI uses
root as its identity. For CIFS, the CLI uses the proxy-user (gbl-ns) for the chosen
namespace. These identities typically ensure that there are no permissions problems
during the copy operation.
There are several alternative options for the copy command that access the network
directly. The copy ftp command copies files over an FTP connection to or from a
remote server. Use copy scp to upload or download over a secure connection, using
SCP. The copy tftp command uses TFTP (Trivial FTP) as a transport. To send out a
file as an E-mail attachment, use copy smtp.
For a download to the local disks, you can use show directories directory-name to
verify that the copy was successful.
To move a file from the local disks to a ARX volume, thereby deleting it from the
local disk, you can use the move ... {nfs|cifs} command.
To manage local files, use delete and/or rename. To view ASCII files, use show
directory file-name, tail, and/or grep.
Guidelines: Wildcards
Samples
You can use several wildcard characters to select multiple file names:
•
* matches any string, including an empty string.
•
? matches any single character. This is also a special meta character in the CLI, so
you must quote the file-path string to use it; for example, copy logs traplog.?
cifs insur /claims would fail, but copy logs “traplog.?” cifs insur /claims
would succeed.
•
[] surrounds a class of characters (for example, [abcz]), and matches any one of
the characters inside the square brackets (a, b, c, or z).
•
[a-z] matches any single character from the range a through z (all lower-case).
bstnA# copy cifs medarcv /rcrds/maint/ 11658.rel releases latest.rel
copies a release file, 11658.rel, from a directory in the “medarcv~/rcrds” volume.
After the copy is complete, this command sequence could go on to load this
release (with boot system and reload).
bstnA# copy logs syslog* nfs wwmed /acct/.admin/
copies all syslog files from the local “logs” directory to a hidden directory in
“wwmed~/acct,” an NFS volume.
CLI Reference
7-9
Chapter 7
File Management
Related Commands
7 - 10
ip ftp-user
copy scp
copy tftp
copy smtp
move ... {nfs|cifs}
delete
rename
grep
tail
show directories
copy ron
copy ron
Purpose
Mode
Security Role(s)
Syntax: Download to
the Current Switch
Use the copy ron command to securely copy a configuration or script file to another
ARX on the current Resilient-Overlay Network (RON).
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
copy ron source‐arx source‐directory source‐file directory file
source-arx (1-30 characters) is the hostname of the remote ARX. Use the show ron
command for a list of all ARX systems on the current RON.
source-directory is the source directory on the remote ARX. Choose configs or
scripts.
source-file (1-1024 characters) is the name of the remote file.
directory is the destination directory on the local ARX. You can choose configs or
scripts.
file (1-1024 characters) is the name you choose for the local copy.
Syntax: Upload to a
Remote Switch
copy directory file ron dest‐arx dest‐directory [dest‐file]
directory is configs or scripts.
file (1-1024 characters) identifies the source file from the above directory. You can
use wildcards (such as *, ?, or [a-z]) to select multiple files; see the Guidelines:
Wildcards below.
dest-arx (1-30 characters) is the hostname of the remote ARX. Use the show ron
command for a list of all ARX systems on the current RON.
dest-directory is the destination directory on the remote ARX. Choose configs or
scripts.
dest-file (optional, 1-1024 characters) is the name of the remote file. The CLI ignores
this if you used wildcards to select multiple files.
Default(s)
CLI Reference
None
7 - 11
Chapter 7
File Management
Guidelines
This copy operation uses the ip ron-user credentials at the remote switch, or the
current user credentials if no such RON user is defined. If the administrative account
is not defined at the remote switch, or if it is defined with a different password, the
copy operation fails.
The file transfer is encrypted and sent with the Secure Copy (SCP) protocol.
There are several other copy commands for copying files to or from other servers, or
for copying to or from a client-accessible volume on the current switch. Use copy ftp
or copy tftp to upload or download using FTP or TFTP. To copy a file to or from an
SCP server in your network, use copy scp. To send out a file as an E-mail attachment,
use copy smtp. The copy {nfs|cifs} command transfers files between the maintenance
directories on the ARX and its client-accessible volumes.
After a download to the local disks, you can use show directories directory-name to
verify that the copy was successful.
To manage local files, use delete and/or rename. To view ASCII files, use show
directory file-name, tail, and/or grep.
Guidelines: Wildcards
Samples
You can use several wildcard characters to select multiple source-file names for an
upload:
•
* matches any string, including an empty string.
•
? matches any single character. This is also a special meta character in the CLI, so
you must quote the file-path string to use it; for example, copy scripts
homeDir.? ron ... would fail, but copy scripts “homeDir.?” ron ... would
succeed.
•
[] surrounds a class of characters (for example, [abcz]), and matches any one of
the characters inside the square brackets (a, b, c, or z).
•
[a-z] matches any single character from the range a through z (all lower-case).
bstnA# copy ron prtlndA scripts setupUsrShr.scr scripts setup.scr
downloads a script, setupUsrShr.scrl, from a remote ARX named “prtlndA.”
provA# copy configs test.rcfg ron newptA configs test2.rcfg
sends a replicated-config file to a remote ARX named “newptA.”
Related Commands
7 - 12
ip ron-user
copy ftp
copy tftp
copy scp
copy smtp
copy {nfs|cifs}
delete
rename
grep
tail
show directories
copy scp
copy scp
Purpose
Mode
Security Role(s)
Use the copy scp command to securely copy a file (such as a software-release file or a
log file) to or from the ARX over SCP.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
(A backup-operator can copy reports.)
Syntax: Download to
the Switch
copy scp://[user@]server:source‐file directory file
[accept‐host‐key]
scp://[user@]server:source-file (1-1024 characters) is the URL for the source file:
user@ (optional if someone created an ip scp-user) is the username to present to
the other end of the SCP connection. This user must be valid at the remote host. If
you omit this and an ip scp-user is defined, it defaults to the username set by that
command.
server: is the IP address or hostname for the SCP host. End with a colon (:).
source-file is the source-file path. Lead with a slash (“/”) if the path is absolute
(for example, “scp://root@10.1.1.5:/var/rels/aco4665.rel”). Use no slash if the
path is local to the home directory for user (for example,
“scp://root@10.1.1.5:basic_ns.scr”).
directory is the destination directory. Choose one of the following: configs, scripts,
license, or releases.
file (1-1024 characters) is the name you choose for the local copy.
accept-host-key (optional) indicates that if the other end of the connection has an
unknown SSH host key (that is, if it is new, or if its key has changed since the last time
the host was contacted), the ARX should accept the new host key and continue with
the download. Otherwise, the ARX stops the download if the host presents an
unknown key.
Syntax: Upload
copy directory file scp://[user@]server:dest‐path
[accept‐host‐key] [format {text|report|csv|xml}]
directory is one of the following: logs, stats-logs, cores, configs, replicated-configs,
reports, diag-info, software, scripts, capture, or license.
file (1-1024 characters) identifies the source file from the above directory. You can
use wildcards (such as *, ?, or [a-z]) to select multiple files; see the Guidelines:
Wildcards below.
scp://[user@]server:dest-path (1-1024 characters) is the URL for the destination.
accept-host-key (optional) means to accept an unknown SSH host key from the
remote host, if it presents one.
format {text|report|csv|xml} (optional) applies to the “reports” directory only. This
chooses the output format for the external copy of the report. The “xml” option
converts the report to XML format, “csv” converts the report to a
Comma-Separated-Value format (useful for spreadsheets), and the “text” and “report”
options leave the reports in plain-text format.
CLI Reference
7 - 13
Chapter 7
File Management
Default(s)
Guidelines
None
If you enter a user name without a password, the CLI prompts you for a password after
you issue this command. Enter the password for the user in the URL. The file is
transferred over SCP, which uses a secure, encrypted connection to the remote host.
Every host identifies itself with an encrypted SSH key. Whenever the ARX transfers a
file using SCP, it exchanges keys with the remote host. If the remote-host key is
different from one received previously, the host may not be the one you intended; an
attacker may be posing as the intended host. For this reason, the ARX does not
download or upload to a host with an unknown key unless you raise the
accept-host-key flag. Note that the first contact with any server will require this flag
to succeed.
The ARX deletes all SSH host keys on reboot, so all remote hosts are again unknown
when the switch comes back up.
Use copy ftp or copy tftp to upload or download using FTP or TFTP. To send out a
file as an E-mail attachment, use copy smtp. The copy {nfs|cifs} command transfers
files between the maintenance directories on the ARX and its client-accessible
volumes.
After a download to the local disks, you can use show directories directory-name to
verify that the copy was successful.
To move a file from the local disk to an SCP server, thereby removing it from the local
disk, you can use the move ... scp command.
To manage local files, use delete and/or move. To view ASCII files, use show
directory file-name, tail, and/or grep.
Guidelines: Wildcards
Samples
You can use several wildcard characters to select multiple source-file names for an
upload:
•
* matches any string, including an empty string.
•
? matches any single character. This is also a special meta character in the CLI, so
you must quote the file-path string to use it; for example, copy logs syslog.? scp
... would fail, but copy logs “syslog.?” scp ... would succeed.
•
[] surrounds a class of characters (for example, [abcz]), and matches any one of
the characters inside the square brackets (a, b, c, or z).
•
[a-z] matches any single character from the range a through z (all lower-case).
bstnA# copy scp://jpublic@myserver:rel2.0.rel releases r2.0.rel
Password: password‐for‐jpublic
downloads a release file, rel2.0.rel, from jpublic’s home directory at the host
named “myserver.”
bstnA# copy logs syslog scp://noc:/var/logs/acolog10 accept‐host‐key
uploads the syslog to a host named “noc,” using a default username and password.
If the host key has changed for noc (or this is the first SCP to or from noc), the
switch accepts the key and continues the upload.
7 - 14
copy scp
Related Commands
CLI Reference
ip scp-user
copy ftp
copy tftp
copy smtp
copy {nfs|cifs}
move ... scp
delete
move
grep
tail
show directories
7 - 15
Chapter 7
File Management
copy smtp
Purpose
Mode
Security Role(s)
Use the copy smtp command to send a maintenance file (such as a software-release
file or a log file) as an E-mail attachment. This syntax only supports uploads from the
switch.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
(A backup-operator can copy reports, but no other type of file.)
Syntax
copy directory file smtp://[e‐mail‐address/]destination‐file
[format {text|report|csv|xml}]
directory is one of the following: logs, stats-logs, cores, configs, replicated-configs,
reports, diag-info, software, scripts, capture, or license.
file (1-1024 characters) identifies the source file from the above directory, such as a
log file or a report. You can use wildcards (such as *, ?, or [a-z]) to select multiple
files; see the Guidelines: Wildcards below. Each matching file results in a separate
E-mail message.
smtp://[e-mail-address/]destination-file (1-1024 characters) is an E-mail destination
for the file:
smtp:// is required. This declares that the destination is an E-mail address.
e-mail-address (optional) is the recipient of the E-mail in username@host format
(for example, “jsmith@myco.com”). If you omit this, the CLI uses the default
address set by the cfg-smtp to command.
destination-file is the name of the copy. If you used wildcards to select multiple
files, this is the prefix for each copy. Each copy is sent as an attachment to the
outbound E-mail message.
format {text|report|csv|xml} (optional) applies to the “reports” directory only. This
chooses the output format for the external copy of the report. The “xml” option
converts the report to XML format, “csv” converts the report to a
Comma-Separated-Value format (useful for spreadsheets), and the “text” and “report”
options leave the reports in plain-text format.
Default(s)
Guidelines
the destination E-mail address defaults to the one set by the to command
DNS lookups must be configured for SMTP to function (see the documentation for ip
name-server).
Use copy ftp, copy tftp, or copy scp to upload or download using FTP, TFTP, or
SCP. The copy {nfs|cifs} command transfers files between the maintenance
directories on the ARX and its client-accessible volumes.
To manage local files, use delete and/or move. To view ASCII files, use show
directory file-name, tail, and/or grep.
7 - 16
copy smtp
Guidelines: Wildcards
Samples
You can use several wildcard characters to select multiple source-file names for an
upload:
•
* matches any string, including an empty string.
•
? matches any single character. This is also a special meta character in the CLI, so
you must quote the file-path string to use it; for example, copy logs syslog.?
smtp ... would fail, but copy logs “syslog.?” smtp ... would succeed.
•
[] surrounds a class of characters (for example, [abcz]), and matches any one of
the characters inside the square brackets (a, b, c, or z).
•
[a-z] matches any single character from the range a through z (all lower-case).
bstnA# copy logs syslog smtp://juser@wwmed.com/syslog
sends a copy of the syslog to “juser@wwmed.com.” The ARX sends the syslog as
an attachment to a brief E-mail message.
bstnA# copy reports metadata_only.17.rpt smtp://juser@wwmed.com/mdo.csv
sends a copy of a report to the same E-mail recipient. This command reformats
the attachment into CSV before sending it (note the “.csv” extension on the
destination file name).
Related Commands
CLI Reference
copy ftp
copy tftp
copy scp
copy {nfs|cifs}
delete
move
grep
tail
show directories
7 - 17
Chapter 7
File Management
copy tftp
Purpose
Mode
Security Role(s)
Use the copy tftp command to transfer a file (such as a software-release file or a log
file) to or from the ARX via TFTP.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
(A backup-operator can upload reports to a remote host.)
Syntax: Download to
the ARX
copy tftp://server/source‐file directory file
tftp://server/source-file (1-1024 characters) is the URL for the source file:
server is the IP address or hostname for the TFTP server.
source-file is the source-file path. Lead with an extra slash (“/”) if the path is
absolute (for example, “tftp://10.1.1.5//var/rels/aco4665.rel”). Use only one slash
if the path is local to the “tftpboot” directory. This conforms with the specification
for FTP URLs in RFC 1738.
directory is the destination directory. Choose one of the following: configs, scripts,
license, or releases.
file (1-255 characters) is the name you choose for the copy.
Syntax: Upload
copy directory file tftp://server/dest‐file
[format {text|report|csv|xml}]
directory is one of the following: logs, stats-logs, cores, configs, replicated-configs,
reports, diag-info, software, scripts, capture, or license.
file (1-1024 characters) identifies the source file from the above directory. You can
use wildcards (such as *, ?, or [a-z]) to select multiple files; see the Guidelines:
Wildcards below.
tftp://server/dest-file (1-1024 characters) is the URL for the destination file (see
above).
format {text|report|csv|xml} (optional) applies to the “reports” directory only. This
chooses the output format for the external copy of the report. The “xml” option
converts the report to XML format, “csv” converts the report to a
Comma-Separated-Value format (useful for spreadsheets), and the “text” and “report”
options leave the reports in plain-text format.
Default(s)
7 - 18
None
copy tftp
Guidelines
Use copy scp to upload or download over a secure connection, using SCP. Use copy
ftp to upload or download using FTP. To send out a file as an E-mail attachment, use
copy smtp. The copy {nfs|cifs} command transfers files between the maintenance
directories on the ARX and its client-accessible volumes.
After a copy to the local disks, you can use show directories directory-name to
verify that the copy was successful.
To move a file from the local disk to a TFTP server, thereby removing it from the local
disk, you can use the move ... tftp command.
To manage local files, use delete and/or rename. To view ASCII files, use show
directory file-name, tail, and/or grep.
Guidelines: Wildcards
Sample
You can use several wildcard characters to select multiple source-file names for an
upload:
•
* matches any string, including an empty string.
•
? matches any single character. This is also a special meta character in the CLI, so
you must quote the file-path string to use it; for example, copy capture
nas?.cap tftp ... would fail, but copy logs “nas?.cap” tftp ... would succeed.
•
[] surrounds a class of characters (for example, [abcz]), and matches any one of
the characters inside the square brackets (a, b, c, or z).
•
[a-z] matches any single character from the range a through z (all lower-case).
bstnA# copy tftp://tftp.f5.com/rel6.0.rel releases r6.0.rel
downloads a release file, rel6.0.rel, from the TFTP server at tftp.f5.com.
Related Commands
CLI Reference
copy ftp
copy scp
copy smtp
copy {nfs|cifs}
move ... tftp
delete
rename
grep
tail
show directories
7 - 19
Chapter 7
File Management
delete
Purpose
Mode
Security Role(s)
Syntax
The ARX contains directories for software-release files, log files, core files, report
files, diagnostic information, and other maintenance files. Use the delete command to
delete all files from a specified directory or to delete a specified file.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
delete {releases | logs | cores | reports | diag‐info | scripts
| capture} [file‐name]
delete {configs | license} file‐name
releases | ... | capture identifies the directory. This is a required choice.
file-name (1-1024 characters) identifies a file to delete from the above directory. This
is optional for any directory except configs or license; if you omit it for one of the
other directories, the command deletes all files in the chosen directory. You can also
use wildcards for those directories (such as *, ?, or [a-z]); see the Guidelines:
Wildcards below.
Some files in the configs and license directories are required for system operation
and/or reboot recovery, so you cannot delete all files (or use wildcards) in those
directories. You must specify a file to delete.
Default(s)
Guidelines
None
The CLI prompts for confirmation before deleting any files; enter yes to delete the
file(s).
You cannot delete the running-release, armed-release, or backup-release file. You also
cannot delete the “active.license” file in the license directory; removing the active
license disables all storage services, so it is not recommended. (You can use clear
active-license if you have been advised to remove the active license.) Do not delete
core files unless advised to do so by F5 personnel; these files contain valuable data for
diagnosing software problems.
The show directories command displays a listing of all directories on the ARX. Use
the grep, rename, copy, and delete commands to maintain these files.
Guidelines: Wildcards
7 - 20
You can use several wildcard characters to select multiple file names:
•
* matches any string, including an empty string.
•
? matches any single character. This is also a special meta character in the CLI, so
you must quote the file-path string to use it; for example, delete logs traplog.?
would fail, but delete logs “traplog.?” would succeed.
•
[] surrounds a class of characters (for example, [abcz]), and matches any one of
the characters inside the square brackets (a, b, c, or z).
•
[a-z] matches any single character from the range a through z (all lower-case).
delete
Samples
bstnA# delete logs syslog5.log
Delete file 'syslog5.log' in directory 'logs'? [yes/no] yes
deletes the file named “syslog5.log” from the logs directory.
bstnA# delete logs syslog*
Delete file 'syslog' in directory 'logs'? [yes/no/all] yes
Delete file 'syslog.1' in directory 'logs'? [yes/no/all] all
bstnA#
deletes all syslog files from the logs directory.
bstnA# delete cores
Delete all core files in directory 'cores'? [yes/no] yes
deletes all files in the cores directory.
Related Commands
CLI Reference
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
grep
rename
show directories
7 - 21
Chapter 7
File Management
grep
Purpose
Mode
The ARX contains directories for software-release files, log files, core files, and other
maintenance files. Use the grep command to filter one of these files, displaying the
lines that match a pattern or text string.
(any)
Security Role(s)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
Syntax: One File
grep filter {releases | logs | stats‐logs | cores | configs |
replicated‐configs | reports | software | scripts | capture |
license} file‐name [ ignore ignore ] [ tail lines ]
searches through one file.
filter (1-255 characters) is the pattern or text string to search for in the file. See the
Guidelines: Regular Expression below for the syntax. The grep displays all lines
containing this pattern.
releases | ... | license selects the directory. This is a required choice.
file-name (1-1024 characters) identifies the file to read.
ignore (optional) filters out text, and
ignore (1-1024 characters) specifies a text string to ignore.
tail (optional) displays the end of the file, and
lines (1-1024) specifies how many lines to show at the end of the file.
Syntax: Directory
grep filter {releases | logs | stats‐logs | cores | configs |
replicated‐configs | reports | software | scripts | capture |
license} [ ignore ignore ] [ tail lines ]
searches through all files in a directory.
filter (1-255 characters) is the pattern or text string to search for in the directory. See
the Guidelines: Regular Expression below for the syntax. The grep displays all lines
from all files containing this pattern.
releases | ... | license selects the directory. This is a required choice.
ignore (optional) filters out text, and
ignore (1-1024 characters) specifies a text string to ignore.
tail (optional) displays the end of the file, and
lines (1-1024) specifies the number of lines to show.
Default(s)
7 - 22
None
grep
Guidelines: Regular
Expression
The regular expression syntax follows grep’s “basic” regular-expression syntax:
. matches any single character.
.* matches any string, including the null string.
[...] matches any one of the enclosed characters.
[a-z] matches any character in the sorted range, a through z.
\ matches the next character, even if it has special meaning (for example, \.
matches a period instead of any character).
[^...] matches any character that is not enclosed.
Guidelines: Available
Files
Samples
The show directories command displays maintenance directories of the hard disks on
the ARX. These are the directories and files you can search with the grep command.
Use the move, copy, and delete commands to maintain these files.
bstnA# grep :POLICY logs syslog
searches for the string “:POLICY” in the syslog. Sample output appears in
Figure 7.2 on page 7-24.
bstnA# grep :POLICY logs syslog ignore init
is the same search, but without any lines containing ‘init.’ Sample output appears
in Figure 7.3 on page 7-24.
bstnA# grep :POLICY.*\.\.\. logs syslog ignore init
searches for the same strings followed by an ellipses (...). Note the use of “\.”
Sample output appears in Figure 7.4 on page 7-24.
bstnA# grep :POLICY.*\.\.\. logs syslog ignore init tail 5
is the same as the above example, but shows only the last 5 lines. Sample output
appears in Figure 7.5 on page 7-24.
prtlndA# grep “prtlndA.*CLI_COMMAND.*show namespace.*wwmed” logs
Searches for certain CLI commands in the logs directory. All log files are
searched. Sample output appears in Figure 7.6 on page 7-25.
Related Commands
CLI Reference
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
copy smtp
delete
move
move ... ftp
move ... {nfs|cifs}
move ... scp
move ... tftp
show directories
7 - 23
Chapter 7
File Management
Figure 7.2 Sample Output: grep
bstnA# grep :POLICY logs syslog
2004‐05‐12T05:42:11.378‐0400:bstnA:1‐1‐SCM‐1435:POLICY_PDP‐0‐6‐MSG6:: afnpdpd: Version 0.12.0.4671 (May 12 2004 14:27:17) [dfeng]
2004‐05‐12T05:42:11.379‐0400:bstnA:1‐1‐SCM‐1435:POLICY_PDP‐0‐6‐MSG6:: afnpdpd: (build 4671) starting up.
2004‐05‐12T05:42:11.379‐0400:bstnA:1‐1‐SCM‐1435:POLICY_PDP‐0‐6‐MSG6:: afnpdpd: Copyright (c) 2002‐2004 by Acopia Networks Inc. All rights reserved.
2004‐05‐12T05:42:11.380‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: init_daemon succeeded
2004‐05‐12T05:42:11.380‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: waiting for OM GLOBAL Scope ...
2004‐05‐12T05:42:17.397‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: pdpd: OM GLOBAL Scope available.
2004‐05‐12T05:42:25.417‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: initializing IPC
2004‐05‐12T05:42:25.752‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: IPC OK
2004‐05‐12T05:42:25.752‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: create IPC thread
2004‐05‐12T05:42:25.753‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: IPC thread OK
...
Figure 7.3 Sample Output: grep ... ignore
bstnA# grep :POLICY logs syslog ignore init
2004‐05‐12T05:42:11.378‐0400:bstnA:1‐1‐SCM‐1435:POLICY_PDP‐0‐6‐MSG6:: afnpdpd: Version 0.12.0.4671 (May 12 2004 14:27:17) [dfeng]
2004‐05‐12T05:42:11.379‐0400:bstnA:1‐1‐SCM‐1435:POLICY_PDP‐0‐6‐MSG6:: afnpdpd: (build 4671) starting up.
2004‐05‐12T05:42:11.379‐0400:bstnA:1‐1‐SCM‐1435:POLICY_PDP‐0‐6‐MSG6:: afnpdpd: Copyright (c) 2002‐2004 by Acopia Networks Inc. All rights reserved.
2004‐05‐12T05:42:11.380‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: waiting for OM GLOBAL Scope ...
2004‐05‐12T05:42:17.397‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: pdpd: OM GLOBAL Scope available.
2004‐05‐12T05:42:25.752‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: IPC OK
2004‐05‐12T05:42:25.752‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: create IPC thread
2004‐05‐12T05:42:25.753‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: IPC thread OK
...
Figure 7.4 Sample Output: grep Using ‘\’
bstnA# grep :POLICY.*\.\.\. logs syslog ignore init
2004‐05‐12T05:42:11.380‐0400:bstnA:1‐1‐SCM‐1439:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: waiting for OM GLOBAL Scope ...
2004‐05‐12T05:42:27.006‐0400:bstnA:1‐1‐SCM‐1552:POLICY_PDP‐0‐7‐MSG7:: afnpdpd: clean rules thread starting ...
2004‐05‐12T05:42:28.024‐0400:bstnA:1‐1‐SCM‐1552:POLICY_PDP‐0‐7‐MSG7:: afndpdpd : scrubbing rule table...
2004‐05‐12T05:47:28.009‐0400:bstnA:1‐1‐SCM‐1552:POLICY_PDP‐0‐7‐MSG7:: afndpdpd : scrubbing rule table...
2004‐05‐12T05:52:28.008‐0400:bstnA:1‐1‐SCM‐1552:POLICY_PDP‐0‐7‐MSG7:: afndpdpd : scrubbing rule table...
2004‐05‐12T05:57:28.010‐0400:bstnA:1‐1‐SCM‐1552:POLICY_PDP‐0‐7‐MSG7:: afndpdpd : scrubbing rule table...
...
Figure 7.5 Sample Output: grep ... tail
bstnA# grep :POLICY.*\.\.\. logs syslog ignore init tail 5
2004‐05‐13T02:12:30.063‐0400:bstnA:1‐1‐SCM‐1517:POLICY_PDP‐0‐7‐MSG7:: afndpdpd : scrubbing rule table...
2004‐05‐13T02:17:30.028‐0400:bstnA:1‐1‐SCM‐1517:POLICY_PDP‐0‐7‐MSG7:: afndpdpd : scrubbing rule table...
7 - 24
grep
2004‐05‐13T02:22:30.025‐0400:bstnA:1‐1‐SCM‐1517:POLICY_PDP‐0‐7‐MSG7:: afndpdpd : scrubbing rule table...
2004‐05‐13T02:27:30.031‐0400:bstnA:1‐1‐SCM‐1517:POLICY_PDP‐0‐7‐MSG7:: afndpdpd : scrubbing rule table...
2004‐05‐13T02:32:30.027‐0400:bstnA:1‐1‐SCM‐1517:POLICY_PDP‐0‐7‐MSG7:: afndpdpd : scrubbing rule table...
bstnA#
Figure 7.6 Sample Output: grep (directory)
prtlndA# grep “prtlndA.*CLI_COMMAND.*show namespace.*wwmed” logs
2004‐05‐07T08:21:29.207‐0400:prtlndA:1‐1‐ACM‐3177:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T08:21:39.147‐0400:prtlndA:1‐1‐ACM‐3177:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T08:21:49.107‐0400:prtlndA:1‐1‐ACM‐3177:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T08:21:59.007‐0400:prtlndA:1‐1‐ACM‐3177:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T08:22:08.937‐0400:prtlndA:1‐1‐ACM‐3177:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T08:22:09.657‐0400:prtlndA:1‐1‐ACM‐3177:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace wwmed
2004‐05‐07T12:59:45.102‐0400:prtlndA:1‐1‐ACM‐3170:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T12:59:55.062‐0400:prtlndA:1‐1‐ACM‐3170:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T13:00:05.022‐0400:prtlndA:1‐1‐ACM‐3170:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T13:00:14.922‐0400:prtlndA:1‐1‐ACM‐3170:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T13:00:15.682‐0400:prtlndA:1‐1‐ACM‐3170:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace wwmed
2004‐05‐07T13:47:38.088‐0400:prtlndA:1‐1‐ACM‐3180:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T13:47:48.038‐0400:prtlndA:1‐1‐ACM‐3180:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T13:47:57.968‐0400:prtlndA:1‐1‐ACM‐3180:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T13:48:07.908‐0400:prtlndA:1‐1‐ACM‐3180:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T13:48:17.918‐0400:prtlndA:1‐1‐ACM‐3180:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace status wwmed
2004‐05‐07T13:48:18.668‐0400:prtlndA:1‐1‐ACM‐3180:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA(gbl)# show namespace wwmed
2004‐05‐07T14:21:36.589‐0400:prtlndA:1‐1‐ACM‐20578:SCM_CLI‐0‐6‐CLI_COMMAND:: User admin: Command: prtlndA# grep “prtlndA.*CLI_COMMAND.*show namespace.*wwmed” logs syslog
prtlndA#
CLI Reference
7 - 25
Chapter 7
File Management
ip ftp-user
Purpose
When you use the copy or move command to transport files to/from an FTP site, you
enter a username and password for the FTP server. Use the ip ftp-user command to set
a default username and password.
Use the no form of this command to revert to the “anonymous” default.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ip ftp‐user name
no ip ftp‐user
name (1-32 characters) is the FTP username.
Default(s)
name - anonymous
password - upgrade-hostname, where you can set the hostname with the hostname
command.
Guidelines
The CLI prompts twice for a password. See the sample below.
This command makes the copy ftp and move ... ftp commands easier to use; you can
omit the username and password from each of these commands, defaulting to this one.
Sample
bstnA(cfg)# ip ftp‐user jsmith
Password: jpasswd
Validate Password: jpasswd
bstnA(cfg)# ...
provides a username and password, jsmith and jpasswd, for transferring files
to/from an FTP server.
Related Commands
7 - 26
copy ftp
move ... ftp
ip ron-user
ip ron-user
Purpose
When you use the copy ron command to copy a file onto another ARX, you require an
administrative username and password for the remote peer. Use the ip ron-user
command to set a default username and password.
Use the no form of this command to revert to using the current administrative account
as the default.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ip ron‐user name
no ip ron‐user
name (1-32 characters) is a valid administrative user at a remote ARX.
Default(s)
Guidelines
Sample
If this is not set, the copy ron command uses the username and password of the
current administrative account.
The CLI prompts twice for a password. See the sample below.
bstnA(cfg)# ip ron‐user jsmith
Password: jpasswd
Validate Password: jpasswd
bstnA(cfg)# ...
provides a username and password, jsmith and jpasswd, for sending file copies to
a remote ARX.
Related Commands
CLI Reference
copy ron
7 - 27
Chapter 7
File Management
ip scp-user
Purpose
When you use the copy or move command to transfer files to/from an SCP server,
you enter a username and password for the SCP server. Use the ip scp-user command
to set a default username and password for these operations.
Use the no form of this command to remove the default.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ip scp‐user name
no ip scp‐user
name (1-32 characters) is a Unix username that is valid on the remote SCP server(s).
Default(s)
Guidelines
None.
The CLI prompts twice for a password. See the sample below.
This command makes the copy scp and move ... scp commands easier to use; you
can omit the username and password from each command, defaulting to this one.
Sample
bstnA(cfg)# ip scp‐user jsmith
Password: jpasswd
Validate Password: jpasswd
bstnA(cfg)# ...
provides a username and password, jsmith and jpasswd, for copying to/from an
SCP server.
Related Commands
7 - 28
copy scp
move ... scp
move
move
Purpose
Mode
Security Role(s)
Syntax
The ARX contains directories for software release files, log files, report files, and
other maintenance files. Use the move command to change the name of a file in one
of these directories.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
move {logs | cores | configs | replicated‐configs | diag‐info |
software | reports | scripts | capture | license}
src‐file‐name dest‐file‐name
logs | ... | license identifies the directory. This is required.
logs selects a log file. Use the show logs command for a full list of all available
log files.
cores selects a core-dump file generated by a failing process. The show cores
command lists all such files that currently exist, if any.
configs selects a configuration file, such as those generated by copy
running-config and copy global-config. Use show configs to list them.
replicated-configs selects a replicated-configuration file, from a remote ARX
cluster. You can use these files for a disaster-recovery operation. Use show
replicated-configs to list them.
diag-info selects a diagnostics file generated by collect or collect logs. Use
show diag-info to see if any are available.
software selects a software-related file or a software-user manual. The show
software command lists all of them.
reports selects a report file.
scripts selects a script file. Use show scripts to see all available scripts.
capture selects a packet-capture file created by the capture session command.
The show capture command lists all packet-capture files currently on the ARX.
license selects a license file. The show license command lists all license-related
files currently on the ARX.
src-file-name (1-1024 characters) is the original file name, the file to rename.
dest-file-name (1-1024 characters) is the new name you choose for the file.
Default(s)
Guidelines
None
The show directories command displays all files and directories on the ARX hard
disks.
You can also move files to an external servers. The move ... ftp command uploads
over FTP, then deletes the source file after a successful copy operation. Use move ...
scp to use a secure connection, SCP. The move ... tftp command uses TFTP (Trivial
FTP) as a transport. The move ... {nfs|cifs} command transfers files from the
maintenance directories on the ARX to its client-accessible volumes.
Use the grep, copy, and delete commands to maintain these files.
CLI Reference
7 - 29
Chapter 7
File Management
Sample
bstnA# move diag‐info ns_wwmed.tgz wwmed_11_12.tgz
renames a diagnostics file.
Related Commands
7 - 30
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
copy ftp
copy scp
copy tftp
copy smtp
copy {nfs|cifs}
grep
delete
show directories
move ... ftp
move ... ftp
Purpose
Mode
Security Role(s)
Use the move ... ftp command to transfer a file (such as a core-dump file) off of the
ARX via FTP. This command deletes the file after it is successfully copied, or leaves
the file at the source location if the copy operation fails.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
(A backup-operator can move reports.)
Syntax
move directory file ftp://[user:password@]server/dest‐file
[format {text|report|csv|xml}]
directory is one of the following: logs, cores, configs, replicated-configs, reports,
diag-info, software, scripts, capture, or license.
file (1-1024 characters) identifies the source file from the above directory.
ftp://[user:password@]server/dest-file (1-1024 characters) is the URL for the
destination file:
user[:password]@ (optional) are the credentials for FTP access. If you omit them,
they default to the credentials set by the ip ftp-user command. If you omit the
password, the CLI prompts for one.
server is the IP address or hostname for the FTP server.
dest-file is the new path that you want for the file. Lead with an extra slash (“/”) if
the path is absolute (for example, “ftp://10.1.1.5//var/caps/arx0107.cap”). Use
only one slash if the path is local to the home directory for user (for example,
“ftp://10.1.1.5/gffstnA.tgz”). This conforms with the specification for FTP URLs
in RFC 1738.
format {text|report|csv|xml} (optional) applies to the “reports” directory only. This
chooses the output format for the report. The “xml” option converts the report to XML
format, “csv” converts the report to a Comma-Separated-Value format (useful for
spreadsheets), and the “text” and “report” options leave the reports in plain-text
format.
Default(s)
CLI Reference
user:password from the URL - the default set by ip ftp-user.
7 - 31
Chapter 7
File Management
Guidelines
If you enter a user name without a password, the CLI prompts for the password before
continuing. Enter the password for the user you included in the URL.
To copy a file over FTP instead of moving it, you can use the copy ftp command.
You can also move (or copy) files using several additional protocols. Use move ...
scp or copy scp to use an SCP connection for the move or copy operation. The move
... tftp and copy tftp commands use TFTP (Trivial FTP) as a transport. To send out a
file as an E-mail attachment, use copy smtp. The move ... {nfs|cifs} and copy
{nfs|cifs} commands transfer files between the maintenance directories on the ARX
and its client-accessible volumes. To rename a file in its current ARX directory, you
can use the move command.
The move commands only upload to an external server. The equivalent copy
commands can also download. For example, the copy ftp command FTP-copies a file
to or from the ARX.
To manage local files, use delete and/or move. To view ASCII files, use show
directory file-name, tail, and/or grep.
Guidelines:
Reformatting Reports
to XML or CSV
Sample
For move operations out of the reports directory, you can reformat the file to XML or
CSV (comma-separated value) format. Use a .xml or .csv extension for the
destination-file-name, and the move operation converts the file to the chosen format. A
.txt or .rpt extension leaves the file in plain-text format.
bstnA# move capture fsrvr.cap ftp://noc.phredco.com/bstnA_fsrvr.cap
moves a packet-capture file off of the ARX and onto the FTP server at
noc.phredco.com. This example uses the default username and password, set by ip
ftp-user.
Related Commands
7 - 32
ip ftp-user
move
move ... scp
move ... tftp
move ... {nfs|cifs}
copy ftp
copy scp
copy tftp
copy smtp
copy {nfs|cifs}
delete
grep
tail
show directories
move ... {nfs|cifs}
move ... {nfs|cifs}
Purpose
Mode
Security Role(s)
Use the move ... {nfs|cifs} command to transfer a file (such as a software-release file
or a log file) from the ARX to one of its volumes. This command deletes the file after
it is successfully copied to the volume, or leaves the file at the source location if the
copy operation fails.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
(A backup-operator can move reports.)
Syntax
move directory file {nfs|cifs} namespace vol [dest‐file‐path]
[format {text|report|csv|xml}]
directory is one of the following: logs, cores, configs, replicated-configs, reports,
diag-info, software, scripts, capture, or license.
file (1-1024 characters) identifies the source file from the above directory. You can
use wildcards (such as *, ?, or [a-z]) to select multiple files; see the Guidelines:
Wildcards below.
nfs | cifs is a required choice. This chooses the protocol for the file transfer.
namespace (1-30 characters) identifies the namespace to use as a destination.
vol (1-1024 characters) is the volume where the file will go.
dest-file-path (optional, 1-1024 characters) is the destination path for the file, starting
at the volume root. If you omit this, the file goes to the volume root and keeps its
original name.
format {text|report|csv|xml} (optional) applies to the “reports” directory only. This
chooses the output format for the report. The “xml” option converts the report to XML
format, “csv” converts the report to a Comma-Separated-Value format (useful for
spreadsheets), and the “text” and “report” options leave the reports in plain-text
format.
Default(s)
CLI Reference
None
7 - 33
Chapter 7
File Management
Guidelines
The CLI chooses a user identity to establish its read/write privileges in the ARX
volume. It chooses its identity based on the transfer protocol. For NFS, the CLI uses
root as its identity. For CIFS, the CLI uses the proxy-user (gbl-ns) for the chosen
namespace. These identities typically ensure that there are no permissions problems
during the copy operation.
To copy a file to a volume instead of moving it, you can use the copy {nfs|cifs}
command.
You can also move (or copy) files using several additional protocols.Use move ... scp
or copy scp to use an SCP connection for the move or copy operation. The move ...
tftp and copy tftp commands use TFTP (Trivial FTP) as a transport. To send out a file
as an E-mail attachment, use copy smtp. The move ... ftp and copy ftp commands
use FTP to send files to an external server. To rename a file in its current ARX
directory, you can use the move command.
The move commands only upload to an external server. The equivalent copy
commands can also download. For example, the copy {nfs|cifs} command copies a
file to or from an ARX volume.
To manage local files, use delete and/or move. To view ASCII files, use show
directory file-name, tail, and/or grep.
Guidelines: Wildcards
Sample
You can use several wildcard characters to select multiple file names:
•
* matches any string, including an empty string.
•
? matches any single character. This is also a special meta character in the CLI, so
you must quote the file-path string to use it; for example, move diag-info
collNum?.tgz cifs medarcv /rcrds would fail, but move diag-info
“collNum?.tgz” cifs medarcv /rcrds would succeed.
•
[] surrounds a class of characters (for example, [abcz]), and matches any one of
the characters inside the square brackets (a, b, c, or z).
•
[a-z] matches any single character from the range a through z (all lower-case).
bstnA# move cores core‐* nfs wwmed /acct/.admin/
moves all core-dump files from the local “cores” directory to a hidden directory in
“wwmed~/acct,” an NFS volume.
Related Commands
7 - 34
move
move ... ftp
move ... scp
move ... tftp
copy ftp
copy scp
copy tftp
copy smtp
copy {nfs|cifs}
delete
rename
grep
tail
show directories
move ... scp
move ... scp
Purpose
Mode
Security Role(s)
Use the move ... scp command to securely copy a file (such as a software-release file
or a log file) to or from the ARX over SCP. This command deletes the file after it is
successfully transferred, or leaves the file at the source location if the copy operation
fails.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
(A backup-operator can move reports.)
Syntax
move directory file scp://[user@]server:dest‐file
[accept‐host‐key] [format {text|report|csv|xml}]
directory is one of the following: logs, cores, configs, replicated-configs, reports,
diag-info, software, scripts, capture, or license.
file (1-1024 characters) identifies the file to move out of the above directory.
scp://[user@]server:dest-file (1-1024 characters) is the URL for the file’s destination:
user@ (optional if someone created an ip scp-user) is the username to present to
the other end of the SCP connection. This user must be valid at the remote host. If
you omit this and an ip scp-user is defined, it defaults to the username set by that
command.
server: is the IP address or hostname for the SCP host. End with a colon (:).
dest-file is the desired path for the file at the remote host. Lead with a slash (“/”) if
the path is absolute (for example, “scp://root@10.1.1.5:/var/arxDiags/6_5.tgz”).
Use no slash if the path is local to the home directory for user (for example,
“scp://root@10.1.1.5:6_5.tgz”).
accept-host-key (optional) means to accept an unknown SSH host key from the
remote host, if it presents one.
format {text|report|csv|xml} (optional) applies to the “reports” directory only. This
chooses the output format for the report. The “xml” option converts the report to XML
format, “csv” converts the report to a Comma-Separated-Value format (useful for
spreadsheets), and the “text” and “report” options leave the reports in plain-text
format.
Default(s)
Guidelines
None
If you enter a username in this command, the CLI prompts you for a password. Enter
the password for the user in the URL. The file is transferred over SCP, which uses a
secure, encrypted connection to the remote host.
Every host identifies itself with an encrypted SSH key. Whenever the ARX transfers a
file using SCP, it exchanges keys with the remote host. If the remote-host key is
different from one received previously, the host may not be the one you intended; an
attacker may be posing as the intended host. For this reason, the ARX does not
download or upload to a host with an unknown key unless you raise the
accept-host-key flag. Note that the first contact with any server will require this flag
to succeed.
The ARX deletes all SSH host keys on reboot, so all remote hosts are again unknown
when the switch comes back up.
CLI Reference
7 - 35
Chapter 7
File Management
Guidelines: Additional
Commands for
Moving and Copying
Files
To copy a file over SCP instead of moving it, you can use the copy scp command.
You can also move (or copy) files using several additional protocols. The move ... tftp
and copy tftp commands use TFTP (Trivial FTP) as a transport. To send out a file as
an E-mail attachment, use copy smtp. The move ... ftp and copy ftp commands use
FTP to send files to an external server. Use move ... {nfs|cifs} or copy {nfs|cifs} to
move or copy a file to a volume on the current ARX. To rename a file in its current
ARX directory, you can use the move command. The move commands only upload
to an external server. The equivalent copy commands can also download. For
example, the copy scp command copies a file to or from an external server.
To manage local files, use delete and/or move. To view ASCII files, use show
directory file-name, tail, and/or grep.
Sample
bstnA# move capture ntap.cap scp://root@noc:/var/logs/arx2ntap.cap accept‐host‐key
Password: root‐password
uploads a packet-capture file to a host named “noc.” If the host key has changed
for noc (or this is the first SCP to or from noc), the switch accepts the key and
continues the upload.
(For details on creating a packet-capture file, see the documentation for the
capture session command.)
Related Commands
7 - 36
ip scp-user
move
move ... ftp
move ... tftp
move ... {nfs|cifs}
copy scp
copy ftp
copy tftp
copy smtp
copy {nfs|cifs}
delete
grep
tail
show directories
move ... tftp
move ... tftp
Purpose
Mode
Security Role(s)
Use the move ... tftp command to transfer a file (such as a packet-capture file) off of
the ARX via Trivial FTP (TFTP). This command deletes the file after it is successfully
transferred, or leaves the file at the source location if the copy operation fails.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
(A backup-operator can upload reports to a remote host.)
Syntax
move directory file tftp://server/dest‐file
[format {text|report|csv|xml}]
directory is one of the following: logs, cores, configs, replicated-configs, reports,
diag-info, software, scripts, capture, or license.
file (1-1024 characters) identifies the source file from the above directory.
tftp://server/dest-file (1-1024 characters) is the URL for the destination file:
server is the IP address or hostname for the TFTP server.
dest-file is the new path for the file. Lead with an extra slash (“/”) if the path is
absolute (for example, “tftp://10.1.1.5//var/diags/arxCllct.tgz”). Use only one
slash if the path is local to the “tftpboot” directory. This conforms with the
specification for FTP URLs in RFC 1738.
format {text|report|csv|xml} (optional) applies to the “reports” directory only. This
chooses the output format for the report. The “xml” option converts the report to XML
format, “csv” converts the report to a Comma-Separated-Value format (useful for
spreadsheets), and the “text” and “report” options leave the report in plain-text format.
Default(s)
Guidelines
None
To copy a file over TFTP instead of moving it, you can use the copy tftp command.
You can also move (or copy) files using several additional protocols. The move ...
scp and copy scp commands use SCP (Secure CoPy) as a transport. To send out a file
as an E-mail attachment, use copy smtp. The move ... ftp and copy ftp commands
use FTP to send files to an external server. Use move ... {nfs|cifs} or copy {nfs|cifs}
to move or copy a file to a volume on the current ARX. To rename a file in its current
ARX directory, you can use the move command. The move commands only upload
to an external server. The equivalent copy commands can also download. For
example, the copy tftp command copies a file to or from an external server.
To manage local files, use delete and/or move. To view ASCII files, use show
directory file-name, tail, and/or grep.
Sample
bstnA# move capture 11_12.cap tftp://tftp.f5.com/11_12_arx.cap
sends a packet-capture file, 11_12.cap, to the TFTP server at tftp.f5.com.
(For details on creating a packet-capture file, see the documentation for the
capture session command.)
CLI Reference
7 - 37
Chapter 7
File Management
Related Commands
7 - 38
move
move ... ftp
move ... scp
move ... {nfs|cifs}
copy ftp
copy tftp
copy scp
copy smtp
copy {nfs|cifs}
delete
grep
tail
show directories
pause
pause
Purpose
Mode
Security Role(s)
Syntax
This command is useful in writing/running scripts when you want to pause the CLI
temporarily.
(any)
operator
pause [seconds]
seconds (optional; 0-3600) is the number of seconds to pause the CLI operation. If you
omit this argument, the <Enter> key stops the pause.
Default(s)
Guidelines
0 (indefinite pause, until you press <Enter>)
You can use this command with terminal clear, which is also useful in writing scripts.
For example, you could write a script that lets you view share status during a
managed-volume import:
terminal clear show share status
pause 60 terminal clear show share status
pause 60 terminal clear show share status
pause 60 terminal clear show share status
pause 60 terminal clear show share status
Samples
bstnA# pause 300
pauses the CLI for 300 seconds (five minutes).
bstnA# pause
Press <enter> to continue.
pauses the CLI until you press <Enter>.
Related Commands
CLI Reference
run
terminal clear
7 - 39
Chapter 7
File Management
remark
Purpose
Mode
Security Role(s)
Syntax
Use this command to enter a text-string comment into the syslog.
(any)
operator
remark {critical | error | warning | notice | info | debug} comment‐string
critical | error | warning | notice | info | debug is a required choice. This sets the
severity of the message.
comment-string (1-255 characters) is the message text. Insert quotation marks around
the string if it contains any spaces.
Default(s)
Guidelines
None
Use show logging levels to verify the log-level settings for each component.
From any mode, use show logs syslog or grep pattern logs syslog to view the log
messages in the syslog file. See the manual, ARX Log Catalog, for a full list of log
messages.
Sample
bstnA# remark critical “J. Random bringing down NFS”
enters a critical message into the syslog.
Related Commands
7 - 40
show logging levels
pause
grep
rename
rename
Purpose
Mode
Security Role(s)
Syntax
The ARX contains directories for software release files, log files, report files, and
other maintenance files. Use the rename command to change the name of a file in one
of these directories.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
rename {releases | logs | cores | reports | scripts | capture |
license} src‐file‐name dest‐file‐name
releases | ... | license identifies the directory. This is required.
logs selects a log file.
cores selects a core dump file.
reports selects a report file.
scripts selects a script file.
capture selects a packet-capture file created by the capture session command.
license selects a license file.
src-file-name (1-1024 characters) is the original file name, the file to rename.
dest-file-name (1-1024 characters) is the new name you choose for the file.
Default(s)
Guidelines
None
The CLI prompts for confirmation before renaming a file; enter yes to proceed with
the rename operation.
The show directories command displays all files and directories on the ARX hard
disks.
Use the grep, copy, rename, and delete commands to maintain these files.
Sample
bstnA# rename releases rel8.rel fallback.rel
Rename file 'rel8.rel' in directory 'releases' to 'fallback.rel'? [yes/no] yes
renames a release file.
Related Commands
CLI Reference
grep
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
delete
show directories
7 - 41
Chapter 7
File Management
run
Purpose
Mode
Security Role(s)
Syntax
This command enables you to run a CLI script.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
run {scripts | configs} script‐name
scripts | configs selects the directory that holds the script. Use show scripts or show
configs for file listings in these directories.
script-name (1-1024 characters) identifies the CLI script file to run. Use show scripts
to display the scripts directory contents.
Default(s)
Guidelines
None
Use this command to run a CLI script. You can only run a script that is in the scripts or
configs directory. The script is comprised of CLI commands, one per line. Comments
start with a semi-colon (;).
To download a CLI-script file from an FTP, SCP, TFTP or other network service, use
the copy command. If you want to run the script periodically, on a schedule, use the at
... do run command.
There are several CLI commands (such as attach) that do not get committed until you
exit the mode with either exit or end. The best practice is to use the end command at
the end of any script; you can use this command from any mode under cfg or gbl
mode.
If you auto-generate a script (for example, with show running-config or show
global-config), you must edit the script before you run it on an earlier release of ARX
software. Command syntax may have changed as well as the best practices for
command order. Consult the documentation from the earlier release (available from
the GUI) and change the script’s commands as needed before you use this command to
run it.
Sample
bstnA# run scripts testdemo1.scr
runs the script, “testdemo.scr.”
Related Commands
7 - 42
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
show scripts
show configs
show software
show directories
show at
show at
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show at command to display all scheduled CLI commands and/or scripts.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show at
Use the at command to schedule a CLI job to run in the future.
This command displays two rows per scheduled CLI job. Each pair of rows contains
the following columns:
Job is a numeric ID for the scheduled job. This is assigned by the CLI when the user
issues the at command. You can use this ID with clear at to clear the job.
NextTime is the date and time for the next scheduled job run. This is in the following
format: mm/dd/yyyy.HH:MM.
Interval is the time between runs, if there is one. This is the every interval part of the
at command.
Command is the exact CLI command (or script) that is invoked at each run.
Report is the prefix for the report generated at each run, if there is one. Each report is
named as follows: report-prefix_yyyymmddHHMM.rpt. The part after the underscore
is the date and time of the run. Use show reports to view the reports, if there are any.
Sample
bstnA# show at
shows all scheduled commands and scripts. See Figure 7.7 for sample output.
Related Commands
at
clear at
Figure 7.7 Sample Output: show at
bstnA# show at
Job NextTime Interval Command
Report
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 03/31/2009.00:49 1 Days nis update
2 03/30/2009.03:30 89 Days cifs rekey all
4 03/30/2009.01:34 5 Min show sessions
adminSessions
5 03/31/2009.00:00 1 Days copy startup‐config ftp://root:rootpw@172.16.100.183//tmp/acocfg.conf
6 03/30/2009.03:45 1 Days active‐directory update forest MEDARCH.ORG proxy‐user acoProxy2
7 03/30/2009.05:00 1 Days active‐directory update forest NY.COM proxy‐user ny_admin
8 03/31/2009.01:19 1 Days copy reports snap* ftp://ftpuser:ftpuser@172.16.100.183//var/arxSnapRpts/ format xml
CLI Reference
7 - 43
Chapter 7
File Management
show capture
Purpose
Mode
Security Role(s)
Syntax
The capture directory stores all files created by capturing IP traffic. Use this command
to display the contents of the capture directory and/or the contents of a specified
capture file.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show capture [file‐name [summary [cifs|non‐cifs]]]
file-name (optional, 1-1024 characters) is the name of the file to display. If you omit
this, the CLI shows a list of all files in the directory.
summary (optional) reduces the output to a group of summary tables, like those
shown with Tshark -z.
cifs | non-cifs (optional) is a filter on the summary output. If you choose cifs, the
summary only counts packets related to CIFS traffic. These are packets to or from
UDP/88, TCP/88, UDP/137, UDP/138, TCP/139, and/or TCP/445. The non-cifs
option summarizes all packets except the ones to or from those ports.
Guidelines
You can capture IP traffic into a file with the capture session command. This
command shows a list of all captured files or shows the contents of one of them.
The contents of the capture file are similar to the output of TShark, a commonly
available network-packet analyzer. The TShark program is built on the same Packet
Capture (PCap) library as WireShark, a similar program with a graphical interface.
The capture summary is similar to the output of Tshark -z. This shows a table of UDP
conversations and TCP conversations, followed by RTT statistics for NFSv2, NFSv3,
and SMB (or CIFS). The TCP and UDP tables have one row per pairing of IP
addresses. The NFS tables do not appear if you use the cifs option, and the SMB tables
do not appear if you enter the non-cifs option.
Use the show directories command to show the contents of all directories on the
ARX. To maintain this directory, use the copy, move, grep, and delete commands.
While a capture session is underway, the ARX writes to its output file each time it
captures IP packets. If the capture session writes to multiple files, it creates them all
with a time stamp in each of their names. Use show capture sessions for a list of
capture sessions that are currently underway.
7 - 44
show capture
Samples
bstnA> show capture
capture
cifsVol.cap 06/29 01:55 220 kB
clientCap.cap 06/29 01:45 15 MB
fsrvr.cap 06/29 02:12 224 kB
nasTraffic.cap 06/29 01:55 212 kB
ntaps_00001_20110629060427.cap 06/29 02:04 24 B
proxyTraffic_01620_20110629055529.cap 06/29 01:55 150 kB
proxyTraffic_01621_20110629055531.cap 06/29 01:55 94 kB
lists the directory contents.
bstnA> show capture nasTraffic_00001_20060328081103.cap
Shows the contents of a capture file. See Figure 7.8 for sample output.
bstnA> show capture nasTraffic.cap summary
Summarizes the contents of a capture file. See Figure 7.9 on page 7-46 for
sample output.
Related Commands
capture session
show capture sessions
copy ftp, copy scp, copy {nfs|cifs}, copy tftp, and copy smtp
move, move ... ftp, move ... scp, move ... {nfs|cifs}, move ... tftp, and move ... scp
delete
show directories Figure 7.8 Sample Output: show capture
bstnA# show capture nasTraffic.cap
1 0.000000 192.168.25.21 ‐> 192.168.25.141 TCP 2049 > 652 [PSH, ACK] Seq=0 Ack=0 Win=26280 Len=172
2 1.344955 192.168.25.21 ‐> 192.168.25.33 UDP Source port: 2049 Destination port: 640
3 1.346355 192.168.25.21 ‐> 192.168.25.141 UDP Source port: 2049 Destination port: 640
4 1.346602 192.168.25.21 ‐> 192.168.25.141 UDP Source port: 2049 Destination port: 640
5 1.347700 192.168.25.21 ‐> 192.168.25.141 UDP Source port: 2049 Destination port: 640
6 1.347899 192.168.25.21 ‐> 192.168.25.141 UDP Source port: 2049 Destination port: 640
7 1.348156 192.168.25.21 ‐> 192.168.25.141 UDP Source port: 2049 Destination port: 640
8 1.518532 192.168.25.21 ‐> 192.168.25.33 UDP Source port: 2049 Destination port: 640
9 1.523073 192.168.25.21 ‐> 192.168.25.33 UDP Source port: 2049 Destination port: 640
10 1.524320 192.168.25.21 ‐> 192.168.25.141 UDP Source port: 2049 Destination port: 640
11 1.540995 192.168.25.21 ‐> 192.168.25.141 UDP Source port: 2049 Destination port: 640
12 1.554278 192.168.25.21 ‐> 192.168.25.33 UDP Source port: 2049 Destination port: 640
...
302 137.728365 192.168.25.31 ‐> 192.168.25.21 NFS V3 FSSTAT Call, FH:0x4f2885a4
303 137.728617 192.168.25.31 ‐> 192.168.25.21 NFS V3 FSSTAT Call, FH:0x9a53d568
304 137.729335 192.168.25.31 ‐> 192.168.25.21 SMB Trans2 Request, QUERY_FS_INFO, Query FS Size Info
305 137.768215 192.168.25.31 ‐> 192.168.25.21 TCP 10294 > netbios‐ssn [ACK] Seq=1192 Ack=1260 Win=14480 Len=0 TSV=202118 TSER=2655943
...
CLI Reference
7 - 45
Chapter 7
File Management
Figure 7.9 Sample Output: show capture ... summary
bstnA# show capture nasTraffic.cap summary
================================================================================
UDP Conversations
Filter:<No Filter>
| <‐ | | ‐> | | Total |
| Frames Bytes | | Frames Bytes | | Frames Bytes |
192.168.25.21:2049 <‐> 192.168.25.33:640 0 0 894 183604 894 183604
192.168.25.21:2049 <‐> 192.168.25.141:640 0 0 21 3978 21 3978
================================================================================
================================================================================
TCP Conversations
Filter:<No Filter>
| <‐ | | ‐> | | Total |
| Frames Bytes | | Frames Bytes | | Frames Bytes |
192.168.25.141:15231 <‐> 192.168.25.21:445 15 10227 0 0 15 10227
192.168.25.148:51031 <‐> 192.168.25.21:445 8 1113 0 0 8 1113
192.168.25.21:2049 <‐> 192.168.25.141:641 0 0 1 226 1 226
192.168.25.141:15226 <‐> 192.168.25.21:445 1 118 0 0 1 118
192.168.25.21:2049 <‐> 192.168.25.141:653 0 0 1 86 1 86
192.168.25.21:2049 <‐> 192.168.25.141:654 0 0 1 86 1 86
192.168.25.21:2049 <‐> 192.168.25.141:652 0 0 1 226 1 226
================================================================================
===================================================================
NFS Version 2 RTT Statistics:
Filter:
Procedure Calls Min RTT Max RTT Avg RTT
NULL 0 0.00000 0.00000 0.00000
GETATTR 0 0.00000 0.00000 0.00000
SETATTR 0 0.00000 0.00000 0.00000
ROOT 0 0.00000 0.00000 0.00000
LOOKUP 0 0.00000 0.00000 0.00000
READLINK 0 0.00000 0.00000 0.00000
READ 0 0.00000 0.00000 0.00000
WRITECACHE 0 0.00000 0.00000 0.00000
WRITE 0 0.00000 0.00000 0.00000
CREATE 0 0.00000 0.00000 0.00000
REMOVE 0 0.00000 0.00000 0.00000
RENAME 0 0.00000 0.00000 0.00000
LINK 0 0.00000 0.00000 0.00000
SYMLINK 0 0.00000 0.00000 0.00000
MKDIR 0 0.00000 0.00000 0.00000
RMDIR 0 0.00000 0.00000 0.00000
READDIR 0 0.00000 0.00000 0.00000
STATFS 0 0.00000 0.00000 0.00000
===================================================================
===================================================================
NFS Version 3 RTT Statistics:
Filter:
Procedure Calls Min RTT Max RTT Avg RTT
NULL 0 0.00000 0.00000 0.00000
GETATTR 0 0.00000 0.00000 0.00000
SETATTR 0 0.00000 0.00000 0.00000
LOOKUP 0 0.00000 0.00000 0.00000
ACCESS 0 0.00000 0.00000 0.00000
READLINK 0 0.00000 0.00000 0.00000
READ 0 0.00000 0.00000 0.00000
WRITE 0 0.00000 0.00000 0.00000
CREATE 0 0.00000 0.00000 0.00000
MKDIR 0 0.00000 0.00000 0.00000
7 - 46
show capture
SYMLINK 0 0.00000 0.00000 0.00000
MKNOD 0 0.00000 0.00000 0.00000
REMOVE 0 0.00000 0.00000 0.00000
RMDIR 0 0.00000 0.00000 0.00000
RENAME 0 0.00000 0.00000 0.00000
LINK 0 0.00000 0.00000 0.00000
READDIR 0 0.00000 0.00000 0.00000
READDIRPLUS 0 0.00000 0.00000 0.00000
FSSTAT 0 0.00000 0.00000 0.00000
FSINFO 0 0.00000 0.00000 0.00000
PATHCONF 0 0.00000 0.00000 0.00000
COMMIT 0 0.00000 0.00000 0.00000
===================================================================
===================================================================
SMB RTT Statistics:
Filter:
Commands Calls Min RTT Max RTT Avg RTT
Transaction2 Commands Calls Min RTT Max RTT Avg RTT
NT Transaction Commands Calls Min RTT Max RTT Avg RTT
===================================================================
CLI Reference
7 - 47
Chapter 7
File Management
show configs
Purpose
Mode
Security Role(s)
Syntax
Use this command to display the configs directory, which contains the switch’s
configuration files. You can also use this command to read one file from the directory.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show configs [file‐name]
file-name (optional, 1-1024 characters) is the name of the file to display. If you omit
this, the CLI shows a list of the directory’s files.
Guidelines
Use the show directories command to show the contents of all directories on the
ARX. To maintain this directory, use the copy, move, grep, and delete commands.
The following files commonly appear in the configs directory:
7 - 48
•
acopia.keystore is the SSH key for HTTPS connections to the GUI. This is the
GUI’s “security certificate” that is discussed in a pop-up when you first connect to
the GUI. This file is in binary format, so you cannot read it. If you delete this file
and restart the GUI (using gui restart), the ARX generates a new, self-signed,
security certificate.
•
omDbVersion.info contains the last understood database version. During a
software upgrade, the ARX uses this file to determine if it requires a change in the
database schema.
•
boot-config contains the configuration parameters for setting up the
administrative account created in the initial-boot script. This is a text file that can
be run as a CLI script. The ARX runs this after it boots if (and only if) the
startup-config is missing.
•
startup-config is binary file with all configuration parameters on the ARX. The
ARX uses this after it boots to recreate its entire configuration. It ignores the
boot-config file if this file is present. You cannot view this file directly, though
you can use copy startup-config, copy running-config, or copy global-config
to copy the startup-config (or its components, the running-config and
global-config) to a CLI script.
show configs
Sample
bstnA# show configs
configs
wwmed.keystore 06/16 10:33 1.3 kB
active.license 06/29 01:08 9.3 kB
arx.dossier 04/11 22:54 3.0 kB
arx.regkey 06/29 01:08 34 B
boot‐config 06/29 01:15 1.5 kB
eeprom.dat 06/29 00:17 119 B
fbstat.out 06/29 02:05 41 kB
nlmd_ports.conf 06/29 00:19 52 B
NSM_WR.cfg 06/23 13:53 10 kB
oem‐menu‐log.txt 06/29 00:13 3.1 kB
omDbVersion.info 06/29 00:16 281 B
post_login.conf 06/29 01:14 40 B
startup‐config 06/29 02:05 7.5 MB
Related Commands
CLI Reference
copy ftp
copy scp
copy tftp
copy smtp
copy {nfs|cifs}
copy ron
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories
7 - 49
Chapter 7
File Management
show cores
Purpose
Mode
A core file contains system-memory dumps from a software failure; this information is
very useful in diagnosing software problems. All core files reside in the cores
directory. Use the show cores command to display this directory or information from
a core file.
(any)
Security Role(s)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
Syntax
show cores
show cores file‐name { backtrace | syslog | list | message | cmdinfo}
file-name (optional, 1-1024 characters) is the name of the core file to view.
backtrace | syslog | list | message | cmdinfo is a required choice.
backtrace displays information from the current program stack. See Figure 7.10
on page 7-51 for a sample backtrace.
syslog displays contextual lines from the syslog file (many lines before and 20
lines after the core-dump event).
list shows what types of information/files you can extract from the core file. You
can use one of these items with show cores file-name list-item syntax,
described below.
message displays the syslog-file message that announced the core dump. Use the
time stamp in this message to focus on the time of the software failure.
cmdinfo displays the CLI output for the specified file/argument.
Guidelines
Samples
Use the copy command to copy the file off to an FTP server, an SCP host, a TFTP
server, an E-mail recipient, or a namespace. The move command can send the file to
one of those destinations and delete the original. Use move (with a local destination)
to rename it, or delete to remove it.
stoweA# show cores
cores
core‐0001.dmp 06/29 03:50 332 kB
core‐0002.dmp 06/29 03:51 335 kB
shows two core-dump files.
bstnA> show cores core‐0012.dmp backtrace
shows the backtrace in another core-dump file. See Figure 7.10.
7 - 50
show cores
Related Commands
copy ftp
copy scp
copy tftp
copy smtp
copy {nfs|cifs}
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories
Figure 7.10 Sample Output: show cores ... backtrace
bstnA> show cores core‐0012.dmp backtrace
Using host libthread_db library “/lib/libthread_db.so.1”.
Core was generated by `'.
Program terminated with signal 6, Aborted.
Reading symbols from /acopia/lib/libunicode.so...done.
Loaded symbols for /acopia/lib/libunicode.so
Reading symbols from /usr/lib/i686/libcrypto.so.0.9.6...done.
Loaded symbols for /usr/lib/i686/libcrypto.so.0.9.6
Reading symbols from /acopia/lib/libncftp.so...done.
Loaded symbols for /acopia/lib/libncftp.so
...
Reading symbols from /acopia/lib/msg/msgScm_cli_1.msg_so...done.
Loaded symbols for /acopia/lib/msg/msgScm_cli_1.msg_so
#0 0x40cd3781 in kill () from /lib/libc.so.6
(gdb) #0 0x40cd3781 in kill () from /lib/libc.so.6
#1 0x40221e5e in pthread_kill () from /lib/libpthread.so.0
#2 0x40222339 in raise () from /lib/libpthread.so.0
#3 0x40cd4be1 in abort () from /lib/libc.so.6
#4 0x082d839f in msgAccess::validateId (id=256) at msgAccess.cc:107
#5 0x082d85b3 in msgAccess::getClass (id=256) at msgAccess.cc:194
#6 0x083ab0cb in Status::raiseErrorWork (this=0x91ad8fc, helper=@0x91ca9b0,
id=256, argList=0xbffff4ec) at Status.cc:93
#7 0x083a7211 in Operation::raiseErrorArgsExitWork (this=0x91ad8f8,
errCode=256) at Operation.cc:474
#8 0x085b2a07 in CopyFile::respond (this=0x91ad8f8, helper=@0x91ca9b0)
at CopyFile.pub_op_cc:185
#9 0x083a878c in Operation::respond (this=0x91ad8f8) at Operation.cc:753
#10 0x083a66a3 in Operation::executePhases (this=0x91ad8f8) at Operation.cc:289
#11 0x083a6e30 in Operation::execute (this=0x91ad8f8) at Operation.cc:342
#12 0x08074f15 in CliOpIf::run (this=0xbffff848) at CliOpIf.cc:241
#13 0x080c0203 in cliPrivexecPlainCopy9 (dataPtr=0x9168700, args=0x90a5680,
variableName=0x0, outputStr=0x90a56d6 “”, userCookie=0x90a5ee4)
at acopiaobj/as1_SCM_dev/cliGlue.cc:9669
#14 0x0808bf7a in RcParseLine (theConnectionPtr=0x9168880) at RcParse.c:601
#15 0x080905ec in RcFiniteStateMachine (theConnectionPtr=0x9168880)
at RcCmdLin.c:677
#16 0x0808eadd in HandleConnectionTask (theConnectionPtr=0x9168880)
at AsMain.c:1730
#17 0x0808e977 in AllegroMainTask (theTaskDataPtr=0x9168700,
theHttpTasks=0xbffffb14, theTcpTasks=0xbffffb18) at AsMain.c:1337
#18 0x0808a8e1 in instantiate_task (scriptname=0x0) at RpTask.c:240
#19 0x0808a79f in main (argc=3, argv=<incomplete type>) at RpTask.c:150
CLI Reference
7 - 51
Chapter 7
File Management
show diag-info
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use this command to display the contents of the diag-info directory.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show diag‐info
If someone issues a collect command with a local file as the target, a large diagnostics
file is written to the diag-info directory. Use this command to prove that the file was
created. Use the copy command to copy the file off to an FTP server, an SCP host, a
TFTP server, an E-mail recipient, or a namespace. The move command can send the
file to one of those destinations and delete the original. Use move (with a local
destination) to rename it, or delete to remove it.
To conserve disk space, the system only stores one diag-info file at a time.
Sample
bstnA> show diag‐info
diag‐info
juser‐ns‐wwmed.tgz 06/29 08:17 6.3M
Related Commands
7 - 52
collect
copy ftp
copy scp
copy tftp
copy smtp
copy {nfs|cifs}
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories show directories
show directories
Purpose
Mode
Security Role(s)
Syntax
The ARX contains directories on its hard disks where you can store release files,
configuration scripts, and other switch-maintenance files. Use the show directories
command to display all directories or enter show directory-name to display the
contents for one directory only.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show directories
show {releases | license | logs | stats‐logs | cores | configs | reports | diag‐info | auto‐diagnostic | software | scripts }
directories shows all directories and their contents
releases | logs | ... | scripts focuses on one directory.
Guidelines
Samples
The show directories command displays the maintenance files on the ARX’s local
hard disks. To maintain these directories, use the copy, move, grep, and delete
commands.
bstnA> show directories
shows all directories and their contents. See the sample output in Figure 7.11,
below.
bstnA> show releases
shows the contents of the releases directory.
Related Commands
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
copy smtp
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
grep
Figure 7.11 Sample Output: show directories
bstnA# show directories
releases
test1.rel 06/24 10:23 1.0 GB V6.01.000.14033
R A test2.rel 06/29 00:18 1.0 GB V6.01.000.14032
B test3.rel 06/28 21:06 1.0 GB V6.01.000.14036
CLI Reference
7 - 53
Chapter 7
File Management
configs
wwmed.keystore 06/16 10:33 1.3 kB
active.license 06/29 01:08 9.3 kB
arx.dossier 04/11 22:54 3.0 kB
arx.regkey 06/29 01:08 34 B
boot‐config 06/29 01:15 1.5 kB
boot‐config.err 05/25 15:49 1.3 kB
debug.dossier 06/29 01:08 1.7 kB
eeprom.dat 06/29 00:17 119 B
fbstat.out 06/29 02:05 41 kB
nlmd_ports.conf 06/29 00:19 52 B
NSM_WR.cfg 06/23 13:53 10 kB
oem‐menu‐log.txt 06/29 00:13 3.1 kB
omDbVersion.info 06/29 00:16 281 B
post_login.conf 06/29 01:14 40 B
startup‐config 06/29 02:05 7.5 MB
scripts
analyze‐failover 06/20 20:00 95 B
change‐mfg‐date.scr 06/20 20:00 631 B
check‐global.scr 06/20 20:00 1.9 kB
check‐hw.scr 06/20 20:00 1.8 kB
check‐run.scr 06/20 20:00 3.0 kB
clean_reports 06/20 20:00 1.3 kB
cli_script_testdir.scr 11/16/2010 0 B
cli_script.scr 11/16/2010 0 B
global 06/29 02:05 24 kB
import_rate 06/20 20:00 16 kB
jiltdump 06/20 20:00 2.1 kB
logging.scr 07/10/2010 218 B
monitor 06/20 20:00 1.3 kB
nslookup 06/20 20:00 773 B
power 06/20 20:00 1.6 kB
run_cfg.scr 07/08/2010 10 kB
running 06/29 02:05 12 kB
schemadump.sql 06/08 14:34 696 B
share_status 06/20 20:00 4.1 kB
show 06/20 20:00 660 B
show_chassis.scr 05/18 10:37 70 B
start_conf 06/29 02:05 36 kB
test‐global‐config_orig.scr 06/15 17:27 24 kB
test‐global‐config.scr 06/15 17:38 24 kB
test‐running‐config_orig.scr 06/15 17:27 10 kB
test‐running‐config.scr 06/15 17:38 10 kB
traceroute 06/20 20:00 922 B
ttcp 06/20 20:00 2.1 kB
unh 06/20 20:00 7.1 kB
logs
error.log 06/29 02:03 185 kB
fastpath 06/29 01:55 33 kB
ha‐reboot‐history.log 06/29 00:13 322 B
syslog 06/29 02:05 5.2 MB
traplog 06/29 02:04 594 kB
cores
reports
Codes: AbCh=Access‐based Enum Changes,
Act=DR activate configuration CLI output,
AdUp=Active Directory Forest Update, ArC=Show Archive Contents,
At=Command Scheduler, CLI=CLI Log, Diag=Collect Diag‐Info,
7 - 54
show directories
Dstg=Destage, ExMp=Export Mapping, FDR=File and Directory Tracking,
Fs=Fileset, Imp=Import, Inc=Inconsistencies, iPl=Inline Place Rule,
Load=DR load configuration CLI output, MdO=Metadata Only,
MdU=Metadata Upgrade, Mem=Metalog Usage Statistics,
Mem=Memory Usage Statistics, MgMd=Migrate Metadata, NIS=NIS Update,
Plc=Place Rule, Proc=Processor Usage Statistics,
PrSu=Promote Subshares, Rbld=Rebuild, RDbg=Rule Debug,
Repl=DR Replicate configuration, Rm=Remove, RmNs=Remove Namespace,
RmSh=Remove Share, RsD=Restore Data, RsSu=Remove Storage Subshares,
RSSySu=Replica Snapshot Sync Subshares, SCp=Shadow Copy,
Snapshot=Snapshot, SuCa=Subshare cache contents., Sum=Summary,
SuNS=Subshare Sync New Storage, SuSv=Subshare Sync from Service,
SuVo=Subshare Sync from Volume, SymL=Symlinks, Sync=Sync Files/Dirs,
VPH=Virtual Path History
active‐directory‐MEDARCH.ORG.rpt 06/29 01:14 13 kB AdUp DONE: 18 in 00:00:00
active‐directory‐wells.me.org.rpt 06/29 01:15 3.4 kB AdUp DONE: 0 in 00:00:00
active‐directory‐vt.com.rpt 06/29 01:14 6.6 kB AdUp DONE: 9 in 00:00:01
adminSessions_201106290129.rpt 06/29 01:29 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201106290134.rpt 06/29 01:34 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201106290139.rpt 06/29 01:39 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201106290144.rpt 06/29 01:44 1.3 kB At DONE: 10 in 00:00:00
...
syncSshrVolToService_20110629012633.rpt 06/29 01:26 2.4 kB SuVo DONE: 9 in 00:00:00
syncSshrVolToService_20110629012636.rpt 06/29 01:26 2.3 kB SuVo DONE: 9 in 00:00:00
wwmed_bills2.rpt 06/29 02:02 1.8 kB Inc DONE: 4432 in 00:00:03
wwmed_meta.rpt 06/29 02:02 722 kB MdO DONE: 4432 in 00:00:01
capture
cifsVol.cap 06/29 01:55 220 kB
clientCap.cap 06/29 01:45 15 MB
fsrvr.cap 06/29 02:05 52 kB
nasTraffic.cap 06/29 01:55 212 kB
ntaps_00001_20110629060427.cap 06/29 02:04 24 B
proxyTraffic_01620_20110629055529.cap 06/29 01:55 150 kB
proxyTraffic_01621_20110629055531.cap 06/29 01:55 94 kB
diag‐info
auto‐diag
software
A‐VE_install.pdf 06/20 23:31 2.2 MB
A‐VE_quickstart.pdf 06/20 23:31 94 kB
A1500_install.pdf 06/20 23:31 2.1 MB
A1500_quickstart.pdf 06/20 23:31 491 kB
A1k_install.pdf 06/20 23:31 1.3 MB
A1k_quickstart.pdf 06/20 23:31 190 kB
A2500_install.pdf 06/20 23:31 2.0 MB
A2500_quickstart.pdf 06/20 23:30 301 kB
A2k_install.pdf 06/20 23:31 7.8 MB
A2k_quickstart.pdf 06/20 23:31 684 kB
A4k_install.pdf 06/20 23:30 17 MB
A4k_quickstart.pdf 06/20 23:31 1.0 MB
A5c_install.pdf 06/20 23:31 2.3 MB
A5c_quickstart.pdf 06/20 23:30 133 kB
A6k_install.pdf 06/20 23:31 2.6 MB
A6k_quickstart.pdf 06/20 23:31 808 kB
HD_FRU.pdf 06/20 23:31 931 kB
HW_Reference.pdf 06/20 23:31 6.1 MB
Mibs.tgz 06/21 00:26 168 kB
PwrSupply_FRU.pdf 06/20 23:30 953 kB
CLI Reference
7 - 55
Chapter 7
File Management
acopiasmi.my 06/20 20:22 219 kB
bridge.my 02/25/2003 45 kB
cliMaintenance.pdf 06/20 23:31 3.8 MB
cliNetwork.pdf 06/20 23:31 3.2 MB
cliReference.pdf 06/20 23:31 13 MB
cliStorage.pdf 06/20 23:31 5.7 MB
compatibilityMatrix.pdf 06/20 23:31 206 kB
dot3ad.my 02/25/2003 39 kB
entity.my 06/28/2004 51 kB
etherlike.my 10/12/2004 87 kB
glossary.pdf 06/20 23:31 914 kB
ifmib.my 10/12/2004 70 kB
ifType.my 10/07/2004 4.4 kB
logCatalog.pdf 06/20 23:31 2.9 MB
masterIndex.pdf 06/20 23:30 2.5 MB
mib‐2.my 10/07/2004 100 kB
openview.trapd.conf 06/20 20:00 218 kB
pbridge.my 02/25/2003 31 kB
SecureAgent.pdf 06/20 23:31 1.2 MB
SlideRail_FRU.pdf 06/20 23:31 1.2 MB
releaseNotes.html 06/20 23:31 295 kB
rfc2668.my 10/12/2004 101 kB
rmon.my 02/25/2003 147 kB
sitePlanning.pdf 06/20 23:31 2.0 MB
snap‐recon.pl 06/20 20:00 18 kB
snmpReference.pdf 06/20 23:30 1.2 MB
snmpv2‐mib.my 10/07/2004 36 kB
snmpv2‐smi.my 10/07/2004 1.7 kB
stamp‐mibs‐tgz 06/21 00:26 0 B
vlan.my 02/25/2003 69 kB
stats‐logs
cifs‐service_20110629_041950.raw.stats.csv 06/29 01:28 2.9 kB
cifs‐service‐auth_20110629_041950.raw.stats.csv 06/29 01:28 1.5 kB
cifs‐share_20110629_041950.raw.stats.csv 06/29 01:28 14 kB
cifs‐work‐queue_20110629_041950.raw.stats.csv 06/29 01:28 4.0 kB
domain‐controller_20110629_041950.raw.stats.csv 06/29 01:28 13 kB
metadata_20110629_041950.raw.stats.csv 06/29 01:28 791 B
metalog_20110629_041950.raw.stats.csv 06/29 01:28 683 B
migration_20110629_041950.raw.stats.csv 06/29 01:28 585 B
nfs‐service_20110629_041950.raw.stats.csv 06/29 01:28 1.4 kB
nfs‐share_20110629_041950.raw.stats.csv 06/29 01:28 8.1 kB
nfs‐share_20110629_060000.hourly.stats.csv 06/29 02:03 1.1 kB
7 - 56
show license
show license
Purpose
Mode
Security Role(s)
Syntax
Use this command to display the contents of the license directory and/or the contents
of a specified license file. A license file specifies the features and capacity that are
licensed for use on this ARX.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show license [file‐name]
file-name (optional, 1-1024 characters) is the name of the file to display. If you omit
this, the command displays the list of the directory’s files.
Guidelines
Issue the command to view the directory contents. Then issue the command with a file
name to view the contents of the given license file. The documentation for show
active-license describes the detailed output for a license file.
If the directory listing does not include an “active.license” file, no license is active for
the current ARX. You can use the license activate command to automatically
activate a license, but only if the ARX is connected to the Internet. For an ARX that is
off of the Internet, you can manually activate the license. Start with the license create
license-dossier command for manual activation.
Samples
stkbrgA# show license
shows all license files on the switch. For sample output, see Figure 7.12 on
page 7-58.
stkbrgA# show license active.license
shows the currently-active license file. For sample output, see Figure 7.13 on
page 7-58.
Related Commands
CLI Reference
show active-license
license activate
license create license-dossier
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
copy smtp
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories
7 - 57
Chapter 7
File Management
Figure 7.12 Sample Output: show license
stkbrgA# show license
license
active.license 06/29 01:08 9.3 kB
Figure 7.13 Sample Output: show license active.license
stkbrgA# show license active.license
License Information in active.license file.
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Auth Vers: 5b
Usage: F5 Internal Product Development
Registration Key: CRJGV‐QPDYW‐SATNK‐RGBYY‐DMTMOBL
Licensed version: 6.0.0
License Date: 12/21/2010
License Start: 12/20/2010
License End: 07/29/2011
Service Check Date: 06/29/2011
Platform ID: Z100
Service Status: As of 2011‐06‐29 there is no active service contract.
: This may inhibit your ability to upgrade your software.
Module List
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
ARX VE:
Reg Key: Y837955‐1236781
Feature List
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
cifs_services_per_system: 8
cpu_cores: 2
direct_attach_points_per_system: 16384
direct_shares_per_system: 2048
direct_shares_per_volume: 127
direct_shares_per_volume_group: 2048
disk_space_gb: 40
files_per_system_4k: 46875
files_per_volume_4k: 15625
files_per_volume_group_4k: 46875
global_servers_per_system: 8
memory: 4096
namespaces_per_system: 2
nfs_services_per_system: 8
nic_interface_count: 1
protocol_qty_allowed: 2
shares_per_system: 64
shares_per_volume: 16
shares_per_volume_group: 32
virtual_services_per_system: 8
volume_groups_per_system: 2
volumes_per_system: 32
volumes_per_volume_group: 16
7 - 58
show logs
show logs
Purpose
Mode
Security Role(s)
Syntax
Use this command to display the contents of the logs directory and/or the contents of a
specified log file.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show logs [file‐name]
file-name (optional, 1-1024 characters) is the name of the file to display. If you omit
this, the command displays the list of the directory’s files.
Guidelines
Issue the command to view the directory contents. Then issue the command with a file
name to view the file contents.
The syslog file is arguably the most-important file in the logs directory. It shows
detailed logs from most of the switch software. You can use the logging level
command to change the volume of messages from each software subsystem.
Namespaces, volumes, and shares are denoted in the syslog by their internal, numeric
IDs: use the show id-mappings command to translate these IDs into names used in
the CLI.
Sample
bstnA# show logs
logs
error.log 06/29 02:03 185 kB
fastpath 06/29 01:55 33 kB
ha‐reboot‐history.log 06/29 00:13 322 B
syslog 06/29 02:05 5.2 MB
traplog 06/29 02:04 594 kB
Related Commands
CLI Reference
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
copy smtp
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories
7 - 59
Chapter 7
File Management
show releases
Purpose
Mode
Security Role(s)
Syntax
A software release for the ARX is packaged in a release file. All release files are
stored in the “releases” directory. Use this command to display the contents of the
releases directory and/or the version of a specified release file.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show releases [file‐name] [verbose]
file-name (optional, 1-1024 characters) is the name of the file to display. If you omit
this, the command displays the list of the directory’s files.
verbose (optional) runs a checksum test on the integrity of the downloaded release
file.
Guidelines
Issue the command without any options for a list of release files on the ARX. Then
issue the command with a file name to view the specific release file.
The directory output shows one row for each release file. The table has five columns:
Flags appear in the first column to indicate how the release file is used:
–
B is a flag for the Backup release, if any. This is the software release that was
running prior to the current release. F5 personnel can roll the switch back to
this release if needed.
–
R is the flag for the currently-Running release.
–
A flags the Armed release. This is the software to be loaded on the next
reboot. Use boot system to arm the switch with a new release file. Use
reload to reboot and put the new release file into service.
The release-file name is in the next column.
The date and time, in the third column, is the time the file was copied to the
switch.
The size of the file is in the fourth column.
The next column, usually blank, says “incomplete” between the time that the file
is downloaded and the switch has performed an integrity check. The switch does
not use the release file until this check is complete. It should complete at the end
of the download, automatically; a poorly-timed switch reload may prevent the
check. In this case, replace the file.
The version of the release appears in the final column. The version appears in
Vrelease.build format, where build is a specific build in the given release. For
example, “V5.02.000.12574” would appear for build 12574 of release 5.02.000.
If you issue the command with a file name, the output shows the version number, the
date the release was built, and the username that ran the build. If you use the verbose
option, the results of a checksum test appear. If this shows that the checksum failed,
retry the copy of the release file.
7 - 60
show releases
Samples
provA# show releases
shows all releases on the switch. For sample output, see Figure 7.14, below.
provA# show releases test1.rel
Version 5.02.000.12568 (May 14 2010 20:19:21) [nbuilds]
shows one release file.
provA# show releases test1.rel verbose
Version 5.02.000.12568 (May 14 2010 20:19:21) [nbuilds]
Checksum: Passed
show that the release file’s checksum passed.
Related Commands
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
copy smtp
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories Figure 7.14 Sample Output: show releases
provA# show releases
releases
R A test1.rel 06/29 00:16 1.0 GB V6.01.000.14032
B test2.rel 06/07 09:04 1.0 GB V5.02.000.12577
test3.rel 06/27 03:05 1.0 GB V6.01.000.14030
CLI Reference
7 - 61
Chapter 7
File Management
show replicated-configs
Purpose
Use this command to display the replicated-configs directory, which contains
configuration files from a remote ARX. You can use these files to recreate the remote
configuration in case of a disaster at the remote site.
You can use this command to list all of the replicated-configuration files on the current
ARX, or to read one configuration file from the directory.
Mode
Security Role(s)
Syntax
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show replicated‐configs [file‐name]
file-name (optional, 1-1024 characters) is the name of the file to display. If you omit
this, the CLI shows a list of the directory’s files.
Guidelines
Use the show directories command to show the contents of all directories on the
ARX. To maintain this directory, use the copy, move, grep, and delete commands.
This holds global-configuration files from remote ARX clusters. You can create a
config-replication rule to regularly copy a global-config file from one cluster to
another. The file’s contents are an ordered list of CLI commands required to recreate
the remote cluster’s global configuration; they are the same as the output for show
global-config.
Samples
newptA# show replicated‐configs
configs‐replication
provSvcs.rcfg 04/02 03:08 12 kB
testrun2.rcfg 04/02 03:08 12 kB
lists all replicated-config files on the “newptA” chassis.
newptA# show replicated‐configs provSvcs.rcfg
shows the above file’s contents. For sample output, see Figure 7.15 on
page 7-63.
7 - 62
show replicated-configs
Related Commands
config-replication
show global-config
copy ftp
copy scp
copy tftp
copy smtp
copy {nfs|cifs}
copy ron
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories
Figure 7.15 Sample Output: show replicated-configs provSvcs.rcfg
newptA# show replicated‐configs provSvcs.rcfg
; ARX‐500
; Version 6.01.000.14032 (Jun 20 2011 20:10:38) [nbuilds]
; Database version: 601000.103
; Generated global‐config Wed Jun 29 03:26:19 2011
;
;================================ global =================================
global
cluster‐name providence member provA
cluster‐name newport member newptA
;================================= user ==================================
user adm1 encrypted‐password hsLHMTN845U7MbyBvNyrJ8b4FaQzZtZp4MmunTMa+U8=
exit
user adm12 encrypted‐password yfCVCDN845U7MbyBvNyrJ8b4FaQzZtZp0o1pIGWXwR/tMfOyEU1ALw==
exit
user admin encrypted‐password E3uUIzN845U7MbyBvNyrJ8b4FaQzZtZpFkltcs+pEc0=
exit
user newadmin encrypted‐password rzUtjzN845U7MbyBvNyrJ8b4FaQzZtZpA5GX80tLNo7ZpnkYzBhMOg==
exit
;================================= group =================================
group Administrators
role backup‐operator
role crypto‐officer
...
CLI Reference
7 - 63
Chapter 7
File Management
show reports
Purpose
Mode
Security Role(s)
Syntax
Use this command to display the contents of the reports directory and/or the contents
of a specified file in the directory.
(any)
operator or backup operator (any)
show reports
show reports report‐name
show reports type report‐type
show reports type report‐type report‐name
If you omit both options, the command displays the full list of the directory’s files.
report-name (optional, 1-1024 characters) is the name of the report to display.
report-type (optional, 1-12 characters) specifies the type of report to list. Enter show
reports type ? for a full list of report types.
Guidelines
Issue the command (perhaps with a type specification) to view the directory contents.
Then issue the command with a file name to view the file contents.
When you use the command to list reports, the output is a table with one line per
report. Each line shows a summary status for the job that generated the report. To see
the one-line status for a particular report, use show reports status.
Some reports run over a long period of time. To wait for a report to finish (perhaps in a
CLI script), you can use wait-for report.
Samples
bstnA# show reports
lists all reports. See Figure 7.16 on page 7-65 for sample output.
bstnA> show reports inconsistencies.12.rpt
shows one report. See Figure 7.17 on page 7-68.
bstnA> show reports type Imp
shows all import reports. See Figure 7.18 on page 7-69.
7 - 64
show reports
Related Commands
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
copy smtp
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories show reports status
wait-for report
Figure 7.16 Sample Output: show reports
bstnA# show reports
reports
Codes: AbCh=Access‐based Enum Changes,
Act=DR activate configuration CLI output,
AdUp=Active Directory Forest Update, ArC=Show Archive Contents,
At=Command Scheduler, CLI=CLI Log, Diag=Collect Diag‐Info,
DS=Directory Structure, Dstg=Destage, ExMp=Export Mapping,
FDR=File and Directory Tracking, Fs=Fileset, Imp=Import,
Inc=Inconsistencies, iPl=Inline Place Rule,
Load=DR load configuration CLI output, MdO=Metadata Only,
MdU=Metadata Upgrade, Mem=Metalog Usage Statistics,
Mem=Memory Usage Statistics, MgMd=Migrate Metadata,
MgVg=Migrate Volume Group, MM=Manual Migrate Rule, NIS=NIS Update,
Plc=Place Rule, Pmd=Policy Memory Debug,
Proc=Processor Usage Statistics, PrSu=Promote Subshares,
Rbld=Rebuild, RDbg=Rule Debug, Repl=DR Replicate configuration,
Rm=Remove, RmNs=Remove Namespace, RmSh=Remove Share,
RsD=Restore Data, RsSu=Remove Storage Subshares,
RSSySu=Replica Snapshot Sync Subshares, SCp=Shadow Copy,
Snapshot=Snapshot, SuCa=Subshare cache contents., Sum=Summary,
SuNS=Subshare Sync New Storage, SuSv=Subshare Sync from Service,
SuVo=Subshare Sync from Volume, SymL=Symlinks, Sync=Sync Files/Dirs,
VPH=Virtual Path History
aAdamsDatHist_ac1.MEDARCH.ORG_ARCHIVES_201201190637.rpt 01/19 01:37 4.0 kB FDR DONE: 4 in 00:00:00
active‐directory‐MEDARCH.ORG.rpt 01/19 00:33 13 kB AdUp DONE: 18 in 00:00:00
active‐directory‐wells.me.org.rpt 01/19 00:34 3.4 kB AdUp DONE: 0 in 00:00:05
active‐directory‐vt.com.rpt 01/19 00:33 6.6 kB AdUp DONE: 9 in 00:00:00
adminSessions_201201190048.rpt 01/19 00:48 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201201190053.rpt 01/19 00:53 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201201190058.rpt 01/19 00:58 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201201190103.rpt 01/19 01:03 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201201190108.rpt 01/19 01:08 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201201190113.rpt 01/19 01:13 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201201190118.rpt 01/19 01:18 1.3 kB At DONE: 10 in 00:00:01
adminSessions_201201190123.rpt 01/19 01:23 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201201190128.rpt 01/19 01:28 1.3 kB At DONE: 10 in 00:00:00
adminSessions_201201190133.rpt 01/19 01:33 1.3 kB At DONE: 10 in 00:00:00
CLI Reference
7 - 65
Chapter 7
File Management
adminSessions_201201190138.rpt 01/19 01:38 1.3 kB At DONE: 10 in 00:00:00
bePaths_all_201201190637.rpt 01/19 01:37 4.5 kB VPH DONE: 11 in 00:00:00
bePathsVerbose_all_201201190637.rpt 01/19 01:37 4.7 kB VPH DONE: 11 in 00:00:00
bePathsVerbose_fileRecordsMed_201201190637.rpt 01/19 01:37 4.8 kB VPH DONE: 11 in 00:00:00
FA_lab_0_create_20120119005203858.rpt 01/19 00:52 2.4 kB Snapshot DONE: 0 in 00:00:00
FA_rcrds_0_create_20120119005703542.rpt 01/19 00:57 2.4 kB Snapshot DONE: 0 in 00:00:00
bePaths_fileRecordsMed_201201190637.rpt 01/19 01:37 4.5 kB VPH DONE: 11 in 00:00:00
cifs_only.rpt 01/19 01:30 5.0 kB ExMp DONE: 10 in 00:00:00
cifsPromoteSubshares_201201190040.rpt 01/19 00:40 787 B PrSu DONE: 1 in 00:00:00
cifsUsers_201201190050.rpt 01/19 00:50 1.0 kB At DONE: 10 in 00:00:00
collect_diag_201201190536.rpt 01/19 00:36 1.5 kB Diag DONE: 0 in 00:00:13
daily_archive_201201190038.rpt 01/19 00:39 2.3 kB Plc DONE: 0 in 00:00:10
daily_archive_201201190136.rpt 01/19 01:36 2.3 kB Plc DONE: 0 in 00:00:11
daily_archive_201201190140.rpt 01/19 01:40 2.3 kB Plc DONE: 203 in 00:00:41
dir_structure.26.rpt 01/19 01:29 8.0 kB DS DONE: 223 in 00:00:00
dir_structure.27.rpt 01/19 01:29 2.8 kB DS DONE: 63 in 00:00:00
dir_structure.28.rpt 01/19 01:29 2.5 kB DS DONE: 3 in 00:00:00
dir_structure.29.rpt 01/19 01:29 1.8 kB DS DONE: 32 in 00:00:00
dir_structure.30.rpt 01/19 01:29 2.1 kB DS DONE: 20 in 00:00:00
dir_structure.31.rpt 01/19 01:29 2.0 kB DS DONE: 3 in 00:00:00
dir_structure.33.rpt 01/19 01:29 8.0 kB DS DONE: 223 in 00:00:00
dir_structure.34.rpt 01/19 01:29 1.7 kB DS DONE: 223 in 00:00:00
dir_structure.37.rpt 01/19 01:30 1.9 kB DS FAILED: 0 in 00:00:00
dir_structure.7.rpt 01/19 01:28 93 kB DS DONE: 4432 in 00:00:00
dir_structure.8.rpt 01/19 01:28 2.0 kB DS DONE: 109 in 00:00:00
dir_structure.9.rpt 01/19 01:28 2.0 kB DS DONE: 19 in 00:00:00
docsPlc_201201190037.rpt 01/19 00:37 1.4 kB iPl RUNNING: 0 in 01:04:26
docsPlc_20120119003752.rpt 01/19 00:37 2.1 kB Plc FAILED: 0 in 00:00:01
export‐mapping.rpt 01/19 01:38 6.1 kB ExMp DONE: 13 in 00:00:01
fe2beMap.rpt 01/19 01:38 6.1 kB ExMp DONE: 13 in 00:00:00
fiveDayFiles_fileRecordsMed_201201190637.rpt 01/19 01:37 1.2 kB ArC DONE: 2 in 00:00:00
flRcrdsSinceJan_fileRecordsMed_201201190637.rpt 01/19 01:37 1.2 kB ArC DONE: 2 in 00:00:00
fs2_sbshrs_201201190636.rpt 01/19 01:36 28 kB SuCa DONE: 79 in 00:00:00
ft‐config_201201190047.rpt 01/19 00:47 3.0 kB CLI DONE: 40 in 00:00:02
idxPaths_ac1.MEDARCH.ORG_labs_201201190637.rpt 01/19 01:37 3.1 kB FDR DONE: 3 in 00:00:00
idxPathsVerbose_ac1.MEDARCH.ORG_labs_201201190637.rpt 01/19 01:37 3.2 kB FDR DONE: 3 in 00:00:00
import.1.budget.5.rpt 01/19 00:37 2.0 kB Imp DONE: 713 in 00:00:10
import.10.backlots.17.rpt 01/19 00:38 2.3 kB Imp DONE: 1 in 00:00:04
import.11.scanners.18.rpt 01/19 00:38 2.4 kB Imp DONE: 5 in 00:00:03
import.2.bills.6.rpt 01/19 00:37 2.2 kB Imp DONE: 122 in 00:00:08
import.3.bills2.7.rpt 01/19 00:37 2.6 kB Imp DONE: 415 in 00:00:08
import.4.it5.8.rpt 01/19 00:37 2.1 kB Imp DONE: 131 in 00:00:08
import.5.rx.11.rpt 01/19 00:38 2.2 kB Imp DONE: 34 in 00:00:03
import.6.charts.12.rpt 01/19 00:38 2.5 kB Imp DONE: 165 in 00:00:04
import.7.bulk.13.rpt 01/19 00:38 2.2 kB Imp DONE: 5 in 00:00:04
import.8.equip.15.rpt 01/19 00:38 2.1 kB Imp DONE: 20 in 00:00:04
import.9.leased.16.rpt 01/19 00:38 2.1 kB Imp DONE: 43 in 00:00:03
inconsistencies.1.rpt 01/19 01:27 1.8 kB Inc DONE: 4432 in 00:00:04
inconsistencies.14.rpt 01/19 01:29 2.0 kB Inc DONE: 223 in 00:00:00
inconsistencies.15.rpt 01/19 01:29 2.1 kB Inc DONE: 63 in 00:00:00
inconsistencies.16.rpt 01/19 01:29 2.1 kB Inc DONE: 3 in 00:00:00
inconsistencies.17.rpt 01/19 01:29 1.9 kB Inc DONE: 32 in 00:00:00
inconsistencies.18.rpt 01/19 01:29 2.0 kB Inc DONE: 20 in 00:00:00
inconsistencies.19.rpt 01/19 01:29 2.1 kB Inc DONE: 3 in 00:00:00
inconsistencies.2.rpt 01/19 01:27 1.8 kB Inc DONE: 109 in 00:00:00
7 - 66
show reports
inconsistencies.3.rpt 01/19 01:27 1.8 kB Inc DONE: 19 in 00:00:00
indecesSinceNov_ac1.MEDARCH.ORG_labs_201201190637.rpt 01/19 01:37 3.2 kB FDR DONE: 3 in 00:00:00
indecesSinceNov_ac1.MEDARCH.ORG_labs_20120119063755.rpt 01/19 01:37 3.2 kB FDR DONE: 3 in 00:00:01
indexPaths_ac1.MEDARCH.ORG_labs_201201190637.rpt 01/19 01:37 3.1 kB FDR DONE: 3 in 00:00:00
indexPaths_ac1.MEDARCH.ORG_labs_20120119063748.rpt 01/19 01:37 3.2 kB FDR DONE: 3 in 00:00:00
labArchive_0_remove_20120119055205741.rpt 01/19 00:52 2.3 kB Snapshot DONE: 0 in 00:00:01
leTier1_201201190039.rpt 01/19 01:39 2.1 kB iPl DONE: 0 in 01:00:00
leTier1_201201190139.rpt 01/19 01:39 1.4 kB iPl RUNNING: 0 in 00:03:07
medarcv_meta.rpt 01/19 01:29 2.1 kB Inc DONE: 63 in 00:00:00
metadata_only.12.rpt 01/19 01:28 9.8 kB MdO DONE: 65 in 00:00:00
metadata_only.20.rpt 01/19 01:29 31 kB MdO DONE: 223 in 00:00:00
metadata_only.21.rpt 01/19 01:29 9.8 kB MdO DONE: 63 in 00:00:00
metadata_only.22.rpt 01/19 01:29 2.0 kB MdO DONE: 3 in 00:00:00
metadata_only.23.rpt 01/19 01:29 5.4 kB MdO DONE: 32 in 00:00:00
metadata_only.24.rpt 01/19 01:29 4.2 kB MdO DONE: 20 in 00:00:00
metadata_only.25.rpt 01/19 01:29 2.0 kB MdO DONE: 3 in 00:00:00
metadata_only.36.rpt 01/19 01:30 1.7 kB MdO FAILED: 0 in 00:00:00
metadata_only.4.rpt 01/19 01:28 722 kB MdO DONE: 4432 in 00:00:00
metadata_only.5.rpt 01/19 01:28 15 kB MdO DONE: 109 in 00:00:00
metadata_only.6.rpt 01/19 01:28 4.1 kB MdO DONE: 19 in 00:00:00
nfs_only.rpt 01/19 01:38 3.1 kB ExMp DONE: 3 in 00:00:01
nis‐update.wwmed.com.rpt 01/19 01:42 2.0 MB NIS RESOLVING: 19063 in 01:05:59
pathsSinceJan_all_201201190637.rpt 01/19 01:37 4.5 kB VPH DONE: 11 in 00:00:00
pathsSinceJan_all_20120119063733.rpt 01/19 01:37 4.7 kB VPH DONE: 11 in 00:00:00
pathsSinceJan_fileRecordsMed_201201190637.rpt 01/19 01:37 4.5 kB VPH DONE: 11 in 00:00:00
pathsSinceJan_fileRecordsMed_20120119063737.rpt 01/19 01:37 4.8 kB VPH DONE: 11 in 00:00:00
pathsTilJune_all_201201190637.rpt 01/19 01:37 589 B VPH DONE: 0 in 00:00:00
pathsTilJune_fileRecordsMed_201201190637.rpt 01/19 01:37 600 B VPH DONE: 0 in 00:00:00
processor_usage_201201190131.rpt 01/19 01:31 915 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.0.rpt 01/19 01:31 918 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.1.rpt 01/19 01:31 919 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.10.rpt 01/19 01:31 919 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.2.rpt 01/19 01:31 918 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.3.rpt 01/19 01:31 918 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.4.rpt 01/19 01:31 918 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.5.rpt 01/19 01:31 918 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.6.rpt 01/19 01:31 918 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.7.rpt 01/19 01:31 918 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.8.rpt 01/19 01:31 919 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.9.rpt 01/19 01:31 919 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013144.rpt 01/19 01:31 918 B Proc DONE: 1 in 00:00:00
processor_usage_20120119013145.rpt 01/19 01:31 6.2 kB Proc DONE: 13 in 00:00:00
rcrds‐dirs.rpt 01/19 01:30 8.0 kB DS DONE: 223 in 00:00:00
rcrdsArchive_0_remove_20120119055705306.rpt 01/19 00:57 2.3 kB Snapshot DONE: 0 in 00:00:00
rcrdsIssues.rpt 01/19 01:29 2.0 kB Inc DONE: 223 in 00:00:01
reagentListsSinceNov_ac1.MEDARCH.ORG_labs_201201190637.rpt 01/19 01:37 762 B FDR DONE: 0 in 00:00:00
reagentListsSinceNov_ac1.MEDARCH.ORG_labs_20120119063756.rpt 01/19 01:37 773 B FDR DONE: 0 in 00:00:00
sbshrs_201201190636.rpt 01/19 01:36 138 kB SuCa DONE: 397 in 00:00:00
sendback_201201190139.rpt 01/19 01:39 2.3 kB Plc DONE: 163 in 00:00:12
CLI Reference
7 - 67
Chapter 7
File Management
snap_daily_0_create_20120119004024903.rpt 01/19 00:40 3.1 kB Snapshot DONE: 0 in 00:00:00
snap_daily_0_create_20120119004100329.rpt 01/19 00:41 3.1 kB Snapshot DONE: 0 in 00:00:00
snap_daily_0_create_20120119004130708.rpt 01/19 00:41 3.1 kB Snapshot DONE: 0 in 00:00:01
snap_daily_2_remove_20120119004218241.rpt 01/19 00:42 3.1 kB Snapshot DONE: 0 in 00:00:01
snap_hourly_0_create_20120119004258666.rpt 01/19 00:43 3.1 kB Snapshot DONE: 0 in 00:00:00
snap_hourly_0_create_20120119004329008.rpt 01/19 00:43 3.1 kB Snapshot DONE: 0 in 00:00:01
snap_hourly_0_create_20120119013600892.rpt 01/19 01:36 3.4 kB Snapshot DONE: 0 in 00:00:00
snap_offsite_weekly_0_create_20120119004631404.rpt 01/19 00:46 3.3 kB Snapshot DONE: 0 in 00:00:01
snap_offsite_weekly_0_create_20120119004718925.rpt 01/19 00:47 3.3 kB Snapshot DONE: 0 in 00:00:00
sync.1._acct.rpt 01/19 01:28 1.4 kB Sync DONE: 32 in 00:00:01
sync.2._rcrds.rpt 01/19 01:30 1.8 kB Sync DONE: 11 in 00:00:00
sync.3._rcrds.rpt 01/19 01:30 2.0 kB Sync DONE: 293 in 00:00:00
sync.4._lab_equipment.rpt 01/19 01:30 1.5 kB Sync DONE: 0 in 00:00:00
sync.5._lab_equipment.rpt 01/19 01:30 2.2 kB Sync DONE: 0 in 00:00:00
syncSshrNewStorageReport_201201190538.rpt 01/19 00:38 3.1 kB SuNS DONE: 10 in 00:00:00
syncSshrVolToService_201201190040.rpt 01/19 00:40 1.4 kB SuVo DONE: 5 in 00:00:00
syncSshrVolToService_20120119004007.rpt 01/19 00:40 1.4 kB SuVo DONE: 5 in 00:00:00
syncSshrVolToService_20120119004010.rpt 01/19 00:40 1.4 kB SuVo DONE: 5 in 00:00:00
todayFiles_fileRecordsMed_201201190637.rpt 01/19 01:37 1.2 kB ArC DONE: 2 in 00:00:00
tools_dir._claims.rpt 01/19 01:30 1.9 kB DS FAILED: 0 in 00:00:00
wwmed_bills2.rpt 01/19 01:28 1.8 kB Inc DONE: 4432 in 00:00:04
wwmed_meta.rpt 01/19 01:28 722 kB MdO DONE: 4432 in 00:00:00
Figure 7.17 Sample Output: show reports inconsistencies.12.rpt
bstnA> show reports inconsistencies.14.rpt
**** Inconsistencies Report: Started at 01/19/2012 01:29:11 ‐0500 ****
**** Software Version: 6.02.000.14314 (Jan 16 2012 20:04:23) [nbuilds]
**** Hardware Platform: ARX‐4000
**** Report Destination:
**** Namespace: medarcv
**** Volume: /rcrds
**** Path: /rcrds
Share Physical Filer
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
[rx ] 192.168.25.29:prescriptions
[charts ] 192.168.25.20:histories
[bulk ] 192.168.25.27:bulkstorage
**** Legend:
**** LF = File exists in the metadata, but is missing from the physical filer.
**** LD = Directory exists in the metadata, but is missing from the physical filer.
**** FF = File exists on the physical filer, but is missing from the metadata.
**** FD = Directory exists on the physical filer, but is missing from the metadata.
**** LL = File is a symlink in the metadata, but is a regular file on the filer.
**** FL = File is a symlink on the filer, but is a regular file in the metadata.
**** IF = Filehandles in the metadata do not match the filehandles on the physical filer.
**** MF = The file is currently being migrated.
**** NL = Unable to lock parent directory during report.
**** FE = Error contacting filer during report.
7 - 68
show reports
**** FO = Filer Offline: The filer is offline or disabled.
**** F8 = A file name matches a CIFS alternate "8.3" name on another share.
**** D8 = A directory name matches a CIFS alternate "8.3" name; its contents will be skipped.
**** DC = A client has the file or directory open for delete‐on‐close, but the filer has already deleted it.
**** SD = Striped leaf directory found on filer, expected on other shares.
**** SL = File is a symlink.
**** UT = Name contains characters that are invalid UTF‐8; must solve issue directly on the filer
**** IS = Inconsistent attributes on one of this directory's stripes (discovered)
**** MI = Attributes are consistent, metadata marked as inconsistent
**** SI = Attributes are inconsistent, metadata not marked as inconsistent
Type Share Path
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
[LF ] [charts ] /copyRandomx.exe
[ F8 ] [charts ] /KMO_ME~1.DAT ‐> kmo_medical_record.dat
[ D8 ] [charts ] /RECORD~1/ ‐> records_predating_y2k
**** Total Found Items: 0
**** Total Lost Items: 1
**** Total Invalid Filehandles: 0
**** Total Migrating Files: 0
**** Total Deleted Before Close: 0
**** Total Locking Errors: 0
**** Total Filer Errors: 0
**** Total 8.3 Errors: 2
**** Total Found Stripes: 0
**** Total Inconsistent Attrs: 0
**** Total processed: 223
**** Elapsed time: 00:00:00
**** Inconsistencies Report: DONE at 01/19/2012 01:29:11 ‐0500 ****
Figure 7.18 Sample Output: show reports type Imp
bstnA> show reports type Imp
reports
Codes: Imp=Import
import.1.budget.5.rpt 06/17 00:47 2.8 kB Imp DONE: 928 in 00:00:03
import.10.backlots.17.rpt 06/17 00:48 2.0 kB Imp DONE: 1 in 00:00:03
import.11.scanners.18.rpt 06/17 00:48 2.2 kB Imp DONE: 5 in 00:00:04
import.12.shr1‐old.28.rpt 06/17 01:07 6.1 kB Imp DONE: 161 in 00:00:10
import.13.shr1‐next.29.rpt 06/17 01:07 2.4 kB Imp DONE: 14 in 00:00:04
import.2.bills.6.rpt 06/17 00:47 1.9 kB Imp DONE: 132 in 00:00:01
import.3.bills2.7.rpt 06/17 00:47 2.5 kB Imp DONE: 415 in 00:00:01
import.4.it5.8.rpt 06/17 00:47 1.9 kB Imp DONE: 131 in 00:00:01
import.5.rx.11.rpt 06/17 00:48 2.0 kB Imp DONE: 34 in 00:00:03
import.6.charts.12.rpt 06/17 00:48 2.3 kB Imp DONE: 165 in 00:00:04
import.7.bulk.13.rpt 06/17 00:48 1.9 kB Imp DONE: 5 in 00:00:05
import.8.equip.15.rpt 06/17 00:48 2.0 kB Imp DONE: 19 in 00:00:04
import.9.leased.16.rpt 06/17 00:48 1.9 kB Imp DONE: 42 in 00:00:03
CLI Reference
7 - 69
Chapter 7
File Management
show reports status
Purpose
Mode
Security Role(s)
Syntax
Use this command to show a one-line summary of a given report.
(any)
operator (any except backup operator)
show reports status report‐name
report-name (optional, 1-1024 characters) is the name of the report to summarize.
Guidelines
Use this command to get a one-line status for the job that created the report. The line is
the same as the one shown by show reports. The line shows a summary status for the
job that generated the report, with the following fields:
report‐name.rpt last‐mod‐time size type status
report-name identifies the report. For time-sensitive reports, this name contains a
date stamp for when the report was created, either manually or on a schedule. The
report is created when an administrator invokes a report-generating command or
when a rule’s schedule fires.
last-mod-time is the time of the report’s most-recent change.
size is the amount of internal-disk space that the report uses. You can use copy ftp
and similar commands to copy reports off the ARX, and delete reports
report-name to clear a report from the disk.
type indicates the process that created the report. This column uses the same
abbreviations used for the type report-type option, above.
status shows the current or final state of the operation (typically DONE or
FAILED) followed by a summary of the results. The summary shows a number of
objects processed (such as files and directories) and the elapsed time for the report
run. The elapsed time is the time since the report was created, which may be
longer than the actual time the process ran; view the report contents to find actual
processing times.
Sample
bstnA# show reports status status import.2.bills.6.rpt
shows the status for an import report. See Figure 7.19 for sample output.
Related Commands
show reports Figure 7.19 Sample Output: show reports status
bstnA# show reports status import.2.bills.6.rpt
reports
Codes: Imp=Import
import.2.bills.6.rpt 06/17 00:47 1.9 kB Imp DONE: 132 in 00:00:01
7 - 70
show scripts
show scripts
Purpose
Mode
Security Role(s)
Syntax
Use this command to display the contents of the scripts directory and/or the contents of
a specified script file.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show scripts [file‐name]
file-name (optional, 1-1024 characters) is the name of the file to display. If you omit
this, the command displays the list of the directory’s files.
Guidelines
Samples
Issue the show scripts command to view the directory contents. Then issue the
command with a file name to view the file contents.
bstnA# show scripts
scripts
analyze‐failover 06/20 20:00 95 B
change‐mfg‐date.scr 06/20 20:00 631 B
check‐global.scr 06/20 20:00 1.9 kB
check‐hw.scr 06/20 20:00 1.8 kB
check‐run.scr 06/20 20:00 3.0 kB
clean_reports 06/20 20:00 1.3 kB
cli_script_testdir.scr 11/16/2010 0 B
cli_script.scr 11/16/2010 0 B
global 06/29 02:05 24 kB
import_rate 06/20 20:00 16 kB
jiltdump 06/20 20:00 2.1 kB
logging.scr 07/10/2010 218 B
monitor 06/20 20:00 1.3 kB
nslookup 06/20 20:00 773 B
power 06/20 20:00 1.6 kB
run_cfg.scr 07/08/2010 10 kB
running 06/29 02:05 12 kB
schemadump.sql 06/08 14:34 696 B
share_status 06/20 20:00 4.1 kB
show 06/20 20:00 660 B
show_chassis.scr 05/18 10:37 70 B
start_conf 06/29 02:05 36 kB
test‐global‐config_orig.scr 06/15 17:27 24 kB
test‐global‐config.scr 06/15 17:38 24 kB
test‐running‐config_orig.scr 06/15 17:27 10 kB
test‐running‐config.scr 06/15 17:38 10 kB
traceroute 06/20 20:00 922 B
ttcp 06/20 20:00 2.1 kB
CLI Reference
7 - 71
Chapter 7
File Management
Related Commands
7 - 72
copy ftp
copy scp
copy tftp
copy smtp
copy {nfs|cifs}
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories show software
show software
Purpose
Mode
Security Role(s)
Syntax
Use this command to display the contents of the ARX software directory and/or the
contents of a specified MIB file in that directory.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show software [file‐name]
file-name (optional, 1-1024 characters) is the name of the file to display. If
you omit this, the command displays the list of the directory’s files.
Guidelines
The software directory contains MIBs, user documentation, and some useful scripts.
Issue the show software command to view the directory contents. Then issue the
command with a file name to view the file contents (this only works with the
text-based files, such as MIBs and scripts).
To view the documentation, use one of the copy commands (copy ftp, copy scp,
copy {nfs|cifs}, copy tftp, or copy smtp) to upload it to an external machine. Then
use a standard PDF reader or plugin. PDF readers are freely available on the Internet.
Sample
bstnA# show software
shows the full contents of the software directory. See Figure 7.20 for sample
output.
Related Commands
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
copy smtp
delete
rename
show directories Figure 7.20 Sample Output: show software
bstnA# show software
software
A‐VE_install.pdf 06/20 23:31 2.2 MB
A‐VE_quickstart.pdf 06/20 23:31 94 kB
A1500_install.pdf 06/20 23:31 2.1 MB
A1500_quickstart.pdf 06/20 23:31 491 kB
A1k_install.pdf 06/20 23:31 1.3 MB
A1k_quickstart.pdf 06/20 23:31 190 kB
A2500_install.pdf 06/20 23:31 2.0 MB
A2500_quickstart.pdf 06/20 23:30 301 kB
A2k_install.pdf 06/20 23:31 7.8 MB
A2k_quickstart.pdf 06/20 23:31 684 kB
A4k_install.pdf 06/20 23:30 17 MB
A4k_quickstart.pdf 06/20 23:31 1.0 MB
CLI Reference
7 - 73
Chapter 7
File Management
A5c_install.pdf 06/20 23:31 2.3 MB
A5c_quickstart.pdf 06/20 23:30 133 kB
A6k_install.pdf 06/20 23:31 2.6 MB
A6k_quickstart.pdf 06/20 23:31 808 kB
HD_FRU.pdf 06/20 23:31 931 kB
HW_Reference.pdf 06/20 23:31 6.1 MB
Mibs.tgz 06/21 00:26 168 kB
PwrSupply_FRU.pdf 06/20 23:30 953 kB
acopiasmi.my 06/20 20:22 219 kB
bridge.my 02/25/2003 45 kB
cliMaintenance.pdf 06/20 23:31 3.8 MB
cliNetwork.pdf 06/20 23:31 3.2 MB
cliReference.pdf 06/20 23:31 13 MB
cliStorage.pdf 06/20 23:31 5.7 MB
compatibilityMatrix.pdf 06/20 23:31 206 kB
dot3ad.my 02/25/2003 39 kB
entity.my 06/28/2004 51 kB
etherlike.my 10/12/2004 87 kB
glossary.pdf 06/20 23:31 914 kB
ifmib.my 10/12/2004 70 kB
ifType.my 10/07/2004 4.4 kB
logCatalog.pdf 06/20 23:31 2.9 MB
masterIndex.pdf 06/20 23:30 2.5 MB
mib‐2.my 10/07/2004 100 kB
openview.trapd.conf 06/20 20:00 218 kB
pbridge.my 02/25/2003 31 kB
SecureAgent.pdf 06/20 23:31 1.2 MB
SlideRail_FRU.pdf 06/20 23:31 1.2 MB
releaseNotes.html 06/20 23:31 295 kB
rfc2668.my 10/12/2004 101 kB
rmon.my 02/25/2003 147 kB
sitePlanning.pdf 06/20 23:31 2.0 MB
snap‐recon.pl 06/20 20:00 18 kB
snmpReference.pdf 06/20 23:30 1.2 MB
snmpv2‐mib.my 10/07/2004 36 kB
snmpv2‐smi.my 10/07/2004 1.7 kB
stamp‐mibs‐tgz 06/21 00:26 0 B
vlan.my 02/25/2003 69 kB
7 - 74
show stats-logs
show stats-logs
Purpose
Mode
Security Role(s)
Syntax
The ARX has an internal stats-monitor process that monitors communication with
external devices (such as filers and clients) and places statistical data about this
communication in the “stats-logs” directory. Use this command to display the contents
of the stats-logs directory or the contents of a specific stats-log file.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show stats‐logs [file‐name]
file-name (optional, 1-1024 characters) is the name of the file to display. If you omit
this, the command displays the list of the directory’s files.
Guidelines
Issue the command to view the directory contents. Then issue the command with a file
name to view the file contents.
The stats-logs are all in CSV format, so that you can copy them onto an external
device and use Microsoft Excel (or a similar spreadsheet application) to view them as
spreadsheets. You can use copy ftp, copy {nfs|cifs}, copy smtp, or similar copy
commands to copy these files off of the ARX.
If you select a stats-monitor sampling interval that is shorter than the default, the
stats-monitor process writes to these .csv files more frequently. These .csv files are
kept (together with all other log files) on a separate disk partition from configuration
files and other important data. Each hour, the stats-monitor creates an hourly file with
the first line of the new hour; this is a summary of the data in the raw file. The
stats-monitor files are not permitted to consume more than 80% of the log partition. If
the .csv files approach their size limit, the oldest raw-data files are removed and the
hourly-summary files remain.
Guidelines: File
Names
The stats-log files use the following naming convention:
source_YYYYMMDD_hhmmss.{raw|hourly}.stats.csv
where
•
CLI Reference
source is the source process or group of devices that generated the statistics.
These are
–
“cifs-service” (related to a cifs front-end service and its clients; these
statistics are similar to the CIFS output from show statistics namespace
... summary),
–
“cifs-service-auth” (CIFS-authentication statistics, also visible with show
statistics cifs authentication),
–
“nfs-service” (for an nfs service and its clients, similar to the NFS output
from show statistics namespace ... summary),
–
“cifs-share” or “nfs-share” (back-end shares behind an ARX volume,
viewable with show statistics namespace ... summary on an individual
share),
–
“metadata” (used to locate files behind a managed volume, and stored on an
external metadata share; you can also see these statistics with show
statistics metadata),
7 - 75
Chapter 7
File Management
Guidelines: File
Names (Cont.)
Guidelines: File
Format
–
“metalog” (volume-state information required for redundancy failovers;
these statistics are also viewable with show statistics metalog),
–
“cifs-work-queue” (internal data structures for managing CIFS tasks, also
viewable with show statistics cifs work-queues),
–
“domain-controller” (related to traffic between internal CIFS processes and
external DCs; these statistics are similar to the output from show statistics
domain-controller), and
–
“migration” (related to place-rules and other policies that migrate files
between back-end shares; these statistics are related to the output from show
statistics migration).
•
YYYYMMDD_hhmmss is the date and time the file was created.
•
raw|hourly differentiates between a file with raw data and an hourly file with
roll-up data. The stats-monitor process writes to each raw-data file as often as
dictated by the sampling interval setting. It creates an hourly file for each source
once per hour, with the first set of data for the next hour. If the sampling interval is
less than one hour, the hourly files act as summaries of the raw-data files: they
show the data samples at the beginning of the hour, but not the changes in those
values during the hour.
The top line of any stats-log file has the following format:
BEGIN source version=v timestamp=nnnnnnnnnn
where
•
source is the same as the source in the file name, defined above,
•
v is a version number for the stats-monitor, and
•
nnnnnnnnnn is the number of seconds since the first second of 1970, UTC.
The second line shows the data types of each field in the file’s rows. The possible data
types are
•
TIMESTAMP identifies a time as the number of seconds since epoch, as above.
•
KEY is a unique value that identifies the object being monitored (such as a
volume-group ID).
•
COUNTER is an integer to show a count.
•
INTERVAL and
•
TOTALTIME are time intervals, in microseconds (millionths of a second).
•
TEXT
The third row is the name of each field.
The remaining rows contain data, arranged in columns below the names in the above
row.
STATS_RESET marks when a reboot, a clear statistics cifs work-queues, or a
clear statistics filer occurred to clear some statistics. This has a “ts” (time-stamp)
field, followed by some KEY fields to identify the object statistics that were
cleared.
7 - 76
show stats-logs
Samples
bstnA# show stats‐logs
shows a list of all stats-log CSV files. See Figure 7.21 for sample output.
provA# show stats‐logs metadata_20110705_041347.raw.stats.csv
shows a particular stats-log CSV file. See Figure 7.22 on page 7-78 for sample
output.
Related Commands
stats-monitor ‐> sampling interval
copy ftp
copy scp
copy tftp
copy {nfs|cifs}
copy smtp
move
move ... ftp
move ... scp
move ... tftp
move ... {nfs|cifs}
delete
show directories
Figure 7.21 Sample Output: show stats-logs
bstnA# show stats‐logs
stats‐logs
cifs‐service_20110629_041950.raw.stats.csv 06/29 01:28 2.9 kB
cifs‐service‐auth_20110629_041950.raw.stats.csv 06/29 01:28 1.5 kB
cifs‐share_20110629_041950.raw.stats.csv 06/29 01:28 14 kB
cifs‐work‐queue_20110629_041950.raw.stats.csv 06/29 01:28 4.0 kB
domain‐controller_20110629_041950.raw.stats.csv 06/29 01:28 13 kB
metadata_20110629_041950.raw.stats.csv 06/29 01:28 791 B
metalog_20110629_041950.raw.stats.csv 06/29 01:28 683 B
migration_20110629_041950.raw.stats.csv 06/29 01:28 585 B
nfs‐service_20110629_041950.raw.stats.csv 06/29 01:28 1.4 kB
nfs‐share_20110629_041950.raw.stats.csv 06/29 01:28 8.1 kB
nfs‐share_20110629_060000.hourly.stats.csv 06/29 02:03 1.1 kB
CLI Reference
7 - 77
Chapter 7
File Management
Figure 7.22 Sample Output: show stats-logs metadata_...
provA# show stats‐logs metadata_20110705_041347.raw.stats.csv
BEGIN metadata version=1 timestamp=1309839227
TIMESTAMP,KEY,KEY,COUNTER,COUNTER,TOTALTIME,COUNTER,COUNTER,TIMESTAMP,COUNTER,COUNTER,TOTALTIME,CO
UNTER,COUNTER,TIMESTAMP,COUNTER,TOTALTIME,COUNTER,COUNTER,TIMESTAMP
Timestamp,namespace,volume,reads,read_bytes,read_time,read_errors,read_current,last_read,writes,wr
ite_bytes,write_time,write_errors,write_current,last_write,syncs,sync_time,sync_errors,sync_curren
t,last_sync
STATS_RESET ts=1309850178,provMed,/mds
1309850189,provMed,/mds,18,52224,48,0,0,0,24,76800,99,0,0,0,16,7315,0,0,0
STATS_RESET ts=1309850185,provMed,/rns
1309850189,provMed,/rns,18,52224,38,0,0,0,22,68608,73,0,0,0,12,5995,0,0,0
1309850490,provMed,/mds,29,61440,72,0,0,0,264,525824,722,0,0,0,83,35720,0,0,0
1309850490,provMed,/rns,18,52224,38,0,0,0,118,271872,463,0,0,0,71,115542,0,0,0
1309850788,provMed,/mds,29,61440,72,0,0,0,264,525824,722,0,0,0,83,35720,0,0,0
1309850788,provMed,/rns,18,52224,38,0,0,0,118,271872,463,0,0,0,71,115542,0,0,0
1309851088,provMed,/mds,29,61440,72,0,0,0,264,525824,722,0,0,0,83,35720,0,0,0
1309851088,provMed,/rns,18,52224,38,0,0,0,118,271872,463,0,0,0,71,115542,0,0,0
1309851388,provMed,/mds,29,61440,72,0,0,0,264,525824,722,0,0,0,83,35720,0,0,0
1309851388,provMed,/rns,18,52224,38,0,0,0,118,271872,463,0,0,0,71,115542,0,0,0
1309851690,provMed,/mds,39,66560,89,0,0,0,291,557568,807,0,0,0,118,50621,0,0,0
1309851690,provMed,/rns,18,52224,38,0,0,0,123,274432,475,0,0,0,98,116565,0,0,0
7 - 78
tail
tail
Purpose
Mode
Security Role(s)
Syntax
Use the tail command to display the end of a file selected from a specified directory.
(any)
network-technician
tail {releases | logs | stats‐logs | cores | configs |
replicated‐configs | reports | software | scripts | capture |
license}
file‐name [lines | follow]
tail capture file‐name [lines]
releases | ... | license identifies the directory. This is a required choice.
file-name (1-1024 characters) identifies the file to display.
This command shows the last 24 lines of the file. You can use the optional lines
argument or follow flag to change the number of lines:
lines (optional; 1-4096) is the number of lines at the end of the file to display.
follow (optional) makes the CLI follow the file as it grows.
Guidelines
Samples
Use show directories to view a list of all files in all directories. Use show
directory-name (for example, show logs or show capture) to list the files in one
directory.
bstnA# tail logs syslog follow
tails the syslog file as it grows. This displays all syslog messages in real time.
bstnA# tail logs syslog 100
displays the last 100 lines of the syslog file.
bstnA# tail scripts myscript.scr
displays the last 24 lines of the “myscript.scr” script file.
bstnA# tail capture cifsVol.cap follow
tails a packet-capture file, “cifsVol.cap,” as it grows. You can use the capture
session command to start capturing packets and sending them to a file.
Related Commands
CLI Reference
grep
pause
show directories
show releases, show logs, show stats-logs, show cores, show configs, show replicated-configs, show reports, show software, show scripts, show
capture, show license
7 - 79
Chapter 7
File Management
truncate-report
Purpose
Mode
Security Role(s)
Syntax
To stop a process from generating a report, use the truncate-report command. This
truncates the report without otherwise affecting the process.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
truncate‐report file‐name
file-name (1-255 characters) identifies the report file to truncate. This must be a file in
the “reports” directory; use show reports for a file listing.
Guidelines
This command prompts for confirmation before truncating the report; enter yes to
continue.
The nsck utility can generate several report types, one per nsck job. To stop the nsck
utility from writing to the report, use this command. The utility continues processing
after the report is truncated.
This command is used the same way for any report, from any process.
Samples
bstnA# truncate‐report last‐modified.22.rpt
Truncate report ''last‐modified.22.rpt''? [yes/no] yes
bstnA#
truncates a report.
Related Commands
7 - 80
show reports
wait-for report
wait-for report
Purpose
Mode
Security Role(s)
Syntax
Use the wait-for report command to wait until the ARX finishes writing a report.
(any)
network-technician, network-engineer, storage-engineer, or crypto-officer
wait‐for report report‐name [timeout timeout]
report-name (1-255 characters) identifies the report. You can use the show reports
command to list all of them.
timeout (optional, 1-2096) is a timeout value, in seconds. This sets a time limit; if the
report takes longer than this to complete, the wait-for operation quits.
Default(s)
Guidelines
timeout - 0 (zero, meaning that the wait-for command should wait indefinitely)
This command is useful in CLI scripts.
Many commands create reports to show their progress (such as nsck ... report
metadata-only), and some internal operations generate reports (such as the various
reports produced as a by-product of a share enable (gbl-ns-vol-shr)). You can use
this command to wait for any given process to finish writing a report.
If you set a timeout and it expires before the report is finished, the command exits with
a warning.
Sample
bstnA# wait‐for report remService_medco_201005260714.rpt
waits for the ARX to finish writing a remove-service report.
Related Commands
CLI Reference
show reports
7 - 81
Chapter 7
File Management
7 - 82
8
Master Key
The master key encrypts and decrypts all of the Critical-Security Parameters
(CSPs), such as passwords, on the ARX. You can use the master key in
conjunction with the show running-config and show global-config commands
to backup and restore the full switch configuration, including passwords.
show master-key
show master-key
Purpose
Mode
Security Role(s)
Syntax
Guidelines
The ARX supports a single master key that encrypts and decrypts all of its CSPs (such
as passwords). You generate the master key as part of the switch’s initial boot process;
use the show master-key command to get an encrypted copy of the master key.
(any)
crypto-officer
show master‐key
This command prompts you for two passwords:
•
System Password is a password entered at initial-boot time. It is 12-32
characters long. This validates that you have permission to access the master key.
•
Wrapping Password is set with this command. The security software uses this to
encrypt (and later decrypt) the master-key string.
Enter 12-32 characters. At least one character in this password must be a number
(0-9) or a symbol (!, @, #, $, and so on).
Save this password: you will need it to decrypt the master key later, on the
secondary switch.
This command outputs a base64-encoded string that is the encrypted master key. Save
this string and the wrapping password that you set in the command.
You can use these pieces of information to duplicate the master key later on a
redundant switch; both switches in a redundant pair must share the same master key. If
you set up two redundant pairs in a disaster-recovery configuration, where one pair is
an active cluster (see cluster-name) and the other is a backup cluster, all four
switches must share the same master key.
For maximum security, the encrypted master key and its wrapping password must be
saved separately.
CLI Reference
8-3
Chapter 8
Master Key
Guidelines: Resetting
the Master Key
There are occasions where you may need to reset your master key. For example, your
chassis may be designated for use in a backup cluster for a disaster-recovery setup, and
may need the same master key as the switches in the active cluster. If the master key
was not copied during installation, you must reset the switch to its factory defaults to
change it.
You must clear your entire configuration to reset your master key. You can restore the
running-config (network parameters), but the global-config (storage parameters)
should remain clear for a backup switch. Follow these steps to reset a switch back to
its factory defaults and reset its master key:
Sample
•
Use the copy running-config command to copy the entire running configuration
(network-level parameters, not storage parameters) into a file on the chassis.
•
The ARX should not be running any storage services if it is designated as a
backup; a backup is designed to take over services from the active switch or
cluster after a failover. Use the remove service command to clear each service
that is currently running, if any. This cleanly de-couples the ARX software from
all back-end filers.
•
Connect a serial cable to the Console port. Only the Console port is available after
you take the next step.
•
Use delete startup-config and delete configs boot-config to delete the entire
configuration, and then run the reload command. This resets the machine to its
factory defaults, disables all management-IP interfaces, and reruns the initial-boot
script at the Console port.
•
Use the initial-boot script to reset the master key. For detailed instructions on the
initial-boot process, refer to the hardware-installation guide for your chassis.
•
Invoke the run command on the running-config file that you saved onto the
chassis earlier. This re-establishes all of your network parameters.
bstnA(cfg)# show master‐key
System Password: Sup3r$ecretpw
Wrapping Password: An0ther$ecretpw
Validate Wrapping Password: An0ther$ecretpw
Encrypted master key:
2oftVCwAAAAgAAAApwazSRFd2ww/H1pi7R7JMDZ9SoIg4WGA/XsZP+HcXjsIAAAADDRbMC
xE/bc=
bstnA(cfg)# Related Commands
8-4
9
Layer 2
blocked-vlan (cfg-vlan)
blocked-vlan (cfg-vlan)
Purpose
Mode
Security Role(s)
Syntax
Use this command to block an interface (a VLAN member) or a range of interfaces
from receiving ingress traffic from the current VLAN. (Contrast this with no
members (cfg-vlan), which removes the interface from the VLAN altogether.)
cfg-vlan
network-engineer or crypto-officer
blocked‐vlan slot/port [to slot/port ]
no blocked‐vlan slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-4 or 2/1-2 on ARX-2500; 1/1-12 on ARX-2000;
1/1-8 on ARX-1500) is the first (or only) Ethernet port.
to slot/port (optional) is the last port in a range of ports.
Default(s)
Valid Platforms
Guidelines
None
ARX-2000 and ARX-4000
This blocks the interface from accepting incoming packets, but keeps using the
interface for outbound packets. This only applies to packets from the current VLAN.
Use the show interface summary command to locate all Ethernet ports on the
chassis.
Samples
bstnA(cfg‐vlan[1])# blocked‐vlan 2/5 to 2/6
blocks ports 2/5 - 2/6 from VLAN 1.
bstnA(cfg‐vlan[7])# no blocked‐vlan 2/3
removes port 2/3 from being blocked on VLAN 7.
Related Commands
CLI Reference
show interface
show vlan
9-3
Chapter 9
Layer 2
channel
Purpose
A channel is an aggregated group of Ethernet ports that function as one link, as
defined in IEEE 802.3ad. You can configure up to eight channels on the ARX. From
cfg mode, use the channel command to begin configuring a channel.
Use no channel to remove the channel number configuration and return all member
ports to their independent roles.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
channel number
no channel number
number (1-8) is an ID you choose for the channel. If the channel is already configured,
this command edits its configuration. The no form of the command removes the
channel configuration.
Default(s)
Valid Platforms
Guidelines
None
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
We recommend disconnecting the ARX from the peer station before configuring the
channel on either side. Once the channel is configured on both switches, connect the
cables between them.
This command puts you into cfg-channel mode, where you use members
(cfg-channel) to configure the channel’s member ports and no shutdown
(cfg-channel) to start traffic on the channel. For a channel that connects a redundant
pair, configure the channel’s member ports with redundancy protocol
(cfg-channel). You can optionally use the description (cfg-channel) command to set
an optional name for the channel. The vlan (cfg-channel) command assigns the
channel to a VLAN, untagged. The vlan-tag command assigns the channel to a VLAN
in tagged mode; you can assign the channel to multiple VLANs by invoking this
command once for each VLAN.
By default, outbound traffic is load-balanced by hashing both the source and
destination IP of an outbound packet. On some platforms you have the option to
change the IP addresses used in this hash with the load-balance command.
Use the show channel command to view the channel’s configuration.
All ports in a channel must be in the same VLAN(s). The station on the other side of
the channel must have the same member ports and VLANs as the ARX; traffic cannot
flow through the channel unless the channel configurations match. Additionally, the
ports cannot have an “auto” speed.
If spanning tree is running, the channel’s VLAN determines its spanning-tree
membership.
9-4
channel
Guidelines: Shutting
Down the
Redundant-Pair Link
If you use the no channel command on the channel that carries the redundant-pair
link (see redundancy protocol (cfg-channel)) while redundancy is enabled (enable
(cfg-redundancy)), the command causes the standby peer to reboot. The reboot does
not disrupt any storage services, but the ARX peers cannot function as a redundant
pair while the link is shut down. Additionally, a quorum-disk failure or disconnection
would cause the active peer to reboot, too. If you proceed with shutting down the link,
you should establish a new one as soon as possible: use the redundancy protocol or
redundancy protocol (cfg-channel) command on another port or channel to
establish a new redundant-pair link.
The CLI prompts for confirmation before removing the channel and shutting down the
redundant-pair link; enter yes to proceed with the channel removal and the reboot.
Sample
bstnA(cfg)# channel 1
bstnA(cfg‐channel[1])#
creates channel 1.
Related Commands
CLI Reference
members (cfg-channel)
redundancy protocol (cfg-channel)
description (cfg-channel)
vlan (cfg-channel)
vlan-tag
load-balance
shutdown (cfg-channel)
show channel
9-5
Chapter 9
Layer 2
clear counters channel
Purpose
Mode
Security Role(s)
Syntax
Use this command to clear the current Ethernet statistics for all channels or for a
specified channel. This command restarts the count for all channel statistics. It also
restarts statistics for every member port within the channel(s).
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clear counters channel [channel‐id]
channel-id (1-8) identifies a single channel to clear. If you omit this option, the
command clears the statistics for all channels. Use the show channel summary
command to enumerate all configured channels.
Default(s)
Valid Platforms
Guidelines
None
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
The CLI prompts for confirmation before it clears any counters; type yes to proceed
with the operation.
Use this command to clear and restart the statistics counter for troubleshooting and
monitoring channels. Use show channel ... stats to view these statistics. To view the
individual statistics for the channel’s member ports, which are also cleared with this
command, use show interface gigabit stats or show interface ten-gigabit stats.
Sample
bstnA# clear counters channel 2
Clear the counters for all of the interfaces associated with channel 2? [yes/no] yes
bstnA#
clears the current statistics count for channel 2.
Related Commands
9-6
show channel
show channel ... stats
show interface gigabit stats
show interface ten-gigabit stats
clear counters gigabit
clear counters gigabit
Purpose
Mode
Security Role(s)
Syntax
Use this command to clear the current Gigabit Ethernet statistics for all Gigabit ports
or for a specified slot/port and restart the count.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clear counters gigabit [slot/port]
slot/port (2/1-14 on ARX-4000; 1/1-4 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on
ARX-1500) is a Gigabit Ethernet port. Use the show interface summary command
to locate all Gigabit-Ethernet ports and their slot(s).
Default(s)
Valid Platforms
Guidelines
Sample
None
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
Use this command to clear and restart the statistics counter for troubleshooting and
monitoring Gigabit Ethernet ports. Use show interface gigabit stats to view the
interface’s traffic statistics.
bstnA# clear counters gigabit 2/7
bstnA#
clears the current statistics count at port 2/7.
Related Commands
CLI Reference
show interface gigabit stats
show interface summary
9-7
Chapter 9
Layer 2
clear counters lacp
Purpose
Link-Aggregation Control Protocol (LACP) is a control protocol for dynamically
managing the member ports in a channel. The peers on both ends of the channel use
LACP to exchange information about member ports; the peers can automatically
remove or replace member links if configuration changes disqualify/re-qualify them
for channel membership.
For LACP statistics, use the show channel ... lacp stats command (see the
documentation for show channel ... stats). Use this command to clear the current
LACP statistics for all channels (or for a specified channel) and restart the count.
Mode
Security Role(s)
Syntax
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clear counters lacp [channel id]
id (1-8) identifies a single channel to clear. If you omit this option, the command
clears the statistics for all channels. Use the show channel summary command to
enumerate all configured channels.
Default(s)
Valid Platforms
Guidelines
None
ARX-1500 and ARX-2500 only
The channel command creates a channel, and the lacp active or lacp passive
command enables LACP on the channel. Use this command to clear and restart the
statistics counters for LACP. Use show channel ... stats to view a channel’s
statistics (including LACP statistics).
The CLI prompts for confirmation before clearing the LACP counters; enter yes to
proceed.
Sample
stoweA# clear counters lacp channel 2
Clear the LACP counters for channel 2? [yes/no] yes
clears the current statistics count for channel 2.
Related Commands
9-8
show channel ... stats
lacp active
lacp passive
channel
clear counters ten-gigabit
clear counters ten-gigabit
Purpose
Mode
Security Role(s)
Syntax
Use this command to clear the current Ethernet statistics for all Ten-Gigabit ports or
for a specified slot/port and restart the count.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clear counters ten‐gigabit [slot/port]
slot/port (2/1-2) is a Gigabit Ethernet port. Use the show interface summary
command to locate all Gigabit-Ethernet ports and their slot(s).
Default(s)
Valid Platforms
Guidelines
Sample
None
ARX-2500 and ARX-4000 only
Use this command to clear and restart the statistics counter for troubleshooting and
monitoring Gigabit Ethernet ports. Use show interface ten-gigabit stats to view the
interface’s traffic statistics.
bstnA# clear counters ten‐gigabit 2/2
clears the current statistics count at port 2/2.
Related Commands
CLI Reference
show interface gigabit stats
show interface summary
9-9
Chapter 9
Layer 2
clear counters redundancy network
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
Sample
Use this command to clear the link-transition counters in the show redundancy
network output.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clear counters redundancy network
None
any except ARX-VE
The link-transition counter increments every time the link status changes for a
redundancy-protocol port (the link goes up or down). A redundancy-protocol port is
used as one end of a redundant-pair link. Use the show redundancy network
command to see the link-transition counter.
bstnA# clear counters redundancy network
bstnA#
clears the link-transition counters.
Related Commands
9 - 10
show redundancy network
clear counters redundancy
description (cfg-channel)
description (cfg-channel)
Purpose
A link-aggregation channel (IEEE 802.3ad) can optionally have a description to
display in its show commands. From cfg-channel mode, use the description command
to create a description for the current channel.
Use no description to remove the description.
Mode
Security Role(s)
Syntax
cfg-channel
network-engineer or crypto-officer
description description
no description
description (1-15 characters) is a text string description for the current channel. Insert
quotation marks around the description if it contains spaces.
Default(s)
Valid Platforms
Guidelines
Samples
None
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
The description appears in the output from the show channel command.
bstnA(cfg‐channel[1])# description “trunk 2”
sets a description for channel 1.
bstnA(cfg‐channel[6])# no description
erases the description for channel 6.
Related Commands
CLI Reference
show channel
9 - 11
Chapter 9
Layer 2
description (cfg-if-gig)
Purpose
A port can optionally have a description for its show commands. Use the description
command to create a description for the current port.
Use no description to remove the description.
Mode
Security Role(s)
Syntax
cfg-if-gig
network-engineer or crypto-officer
description description
no description
description (1-60 characters) is the description you choose for the current port. Quote
the description if it contains spaces.
Default(s)
Guidelines
Samples
No description
The description appears in the output from the show interface gigabit command.
bstnA(cfg‐if‐gig[2/4])# description “link to back‐end filers”
sets a description for the current port, 2/4.
bstnA(cfg‐if‐gig[2/8])# no description
erases the description for port 2/8.
Related Commands
9 - 12
interface gigabit
show interface gigabit
description (cfg-if-ten-gig)
description (cfg-if-ten-gig)
Purpose
A ten-gigabit port can optionally have a description for its show commands. Use the
description command to create a description for the current ten-gigabit port.
Use no description to remove the description.
Mode
Security Role(s)
Syntax
cfg-if-ten-gig
network-engineer or crypto-officer
description description
no description
description (1-60 characters) is the description you choose for the current ten-gigabit
port. Quote the description if it contains spaces.
Default(s)
Valid Platforms
Guidelines
Samples
No description
ARX-2500 and ARX-4000 only
The description appears in the output from the show interface ten-gigabit command.
bstnA(cfg‐if‐ten‐gig[2/2])# description “link to big‐ip”
sets a description for the current ten-gigabit port, 2/2.
bstnA(cfg‐if‐ten‐gig[2/1])# no description
erases the description for port 2/1.
Related Commands
CLI Reference
interface ten-gigabit
show interface ten-gigabit
9 - 13
Chapter 9
Layer 2
description (cfg-vlan)
Purpose
A VLAN can optionally have a description for its show commands. Use the
description command to create a description for the current VLAN.
Use no description to remove the description.
Mode
Security Role(s)
Syntax
cfg-vlan
network-engineer or crypto-officer
description description
no description
description (up to 80 characters) is the description you choose for the current VLAN.
Quote the description if it contains spaces.
Default(s)
Valid Platforms
Guidelines
Samples
“default”
any except ARX-VE
The description appears in the output from the show vlan and show vlan summary
commands.
bstnA(cfg‐vlan[1])# description “ARX‐defined VLAN”
sets a description for the current VLAN.
bstnA(cfg‐vlan[7])# no description
erases the description for VLAN 7.
Related Commands
9 - 14
show vlan
show vlan summary
forward-delay
forward-delay
Purpose
The Forward Delay is the time for spanning-tree ports to stay in the listen and learn
states, waiting for the best BPDU frame to reach the ARX. Use the forward-delay
command to set the Forward-Delay time.
Use the no form to revert to the default Forward Delay.
Mode
Security Role(s)
Syntax
cfg-stp
network-engineer or crypto-officer
forward‐delay seconds
no forward‐delay
seconds is a number from 4 to 30.
Default(s)
Valid Platforms
Guidelines
15 (seconds)
ARX-2000 and ARX-4000
The Spanning-Tree protocol is defined in IEEE 802.1D.
The Forward Delay time should be at least twice the maximum transit time for a
BPDU to traverse the entire network. This allows the bridges enough time to establish
a new spanning-tree topology in case of a bridge or link failure.
Sample
bstnA(cfg‐stp)# forward‐delay 10
sets the Forward Delay to 10 (seconds).
Related Commands
CLI Reference
spanning-tree
9 - 15
Chapter 9
Layer 2
flowcontrol
Purpose
A high-speed (1000-tx-full or ten-gigabit) interface can transmit a flow-control request
and/or accept and enforce a flow-control request for an over-burdened peer. Use the
flowcontrol command to enable flow control.
Use the no form to disable flow control.
Mode
cfg-if-gig
cfg-if-ten-gig
Security Role(s)
Syntax
network-engineer or crypto-officer
flowcontrol send {on | off}
flowcontrol receive {on | off}
no flowcontrol
on | off is a required choice.
Default(s)
Valid Platforms
Disabled
In cfg-if-gig mode: ARX-1500, ARX-2000, ARX-2500, and ARX-4000
In cfg-if-ten-gig mode: ARX-2500 and ARX-4000 only
Guidelines
On a one-gigabit interface, the speed setting must be 1000-tx-full to enable flow
control. Use the speed (cfg-if-gig) command to set the speed on a single-gigabit
interface. The show interface gigabit and show interface ten-gigabit commands
show the current flow-control setting on a particular one-gigabit or ten-gigabit
interface, respectively.
This command is not supported on the ARX-500 or ARX-VE platforms.
Sample
bstnA(cfg‐if‐gig[2/4])# flowcontrol send on
sets the interface to transmit flow-control requests. This does not necessarily
accept any flow-control requests from peers.
Related Commands
9 - 16
interface gigabit
speed (cfg-if-gig)
show interface gigabit
show interface ten-gigabit
hello-time
hello-time
Purpose
The Hello Time is the interval (in seconds) between broadcasts of Bridge Protocol
Data Units (BPDUs) to neighboring bridges. The BPDUs have spanning-tree topology
information that a bridge uses to determine its role in the spanning tree. Use the
hello-time command to set the Hello Time.
Use the no form to revert to the default Hello Time.
Mode
Security Role(s)
Syntax
cfg-stp
network-engineer or crypto-officer
hello‐time seconds
no hello‐time
seconds is a number from 1 to 10.
Default(s)
Valid Platforms
Guidelines
Samples
2 (seconds)
ARX-2000 and ARX-4000
The Spanning-Tree protocol is defined in IEEE 802.1D.
bstnA(cfg‐stp)# hello‐time 5
sets the Hello Time to 5 (seconds).
bstnA(cfg‐stp)# no hello‐time
sets the Hello Time to its default, 2 (seconds).
Related Commands
CLI Reference
spanning-tree
9 - 17
Chapter 9
Layer 2
interface gigabit
Purpose
Mode
Security Role(s)
Syntax
A layer-2 port is called an interface in the CLI. Use the interface gigabit command to
begin configuring an interface.
cfg
network-engineer or crypto-officer
interface gigabit slot/port
slot/port (2/1-14 on ARX-4000; 1/1-4 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on
ARX-1500; 1/2 on ARX-500; 1/1 on ARX-VE) is a Gigabit Ethernet port. Use the
show interface summary command to show all Gigabit Ethernet ports and their
slot(s).
Default(s)
Guidelines
None
This command puts you into cfg-if-gig mode, where you can set several configuration
parameters for the port. Use the speed (cfg-if-gig) command to manually set the port
speed and duplex configuration. If the device at the other end of the connection
supports flow control, you can use the flowcontrol command to configure it. Use the
description (cfg-if-gig) command to set an optional description for the port, for show
commands. Use the no shutdown (cfg-if-gig) command to start the port.
For every platform except the ARX-1500, ARX-2500, and ARX-VE, traffic-storm
control is configured automatically at every gigabit interface. The ARX forwards a
maximum of 1000 packets per second for each of the following frame types:
broadcast, multicast, or unicast frames with unknown destination addresses. If the
ingress-side of the port reaches the maximum in a given second, the port drops packets
of the chosen type until the second is over. Traffic-storm control does not suppress
spanning-tree BPDU packets. The ARX-1500, ARX-2500, and ARX-VE do not
support traffic-storm control.
Guidelines: Port 1/1
on the ARX-1500 and
ARX-2500
By default, port 1/1 on an ARX-1500 or ARX-2500 is configured as an out-of-band
(OOB) management interface. You can use the interface mgmt command and its sub
commands to manage this interface. The CLI returns an error message if you enter
interface gigabit 1/1 while port 1/1 is being used for out-of-band management.
To re-assign this port to client/server traffic, use no interface mgmt to delete the
out-of-band management interface. Then use this command on port 1/1 (interface
gigabit 1/1) to enter cfg-if-gig mode and edit the port for client/server traffic.
Sample
bstnA(cfg)# interface gigabit 2/6
bstnA(cfg‐if‐gig[2/6])#
edits the interface at slot 2, port 6.
Related Commands
9 - 18
show interface summary
speed (cfg-if-gig)
flowcontrol
description (cfg-if-gig)
shutdown (cfg-if-gig)
show interface gigabit
interface ten-gigabit
interface ten-gigabit
Purpose
Mode
Security Role(s)
Syntax
The ARX-4000 supports two ten-gigabit ports, which are called interfaces in the CLI.
Use the interface ten-gigabit command to begin configuring a ten-gigabit interface.
cfg
network-engineer or crypto-officer
interface ten‐gigabit slot/port
slot/port (2/1-2) identifies a ten-Gigabit Ethernet port. Use the show interface
summary command to show all Ethernet ports and their slot(s).
Default(s)
Valid Platforms
Guidelines
None
ARX-2500 and ARX-4000 only
This command puts you into cfg-if-ten-gig mode, where you can set several
configuration parameters for the port. The speed is fixed at 10 gigabits/second, full
duplex. Use the description (cfg-if-ten-gig) command to set an optional description
for the port, for show commands. If the device at the other end of the connection
supports flow control, you can use the flowcontrol command to configure it. Use the
no shutdown (cfg-if-ten-gig) command to start the port.
For every platform except the ARX-1500, ARX-2500, and ARX-VE, traffic-storm
control is configured automatically at every ten-gigabit interface. The ARX forwards a
maximum of 1000 packets per second for each of the following frame types:
broadcast, multicast, or unicast frames with unknown destination addresses. If the
ingress-side of the port reaches the maximum in a given second, the port drops packets
of the chosen type until the second is over. Traffic-storm control does not suppress
spanning-tree BPDU packets. The ARX-1500, ARX-2500, and ARX-VE do not
support traffic-storm control.
Sample
bstnA(cfg)# interface ten‐gigabit 2/1
bstnA(cfg‐if‐ten‐gig[2/1])#
edits the ten-gigabit interface at slot 2, port 1.
Related Commands
CLI Reference
show interface summary
description (cfg-if-ten-gig)
flowcontrol
shutdown (cfg-if-ten-gig)
show interface ten-gigabit
9 - 19
Chapter 9
Layer 2
ip private vlan
Purpose
Mode
Security Role(s)
Syntax
Two private VLANs are used for inter-process communication in the ARX: the private
VLAN and the metalog VLAN. The private VLAN carries a private IP network, used
for inter-process communication. The metalog VLAN carries important
namespace-software records to a battery-backed NVRAM device. These VLANs are
configured during the initial boot process; it is rarely necessary to change them. Use
the ip private vlan command to change one of these VLANs, or the IP subnet carried
by the private VLAN.
cfg
network-engineer or crypto-officer
ip private vlan internal vlan‐id [metalog meta‐vlan‐id] [subnet ip‐subnet mask]
vlan-id (1-4095) is the number for the private VLAN.
metalog meta-vlan-id (optional; 1-4095) sets the number for the metalog VLAN. This
must be different from the private VLAN, above.
subnet ip-subnet mask (optional) is the IP address and mask for the private subnet (for
example, 169.254.14.0). The mask must be 24 bits (255.255.255.0) or less for an
ARX-2000 or ARX-4000; it must be 26 bits (255.255.255.192) or less for an
ARX-500. 255.255.255.0 defines a large enough subnet for any platform.
Valid Platforms
Guidelines
ARX-500, ARX-2000, and ARX-4000
The private and metalog VLANs must not be supported on any external LAN
segments. If either VLAN is in use, use this command to change it/them.
You cannot change the private VLAN or subnet in a redundant pair (see
redundancy).
You may need to change the ip-subnet in a large RON where two switches have the
same private subnet. This is a rare situation, but possible. If it occurs, the current
switch can only reach one of the conflicting switches over the RON: the switch that
was connected to the current switch first. To reach the other switch, you must make
their private subnets unique within the RON. The show ron conflicts command
indicates which switches have the conflict, and shows all of the private subnets that are
currently in the RON (and should therefore be avoided). The ip private subnet
reassign command is designed to fix this by automatically choosing a unique private
subnet; alternatively, you can set the subnet manually with this command. Go to the
CLI for one of the conflicting switches and use either command to change its private
subnet.
9 - 20
ip private vlan
Samples
bstnA(cfg)# ip private vlan internal 2222
Change the private VLAN and reboot the chassis? [yes/no] yes
...
changes the private VLAN to 2222.
bstnA(cfg)# ip private vlan internal 2222 subnet 169.254.166.0 255.255.255.0
changes the private VLAN to 2222, leaves the metalog VLAN as is, and changes
the private subnet to 169.254.166.0/24.
bstnA(cfg)# ip private vlan internal 2222 metalog 2223
changes the private VLAN to 2222 and the metalog VLAN to 2223.
prtlndA(cfg)# ip private vlan internal 1002 subnet 169.254.200.0 255.255.255.192
changes the private subnet only, perhaps because of a conflict with another switch
in the RON.
Related Commands
CLI Reference
show ron conflicts
ip private subnet reassign
9 - 21
Chapter 9
Layer 2
jumbo mtu
Purpose
Mode
Security Role(s)
Syntax
The ARX supports both standard Ethernet and jumbo-frame packets. Use this
command to enable or disable jumbo-frame transmission on the current VLAN.
cfg-vlan
network-engineer or crypto-officer
jumbo mtu bytes
no jumbo mtu
bytes (1530-9198) establishes the size of frames on this VLAN.
Default(s)
Valid Platforms
Guidelines
1500 bytes (standard-frame size)
any except ARX-VE
Use this command only if your client-server network supports jumbo frames.
Use the no form of the command to disable jumbo-frame transmission on the switch.
Samples
bstnA(cfg‐vlan[2])# jumbo mtu 9000
enables 9000-byte jumbo frames on vlan 2.
bstnA(cfg‐vlan[2])# no jumbo mtu
disables jumbo frames on vlan 2.
Related Commands
9 - 22
show vlan
lacp active
lacp active
Purpose
Link-Aggregation Control Protocol (LACP) is a control protocol for dynamically
managing the member ports in a channel. The peers on both ends of the channel use
LACP to exchange information about member ports; the peers can automatically
remove or replace member links if configuration changes disqualify/re-qualify them
for channel membership. Use the lacp active command to enable LACP on the
current channel, with the ARX as the active peer.
Use no lacp to stop sending LACPDUs to the device at the other end of the channel.
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
cfg-channel
network-engineer or crypto-officer
lacp active
no lacp active
no lacp active - static LACP (that is, no LACP) runs by default.
ARX-1500 and ARX-2500
LACP is defined in IEEE 802.1AX-2008. If you configure LACP for the channel, the
peers can exchange Link Aggregation Control Protocol Data Units (LACPDUs) over
each member port. The peers can use the state information in these LACPDUs to
dynamically react to configuration or topology changes. For example, if a
configuration change disqualifies one of the channel’s member ports for aggregation,
the ARX and its peer can use LACP to automatically remove the port’s link from the
channel. If another configuration change makes the link suitable for aggregation again,
the LACP processes can automatically restore it to the channel.
To establish LACP on the channel, enable passive LACP at the peer and use this
command on the ARX. If you connect two ARX peers over a channel (see
redundancy protocol (cfg-channel)), you can use this command on both ARX peers
to establish LACP; one of them assumes the passive LACP role automatically.
To support LACP on chassis types other than the ARX-1500 or ARX-2500, you can
use the lacp passive command.
If LACP is disabled, all member ports remain in the channel no matter what
configuration or topology changes occur later.
Important
The no lacp active command restarts all of the channel’s member ports.
This stops all traffic on the channel for a brief time. This is not
recommended for a busy channel; perform this operation only during off
hours, or on an inactive channel.
For a channel used in a redundant-pair link (see the documentation for
redundancy protocol (cfg-channel)), this causes the backup ARX to
reboot. In most cases, the reboot has no effect on client traffic.
CLI Reference
9 - 23
Chapter 9
Layer 2
Guidelines (Cont.)
Samples
Use the channel command to create a channel, and use the members (cfg-channel)
command to add a port to the channel. Each end of the channel should have the same
LACP timeout settings; you can use the lacp rate command to change this end of the
channel to a long timeout. The show channel ... lacp command shows the current
configuration and status of LACP on a given channel. For LACP statistics, use the
show channel ... lacp stats command (see the documentation for show channel ...
stats).
stoweA(cfg)# channel 6
stoweA(cfg‐channel[6])# no lacp active
Warning: Disabling LACP will result in temporarily loss of network connectivity for all members of this channel.
Are you sure? [yes/no] yes
stops LACP processing on channel 6.
stoweA(cfg)# channel 1
stoweA(cfg‐channel[1])# lacp active
starts LACP processing on channel 1.
Related Commands
9 - 24
channel
members (cfg-channel)
lacp passive
lacp rate
show channel ... lacp
show channel ... stats
lacp passive
lacp passive
Purpose
Link-Aggregation Control Protocol (LACP) is a control protocol for dynamically
managing the member ports in a channel. The peers on both ends of the channel use
LACP to exchange information about member ports; the peers can automatically
remove or replace member links if configuration changes disqualify/re-qualify them
for channel membership. Use the lacp passive command to enable LACP on the
current channel.
Use no lacp passive to ignore all LACPDUs from the device at the other end of the
channel.
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
cfg-channel
network-engineer or crypto-officer
lacp passive
no lacp passive
no lacp passive - static LACP (that is, no LACP) runs by default.
ARX-2000 or ARX-4000
LACP is defined in IEEE 802.1AX-2008. If you configure LACP for the channel, the
peers can exchange Link Aggregation Control Protocol Data Units (LACPDUs) over
each member port. The peers can use the state information in these LACPDUs to
dynamically react to configuration or topology changes. For example, if a
configuration change disqualifies one of the channel’s member ports for aggregation,
the ARX and its peer can use LACP to automatically remove the port’s link from the
channel. If another configuration change makes the link suitable for aggregation again,
the LACP processes can automatically restore it to the channel.
To establish LACP on the channel, enable active LACP at the peer and use this
command on the ARX. If you connect two ARX peers over a channel (see
redundancy protocol (cfg-channel)), you can use this command on both ARX peers
to establish LACP; one of them assumes the active LACP role automatically.
The ARX-1500 and ARX-2500 only support active LACP; you can use the lacp
active command to enable active LACP on those devices.
If LACP is disabled, all member ports remain in the channel no matter what
configuration or topology changes occur later.
Important
The no lacp passive command restarts all of the channel’s member
ports. This stops all traffic on the channel for a brief time. This is not
recommended for a busy channel; perform this operation only during off
hours, or on an inactive channel.
For a channel used in a redundant-pair link (see the documentation for
redundancy protocol (cfg-channel)), this causes the backup ARX to
reboot. In most cases, the reboot has no effect on client traffic.
CLI Reference
9 - 25
Chapter 9
Layer 2
Guidelines (Cont.)
Samples
Use the channel command to create a channel, and use the members (cfg-channel)
command to add a port to the channel. Each end of the channel should have the same
LACP timeout settings; you can use the lacp rate command to change this end of the
channel to a long timeout. The show channel ... lacp command shows the current
configuration and status of LACP on a given channel. For LACP statistics, use the
show channel ... lacp stats command (see the documentation for show channel ...
stats).
prtlndA(cfg)# channel 2
prtlndA(cfg‐channel[2])# no lacp passive
Warning: Disabling LACP will result in temporarily loss of network connectivity for all members of this channel.
Are you sure? [yes/no] yes
stops LACP processing on channel 2.
bstnA(cfg)# channel 1
bstnA(cfg‐channel[1])# lacp passive
starts LACP processing on channel 1.
Related Commands
9 - 26
channel
members (cfg-channel)
lacp active
lacp rate
show channel ... lacp
show channel ... stats
lacp rate
lacp rate
Purpose
Link-Aggregation Control Protocol (LACP) is a control protocol for dynamically
managing the member ports in a channel. The peers on both ends of the channel use
LACP to exchange information about member ports; the peers can automatically
remove or replace member links if configuration changes disqualify/re-qualify them
for channel membership.
By default, the ARX uses a Fast_Periodic_Time for its transmissions (1 LACPDU
each second), and a Short_Timeout_Time (time out if the peer takes longer than 3
seconds to respond). If the peer has different LACP timer settings, the peers may
periodically disconnect from each other. Use the lacp rate command to lengthen the
rate to one LACPDU every 30 seconds, and to lengthen the timeout to 90 seconds.
Use no lacp rate to return the timeout to its faster defaults.
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
cfg-channel
network-engineer or crypto-officer
lacp rate long‐timeout
no lacp rate
no lacp rate •
Fast_Periodic_Time - transmit an LACPDU once per second.
•
Short_Timeout_Time - time out after 3 seconds.
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
The LACP timer settings should be the same at both ends of the channel.
This command is irrelevant unless you also use lacp active or lacp passive to enable
LACP on the current channel.
This command disables and re-enables the channel to activate the change. The CLI
prompts you with a warning about the temporary connection loss; enter yes to proceed.
LACP is defined in IEEE 802.3ad, and later in IEEE 802.1AX-2008. Channel peers
configured with LACP can exchange Link Aggregation Control Protocol Data Units
(LACPDUs) over each member port. The peers can use the state information in these
LACPDUs to dynamically react to configuration or topology changes. For example, if
a configuration change disqualifies one of the channel’s member ports for aggregation,
the ARX and its peer can use LACP to automatically remove the port’s link from the
channel. If another configuration change makes the link suitable for aggregation again,
the LACP processes can automatically restore it to the channel.
These LACP timer settings are also defined in IEEE 802.1AX-2008. This command
toggles between Fast_Periodic_Time/Short_Timeout_Time and
Slow_Periodic_Time/Long_Timeout_Time.
Use the channel command to create a channel, and use the members (cfg-channel)
command to add a port to the channel. The show channel ... lacp command shows
the current configuration and status of LACP on a given channel. For LACP statistics,
use the show channel ... lacp stats command (see the documentation for show
channel ... stats).
CLI Reference
9 - 27
Chapter 9
Layer 2
Sample
bstnA(cfg‐channel[1])# lacp rate long‐timeout
Warning: Changing the LACP Rate will result in temporarily loss of network connectivity for all members of this channel.
Are you sure? [yes/no] yes
sets a 30-second interval (and a 90-second timeout) for LACP transmissions on
channel 1.
Related Commands
9 - 28
lacp active
lacp passive
channel
members (cfg-channel)
show channel ... lacp
show channel ... stats
load-balance
load-balance
Purpose
Mode
Security Role(s)
Syntax
A channel balances out-bound load amongst its ports by hashing packet IPs together
and choosing a port based on the hash. Use the load-balance command to change the
IP(s) used in the hash.
cfg-channel
network-engineer or crypto-officer
load‐balance {src‐ip | dst‐ip | src‐dst‐ip}
no load‐balance
src-ip uses only the packet’s source-IP address in the hash. This may not produce the
best hash: the source IPs are limited to a small set of VIPs (see virtual server), proxy
IPs (see ip proxy-address), and management IPs (see ip address (cfg-if-vlan) and ip
address (cfg-mgmt)).
dst-ip uses the packet’s destination-IP address, ignoring the source address.
Destination addresses are those of clients, filers, and management stations, so this is
typically a better hash than one that uses the limited set of source IPs.
src-dst-ip combines the source and destination IPs with a bit-wise XOR operation.
This hash typically produces the best traffic distribution within the channel.
Default(s)
Valid Platforms
Guidelines
src-dst-ip
ARX-2000 or ARX-4000
This stops and restarts the channel to reset the traffic-distribution hash. The CLI
therefore prompts for confirmation before stopping traffic; type yes to confirm.
This is relevant to outbound traffic only.
Use show channel [load-balance] to view the current load-balancing configuration
for all channels. To find the results of the hash for a packet with a particular source
and destination IP, use show load-balancing.
Samples
bstnA(cfg‐channel[9])# load‐balance src‐ip
Changing the load‐balancing algorithm will cause the channel to disrupt traffic.
Are you sure? [yes/no] yes
uses source-IP addresses to choose outbound ports in channel 9. This ignores
destination-IP addresses for the hash.
bstnA(cfg‐channel[2])# no load‐balance
Changing the load‐balancing algorithm will cause the channel to disrupt traffic.
Are you sure? [yes/no] yes
returns channel 2 to the default; choose an outbound port based on an XOR of the
packet’s source and destination IPs.
CLI Reference
9 - 29
Chapter 9
Layer 2
Related Commands
9 - 30
channel
show load-balancing
show channel
mac-address aging-time
mac-address aging-time
Purpose
The ARX learns the MAC addresses of neighboring bridges by examining the source
MACs in the frames that it receives. Each MAC address is added to (or updated in) an
internal table of MAC addresses. If no new updates are received for a MAC address
over the aging time, the switch erases a MAC address from the table. Use the
mac-address aging time command to set the aging time.
Use the no form of the command to revert to the default aging time.
Mode
Security Role(s)
Syntax
cfg-stp
network-engineer or crypto-officer
mac‐address aging‐time seconds
no mac‐address aging‐time
seconds is a number from 300 to 1,000,000.
Default(s)
300 (seconds, or 5 minutes)
Valid Platforms
ARX-2000 and ARX-4000
Guidelines
Samples
The MAC address aging time is defined in IEEE 802.1D. Use the show
mac-address-table summary command to see the current aging time.
bstnA(cfg‐stp)# mac‐address aging‐time 600
sets the aging time to 600 (seconds), or 10 minutes.
bstnA(cfg‐stp)# no mac‐address aging‐time
reverts the aging time to the default.
Related Commands
CLI Reference
spanning-tree
show mac-address-table summary
9 - 31
Chapter 9
Layer 2
max-age
Purpose
The Max Age is the time (in seconds) to keep BPDU information from a neighboring
bridge before declaring the port information “stale.” If the Max Age is reached for a
port, it is considered disconnected by the other bridges in the spanning tree. Use the
max-age command to set the Max Age.
Use the no form to revert to the default Max Age.
Mode
Security Role(s)
Syntax
cfg-stp
network-engineer or crypto-officer
max‐age seconds
no max‐age
seconds is a number from 6 to 40.
Default(s)
Valid Platforms
Guidelines
20 (seconds)
ARX-2000 and ARX-4000
The Spanning-Tree protocol is defined in IEEE 802.1D.
The Max Age is typically three times the Hello Time; it must be at least 2 * (Hello
Time + 1). Use the hello-time command to set the Hello Time.
Samples
bstnA(cfg‐stp)# max‐age 15
sets the Max Age to 15 (seconds).
bstnA(cfg‐stp)# no max‐age
reverts the Max Age to the default.
Related Commands
9 - 32
spanning-tree
hello-time
members (cfg-channel)
members (cfg-channel)
Purpose
From cfg-channel mode, use the members command to add a single port or a range of
ports to the current channel.
Use the no members command to remove a port(s) from the channel.
Mode
Security Role(s)
Syntax
cfg-channel
network-engineer or crypto-officer
members slot/port [to slot/port ]
no members slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-4 or 2/1-2 on ARX-2500; 1/1-12 on ARX-2000;
1/1-8 on ARX-1500) is the first (or only) Ethernet port.
to slot/port (optional) is the last port in a range of ports.
Use the show interface summary command to locate the slot(s) for these ports.
ARX-4000 and ARX-2500 devices have ten-gigabit interfaces at ports 2/1 and 2/2 and
one-gigabit interfaces at the remaining ports.
Default(s)
Valid Platforms
Guidelines
None
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
A channel can have up to 8 ports. All of the ports must be shut down before you add
them with this command (see shutdown (cfg-if-gig) or shutdown (cfg-if-ten-gig)).
The ARX can support different speeds amongst the channel members; confirm that the
peer at the other end of the channel can support this before you configure your channel
this way.
For a channel to be used as a redundant-pair link, use the redundancy protocol
(cfg-channel) command instead of this command.
You cannot use the no members command on the last port in the channel; instead,
use no channel to remove the entire channel.
Guidelines:
Confirmation Prompt
on an ARX-1500 and
ARX-2500
The ARX-1500 and ARX-2500 do not support the same VLAN on two physical
interfaces, where a “physical interface” is either a port or a channel. Each VLAN can
be carried by only one port or channel. Therefore, the system removes all VLANs
from any member port you choose before adding the port to the channel. The port then
carries the same VLAN(s) as the other ports in the same channel (with vlan
(cfg-channel) or vlan-tag). The CLI prompts for confirmation before taking the port
off of any VLANs; enter yes to continue.
Guidelines: Port 1/1
on an ARX-1500 and
ARX-2500
On the ARX-1500 and ARX-2500, port 1/1 is the out-of-band management interface
by default, and cannot be included in any client/server channel. If you prefer to use an
in-band (VLAN) management interface (see interface vlan) for accessing the CLI or
GUI, you can use interface mgmt and shutdown (cfg-mgmt) to stop using port 1/1
for out-of-band management. Then you can use this command to include port 1/1 in a
client/server channel.
CLI Reference
9 - 33
Chapter 9
Layer 2
Samples
bstnA(cfg‐channel[2])# members 2/7 to 2/10
adds ports 2/7-2/10 to channel 2.
bstnA(cfg‐channel[5])# members 2/2
adds port 2/2 (a ten-gigabit port) to channel 5.
bstnA(cfg‐channel[4])# no members 2/13 to 2/14
removes ports 2/13-2/14 from channel 4.
Related Commands
9 - 34
channel
shutdown (cfg-if-gig)
shutdown (cfg-if-ten-gig)
redundancy protocol (cfg-channel)
show interface summary
members (cfg-vlan)
members (cfg-vlan)
Purpose
Use the members command to add a single port or a range of ports to the current
VLAN.
Use no members to remove a port(s).
Mode
Security Role(s)
Syntax
cfg-vlan
network-engineer or crypto-officer
members slot/port [to slot/port ]
no members slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-4 or 2/1-2 on ARX-2500; 1/1-12 on ARX-2000;
1/1-8 on ARX-1500) is the first (or only) Ethernet port.
to slot/port (optional) is the last port in a range of ports. You cannot use this option on
the ARX-2500 or ARX-1500, which allow only a single port to carry each VLAN.
Use the show interface summary command to locate the slot(s) for these ports.
Default(s)
Valid Platforms
Guidelines
None
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
IEEE 802.1Q defines VLANs.
This command adds ports to the VLAN with tagging disabled. A port with tagging
disabled does not tag any outgoing frames with the VLAN ID (VID) for this VLAN.
Use the tag command to add ports with tagging enabled, or to enable tagging for
existing VLAN ports.
On the ARX-1500 and the ARX-2500, only a single port (interface gigabit or
interface ten-gigabit) or channel can carry any given VLAN. That is, you can only
select a single member port with this command. This includes VLAN 1; if multiple
channels or ports default to VLAN 1, all but one of them must be disabled (with
shutdown (cfg-if-gig), shutdown (cfg-if-ten-gig), or shutdown (cfg-channel)).
To assign a channel to carry the VLAN, use the vlan (cfg-channel) command. On the
ARX-2500 or ARX-1500, this is the method for carrying a VLAN on multiple ports;
aggregate the ports into a channel, then assign the desired VLAN to that channel.
CLI Reference
9 - 35
Chapter 9
Layer 2
Guidelines: Removing
the Last Port from the
Redundancy Link
In the following circumstances, the no members command causes the backup ARX
peer to reboot:
•
the interface vlan command establishes an in-band (VLAN) management
address for this VLAN,
•
the redundancy (cfg-if-vlan) command establishes the above management
address as the local end of the redundancy link,
•
redundancy is active between the ARX peers, and
•
the no members command is removing the last port(s) from the VLAN.
The reboot does not disrupt any storage services, but the ARX peers cannot function as
a redundant pair while the link is shut down. Additionally, a quorum-disk failure or
disconnection would cause the active peer to reboot, too. If you proceed with shutting
down the link, you should establish a new one as soon as possible: use the
redundancy protocol, redundancy protocol (cfg-channel), or redundancy
(cfg-if-vlan) command on another port, channel, or VLAN interface to establish a new
redundant-pair link.
Samples
bstnA(cfg‐vlan[1])# members 2/3 to 2/6
adds ports 2/3-2/6 to VLAN 1.
bstnA(cfg‐vlan[5])# members 2/1
adds port 2/1 to VLAN 5.
bstnA(cfg‐vlan[1])# no members 2/5 to 2/6
removes ports 2/5-2/6 from VLAN 1.
bstnA(cfg‐vlan[7])# no members 2/11
removes port 2/11 from VLAN 7.
Related Commands
9 - 36
vlan
tag
priority (cfg-channel)
priority (cfg-channel)
Purpose
LACP (IEEE 802.1AX-2008) defines a System Priority parameter for the stations at
either end of a link-aggregation channel. From cfg-channel mode, use the priority
command to set the System Priority for the current channel.
Use no priority to revert to the default System Priority.
Mode
Security Role(s)
Syntax
cfg-channel
network-engineer or crypto-officer
priority number
no priority
number (0-65536) is System Priority that you choose for this channel.
Default(s)
Valid Platforms
Guidelines
32,767
ARX-2000 and ARX-4000
This command is only relevant in a channel with lacp passive enabled.
A lower number indicates higher priority. The station with the highest priority initiates
all changes to member-port status in the channel. As an example of a change in
member-port status: a port could change from a “standby” state to active use in the
channel due to a configuration change.
Each channel can have a different priority setting.
You cannot run this command on the ARX-1500 or ARX-2500; the System Priority on
those platforms is fixed at 65535 (lowest priority).
Samples
bstnA(cfg‐channel[1])# priority 1
sets the System Priority to 1 (a very high priority) at channel 1.
bstnA(cfg‐channel[10])# no priority
sets the default System Priority at channel 10.
Related Commands
CLI Reference
channel
show channel
lacp passive
9 - 37
Chapter 9
Layer 2
priority (cfg-stp)
Purpose
In a spanning tree topology, the bridge with the lowest Bridge Priority is elected as the
spanning-tree root. From cfg-stp mode, use the priority command to set the Bridge
Priority for the ARX.
Use no priority to revert to the default Bridge Priority.
Mode
Security Role(s)
Syntax
cfg-stp
network-engineer or crypto-officer
priority number
no priority
number (0-61440) is Bridge Priority that you choose for the ARX. Use a multiple of
4096 (such as 0, 4096, 8192, or 12288).
Default(s)
Valid Platforms
Guidelines
61,440
ARX-2000 and ARX-4000
The Spanning-Tree protocol and Bridge Priority are defined in IEEE 802.1D.
A lower number indicates higher priority. If all bridges have the same priority, the
bridge with the lowest MAC address is elected as the root bridge.
Samples
bstnA(cfg‐stp)# priority 0
sets the Bridge Priority to 0. The ARX will likely be elected as the root bridge.
bstnA(cfg‐stp)# no priority
sets the default Bridge Priority.
Related Commands
9 - 38
spanning-tree
protocol (cfg-stp)
protocol (cfg-stp)
Purpose
From cfg-stp mode, use the protocol command to choose the spanning-tree protocol:
the original Spanning Tree Protocol (STP), or Rapid Spanning Tree (RST) protocol.
Use no protocol to revert to the default.
Mode
Security Role(s)
Syntax
cfg-stp
network-engineer or crypto-officer
protocol {dot1d | rst}
no protocol
dot1d | rst is a required choice:
Default(s)
Valid Platforms
Guidelines
•
dot1d runs the original STP (IEEE 802.1D), ignoring RST-based BPDUs.
•
rst runs RST from IEEE 802.1w, but is compatible with bridges that run the
original STP (above).
RST
ARX-2000 and ARX-4000
RST improves on the original STP implementation by more-rapidly converging on a
new spanning-tree topology after a bridge or port failure. Conforming bridges
(including the ARX) agree on the most-modern supported version of the protocol and
use that version for all spanning-tree communication.
For an RST implementation, use the cfg-if-gig spanning-tree edgeport command to
identify all the Edge Ports on the ARX.
Samples
bstnA(cfg‐stp)# protocol dot1d
selects the earliest version of spanning-tree.
bstnA(cfg‐stp)# no protocol
sets the protocol to the default, RST.
Related Commands
CLI Reference
spanning-tree
spanning-tree edgeport
9 - 39
Chapter 9
Layer 2
redundancy protocol
Purpose
Use the redundancy protocol command to designate the current interface as one end
of a redundant-pair link.
Use the no redundancy protocol command to remove support for a redundant-pair
link. This causes the standby peer to reboot; see
Modes
cfg-if-gig
cfg-if-ten-gig
Security Role(s)
Syntax
Default(s)
Valid Platforms
network-engineer or crypto-officer
redundancy protocol
no redundancy protocol
None
ARX-2000 and ARX-4000
In cfg-if-ten-gig mode: ARX-4000 only.
Guidelines
At the layer-2 level, this establishes one end of the link between redundant peers. For
best performance, a gigabit or ten-gigabit connection is strongly recommended; use
the speed (cfg-if-gig) command to set the speed on a single-gigabit interface. We also
recommend that the connection be direct (without any intervening bridges or routers),
and that the switches are co-located. If the latency is low, an intervening Gigabit L2
switch is permissible.
Alternatively, you can configure a multi-port channel as the redundant-pair link. Use
channel to create the channel, then use redundancy protocol (cfg-channel) to add
member ports to it. (The ARX-1500 and ARX-2500 use different commands to
establish the redundancy link over a channel, described in the documentation for
redundancy protocol (cfg-channel).)
For cases where low latency between the peers is impossible, you may need to
increase a timeout value when you set up the redundant pair. When you set up
redundancy between the peers later, you can use the resilver-timeout command to
increase this timeout value. You can also use the show redundancy metalog
command to monitor the latency between the peers.
Guidelines: Shutting
Down the
Redundant-Pair Link
The no redundancy protocol command disables the redundant-pair link (see
redundancy protocol), and therefore causes the standby peer to reboot if redundancy
is enabled (enable (cfg-redundancy)). The reboot does not disrupt any storage
services, but the ARX peers cannot function as a redundant pair while the link is shut
down. Additionally, a quorum-disk failure or disconnection would cause the active
peer to reboot, too. If you proceed with shutting down the link, you should establish a
new one as soon as possible: use the redundancy protocol or redundancy protocol
(cfg-channel) command on another port or channel to establish a new redundant-pair
link.
The CLI prompts for confirmation before shutting down a redundant-pair link; enter
yes to proceed with the interface shutdown and the reboot.
9 - 40
redundancy protocol
Guidelines: ARX-1500
and ARX-2500
Samples
The ARX-1500 and ARX-2500 use layer-3 (IP) networking software for exchanging
heartbeats and important metalog data between the peers, so they require layer-3
configuration for their redundancy link. Instead of the layer-2 redundancy protocol
command described here, you can use the following commands to set up a layer-3
redundancy link over the current interface:
•
Establish a new VLAN for this link. Use the vlan command to create a new
VLAN, then use members (cfg-vlan) to assign the current interface to that
VLAN.
•
Use the interface vlan to create a management-IP interface on the VLAN; this
puts you into cfg-if-vlan mode.
–
From cfg-if-vlan mode, use the ip address (cfg-if-vlan) command to
establish an in-band (VLAN) IP address. You later use this
VLAN-management IP address to identify this ARX to its peer, as described
below.
–
From the same mode, use redundancy (cfg-if-vlan) to designate the
interface for exchanging metalog data and heartbeats.
–
From the same mode, use no shutdown (cfg-if-vlan) to enable the
management interface.
prtlndA(cfg‐if‐gig[2/1])# redundancy protocol
uses interface 2/1 as one end of a redundant-pair link.
bstnA(cfg‐if‐gig[2/13])# no redundancy protocol
Removing redundancy protocol for this interface will cause the peer to reboot.
Are you sure? [yes/no] yes
stops using interface 2/13 as one end of a redundant-pair link. If the redundant
pair has already formed (see the enable (cfg-redundancy) documentation), this
causes the peer to reboot.
bstnA(cfg‐if‐ten‐gig[2/2])# redundancy protocol
uses a ten-gigabit interface, 2/2, as one end of a redundant-pair link.
Related Commands
CLI Reference
interface gigabit
interface ten-gigabit
speed (cfg-if-gig)
redundancy
resilver-timeout
show redundancy metalog
9 - 41
Chapter 9
Layer 2
redundancy protocol (cfg-channel)
Purpose
From cfg-channel mode, use the redundancy protocol command to add a single port
or a range of ports to the current redundancy-link channel. This command performs
two tasks at once: it adds ports to the channel, and prepares the channel for use as a
redundant-pair link.
Use the no redundancy protocol command to remove redundancy-link support along
with one or more ports.
Mode
Security Role(s)
Syntax
cfg-channel
network-engineer or crypto-officer
redundancy protocol slot/port [to slot/port ]
no redundancy protocol slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-12 on ARX-2000) is a single port or the first port
in a range.
to slot/port (optional) is the last port in a range of ports.
Use the show interface summary command to locate the slot(s) for these ports.
Default(s)
Valid Platforms
Guidelines
None
ARX-2000 and ARX-4000
A channel can have up to 8 ports. All ports must belong to the same VLAN(s) and they
must run at the same speed.
Redundancy requires a reliable and fast channel for best performance. We recommend
that you enable LACP on the channel to increase its reliability in high packet traffic:
use lacp passive or lacp active to enable LACP, depending on your platform. For
best performance, a gigabit (or higher-bandwidth) connection is strongly
recommended. Use the cfg-if-gig speed (cfg-if-gig) command to set the speed on
each port. We also recommend that the connection be direct (without any intervening
bridges or routers), and that the switches are co-located. If the latency is low, an
intervening Gigabit L2 switch is permissible.
For cases where low latency between the peers is impossible, you may need to
increase a timeout value when you set up the redundant pair. When you set up
redundancy between the peers later, you can use the resilver-timeout command to
increase this timeout value. You can also use the show redundancy metalog
command to monitor the latency between the peers.
A port cannot be a member of a channel if it has an “auto” speed.
Use the members (cfg-channel) command to add ports to a standard
(non-redundancy-link) channel.
You cannot use the no redundancy protocol command on the last port in the
channel; instead, use no channel to remove the entire channel.
9 - 42
redundancy protocol (cfg-channel)
Guidelines: ARX-1500
and ARX-2500
Samples
The ARX-1500 and ARX-2500 use layer-3 (IP) networking software for exchanging
heartbeats and important metalog data between the peers, so they require layer-3
configuration for their redundancy link. Instead of the layer-2 redundancy protocol
command described here, you can use the following commands to set up a layer-3
redundancy link over the current channel:
•
Establish a new VLAN for this link. Use the vlan (cfg-channel) command to
assign the channel to the VLAN.
•
Use the interface vlan to create a management-IP interface on the VLAN; this
puts you into cfg-if-vlan mode.
–
From cfg-if-vlan mode, use the ip address (cfg-if-vlan) command to
establish an in-band (VLAN) IP address. You later use this
VLAN-management IP address to identify this ARX to its peer, as described
below.
–
From the same mode, use redundancy (cfg-if-vlan) to designate the
interface for exchanging metalog data and heartbeats.
–
From the same mode, use no shutdown (cfg-if-vlan) to enable the
management interface.
bstnA(cfg‐channel[2])# redundancy protocol 2/1 to 2/2
adds ports 2/1-2/2 to channel 2, a channel to be used as a link between redundant
peers.
prtlndA(cfg‐channel[4])# no redundancy protocol 2/3
removes port 2/3 from channel 4.
Related Commands
CLI Reference
channel
show interface summary
speed (cfg-if-gig)
members (cfg-channel)
redundancy
resilver-timeout
show redundancy metalog
9 - 43
Chapter 9
Layer 2
show channel
Purpose
Mode
Security Role(s)
Syntax
A channel is a group of Ethernet ports aggregated into a single flow, as specified in
IEEE 802.3ad. Use the show channel command to show the configuration of one
channel.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show channel {summary | load‐balance | channel‐id [lacp]}
summary | load-balance | channel-id is a required choice.
•
summary shows a summary for all channels.
•
load-balance shows the load-balancing algorithm for all channels.
•
channel-id (1-8) identifies one channel; use this option to show detailed
parameters for one channel.
lacp (optional, if you choose a channel-id) displays the configuration and state of
the Link Aggregation Control Protocol (LACP) on the given channel.
Valid Platforms
Guidelines
Guidelines: Summary
ARX-1500, ARX-2000, ARX-2500, or ARX-4000
This command shows the configuration and running state of a channel. Its various
outputs are described below. For channel statistics (such as packet counts), use show
channel ... stats.
The show channel summary command outputs one line per channel. Each line
contains the following fields:
Ch Id identifies the channel.
* indicates that the channel is used as a redundancy link with the switch’s
redundant peer (see redundancy protocol (cfg-channel)).
Admin State is set by the shutdown (cfg-channel) command.
Oper Status is Up if the channel has at least one operational port. This is Down if all
of the member ports are down.
Speed is the speed of each port in the channel. Before ports can be aggregated into a
channel, their speeds must match (see speed (cfg-if-gig) to set a port’s speed).
Load-Balancing Algorithm shows the IP address(es) (source and/or destination) that
are hashed to choose a port for an outbound packet. This is set by the load-balance
command.
LACP is “Active,” “Passive,” or “Disabled,” depending on the lacp active setting (on
the ARX-1500 or ARX-2500), or the lacp passive setting (on other platforms that
support channels).
Description is set by the description (cfg-channel) command.
Guidelines:
Load-Balance
9 - 44
The show channel load-balance command shows the load-balancing algorithm for
each channel.
show channel
Guidelines:
channel-id (Detailed)
The show channel channel-id command shows details about the given channel:
Channel Id identifies the channel.
Description is set by the description (cfg-channel) command.
Load Balancing Algorithm shows the IP address(es) or MAC address(es)
(source and/or destination) that are hashed to choose a port for an outbound
packet. This is set by the load-balance command.
LACP State is “Active,” “Passive,” or “Disabled.” LACP (Link Aggregation
Control Protocol) is a control protocol for dynamically adapting member usage to
topology changes. On some platforms, you can enable LACP “Passive” mode
with the lacp passive command; on other platforms, you can use the lacp active
command to enable LACP “Active” mode.
LACP Rate is either “Short Timeout” or “Long Timeout.” The rate should be the
same at both ends of the channel, or the channel may periodically drop out of
service. You can set this with the lacp rate command.
Members(Slot/Interface) lists the interfaces (ports) in this channel. Use the
members (cfg-channel) command or the redundancy protocol (cfg-channel)
command to add members to the channel.
Number of Members counts the ports from the above field.
Admin State is set by the shutdown (cfg-channel) command.
Channel Oper Status is Up if the channel has at least one operational port. This
is Down if all of the member ports are down.
Trap Status is set by the trap shutdown command.
These spanning-tree fields only appear on systems that support the
spanning-tree command.
–
Spanning-Tree Forwarding State is “discard,” “forward,” or “disabled.”
The channel is typically in “discard” state when the Spanning-Tree Role is
“alternate,” and it is typically in “forward” state when the role is
“designated” or “root.”
–
Spanning-Tree State is enabled if the channel participates in the spanning
tree. You can use the spanning-tree shutdown command to disable
spanning tree for the channel.
–
Spanning-Tree Role is the channel’s Port Role in the spanning tree: “root,”
“designated,” or “alternate.”
–
Accept Frames is “All” or “Tagged Only.” If this is the latter, the channel
rejects all ingress frames unless they are tagged for one of the channel’s
VLANs. “Tagged Only” appears if (and only if) the channel is used in a link
between redundant peers; see redundancy protocol (cfg-channel).
Total Vlans Configured counts all VLANs in which this channel participates.
A small table of VLANs appears next, with one row for each VLAN on this channel.
The table contains two columns:
Members VLAN ID is the VLAN (if any) where this channel is a member. The
channel does not tag any outgoing frames with the VLAN ID (VID) for this
VLAN.
Tag VLAN ID lists one or more VLANs (if any) where this channel is a tagging
member; that is, this channel tags its outgoing frames with the VLAN ID (VID)
for the destination VLAN.
CLI Reference
9 - 45
Chapter 9
Layer 2
Guidelines:
channel-id (Detailed),
Cont.
Guidelines: lacp
The next table contains the status of each member port, one per row. Slot/Port
identifies each member port, and Link Status its status (up or down).
Spanning-Tree Statistics is a table of counters for the Bridge Protocol Data Units
(BPDUs) transmitted and received. The counters are shown for two versions of
spanning-tree BPDU: original spanning tree (STP) or rapid spanning-tree (RST).
If you use the optional lacp argument in the command, the output shows LACP
parameters and status for the chosen channel.
Three summary fields appear at the top of the output:
Channel ID identifies this channel
LACP is “Active,” “Passive,” or “Disabled,” depending on the lacp active setting
(on the ARX-1500 or ARX-2500), or the lacp passive setting (on other
platforms that support channels).
Time since last state change shows the time that has passed since the last
change in channel membership or status.
This is followed by a table of LACP Channel Parameters. This table shows the
channel-level configuration for LACP. It is divided into two columns: Local (for the
ARX end of the channel) and Peer (for the remote end of the channel):
Admin Key is the numeric key for the channel that was set by its administrative
configuration. A channel’s key is a number used by LACP software to identify the
relevant configuration parameters of the channel. This is the same as the Oper
Key, below, until or unless a configuration and/or topology change triggers a
change in member-port usage. This field only appears in the Local column.
Oper Key is the numeric key that is currently in use for the channel. This key
appears in both columns. The peer’s operational key is the one that was reported
in the most-recent Link Aggregation Control Protocol Data Unit (LACPDU) from
the peer.
System Priority shows the System Priority of the ARX and its peer. A lower
number is considered a higher priority. The system with the higher priority
initiates all port-membership changes in the channel, such as putting a port in
“standby” status due to a configuration change. You can use the priority
(cfg-channel) command to set the priority for the ARX end of the channel.
System ID is the MAC address used to identify the ARX and its peer.
The final section of the output, LACP Port Parameters, contains one table per
channel member. Each table describes one port with its port-level LACP parameters
and status. As above, these tables contain one Local column (for the ARX port) and a
Peer column (for the corresponding port at the remote end of the channel). On the
ARX-1500 and ARX-2500, this table contains the following fields:
Slot/Port identifies the ARX port. This information does not appear for the Peer
port.
Oper Key is the key that is currently in use for this port. This number is a code
that is only meaningful to the LACP software. It appears for both the local port
and the peer port.
Link Status is either “up” or “down.” If this link is down, it is not being used for
the channel’s traffic.
Link Failure Count shows the number of transmissions failures on this link, if
any.
9 - 46
show channel
Guidelines: LACP
Output (Cont.)
On all other platforms, the LACP Port Parameters table contains the following
fields:
Slot/Port identifies the ARX port. This information does not appear for the Peer
port.
Admin Status shows the administratively-set status of the member port. This
only appears for an ARX port. Each port may have one or more of the following
codes to signify its status:
–
A or P - A (Active) means that the port is actively running LACP, and P
(Passive) indicates that the port is sending LACPDUs but has not yet
received proper responses from the peer.
–
T or L - indicates the timeout between LACPDU transmissions. T is a short
timeout (typically, 1 second) and L is a long timeout (typically 30 seconds).
–
a - means that the port is eligible for Aggregation, or active use in the
channel. Ports without this flag cannot be used in the channel; check the
configuration at both ends for possible differences that make them
incompatible.
–
S - shows that the LACP process considers this port “in Sync” with its usage
in the channel. If this flag is missing, it may indicate that the LACP software
is in the process of changing the port from a “standby” state to an “active”
one, or from active to standby.
–
C - indicates that the port is Collecting packets. That is, it can accept
incoming traffic.
–
D - means that the port is Distributing packets. That is, it can send outbound
packets to its peer.
–
d - indicates that the port is using Default information for its peer’s
operational key. This means that the peer’s configuration information on the
ARX does not contradict the latest learned information from LACPDUs.
–
E - indicates that the latest LACPDU has expired, and the LACP process is
waiting for the next one.
Oper State is the current status of the port. This appears for both the Local port
and its Peer. This has the same possible values as the Admin Status, described
above.
Admin Key is a numeric key used by the LACP software as a code to represent
the port’s capabilities. This key is based on administrative (CLI) settings. The
LACP software may choose a different operational key (described below) for the
port based on L2-topology changes or configuration changes at the peer port. This
only appears for the ARX port, where administrative parameters are known.
Oper Key is the key that is currently in use for this port. This number is a code
that is only meaningful to the LACP software. It appears for both the local port
and the peer port.
Port Priority is a number that represents the port’s eligibility for use in the
channel. A lower priority number represents a higher priority. If ports are
excluded from active use in the channel, the LACP software prefers low-priority
ports (that is, ports with higher-priority numbers). This appears for both the local
and peer ports, and it may be different at both ends.
CLI Reference
9 - 47
Chapter 9
Layer 2
Samples
stoweA# show channel summary
shows a one-line summary for each channel. See Figure 9.1 for sample output.
prtlndA# show channel load‐balance
shows the load-balancing algorithm for all channels on the “prtlndA” switch. See
Figure 9.2 on page 9-48 for sample output.
prtlndA# show channel 1
shows the configuration for channel 1 on the same switch. See Figure 9.3 on
page 9-48 for sample output.
bstnA# show channel 1 lacp
shows the LACP configuration for channel 1 on the “bstnA” switch. See
Figure 9.4 on page 9-49 for sample output.
Related Commands
description (cfg-channel)
members (cfg-channel)
redundancy protocol (cfg-channel)
shutdown (cfg-channel)
lacp passive
lacp rate
priority (cfg-channel)
trap shutdown
Figure 9.1 Sample Output: show channel summary
stoweA# show channel summary
Ch Admin Oper Speed Load‐Balance LACP Description
Id State Status Algorithm
‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Enabled Up 10 Gb/s src‐dst‐ip Passive default
prtlndA#
Figure 9.2 Sample Output: show channel load-balance
prtlndA# show channel load‐balance
Channel Id Load‐Balance Algorithm
‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 Source and Destination Ip
2 Source and Destination Ip
prtlndA#
Figure 9.3 Sample Output: show channel
prtlndA# show channel 1
Channel ID : 1
Description : default
Load Balancing Algorithm : Source and Destination Ip
LACP State : Passive
LACP Rate : Short Timeout
Members(Slot/Interface) : 2/3,2/4
9 - 48
show channel
Number of Members : 2
Admin State : Enabled
Channel Oper Status : Up
Trap Status : Disabled
Spanning‐Tree Forwarding State: Manual Forwarding
Spanning‐Tree State : Disabled
Spanning‐Tree Role : Disabled
Accept Frames : All
Total VLANs Configured : 2
Members Tag
VLAN ID VLAN ID
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 N/A
405 N/A
Slot/Port Link Status
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2/3 Up
2/4 Up
Spanning Tree Statistics
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
STP BPDU Transmitted 0
STP BPDU Received 0
RST BPDU Transmitted 0
RST BPDU Received 7975
MST BPDU Transmitted 0
MST BPDU Received 0
prtlndA#
Figure 9.4 Sample Output: show channel 1 lacp
bstnA# show channel 1 lacp
Channel ID : 1
LACP : Passive
Time since last state change : 13:32:38 05/20/2008
LACP Channel Parameters :
Local Peer
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Admin Key: 86
Oper Key: 86 Oper Key: 86
System Priority: 100 System Priority: 32768
System ID: 00:0a:49:17:70:40 System ID: 00:0a:49:17:72:40
LACP Port Parameters:
Local Peer
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Slot/Port: 2/7
Admin Status:* A,T,a
CLI Reference
9 - 49
Chapter 9
Layer 2
Oper State: * A,T,a,S,C,D Oper State: * A,T,a,S,C,D
Admin Key: 86
Oper Key: 86 Oper Key: 86
Port Priority: 100 Port Priority: 0
Slot/Port: 2/8
Admin Status:* A,T,a
Oper State: * A,T,a,S,C,D Oper State: * A,T,a,S,C,D
Admin Key: 86
Oper Key: 86 Oper Key: 86
Port Priority: 100 Port Priority: 0
Slot/Port: 2/9
Admin Status:* A,T,a
Oper State: * A,T,a,S,C,D Oper State: * A,T,a,S,C,D
Admin Key: 86
Oper Key: 86 Oper Key: 86
Port Priority: 100 Port Priority: 0
Slot/Port: 2/10
Admin Status:* A,T,a
Oper State: * A,T,a,S,C,D Oper State: * A,T,a,S,C,D
Admin Key: 86
Oper Key: 86 Oper Key: 86
Port Priority: 100 Port Priority: 0
* A ‐ Active, a ‐ Aggregating, C ‐ Collecting, D ‐ Distributing,
d ‐ Defaulted, E ‐ Expired, L ‐ Long Timeout, P ‐ Passive,
T ‐ Short Timeout, S ‐ Synchronizing
9 - 50
show channel ... stats
show channel ... stats
Purpose
Mode
Security Role(s)
Syntax
A channel is a group of Ethernet ports aggregated into a single flow, as specified in
IEEE 802.3ad. Use the show channel ... stats command to show traffic statistics for
one channel.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show channel channel‐id [lacp] stats
channel-id (1-8) identifies the channel to show.
lacp (optional) focuses the output on the Link Aggregation Control Protocol (LACP)
statistics for the channel.
stats is a required keyword.
Valid Platforms
Guidelines
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
This command shows traffic statistics or Link Aggregation Control Protocol (LACP)
statistics for a given channel. The sections below describe the two outputs from this
command.
For configuration information about the channel, use show channel. To clear the
channel statistics in the default output, use clear counters channel. To clear the
LACP statistics, use clear counters lacp.
Guidelines: Traffic
Statistics
If you omit the optional lacp keyword, the output focuses on frame counts for the
overall channel.
Channel Id identifies the channel.
The statistics are divided into three tables:
CLI Reference
–
Basic Ingress and Egress statistics (primarily packet counts and error
counts.)
–
Statistics for MIB values from RFC 1493.
–
Ethernet statistics.
9 - 51
Chapter 9
Layer 2
Guidelines: LACP
Statistics
If you use the lacp keyword, a table appears with LACP statistics. To enable LACP on
a channel, you use the lacp active command on the ARX-1500 or ARX-2500, or the
lacp passive command on other platforms that support channels.
Each table has a separate row for every member port in the channel, with the following
columns:
S/P identifies the channel member in slot/port format.
LACP Packets are the numbers of Link Aggregation Control Protocol Data
Units (LACPDUs) transmitted from and received on this member port.
Marker Response counts the LACP-marker frames transmitted and received.
The LACP software sometimes injects marker frames to find the ends of one or
more frame “conversations.” A marker response frame from the peer indicates
that the conversation(s) is/are finished. Once the LACP software receives this
marker, it can migrate future conversations to another link in the channel. For
details on the Marker Protocol, see EEE802.3ad, Section 43.5.
Illegal is the number of illegal Slow-Protocol PDUs (see IEEE802.3ad, Section
43B.4) received on this member port.
Unknown is the number of unknown Slow-Protocol PDUs received on this
member port.
Samples
prtlndA# show channel 1 stats
shows the statistics for channel 1. See Figure 9.5 for sample output.
bstnB# show channel 1 lacp stats
shows the LACP statistics for channel 1 on a different switch. See Figure 9.6 on
page 9-53 for sample output.
Related Commands
show channel
clear counters lacp
clear counters channel
Figure 9.5 Sample Output: show channel 1 stats
prtlndA# show channel 1 stats
Channel Id : 1
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Ingress Egress
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Octets 1564310788 1906062907
Total Frames 3246593 3149307
Unicast Frames 3229634 3138606
Multicast Frames 9709 0
Broadcast Frames 7250 10701
PAUSE Frames 0 0
If Discards 0 0
If Errors 0 0
Int Mac Errors 0 0
If Unknown Protocol 0
Alignment Errors 0
CRC Errors 0
Single Collisions 0
Multiple Collisions 0
9 - 52
show channel ... stats
Late Collisions 0
Excessive Collisions 0
Frames Too Long 0
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
RFC 1493
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
TpPortDelayExceed 0
TpPortMTUExceed 0
TpPortInDis 0
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Ether Stats
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Packet Size:64 1229163
65‐127 1988693
128‐255 947001
256‐511 193302
512‐1023 49683
1024‐1518 1988058
1519‐2047 0
2048‐4095 0
4096‐9216 0
Multicast Packets 9709
Broadcast Packets 17951
Total Octets 3470373695
Good Oversize Frames 0
Drop Events 0
Total Discards 0
Undersize Packets 0
Fragments 0
Jabbers 0
Total Collisions 0
CRC+Alignment Errors 0
prtlndA#
Figure 9.6 Sample Output: show channel 1 lacp stats
bstnB# show channel 1 lacp stats
LACP Statistics:
S/P LACP Packets Marker Response Illegal Unknown
Tx Rx Tx Rx Rx Rx
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
2/7 1336 1315 0 0 0 0
2/8 1339 1317 0 0 0 0
2/9 1334 1313 0 0 0 0
2/10 1338 1318 0 0 0 0
CLI Reference
9 - 53
Chapter 9
Layer 2
show interface gigabit
Purpose
Mode
Security Role(s)
Syntax
Use the show interface gigabit command to show the configuration of one Gigabit
interface. Add the stats keyword to the end of the command to show the interface’s
traffic statistics.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show interface gigabit slot/port [stats]
slot/port (2/3-14 on ARX-4000; 1/1-4 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on
ARX-1500; 1/2 on ARX-500; 1/1 on ARX-VE) specifies the interface.
stats (optional) displays statistics for this interface.
Use the show interface summary command to locate slots and ports.
Guidelines
The default command shows a table of configuration settings.
The stats output is a table of counters, separated into Ingress and Egress counts. Use
the clear counters gigabit command to clear and restart the statistics count.
PAUSE Frames are notices to control traffic flow: the flowcontrol command
determines whether the interface sends or receives these.
These outputs are abbreviated for the ARX-VE platform. For example, on an ARX-VE
the output does not include any references to flow control or storm control, which are
managed at the hypervisor’s VNIC.
Samples
bstnA> show interface gigabit 2/6
shows the configuration for slot 2, port 6. See Figure 9.7 for sample output.
bstnA> show interface gigabit 2/6 stats
shows the statistics for the same slot and port. See Figure 9.8 on page 9-55 for
sample output.
stoweA> show interface gigabit 1/2
shows the configuration for port 1/2 on an ARX-2500. See Figure 9.9 on
page 9-56 for sample output.
stkbrgA# show interface gigabit 1/1 stats
shows the statistics for the only interface on an ARX-VE. As mentioned above,
the statistics are abbreviated on this chassis type. See Figure 9.9 on page 9-56
for sample output.
Related Commands
9 - 54
clear counters gigabit
show interface summary
show interface gigabit
Figure 9.7 Sample Output: show interface gigabit
bstnA> show interface gigabit 2/6
Slot 2
Interface 6
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Up
Speed 1 Gb/s
Duplex Full
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:92:37
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID
Accept Frames Admit All
Figure 9.8 Sample Output: show interface gigabit stats
bstnA> show interface gigabit 2/6 stats
Slot 2
Interface Id 6
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Ingress Egress
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Octets 730594224 648324230
Total Frames 1045187 1153090
Unicast Frames 1037623 1152780
Multicast Frames 2479 0
Broadcast Frames 25 5 310
PAUSE Frames 0 0
CRC Errors 0
Total Discards 0
Alignment Errors 0
Single Collisions 0
Multiple Collisions 0
Late Collisions 0
Excessive Collisions 0
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Ether Stats
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Packet Size:64 108120
65‐127 26871
128‐255 1224687
256‐511 42220
512‐1023 104267
1024‐1518 692112
> 1519 0
Total Collisions 0
CLI Reference
9 - 55
Chapter 9
Layer 2
Figure 9.9 Sample Output: show interface gigabit on ARX-2500
stoweA> show interface gigabit 1/2
Slot 1
Interface 2
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Up
Speed 1 Gb/s
Duplex Full
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:90:fb:33:2e:1d
Accept Frames Admit All
Figure 9.10 Sample Output: show interface gigabit stats on ARX-VE
stkbrgA# show interface gigabit 1/1 stats
Slot 1
Interface Id 1
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Ingress Egress
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Octets 48624230 34815281
Total Frames 503544 302010
Unicast Frames 0 0
Multicast Frames 0 0
Broadcast Frames 0 0
CRC Errors 0
Total Discards 0
Alignment Errors 0
Single Collisions 0
Multiple Collisions 0
Late Collisions 0
Excessive Collisions 0
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Ether Stats
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Total Collisions 0
9 - 56
show interface ten-gigabit
show interface ten-gigabit
Purpose
Mode
Security Role(s)
Syntax
Use the show interface ten-gigabit command to show the configuration of one
ten-Gigabit interface. Add the stats keyword to the end of the command to show the
interface’s traffic statistics.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show interface ten‐gigabit slot/port [stats]
slot/port (2/1-2) specifies the interface. Use the show interface summary command
to locate all slots and ports.
stats (optional) displays statistics for this interface.
Valid Platforms
Guidelines
ARX-2500 and ARX-4000 only
The default command shows a table of configuration settings.
The stats output is a table of counters, separated into Ingress and Egress counts. Use
the clear counters ten-gigabit command to clear and restart the statistics count.
PAUSE Frames are notices to control traffic flow: the flowcontrol command
determines whether the interface sends or receives these.
Samples
bstnA(cfg)# show interface ten‐gigabit 2/2
shows the configuration for the ten-gigabit interface in slot 2, port 2. See
Figure 9.11 for sample output.
bstnA(cfg)# show interface ten‐gigabit 2/1 stats
shows the statistics for the interface at 2/1. See Figure 9.12 for sample output.
Related Commands
clear counters ten-gigabit
show interface summary
Figure 9.11 Sample Output: show interface ten-gigabit
bstnA(cfg)# show interface ten‐gigabit 2/2
Slot 2
Interface 2
Description Default
Type 10GBASE‐SR X2
Mode Normal
Admin State Enabled
Link Status Up
Speed 10 Gb/s
Duplex Full
Auto Negotiation(Admin) Disabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:92:33
Storm Control:Broadcast 1000 packets/sec
CLI Reference
9 - 57
Chapter 9
Layer 2
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 25 Accept Frames Admit All
Figure 9.12 Sample Output: show interface ten-gigabit stats
bstnA(cfg)# show interface ten‐gigabit 2/1 stats
Slot 2
Interface Id 1
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Ingress Egress
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Octets 0 0
Total Frames 0 0
Unicast Frames 0 0
Multicast Frames 0 0
Broadcast Frames 0 0
PAUSE Frames 0 0
CRC Errors 0
Total Discards 0
Alignment Errors 0
Single Collisions 0
Multiple Collisions 0
Late Collisions 0
Excessive Collisions 0
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Ether Stats
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Packet Size:64 0
65‐127 0
128‐255 0
256‐511 0
512‐1023 0
1024‐1518 0
> 1519 0
Total Collisions 0
9 - 58
show load-balancing
show load-balancing
Purpose
Mode
Security Role(s)
Syntax
A channel is a group of Ethernet ports aggregated into a single flow, as specified in
IEEE 802.3ad. Each channel uses a hash algorithm to balance the traffic load between
its member ports; for each packet, the hash uses some combination of the source and
destination IPs to choose a port. Use show load-balancing to show which port is used
for a given source and destination IP.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show load‐balancing source‐ip src destination‐ip dest channel chnl‐id
src is the source-IP address.
dest is the destination-IP address.
chnl-id (1-8) identifies the channel.
Valid Platforms
Guidelines
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
Use the load-balance command to change the algorithm for load-balancing a channel.
Use this command to test the channel’s current hash.
The output shows the Slot Id and Interface (port) that would be chosen for the source
and destination IP that you provided.
Sample
prtlndA# show load‐balancing source‐ip 172.16.100.98 destination‐ip 192.168.25.23 channel 1
shows the port that channel 1 uses for a packet with the given source and
destination IPs. See Figure 9.13 for sample output.
Related Commands
load-balance
Figure 9.13 Sample Output: show load-balancing
prtlndA# show load‐balancing source‐ip 172.16.100.98 destination‐ip 192.168.25.23 channel 1
Report for source‐ip 172.16.100.98 and destination Ip 192.168.25.23
Channel Id :1
Slot Id :4
Interface :2
CLI Reference
9 - 59
Chapter 9
Layer 2
show mac-address-table
Purpose
Mode
Security Role(s)
Syntax
Valid Platforms
Guidelines
Use the show mac-address-table command for a list of MAC addresses used by the
ARX.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show mac‐address‐table
ARX-2000 and ARX-4000
Slot and
Port show the port where the MAC address is used.
MAC Address is address.
VLAN ID is the VLAN for this MAC, if any.
Channel ID is the 802.3ad channel for this MAC, if any.
Mode is the method by which the MAC was added to the table:
Related Commands
•
Learned is an address learned from a neighboring bridge.
•
Management is one of two addresses:
–
an address associated with the out-of-band interface (refer to the
documentation for interface mgmt), or
–
the management address advertised through the spanning-tree protocol
(spanning-tree).
•
Inband is associated with an in-band (VLAN) management interface, created
with the interface vlan command.
•
Self is an internally-assigned address.
show chassis
interface mgmt
interface vlan
Figure 9.14 Sample Output: show mac-address-table
bstnA> show mac‐address‐table
Slot Port MAC Address VLAN ID Channel ID Mode
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
00:0a:49:17:78:ff 25 Inband
00:0a:49:17:78:fe 25 Inband
00:0a:49:17:78:40 1 Management
2 5 00:01:e8:5e:ea:1f 25 Learned
2 5 00:0a:49:17:74:c0 25 Learned
2 5 00:0a:49:17:74:ff 25 Learned
2 5 00:0a:49:17:7c:c0 25 Learned
2 5 00:0a:49:17:7c:ff 25 Learned
2 5 00:0a:49:17:80:c0 25 Learned
2 5 00:0a:49:17:80:ff 25 Learned
2 5 00:0a:49:17:81:c0 25 Learned
2 5 00:0a:49:17:81:ff 25 Learned
9 - 60
show mac-address-table
2 5 00:0a:49:17:86:c0 25 Learned
2 5 00:0a:49:17:86:ff 25 Learned
2 5 00:0a:49:17:8c:c0 25 Learned
2 5 00:0a:49:17:8c:ff 25 Learned
2 5 00:0a:49:17:92:ff 25 Learned
2 5 00:0a:49:17:a1:ff 25 Learned
2 5 00:0a:49:17:aa:ff 25 Learned
2 5 00:0a:49:17:af:c0 25 Learned
...
2 6 00:0a:49:17:cb:fe 25 Learned
2 6 00:0d:ec:d0:10:1b 25 Learned
2 6 00:1e:2a:3b:9f:a7 25 Learned
CLI Reference
9 - 61
Chapter 9
Layer 2
show mac-address-table summary
Purpose
Mode
Security Role(s)
Syntax
Valid Platforms
Guidelines
Use the show mac-address-table summary command for a high-level view of the
MAC-address table.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show mac‐address‐table summary
ARX-2000 and ARX-4000
Mac Address Learning Mode is always IVL.
MAC Address High Count and:
Active MAC Addresses in FDB are counts of addresses in the Forwarding DataBase
(FDB), the table that holds all MAC addresses.
Maximum MAC Address Supported is fixed at 12,000.
Configured Aging Time is the maximum time a learned MAC address is kept in the
FDB without any updates; if a MAC address is not re-learned for this many seconds, it
is deleted. Use the mac-address aging-time command to set the aging time.
Use the show mac-address-table command to see all the MAC addresses in the
FDB.
Related Commands
mac-address aging-time
show mac-address-table
Figure 9.15 Sample Output: show mac-address-table summary
bstnA> show mac‐address‐table summary
Mac Address Learning Mode IVL (Independent Vlan Learning)
MAC Address High Count 183
Active MAC Addresses in FDB 183
Maximum MAC Addresses Supported 12000
Configured Aging Time 300 secs
9 - 62
show redundancy network
show redundancy network
Purpose
Mode
Security Role(s)
Syntax
Valid Platforms
Guidelines
Use the show redundancy network command to show the layer-2 status of the
redundant-pair link.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy network
ARX-2000 and ARX-4000
This command shows an error unless at least one port has the redundancy protocol
setting, or one channel has ports added with the redundancy protocol (cfg-channel)
command.
Network is “Client,” “Server,” “Private,” or “Metalog.” The redundant-pair link
carries the Private and Metalog networks between the redundant peers.
VLAN is the VLAN number for this port. This does not appear on the ARX-500.
Port(s) are in slot/port format (for example, 2/9).
Admin State is “Enabled” or “Disabled.” You can set this with the no shutdown
(cfg-if-gig) or the no shutdown (cfg-if-ten-gig) command.
Link Status is “Up” or “Down:” this is the link’s operational state.
Spanning-Tree Status is “Discard,” “Learning,” “Forward,” “Disabled,”
“Manual Forwarding,” or “Not Participating.” This is the port’s current role in the
spanning tree.
The Link Transitions table tracks any and all state/status transitions for
redundancy-related ports:
Count is the total number of transitions. Use the clear counters redundancy
network command to clear this counter.
Last is the date and time of the last transition.
Reason explains the nature and cause of the last transition.
Last Cleared is the last time someone used the clear counters redundancy
network command.
Related Commands
clear counters redundancy network
Figure 9.16 Sample Output: show redundancy network
prtlndA# show redundancy network
Network VLAN Port(s) Admin Link Spanning‐Tree
State Status Status
‐‐‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
External 1 1/1 Enabled Down Disabled
External 1 1/2 Enabled Down Disabled
External 1 1/3 Enabled Down Disabled
External 1 1/4 Enabled Down Disabled
External 1 1/5 Enabled Up Manual Forwarding
CLI Reference
9 - 63
Chapter 9
Layer 2
External 1 1/6 Enabled Up Manual Forwarding
External 1 1/7 Disabled Down Disabled
External 1 1/8 Disabled Down Disabled
External 1 1/9 Disabled Down Disabled
External 1 1/10 Disabled Down Disabled
External 1 1/11 Disabled Down Disabled
External 74 1/5 Enabled Up Manual Forwarding
External 74 1/6 Enabled Up Manual Forwarding
Private 1008 1/12 Enabled Up Manual Forwarding
Metalog 1009 1/12 Enabled Up Manual Forwarding
Link Transitions:
Count: 3
Last: 07:38:58 03/05/2010
Reason: Port 1/5 link up
Last Cleared: Never
9 - 64
show spanning-tree detailed
show spanning-tree detailed
Purpose
Mode
Security Role(s)
Syntax
Valid Platforms
Guidelines
Use the show spanning-tree detailed command for a detailed view of the
spanning-tree configuration.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show spanning‐tree detailed
ARX-2000 and ARX-4000
This command shows detailed spanning-tree configuration parameters along with
some BPDU traffic statistics.
Use the show spanning-tree summary command to show a summary of this data.
Related Commands
spanning-tree
show spanning-tree summary
Figure 9.17 Sample Output: show spanning-tree detailed
bstnA(cfg)# show spanning‐tree detailed
Bridge is Executing the IEEE compatible IEEE_Dot1d Spanning Tree protocol
Switch STP Admin State Disabled
Bridge Priority 61440
Bridge Address 00:0a:49:17:78:40
Bridge Max Age 20 sec
Bridge Hello Time 2 sec
Bridge Forward Delay 15 sec
Bridge Hold Time 3 sec
Designated Root: Priority 240
Address 00:0a:49:17:78:40
Root Path Cost 0
Root Port Max Age 20
Root Port Fwd Delay 15
Time Since Topology Change 2719 sec
Topology Change Count 0
Topology Change 0
Slot/ Spanning Tree Port BPDU Packets
Port Forwarding Admin Path Cost Type Rx Tx
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
2/5 Manual Forward Disabled 20000 gbe 0 0
2/6 Manual Forward Disabled 20000 gbe 0 0
CLI Reference
9 - 65
Chapter 9
Layer 2
show spanning-tree interface
Purpose
Mode
Security Role(s)
Syntax
Use the show spanning-tree interface command to show the spanning-tree
configuration for a particular port.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show spanning‐tree interface slot/port
slot/port (2/1-14 on ARX-4000 or 1/1-12 on ARX-2000) is the slot and port number.
Use the show interface summary command to show all ports in all slots.
Valid Platforms
Guidelines
Related Commands
ARX-2000 and ARX-4000
This command shows the spanning-tree configuration parameters, the port’s role in the
spanning-tree topology, and some port statistics.
spanning-tree
Figure 9.18 Sample Output: show spanning-tree interface
bstnA(cfg)# show spanning‐tree interface 2/3
Bridge is Executing the IEEE compatible Spanning Tree protocol
Slot 2
Interface 3
Port: SNMP ID 32785
STP ID 17
Priority 128
Forwarding State Disabled
STP State Disabled
Role N/A
Path cost 20000
Designated: SNMP Port ID 0
STP Port ID 0
Priority 0
Address 00:0a:49:17:78:40
Edge Port: Admin Status Configured
Operational Status Operational
Point to Point Mac Status Auto
Topology Change Ack 0
Port Up Time 2719 sec
STP BPDU Transmitted 0
STP BPDU Received 0
RST BPDU Transmitted 0
RST BPDU Received 0
MST BPDU Transmitted 0
MST BPDU Received 0
9 - 66
show spanning-tree summary
show spanning-tree summary
Purpose
Mode
Security Role(s)
Syntax
Valid Platforms
Guidelines
Sample
Use the show spanning-tree summary command to show high-level information
about the spanning-tree configuration.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show spanning‐tree summary
ARX-2000 and ARX-4000
Use the show spanning-tree detailed command to show details.
bstnA(cfg)# show spanning‐tree summary
Spanning Tree Admin State is Enabled
Configuration: Protocol : IEEE_Dot1w
Revision Level : 0
Format Selector : 0
Default : Name : 00‐0A‐49‐00‐13‐02
Total MST Instances Created : 0
Related Commands
CLI Reference
spanning-tree
show spanning-tree detailed
9 - 67
Chapter 9
Layer 2
show vlan
Purpose
Mode
Security Role(s)
Syntax
Use the show vlan command to show the configuration of one VLAN.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show vlan vlanId
vlanId (1-4009) identifies the VLAN to display.
Guidelines
Information from the show vlan command includes:
Vlan Id identifies the VLAN.
Description is set by the description (cfg-vlan) command.
Frame/MTU is the Ethernet packet size: Use jumbo mtu to change this.
Members S/P lists the ports in this VLAN. Use the members (cfg-vlan) or tag
command to add members to the VLAN.
Non-Members (Blocked) S/P lists any ports identified as non-members with the no
members command.
Tag S/P lists the ports set to tag outgoing packets with a VLAN ID. Use the tag
command to enable tagging for one or more ports.
Use the show vlan summary command to list all configured VLANs.
Valid Platforms
Samples
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
bstnA# show vlan 1
shows the configuration for VLAN 1. Figure 9.19 shows sample output.
stoweA# show vlan 1
shows the configuration for VLAN 1 on an ARX-2500 named “stoweA.”
Figure 9.20 on page 9-69 shows sample output.
Related Commands
show vlan summary
description (cfg-vlan)
members (cfg-vlan)
tag
Figure 9.19 Sample Output: show vlan
bstnA# show vlan 1
Vlan Id : 1
Description : Default VLAN.
Frame/MTU : Standard
Members Non‐Members Tag
(Blocked)
S/P S/P S/P
9 - 68
show vlan
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2/1 N/A N/A
2/2 N/A N/A
2/3 N/A N/A
2/4 N/A N/A
2/5 N/A N/A
2/6 N/A N/A
2/7 N/A N/A
2/8 N/A N/A
2/9 N/A N/A
2/10 N/A N/A
2/11 N/A N/A
2/12 N/A N/A
2/13 N/A N/A
2/14 N/A N/A
Figure 9.20 Sample Output: show vlan (ARX-2500)
stoweA# show vlan 1
Vlan Id : 1
Description : Default VLAN.
Frame/MTU : Standard
Members Non‐Members Tag
(Blocked)
S/P S/P S/P
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1/1 N/A N/A
1/2 N/A N/A
1/3 N/A N/A
1/4 N/A N/A
CLI Reference
9 - 69
Chapter 9
Layer 2
show vlan summary
Purpose
Mode
Security Role(s)
Syntax
Valid Platforms
Guidelines
Use the show vlan summary command to list all configured VLANs.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show vlan summary
any except ARX-VE
The sample output shows a table of configured VLANs:
Vlan ID identifies each VLAN.
Usage is: ‘External’ for VLANs used outside the box, ‘Internal’ for private VLANs
inside the box, ‘Private’ for internal communications and communications with
redundant peers, and ‘Metalog’ for metadata exchange between redundant peers.
Channel is set by assigning a channel to this VLAN (with vlan (cfg-channel) or
vlan-tag). This is “N/A” if not set.
Frame/MTU is the packet size, set by jumbo mtu.
Description is set by the description (cfg-vlan) command.
Use the show vlan command to show details about a VLAN.
Sample
bstnA# show vlan summary
Total VLANs Configured: 5
VLAN ID Usage Channel Frame/MTU Description
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 External N/A Standard Default VLAN.
25 External N/A Standard personnel dept.
1010 Private N/A Standard Private Subnet VLAN.
1011 Metalog N/A Standard Private Metalog VLAN.
Related Commands
9 - 70
description (cfg-vlan)
show vlan
shutdown (cfg-channel)
shutdown (cfg-channel)
Purpose
A channel is a group of aggregated Ethernet ports (IEEE 802.3ad). From cfg-channel
mode, use the shutdown command to stop traffic on the current channel.
Use no shutdown to restart traffic on the channel.
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
cfg-channel
network-engineer or crypto-officer
shutdown
no shutdown
no shutdown: link aggregation is enabled on a new channel by default.
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
If this channel is used as a redundant-pair link (see redundancy protocol
(cfg-channel)) and redundancy is enabled (enable (cfg-redundancy)), this
command causes the standby peer to reboot. The reboot does not disrupt any storage
services, but the ARX peers cannot function as a redundant pair while the link is shut
down. Additionally, a quorum-disk failure or disconnection would cause the active
peer to reboot, too. If you proceed with shutting down the link, you should establish a
new one as soon as possible: use the redundancy protocol or redundancy protocol
(cfg-channel) command on another port or channel to establish a new redundant-pair
link.
The CLI prompts for confirmation before shutting down a redundant-pair link; enter
yes to proceed with the interface shutdown and the reboot.
Samples
bstnA(cfg‐channel[4])# shutdown
shuts down channel 4.
bstnA(cfg‐channel[6])# no shutdown
restarts channel 6.
Related Commands
CLI Reference
channel
redundancy protocol (cfg-channel)
9 - 71
Chapter 9
Layer 2
shutdown (cfg-if-gig)
Purpose
Use no shutdown to start traffic on the current port.
Use the shutdown command to stop the port.
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
cfg-if-gig
network-engineer or crypto-officer
shutdown
no shutdown
shutdown
You cannot use this command on a channel member; use the shutdown
(cfg-channel) command to stop traffic on the channel.
The ARX-1500 and ARX-2500 allow only a single logical interface (port or channel)
to carry any given VLAN. That is, any VLAN can only be assigned to one port or
channel (interface gigabit, interface ten-gigabit, or channel). The CLI therefore
prevents a no shutdown for any port on those chassis types if it carries a VLAN that
is already assigned to an active channel or another active port. The CLI returns an
error in this case, displaying the VLAN that has the conflict along with the active
port(s) that already carry the VLAN. You can use show vlan n to see the port or
channel that carries VLAN n.
Guidelines: Shutting
Down the
Redundant-Pair Link
If this interface is the only one used as a redundant-pair link (through redundancy
protocol or redundancy (cfg-if-vlan)) and redundancy is enabled (enable
(cfg-redundancy)), this command causes the standby peer to reboot. The reboot does
not disrupt any storage services, but the ARX peers cannot function as a redundant
pair while the link is shut down. Additionally, a quorum-disk failure or disconnection
would cause the active peer to reboot, too. If you proceed with shutting down the link,
you should establish a new one as soon as possible: use the redundancy protocol or
redundancy protocol (cfg-channel) command on another port or channel to
establish a new redundant-pair link.
The CLI prompts for confirmation before shutting down a redundant-pair link; enter
yes to proceed with the interface shutdown and the reboot.
Samples
bstnA(cfg‐if‐gig[2/4])# shutdown
shuts down the current port, 2/4.
bstnA(cfg‐if‐gig[2/4])# no shutdown
restarts the same port.
Related Commands
9 - 72
interface gigabit
shutdown (cfg-channel)
redundancy protocol
redundancy (cfg-if-vlan)
shutdown (cfg-if-ten-gig)
shutdown (cfg-if-ten-gig)
Purpose
Use no shutdown to start traffic on the current ten-gigabit port.
Use the shutdown command to stop the port.
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
cfg-if-ten-gig
network-engineer or crypto-officer
shutdown
no shutdown
shutdown
ARX-2500 and ARX-4000 only
You cannot use this command on a channel member; use the shutdown
(cfg-channel) command to stop traffic on the channel.
The ARX-2500 allows only a single logical interface (port or channel) to carry any
given VLAN. That is, any VLAN can only be assigned to one port or channel
(interface gigabit, interface ten-gigabit, or channel). The CLI therefore prevents a
no shutdown for any port on those chassis types if it carries a VLAN that is already
assigned to an active channel or another active port. The CLI returns an error in this
case, displaying the VLAN that has the conflict along with the active port(s) that
already carry the VLAN. You can use show vlan n to see the port or channel that
carries VLAN n.
Guidelines: Shutting
Down the
Redundant-Pair Link
If this interface is used as a redundant-pair link (see redundancy protocol) and
redundancy is enabled (enable (cfg-redundancy)), this command causes the standby
peer to reboot. The reboot does not disrupt any storage services, but the ARX peers
cannot function as a redundant pair while the link is shut down. Additionally, a
quorum-disk failure or disconnection would cause the active peer to reboot, too. If you
proceed with shutting down the link, you should establish a new one as soon as
possible: use the redundancy protocol or redundancy protocol (cfg-channel)
command on another port or channel to establish a new redundant-pair link.
The CLI prompts for confirmation before shutting down a redundant-pair link; enter
yes to proceed with the interface shutdown and the reboot.
Samples
bstnA(cfg‐if‐ten‐gig[2/1])# shutdown
shuts down the current ten-gigabit port, 2/1.
bstnA(cfg‐if‐ten‐gig[2/1])# no shutdown
restarts the same port.
Related Commands
CLI Reference
interface ten-gigabit
shutdown (cfg-channel)
redundancy protocol
9 - 73
Chapter 9
Layer 2
shutdown (cfg-stp)
Purpose
From cfg-stp mode, use the shutdown command to stop all spanning-tree processing.
Use no shutdown to restart spanning tree.
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
cfg-stp
network-engineer or crypto-officer
shutdown
no shutdown
shutdown: spanning tree is disabled (along with switch forwarding; see below) by
default.
ARX-2000 and ARX-4000
Before you can run no shutdown to start spanning-tree processing, you must use the
switch-forwarding enable command. This permits the ARX to forward packets from
one client/server port to another. By default, the ARX behaves as an end station rather
than a bridge. The switch-forwarding enable command runs no shutdown as a
side-effect; conversely, no switch-forwarding enable runs shutdown as a
side-effect.
If you shut down spanning tree, neighboring bridges must adjust the spanning-tree
topology as though the ARX had been removed from the network.
Important
Spanning tree is activated along with switch forwarding to protect
against possible network loops. You have the option to disable spanning
tree while switch forwarding is active (using this command), but this is
dangerous. Do not disable spanning tree unless you are confident that
the ARX cannot create a loop.
Samples
bstnA(cfg‐stp)# shutdown
shuts down spanning tree.
bstnA(cfg‐stp)# no shutdown
restarts the spanning tree.
Related Commands
9 - 74
spanning-tree
switch-forwarding enable
spanning-tree
spanning-tree
Purpose
The Spanning-Tree Protocol (STP) creates a loop-free topology in bridged networks.
Use the spanning-tree command to configure the spanning-tree parameters on the
ARX.
Use the no form of this command to revert the spanning-tree parameters back to their
defaults.
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
cfg
network-engineer or crypto-officer
spanning‐tree
no spanning‐tree
None
ARX-2000 and ARX-4000
The Spanning-Tree protocol is defined in IEEE 802.1D.
Before the ARX can use STP, you must use the switch-forwarding enable command.
This permits the ARX to forward packets from one client/server port to another. By
default, the ARX behaves as an end station rather than a bridge.
The spanning-tree command puts you into cfg-stp mode, where you must set the
protocol (STP or Rapid STP) with the protocol (cfg-stp) command. There are several
spanning-tree options you can set from cfg-stp mode, and there are some port-level
options you can set from cfg-if-gig mode; see Related Commands, below.
The no form of the command resets all global parameters to their respective defaults.
The global parameters are the protocol, bridge Priority, Hello Time, Max Age, and
Forward Delay.
Samples
bstnA(cfg)# spanning‐tree
bstnA(cfg‐stp)# enters cfg-stp mode.
bstnA(cfg)# no spanning‐tree
bstnA(cfg)# sets all global spanning-tree parameters to their default values.
CLI Reference
9 - 75
Chapter 9
Layer 2
Related Commands
switch-forwarding enable
protocol (cfg-stp)
Cfg-stp commands for setting global 802.1D parameters:
priority (cfg-stp)
hello-time
max-age
forward-delay
A cfg-if-gig command to identify each RSTP Edge Port:
spanning-tree edgeport
Cfg-if-gig commands for setting Port Cost and Port Priority:
spanning-tree cost
spanning-tree priority
Show commands:
show spanning-tree summary
show spanning-tree detailed
show spanning-tree interface
9 - 76
spanning-tree cost
spanning-tree cost
Purpose
IEEE 802.1D defines Port Cost as the relative cost to relay a frame to the root bridge.
A lower cost is preferred. The port with the lowest cost is the root port for the ARX.
Neighboring bridges compare the Port Costs of spanning-tree ports to designate one of
them for their traffic. Use the spanning-tree cost command to set the Port Cost for
the current port.
Use no spanning-tree cost to reset the Port Cost to the default.
Mode
Security Role(s)
Syntax
cfg-if-gig
network-engineer or crypto-officer
spanning‐tree cost port‐cost
no spanning‐tree cost
port-cost (1-200,000) is the Port Cost.
Default(s)
Valid Platforms
Guidelines
20,000
ARX-2000 and ARX-4000
The Spanning-Tree protocol is defined in IEEE 802.1D.
This influences the election of a designated port by neighboring bridges. For
installations with multiple ports on the same LAN segment, set the Port Cost lower for
the fastest ports.
Use the spanning-tree priority command to set the Port Priority.
Samples
bstnA(cfg‐if‐gig[2/4])# spanning‐tree cost 1
sets the lowest-possible Port Cost for port 2/4. This port will be the root port for
the ARX. If the port is connected to upstream bridges in the tree, it will likely be
designated by those bridges, too.
bstnA(cfg‐if‐gig[2/5])# no spanning‐tree cost
reverts port 2/5 to the default Port Cost.
Related Commands
CLI Reference
interface gigabit
spanning-tree priority
9 - 77
Chapter 9
Layer 2
spanning-tree edgeport
Purpose
Rapid Spanning Tree Protocol (RSTP) defines an Edge Port as a port that connects to
only one other port, as opposed to several ports on a LAN segment. This applies to
RSTP and MSTP configurations only. Use the spanning-tree edgeport command to
declare that the current port is an Edge Port.
Use the no form to declare that the current port is not an Edge Port.
Mode
cfg-if-gig
Security Role(s)
network-engineer or crypto-officer
Syntax
spanning‐tree edgeport
no spanning‐tree edgeport
Default(s)
Valid Platforms
Guidelines
no; new ports are not Edge Ports by default.
ARX-2000 and ARX-4000
The Spanning-Tree protocol is defined in IEEE 802.1D. RSTP is defined in IEEE
802.1w.
Whenever there is a spanning-tree topology change, RSTP updates its Edge Ports
faster than the others. Edge ports cannot possibly create bridge loops, so RSTP can
move an Edge Port from discarding state directly to forwarding state, skipping the
learning state.
Samples
bstnA(cfg‐if‐gig[2/4])# spanning‐tree edgeport
sets port 2/4 as an Edge Port. In the event of a spanning-tree topology change, this
port will convert to the new topology immediately.
bstnA(cfg‐if‐gig[2/6])# no spanning‐tree edgeport
designates port 2/6 as one that connects to multiple ports.
Related Commands
9 - 78
interface gigabit
spanning-tree priority
spanning-tree priority
Purpose
IEEE 802.1D defines Port Priority as the relative priority between ports with equal
Port Costs. Neighboring bridges compare the Port Costs of spanning-tree ports to
designate one of them for their traffic; if two or more Port Costs are the same, the
protocol uses the Port Priority to break the tie. A lower number represents a higher
priority. Use the spanning-tree priority command to set the Port Priority for the
current port.
Use no spanning-tree cost to reset the Port Priority to the default.
Mode
Security Role(s)
Syntax
cfg-if-gig
network-engineer or crypto-officer
spanning‐tree priority port‐priority
no spanning‐tree priority
port-priority (0-240) is the Port Priority. 0 (zero) is the highest priority, 240 is the
lowest.
Default(s)
Valid Platforms
Guidelines
128
ARX-2000 and ARX-4000
The Spanning-Tree protocol is defined in IEEE 802.1D.
This influences the election of a designated port by neighboring bridges. For
installations with multiple ports on the same LAN segment, set the Port Priority higher
(that is, to a lower number) for the ports that you want to be designated by their
neighbors.
Use the spanning-tree cost command to set the Port Cost, which has a greater
influence on the election of designated ports.
Samples
bstnA(cfg‐if‐gig[2/3])# spanning‐tree priority 0
sets the lowest-possible Port Priority for port 3.
bstnA(cfg‐if‐gig[2/4])# no spanning‐tree priority
reverts port 2/4 to the default Port Cost.
Related Commands
CLI Reference
interface gigabit
spanning-tree cost
9 - 79
Chapter 9
Layer 2
spanning-tree shutdown
Purpose
You can shut down spanning-tree processing on an individual port, thus removing the
port from the spanning-tree topology. This stops the port from relaying frames from
one LAN segment to another. You can also shutdown spanning tree for an aggregated
channel. Use the spanning-tree shutdown command to shut down spanning tree at
the current port or channel.
Use no spanning-tree shutdown to put the current port back into the spanning tree.
Modes
cfg-if-gig
cfg-if-ten-gig
cfg-channel
Security Role(s)
network-engineer or crypto-officer
Syntax
spanning‐tree shutdown
no spanning‐tree shutdown
Default(s)
All ports and channels are part of the spanning tree by default.
Valid Platforms
In cfg-if-gig mode or cfg-channel: ARX-2000 and ARX-4000.
In cfg-if-ten-gig mode, ARX-4000 only.
Guidelines
The Spanning-Tree protocol is defined in IEEE 802.1D.
Use the spanning-tree command to configure spanning-tree on the ARX.
You cannot use this command on a port or channel used in a redundant-pair link (see
the documentation for the redundancy protocol and redundancy protocol
(cfg-channel) commands).
The ARX must be allowed to forward packets (with the switch-forwarding enable
command) before you can use this command to enable spanning tree.
Samples
bstnA(cfg‐if‐gig[2/3])# spanning‐tree shutdown
removes port 2/3 from the spanning tree.
bstnA(cfg‐channel[1])# spanning‐tree shutdown
removes channel 1 from the spanning tree.
bstnA(cfg‐if‐gig[2/3])# no spanning‐tree shutdown
returns port 2/3 to the spanning tree.
bstnA(cfg‐if‐ten‐gig[2/2])# spanning‐tree shutdown
removes port 2/2, a ten-gigabit port, from the spanning tree.
Related Commands
9 - 80
interface gigabit
interface ten-gigabit
channel
spanning-tree
switch-forwarding enable
speed (cfg-if-gig)
speed (cfg-if-gig)
Purpose
Mode
Security Role(s)
Syntax
From cfg-if-gig mode, use the speed command to set the speed, line-type, and duplex
configuration on a specified gigabit port.
cfg-if-gig
network-engineer or crypto-officer
speed {auto | 100‐tx‐half | 100‐tx‐full | 100‐fx‐full | 1000‐full }
auto | 100-tx-half | 100-tx-full | 100-fx-full | 1000-full is a required choice:
auto makes the port auto-negotiate with its peer.
100-tx-half is fast Ethernet, 100 megabits per second (mbps), half-duplex.
100-tx-full is fast Ethernet, 100 mbps, full duplex.
100-fx-full is fiber Ethernet, 100 mbps, full duplex.
1000-full is fiber or copper Ethernet, 1000 mbps, full duplex.
Default(s)
Valid Platforms
Guidelines
auto
ARX-500, ARX-1500, ARX-2000, ARX-2500, and ARX-4000
ARX Gigabit Ethernet ports support automatic MDI/MDIX cross-over. This feature
automatically corrects the polarity of the attached CAT5 cable, regardless if it is a
cross-over or straight-through type.
The speed must be set manually (not to auto) for the port to be a member of a channel
(see the channel command).
Sample
bstnA(cfg‐if‐gig[2/5])# speed 100‐fx‐full
For the interface at slot 2, port 5, sets the speed to 100 mbps, the line type to fiber
Ethernet, and the duplex configuration to full duplex.
Related Commands
CLI Reference
interface gigabit
show interface gigabit
9 - 81
Chapter 9
Layer 2
switch-forwarding enable
Purpose By default, the ARX does not forward packets between its client/server ports; it
behaves as an end station instead of a MAC bridge. Use the switch-forwarding enable
command to enable packet forwarding and start using the ARX’s bridging features.
Use the no form of this command to stop all packet forwarding.
Mode cfg
Security Role(s) network-engineer or crypto-officer
Syntax switch‐forwarding enable
no switch‐forwarding enable
Default(s)
Valid Platforms
disabled
ARX-2000 and ARX-4000
Guidelines If switch forwarding is disabled, you cannot enable the spanning-tree protocol. When
you enable switch forwarding with this command, spanning tree is enabled as a
side-effect. Conversely, when you disable switch forwarding then spanning tree is
disabled. The CLI warns you of these side-effects and prompts for confirmation; enter
yes to proceed.
Important
Spanning tree is enabled along with switch forwarding to protect against
possible network loops. You have the option to disable spanning tree
while switch forwarding is active (using shutdown (cfg-stp)), but this is
dangerous. Do not disable spanning tree unless you are confident that the
ARX cannot create a loop.
Use the show version command to see the current setting for this ARX.
Samples bstnA(cfg)# switch‐forwarding enable
Warning: Enable switch forwarding between all Ethernet Interfaces?
This will also enable the Spanning Tree Protocol. [yes/no] yes
bstnA(cfg)# enables switch forwarding and spanning tree. This ARX can now behave as a
MAC bridge.
bstnA(cfg)# no switch‐forwarding enable
Warning: Disable switch forwarding between all Ethernet Interfaces?
This will also disable the Spanning Tree Protocol. [yes/no] yes
bstnA(cfg)# returns the “bstnA” switch to its default status. It no longer forwards packets from
one client/server port to another.
Related Commands spanning-tree
show version
9 - 82
tag
tag
Purpose
A port with VLAN tagging enabled adds the VLAN ID (VID) to outbound frames, and
only accepts ingress packets that are specifically tagged for the current VLAN. This is
required to support multiple external VLANs. Use the tag command to add a single
tag-enabled port or a range of tag-enabled ports to the current VLAN.
Use the no form of this command to disable tagging on a port(s).
Mode
Security Role(s)
Syntax
cfg-vlan
network-engineer or crypto-officer
tag slot/port [to slot/port ]
no tag slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-4 or 2/1-2 on ARX-2500; 1/1-12 on ARX-2000;
1/1-8 on ARX-1500) is a single port or the first port in a range of ports.
to slot/port (optional) is the last port in a range of ports. You cannot use this option on
the ARX-2500 or ARX-1500, which allow only a single port to carry each VLAN.
Use the show interface summary command to locate all slots and ports.
Default(s)
Valid Platforms
Guidelines
None
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
IEEE 802.1Q defines VLANs.
If you select ports that were already configured as members of the VLAN, this
command simply enables tagging on the selected ports. This means that incoming
packets on those ports are not accepted as part of the current VLAN unless they are
explicitly tagged with the VLAN’s ID.
Use the members (cfg-vlan) command to add ports with tagging disabled.
A port can be a member of multiple VLANs, as long as each port is tagged for the
VLANs. Use vlan to go into cfg-vlan mode for a VLAN, then use tag slot/port ... to
tag some ports for that VLAN. You can repeat this for multiple VLANs, tagging the
same set of ports for each.
To assign a channel to the VLAN with tagging enabled, use the vlan-tag command.
On the ARX-1500 and the ARX-2500, only a single port (interface gigabit or
interface ten-gigabit) or channel can carry any given VLAN. That is, if you use this
command to tag a port with a particular VLAN ID, you cannot tag any other port or
channel with the same VLAN ID. This includes VLAN 1; if multiple channels or ports
default to VLAN 1, all but one of them must be disabled (with shutdown (cfg-if-gig),
shutdown (cfg-if-ten-gig), or shutdown (cfg-channel)).
CLI Reference
9 - 83
Chapter 9
Layer 2
Guidelines: Removing
the Last Port from the
Redundancy Link
In the following circumstances, the no tag command causes the backup ARX peer to
reboot:
•
the interface vlan command establishes an in-band (VLAN) management
address for this VLAN,
•
the redundancy (cfg-if-vlan) command establishes the above management
address as the local end of the redundancy link,
•
redundancy is active between the ARX peers, and
•
the no tag command is removing the last port(s) from the VLAN.
The reboot does not disrupt any storage services, but the ARX peers cannot function as
a redundant pair while the link is shut down. Additionally, a quorum-disk failure or
disconnection would cause the active peer to reboot, too. If you proceed with shutting
down the link, you should establish a new one as soon as possible: use the
redundancy protocol, redundancy protocol (cfg-channel), or redundancy
(cfg-if-vlan) command on another port, channel, or VLAN interface to establish a new
redundant-pair link.
Samples
bstnA(cfg‐vlan[1])# tag 2/3 to 2/5
adds ports 2/3-2/5, tagging enabled, to VLAN 1.
bstnA(cfg‐vlan[1])# tag 2/6
adds port 2/6, tagging enabled, to VLAN 1.
bstnA(cfg‐vlan[2])# no tag 2/7
disables tagging for port 2/7, VLAN 2. The port will not tag any outbound frames
destined for a MAC on VLAN 2.
Related Commands
9 - 84
vlan
members (cfg-vlan)
trap shutdown
trap shutdown
Purpose
From cfg-channel mode, use the no trap shutdown command to activate SNMP traps
for the current channel.
Use the affirmative form, trap shutdown, to stop issuing traps.
Mode
Security Role(s)
Syntax
Default(s)
Valid Platforms
Guidelines
Samples
cfg-channel
network-engineer or crypto-officer
trap shutdown
no trap shutdown
trap shutdown
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
This activates link traps (link up/down) for the channel as a whole, as opposed to its
member ports.
bstnA(cfg‐channel[1])# no trap shutdown
activates SNMP traps from channel 1.
bstnA(cfg‐channel[7])# trap shutdown
shuts off SNMP traps from channel 7.
Related Commands
CLI Reference
channel
9 - 85
Chapter 9
Layer 2
vlan
Purpose
A Virtual Bridged Local Area Network (VLAN) is a group of physically-separated
MAC addresses that appear as a single LAN segment. Devices on the same VLAN
appear to be physically co-located even though some of the devices may be on
different floors or different buildings. VLAN membership is often driven by human
factors like departmental membership in a company. A VLAN often carries a single IP
subnet. Use the vlan command to begin configuring a VLAN.
Use the no form of the command to remove a VLAN configuration.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
vlan vlan‐id
no vlan vlan‐id
vlan-id (1-4009) is an ID you choose for the VLAN. If the VLAN is already
configured, this command edits its configuration.
Default(s)
On all platforms except the ARX-1500, ARX-2500, and ARX-VE, the following
VLANs are configured by default
•
VLAN 1, which carries all client and server subnets.
•
another VLAN to carry private IP traffic amongst the internal processes of the
ARX.
•
a third VLAN to carry metalog IP traffic amongst the internal processes of the
ARX.
The ARX-1500 and ARX-2500 do not use internal VLANs for their private or metalog
traffic.
Valid Platforms
Guidelines
any except ARX-VE
IEEE 802.1Q defines VLANs.
This command puts you into cfg-vlan mode, where you must configure at least one
member port with either the members (cfg-vlan) command or the tag command. You
can edit the ingress options for the VLAN members through some cfg-if-gig
commands. See Related Commands, below, for a complete list of CLI options.
The ARX-1500 and ARX-2500 support only one port per VLAN. If you require
multiple ports to carry a given VLAN on those chassis types, aggregate them into a
channel and assign the VLAN to that channel with vlan (cfg-channel) or vlan-tag.
Samples
bstnA(cfg)# vlan 2
bstnA(cfg‐vlan[2])# creates a configuration for VLAN 2.
bstnA(cfg)# no vlan 18
removes the configuration for VLAN 18.
9 - 86
vlan
Related Commands
members (cfg-vlan)
adds ports to the VLAN with tagging disabled.
tag
adds ports to the VLAN with tagging enabled, or enables tagging for existing
member ports.
description (cfg-vlan)
names the VLAN, for show commands.
Show commands:
show vlan summary
lists all configured VLANs.
show vlan
shows details for one VLAN.
CLI Reference
9 - 87
Chapter 9
Layer 2
vlan (cfg-channel)
Purpose
From cfg-channel mode, use the vlan command to change the VLAN for the current
channel.
Use no vlan to revert the current channel to the default VLAN.
Mode
Security Role(s)
Syntax
cfg-channel
network-engineer or crypto-officer
vlan vlan‐id
no vlan vlan‐id
vlan-id (1-4095) identifies the VLAN to add or remove.
Default(s)
VLAN 1
tagging disabled
Valid Platforms
Guidelines
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
Before you assign a channel to a VLAN, the channel must have at least one member
port (see members (cfg-channel)), and all members must be disabled (shutdown
(cfg-if-gig) or shutdown (cfg-if-ten-gig)).
On the ARX-1500 and the ARX-2500, only a single port (interface gigabit or
interface ten-gigabit) or channel can carry any given VLAN. That is, if you use this
command to assign a VLAN to the current channel, you cannot assign the same VLAN
to any other port or channel. This includes VLAN 1; if multiple channels or ports
default to VLAN 1, all but one of them must be disabled (with shutdown (cfg-if-gig),
shutdown (cfg-if-ten-gig), or shutdown (cfg-channel)).
A channel with VLAN tagging enabled adds a VLAN ID to every outgoing frame. Use
the vlan-tag command to enable VLAN tagging for the current channel. If VLAN
tagging is disabled for the channel, the channel can belong to only one VLAN.
Samples
bstnA(cfg‐channel[1])# vlan 5
assigns channel 1 to VLAN 5, untagged.
bstnA(cfg‐channel[7])# no vlan 2
removes channel 7 from VLAN 2. If channel 7 did not have VLAN tagging set, it
reverts to VLAN 1.
Related Commands
9 - 88
channel
members (cfg-channel)
shutdown (cfg-if-gig)
shutdown (cfg-if-ten-gig)
vlan-tag
vlan-tag
vlan-tag
Purpose
You can configure a channel to tag its outgoing packets with a VLAN ID, and to start
accepting only explicitly-tagged ingress packets into the current VLAN. Channels
with tagging enabled can support multiple VLANs; channels without tagging enabled
can support only one. From cfg-channel mode, use the vlan-tag command to add a
tagged VLAN to the current channel.
Use no vlan-tag to remove a tagged VLAN.
Mode
Security Role(s)
Syntax
cfg-channel
network-engineer or crypto-officer
vlan‐tag vlan‐id
no vlan‐tag vlan‐id
vlan-id (1-4095) identifies the VLAN to add or remove.
Default(s)
channels belong to VLAN 1 by default.
tagging disabled
Valid Platforms
Guidelines
ARX-1500, ARX-2000, ARX-2500, and ARX-4000
A channel with VLAN tagging enabled adds a VLAN ID to every outgoing frame.
Repeat this command with different VLAN IDs to carry multiple VLANs on the
channel. Once you tag the channel for one or more VLANs, it only accepts ingress
frames that are explicitly tagged for one of the VLANs.
If you remove the last VLAN with the no form of this command, tagging is disabled
for the channel and the channel is assigned to VLAN 1.
On the ARX-1500 and the ARX-2500, only a single port (interface gigabit or
interface ten-gigabit) or channel can carry any given VLAN. That is, if you use this
command to tag a channel with a particular VLAN ID, you cannot tag any other port
or channel with the same VLAN ID. This includes VLAN 1; if multiple channels or
ports default to VLAN 1, all but one of them must be disabled (with shutdown
(cfg-if-gig), shutdown (cfg-if-ten-gig), or shutdown (cfg-channel)).
Samples
bstnA(cfg‐channel[3])# vlan‐tag 6
assigns channel 3 to VLAN 6 with tagging enabled.
bstnA(cfg‐channel[7])# no vlan‐tag 2
removes channel 7 from VLAN 2. If channel 7 did not have another VLAN set for
tagging, it reverts to VLAN 1 with no tagging.
Related Commands
CLI Reference
channel
jumbo mtu
9 - 89
Chapter 9
Layer 2
9 - 90
10
Layer 3 (Network Layer)
arp
arp
Purpose
Mode
Security Role(s)
Syntax
The Address-Resolution Protocol (ARP) maps IP addresses to MAC addresses in an
ARP table. Each network processor in the ARX has its own ARP table. Use the arp
command to add a static entry to all ARP tables on the switch.
cfg
network-engineer or crypto-officer
arp ip‐address mac‐address [vlan vlan‐id]
no arp ip‐address
ip-address (for example, 10.125.16.3) is the IP address.
mac-address (for example, 12:34:56:78:9a:bc) is the MAC address you are statically
mapping to the ip-address.
vlan vlan-id (optional; 0-4096) applies the mapping to a single VLAN.
Default(s)
Guidelines
None
The network processors are the ones behind the client/server interfaces, as well as the
one behind the out-of-band MGMT interface.
Use the show arp command to show all ARP-table entries. Use the clear arp
command to clear all dynamic-ARP entries, learned from neighboring equipment.
Samples
bstnA(cfg)# arp 192.168.25.38 11:54:d6:2a:95:f2
adds a static entry to the ARP table.
bstnA(cfg)# arp 10.1.1.159 11:df:45:b3:95:36 vlan 4
adds a static entry to the ARP table and applies it to VLAN 4.
bstnA(cfg)# no arp 172.16.209.55
removes an entry from the ARP table.
Related Commands
CLI Reference
show arp
clear arp
10 - 3
Chapter 10
Layer 3 (Network Layer)
arp gratuitous
Purpose
Mode
Security Role(s)
Syntax
The Address-Resolution Protocol (ARP) maps IP addresses to MAC addresses in an
ARP table. Each processor in the ARX has its own ARP table. Use the arp gratuitous
command to issue gratuitous ARP entries for a single IP address or all IP addresses on
the switch (including virtual IP addresses (VIPs), management IP addresses (MIPs),
and proxy IP addresses (XIPs)).
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
arp gratuitous {ip‐address | yes}
ip-address (0.0.0.0. to 255.255.255.255) is the IP address for which you want to add a
gratuitous ARP entry. If there is an error, the system displays the error message on the
CLI console.
yes specifies to add gratuitous ARP entries for all IP addresses owned by the switch. If
there is an error, the system logs the error message (failed GARP) in the syslog.
Default(s)
Guidelines
None.
If you do not enter an IP address or yes at the end of this command, the switch sends a
gratuitous ARP for all of its publicly-visible IP addresses (such as VIPs). Before
sending all of this traffic, the CLI prompts for confirmation: enter yes to proceed.
Use the show arp command to show all ARP-table entries. Use the clear arp
command to clear all dynamic-ARP entries, learned from neighboring equipment.
Samples
bstnA# arp gratuitous 192.168.25.38 sends a gratuitous ARP entry for one IP address.
bstnA# arp gratuitous
Send a gratuitous ARP for all of this switch's IP addresses? [yes/no] yes
sends a gratuitous ARP for all IP addresses on the switch (VIPs, MIPs, and Proxy
IPs).
bstnA# arp gratuitous yes
also sends gratuitous ARPs for all IPs, but skips the prompt.
Related Commands
10 - 4
show arp
clear arp
arp
clear arp
clear arp
Purpose
Mode
Security Role(s)
Syntax
The Address-Resolution Protocol (ARP) maps IP addresses to MAC addresses in an
ARP table. ARP-table entries are either learned from neighbors (dynamic), set through
the CLI (static), or set by internal software (local). Use the clear arp command to
clear all dynamic entries form the ARP table.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clear arp [from slot.processor]
from slot.processor (optional) specifies one module processor. This option is not
supported on the ARX-1500, ARX-2500, or ARX-VE. Each network-connected
processor (the ones behind the client/server ports and the one behind the MGMT port)
has its own ARP table.
slot (1-2 for an ARX-4000;1 for all others) is the slot number.
processor is the processor number. Use the show processors command to show
all processors and their associated slot.processor IDs.
Default(s)
Guidelines
Samples
None
Use the show arp command to show all ARP-table entries. Use the arp command to
create a static-ARP entry.
bstnA# clear arp
clears all dynamic-ARP entries from the ARX.
bstnA# clear arp from 2.2
clears the dynamic-ARP entries from processor 2.2 only.
Related Commands
CLI Reference
show processors
show arp
arp
10 - 5
Chapter 10
Layer 3 (Network Layer)
description (cfg-if-vlan)
Purpose
You can configure one in-band management interface per VLAN. From cfg-if-vlan
mode, use the optional description command to create a descriptive string for an
in-band-management interface.
Use the no form of the command to delete the interface description.
Mode
Security Role(s)
Syntax
cfg-if-vlan
network-engineer or crypto-officer
description text
no description
text (up to 128 characters) is your description. Surround the text with quotation marks
(““) if it contains any spaces.
Default(s)
Guidelines
Sample
No description
The description appears in the show interface vlan command.
bstnA(cfg‐if‐vlan[1])# description “management for vlan 1”
specifies a description for the in-band-management interface on VLAN 1.
Related Commands
10 - 6
show interface vlan
description (cfg-mgmt)
description (cfg-mgmt)
Purpose
An ARX (except the ARX-VE) can have one out-of-band management interface, on a
separate IP network from all clients and servers. From cfg-mgmt mode, use the
optional description command to create a descriptive string for the out-of-band
management interface.
Use the no form of the command to delete the interface description.
Mode
Security Role(s)
Syntax
cfg-mgmt
network-engineer or crypto-officer
description text
no description
text (up to 128 characters) is your description. Surround the text with quotation marks
(““) if it contains any spaces.
Default(s)
no description
Platforms
any except ARX-VE
Guidelines
Sample
The description appears in the show interface mgmt command.
bstnA(cfg‐mgmt)# description “oob management”
specifies a description for the management interface.
Related Commands
CLI Reference
show interface mgmt
10 - 7
Chapter 10
Layer 3 (Network Layer)
interface mgmt
Purpose
The out-of-band management port is on the front panel of the ARX, typically labeled
MGMT. You configure this as part of the initial-boot process. Use the interface
mgmt command to modify the management-interface configuration.
On an ARX-1500 or ARX-2500, you can use no interface mgmt to stop using port
1/1 for out-of-band management. You can then use other commands to use the port
for client/server traffic.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
interface mgmt
no interface mgmt
Default(s)
None.
Platforms
any except ARX-VE
Guidelines
The ARX software keeps a separate IP routing table for its out-of-band management
interface; this network is designed to be completely separate and disjoint from any
client or server subnets. This interface is designed for installations with a separate
subnet exclusively for management use.
This command puts you into cfg-mgmt mode, where you can set several configuration
parameters for the management interface. Use the ip address (cfg-mgmt) command
to change the IP address. Use the description (cfg-mgmt) command to set an optional
description for the interface, for show commands. Use the shutdown (cfg-mgmt)
command to shut down the interface.
To show the configuration of the management interface, use show interface mgmt.
To set up an in-band management interface for one or more VLANs, use the interface
vlan command.
You cannot use no interface mgmt if you are logged into the CLI through the
out-of-band management interface; this would abruptly end your CLI session. The CLI
also prevents no interface mgmt if the ARX has redundancy configured; on many
platforms, this interface is used for important redundancy-related traffic.
Guidelines: ARX-1500
and ARX-2500
Guidelines: No
Out-of-Band
Management on the
ARX-VE
Sample
10 - 8
On the ARX-1500 and ARX-2500, port 1/1 is set up as the out-of-band management
interface by default. For installations with no separate management subnet, you can
use the no interface mgmt command to stop using port 1/1 for out-of-band
management. You can then edit the port as a standard client/server interface with the
interface gigabit 1/1 command.
The ARX-VE is a Virtual Appliance (VA) that only uses a single VNIC, so it only has
an in-band management interface. This command is therefore unavailable in the
ARX-VE CLI.
bstnA(cfg)# interface mgmt
bstnA(cfg‐mgmt)#
interface mgmt
Related Commands
CLI Reference
ip address (cfg-mgmt)
description (cfg-mgmt)
shutdown (cfg-mgmt)
show interface mgmt
interface vlan
10 - 9
Chapter 10
Layer 3 (Network Layer)
interface vlan
Purpose
You can configure one in-band management interface per supported VLAN. Use the
interface vlan command to begin configuring the management interface for a VLAN.
Use the no form to remove the in-band-management interface for a VLAN.
Mode
cfg
Security Role(s)
network-engineer or crypto-officer
Syntax
interface vlan vlan‐id
no interface vlan vlan‐id
vlan-id (1-4096) identifies the VLAN. Use the show vlan summary command for a
list of all configured VLANs.
Default(s)
Guidelines
None
This command puts you into cfg-if-vlan mode, where you can set several configuration
parameters for the in-band management interface. Use the ip address (cfg-if-vlan)
command to set the IP address. Use the description (cfg-if-vlan) command to set an
optional description for the interface, for show commands. Use the shutdown
(cfg-if-vlan) command to shut down the interface.
You can re-use this interface as a connection to the switch’s redundant peer and/or to
multiple switches on the same RON. The redundancy (cfg-if-vlan) command makes
the interface eligible for the initial rendezvous with a redundant peer; this command is
required for the ARX-1500 and ARX-2500, which use this layer-3 connection for
exchanging heartbeats and metalog data. The ron tunnel command enters a sub-mode
for configuring a RON tunnel to another ARX.
To show the configuration of the management interface, use show interface vlan.
Sample
Related Commands
10 - 10
bstnA(cfg)# interface vlan 9
bstnA(cfg‐if‐vlan[9])# show vlan summary
ip address (cfg-if-vlan)
description (cfg-if-vlan)
shutdown (cfg-if-vlan)
show interface vlan
redundancy (cfg-if-vlan)
ron tunnel
ip address (cfg-if-vlan)
ip address (cfg-if-vlan)
Purpose
Administrators can use the in-band management address to log into the CLI or GUI
from a client or server VLAN. From cfg-if-vlan mode, use the ip address command
to set the address for the current VLAN’s in-band management interface.
Use the no form of this command to remove the IP address and disable the interface.
Important
In a redundant pair of ARXes, the network software uses an in-band
(VLAN) management address as a home address for its communication
with the quorum-disk. Without an in-band-management address and an ip
route to the quorum disk, a failover is impossible. Additionally, any ron
tunnels that use this address will fail if you remove it; a
shadow-copy-rule depends on RON tunnels to communicate with other
ARXes in the network. Use the no form of the command only on the
advice of F5 Support.
Mode
Security Role(s)
Syntax
cfg-if-vlan
network-engineer or crypto-officer
ip address address mask
no ip address
address is the IP address you choose for the VLAN-management interface (for
example, 192.168.108.223).
mask defines the network part of the address (for example, 255.255.255.0).
Default(s)
Guidelines
None
An ARX in a redundant pair requires an in-band (VLAN) management address with an
IP route to its quorum disk. This is required so that the ARX can reach its quorum disk
while in the backup role. Refer to the quorum-disk documentation for more details.
Do not delete this address if this ARX has a quorum disk on the current VLAN.
A redundant pair of ARX-2500 or ARX-1500 devices requires an in-band (VLAN)
management interface for each end of the redundancy link. The redundancy link is the
channel (or possibly single link) that connects the redundant ARX devices. The IP
address that you assign to the redundancy link (with this command) is used in the peer
command when you join the redundant pair.
If the current in-band (VLAN) interface is the end point for one or more RON tunnels,
those tunnels also depend in this IP address.
Sample
bstnA(cfg‐if‐vlan[9])# ip address 192.168.25.28 255.255.255.0
sets an in-band management IP for VLAN 9.
CLI Reference
10 - 11
Chapter 10
Layer 3 (Network Layer)
Related Commands
10 - 12
interface vlan
quorum-disk
peer
ron tunnel
ip address (cfg-mgmt)
ip address (cfg-mgmt)
Purpose
Administrators can use the out-of-band management address to log into the CLI. This
is configured as part of the initial-boot process. From cfg-mgmt mode, use the ip
address command to change the address for the out-of-band management interface.
Use the no form of this command to remove the IP address and disable the interface.
Mode
Security Role(s)
Syntax
cfg-mgmt
network-engineer or crypto-officer
ip address address mask
no ip address
address is the IP address you choose for the management interface (for example,
10.1.1.10).
mask defines the network part of the address (for example, 255.255.255.0).
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Samples
This address must belong to a management network that is entirely distinct from any
client subnet (established with virtual server) or the proxy-IP subnet (created by ip
proxy-address). The MGMT interface uses a separate IP-routing table; use the ip
route ... mgmt command to specify a default route (or any other static route) for the
out-of-band management network.
bstnA(cfg‐mgmt)# ip address 10.1.1.7 255.255.255.0
sets an out-of-band management IP for the ARX.
bstnA(cfg‐mgmt)# no ip address
removes the IP configuration from the out-of-band management interface.
Related Commands
CLI Reference
interface mgmt
ip route
10 - 13
Chapter 10
Layer 3 (Network Layer)
ip domain-list
Purpose
You can create an optional search list of domain names for the ARX to use in its DNS
lookups. Whenever the switch needs to perform a DNS lookup for a hostname (for
example, “fs5”), it appends a domain name (for example, “mycompany.com”) and
tries a DNS lookup; on failure, it appends the next domain name in the list; and so on.
Use the ip domain-list command to add one domain name to the search list.
Use the no form of this command to remove a domain name from the search list.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ip domain‐list name
no ip domain‐list name
name (1-255 characters) is a name for one local domain (for example, “myorg.org”).
Default(s)
Guidelines
None
The search list is analogous to the “search” list in an /etc/resolv.conf file. You can
enter this command multiple times, once for each search domain. The search domains
are concatenated together, separated by spaces: the total length of this domain list
cannot exceed 256 characters.
To identify a DNS server, use the ip name-server command. Use the show ip
domain command to view the current DNS-lookup configuration.
Samples
bstnA(cfg)# ip domain‐list estorage.com
bstnA(cfg)# ip domain‐list enet.com
adds two domain names to the search list. The ARX will try “estorage.com” first
when it looks up short names.
bstnA(cfg)# no ip domain‐list enet.com
removes one domain name from the search list.
Related Commands
10 - 14
ip name-server
show ip domain
ip name-server
ip name-server
Purpose
This command identifies a DNS server that the ARX can use for DNS lookups. You
can enter up to three DNS servers. Use the ip name-server command to add a DNS
server.
Use the no form of this command to remove a DNS server from the list.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ip name‐server ip‐address
no ip name‐server ip‐address
ip-address identifies a DNS server (for example, “172.16.98.36”). This address must
be on the server/proxy-IP subnet (see ip proxy-address) or reachable through a static
route (see ip route).
Default(s)
Guidelines
None
You can enter this command multiple times, once for each DNS server; the switch
supports a maximum of three. The servers are queried in the order that you enter them.
The ARX switches from one DNS server to another if (and only if) the server is
unreachable.
To support lookups of hostnames (for example, “myserver” instead of
“myserver.mycompany.com”), you can declare one or more local domains (such as
“mycompany.com”) for the switch with the ip domain-list command.
All of the DNS servers should provide service for the same set of networks and
domains.
Use the show ip domain command to view the current DNS-lookup configuration.
Samples
bstnA(cfg)# ip name‐server 192.168.25.201
identifies a DNS server.
bstnA(cfg)# no ip name‐server 192.168.25.212
removes one DNS server from the list.
Related Commands
CLI Reference
ip proxy-address
ip route
ip domain-list
show ip domain
10 - 15
Chapter 10
Layer 3 (Network Layer)
ip proxy-address
Purpose
Every NSM processor requires a proxy IP address to communicate with back-end
devices. Use the ip proxy-address command to add a range of proxy IPs.
Use the no form of the command to remove a range of unused proxy-IP addresses.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ip proxy‐address address mask [vlan vlan‐id] [count number] [processor slot.proc]
no ip proxy‐address address
address is the starting IP address for a range of proxy IPs (for example, 192.168.25.0).
mask is the subnet mask (for example, 255.255.255.0).
vlan vlan-id (optional, 1-65535) is the VLAN for this subnet, if there is one. Use
show vlan summary for a complete list of configured VLANs.
count number (optional, 1-64) is the number of contiguous IP addresses to assign to
the proxy pool.
slot.proc (optional: for example, 1.4) assigns the proxy-IP address to a particular NSM
processor. You can only use this option if you specify a single IP.
Default(s)
vlan-id defaults to VLAN 1.
number defaults to 1.
Guidelines
You must configure one proxy-IP address per network processor, where
•
the ARX-VE and ARX-500 each have 1,
•
the ARX-1500 has 2,
•
the ARX-2000 has 4,
•
the ARX-2500 has 3 (or 4, depending on the setting for resource-profile), and
•
the ARX-4000 has 12.
The proxy IP addresses must all belong to the same subnet, but do not need to be
contiguous. You can use this command multiple times to define multiple ranges, as
long as there are enough proxy IPs for all of the network processors.
Be sure to assign the correct proxy-IP addresses the first time. Once the proxy IP is
assigned to an NSM processor, it is difficult to change. To change an assigned proxy
IP, you must save your configuration (with the priv-exec copy startup-config
command), remove it from the switch (delete startup-config), reboot (reload), edit
the saved configuration with the correct proxy-IP addresses, and replay it (that is, copy
it and paste it into the CLI). The CLI prompts for confirmation before making any
change to the proxy-IP addresses; please examine your proxy-IP change carefully
before you enter yes to proceed.
10 - 16
ip proxy-address
Sample
bstnA(cfg)# ip proxy‐address 192.168.25.31 255.255.255.0 vlan 25 count 4
%WARNING: The IP proxy address changes will take effect, and cannot be modified without clearing your startup‐config.
The ip proxy‐address configuration will be 4 proxy‐address(es)
starting at IP 192.168.25.31 on VLAN 25.
Continue? [yes/no] yes
bstnA(cfg)# ip proxy‐address 192.168.25.141 255.255.255.0 vlan 25 count 8
%WARNING: The IP proxy address changes will take effect, and cannot be modified without clearing your startup‐config.
The ip proxy‐address configuration will be 8 proxy‐address(es)
starting at IP 192.168.25.141 on VLAN 25.
Continue? [yes/no] yes
configures two ranges of proxy-IP addresses, for a total of 12.
Related Commands
CLI Reference
show vlan summary
10 - 17
Chapter 10
Layer 3 (Network Layer)
ip route
Purpose
Use the ip route command to configure a static IP route.
Use the no form of this command to remove a static route.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ip route ip‐subnet ip‐mask gateway [distance] [mgmt]
no ip route ip‐subnet ip‐mask gateway [distance] [mgmt]
ip-subnet is the IP address of a remote subnet (for example, 172.16.151.0).
ip-mask defines the network part of the subnet (for example, 255.255.255.0).
gateway identifies the gateway to the subnet (for example, 192.168.25.1).
distance (optional; 1-255) is an arbitrary distance metric; if you configure two routes
to the same subnet, the route with the lowest distance is used.
mgmt (optional) is a flag that adds the route to a separate routing table for the
out-of-band management network. This option is not available on the ARX-VE, which
does not have a separate out-of-band management interface. Also, the option does not
apply to any ARX-1500 or an ARX-2500 where port 1/1 is being used for client/server
traffic.
Default(s)
Guidelines
distance - 128
Configure a static route for every IP subnet with clients or servers that is outside any
client subnet (defined by the virtual server command) or the proxy-IP subnet (see ip
proxy-address). For a remote client subnet, the next-hop gateway must be in the
subnet where their VIP resides. Similarly, a route to a remote server network must go
through the proxy-IP subnet.
The ARX keeps a separate routing table for the out-of-band management interface.
This management interface connects to a separate IP network, and therefore requires a
routing table that is tailored to its network. Use the mgmt flag to add or remove a
route from this table. The gateways for these routes must be on the management
subnet defined by the ip address (cfg-mgmt) command.
You can also use multiple static routes to the same destination, each with different
next hops. You can use different distance costs with each route to indicate your route
preferences.
If the ARX has a redundant peer, you can use the critical route command to designate
that a route is critical. If a critical route fails, the ARX may fail over to its peer.
Use the show ip route command to list all static routes, including the routes in the
separate table for management routes.
10 - 18
ip route
Samples
bstnA(cfg)# ip route 172.16.231.0 255.255.255.0 192.168.25.1
creates a static route to a client subnet.
bstnA(cfg)# ip route 172.16.231.0 255.255.255.0 192.168.25.2 255
creates another static route to the same subnet. The distance is set very high, so
this route would not be chosen unless the gateway fails for the previous route.
bstnA(cfg)# ip route 10.16.10.0 255.255.255.0 10.1.1.1 mgmt
creates a static route for the out-of-band management network.
bstnA(cfg)# no ip route 10.16.165.0 255.255.255.0 10.1.1.1 mgmt
removes a static route for the out-of-band management network.
Related Commands
CLI Reference
virtual server
ip proxy-address
ip address (cfg-mgmt)
show ip route
10 - 19
Chapter 10
Layer 3 (Network Layer)
ip route ... per-vlan
Purpose
Some installations have a firewall between the ARX and its clients, and require VIPs
on multiple client VLANs. In those situations, the ARX’s single default route (created
with the ip route command) causes the ARX to send all response packets over the
default route’s VLAN. If that VLAN is not the same as the VIP’s VLAN, the firewall
may drop the response packet. For example, if there are VIPs on each of VLANs A, B,
and C, the single default route can only go over one of those VLANs (for example,
VLAN A). Clients from the other VLANs (B and C) would send requests to those
VLANs and get responses from VLAN A. If the firewall is connected to each VLAN
through different interfaces, the response packet arrives on a different interface than
the request packet. A firewall drops such packets, with different source and destination
interfaces. To solve this specific problem, on the advice of F5 Support, you can use the
ip route ... per-vlan command to make a separate default route for each client VLAN.
Use the no form of this command to remove a VLAN-specific-default route.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ip route 0.0.0.0 0.0.0.0 gateway [distance] per‐vlan vlan‐id
no ip route 0.0.0.0 0.0.0.0 gateway [distance] per‐vlan vlan‐id
0.0.0.0 0.0.0.0 is the IP subnet and mask for a default route. You cannot define a
subnet-specific route on a per-VLAN basis.
gateway identifies the gateway to use for this VLAN (for example, 192.168.30.1).
distance (optional; 1-255) is an arbitrary distance metric; if you configure two routes
to the same subnet, the route with the lowest distance is used.
per-vlan vlan-id (0-4096) identifies the VLAN for this default route. You must choose
a VLAN that is already defined on the ARX; use show vlan summary for a list of
defined VLANs, and use vlan to define a new one.
Default(s)
distance - 128
Platforms
ARX-500, ARX-2000, ARX-4000, and ARX-VE
Guidelines
Use this command only on the advice of F5 Support. A standard ip route has some
features (listed below) that are not supported for the per-VLAN route.
Because of this route’s limitations, the CLI prompts for confirmation before it accepts
the per-VLAN route; enter yes to continue.
If a client request arrives over a VLAN without a per-VLAN-default route, the
response goes over the ARX’s default route (defined with the standard ip route
command).
This command is not available on the ARX-1500 or ARX-2500. The ip route ...
source-ip command performs a similar function for those platforms.
10 - 20
ip route ... per-vlan
Guidelines:
Limitations
Samples
As mentioned above, this type of default route has several limitations.
•
You cannot create a per-VLAN route to a specific subnet. This is always a default
route.
•
You cannot designate a per-VLAN route as a critical route, as you can with a
standard IP route. If you lose connectivity to the gateway, the ARX does not fail
over to its peer (which may have a better connection).
•
Unlike a standard default route, you are limited to a single gateway for each
VLAN. For a standard default route, you can enter multiple ip route commands
with different gateways and different values for distance. The ARX attempts to
reach the gateway with the lowest distance value and tries a higher-distance
gateway if the first is unreachable. This form of the command does not support a
distance value, so you cannot establish redundant gateways for the VLAN’s
default route.
•
This type of default route is used only for outbound IP packets where a VIP is the
source address. (The virtual server command creates a VIP.)
bstnA(cfg)# ip route 0.0.0.0 0.0.0.0 192.168.76.1 1 per‐vlan 38
This static route overrides the default route for the specified VLAN.
The route does not support health checks.
Do you want to continue? [yes/no] yes
creates a default route for VLAN 38 with the lowest possible distance metric, 1.
Responses to packets from this VLAN go back out over the same VLAN.
prtlndB(cfg)# no ip route 0.0.0.0 0.0.0.0 per‐vlan 99
Removing this route will result in the global default route being used for this VLAN.
Do you want to proceed? [yes/no] yes
removes the default route for VLAN 99. Responses to packets from this VLAN
use the default route designated by the standard ip route command.
Related Commands
CLI Reference
ip route
ip route ... source-ip
show ip route
vlan
show vlan summary
critical route
virtual server
10 - 21
Chapter 10
Layer 3 (Network Layer)
ip route ... source-ip
Purpose
Some installations have a firewall between the ARX and its clients, and require VIPs
on multiple client VLANs. In those situations, the ARX’s single default route (created
with the ip route command) causes the ARX to send all response packets over the
default route’s VLAN. If that VLAN is not the same as the VIP’s VLAN, the firewall
may drop the response packet. For example, if there are VIPs on each of VLANs A, B,
and C, the single default route can only go over one of those VLANs (for example,
VLAN A). Clients from the other VLANs (B and C) would send requests to those
VLANs and get responses from VLAN A. If the firewall is connected to each VLAN
through different interfaces, the response packet arrives on a different interface than
the request packet. A firewall drops such packets, with different source and destination
interfaces. To solve this specific problem on an ARX-1500 or ARX-2500, you can use
the ip route ... source-ip command to make a separate default route for each VIP; any
packet received at the VIP uses this default route with the same VIP as its source IP.
Use the no form of this command to remove a VIP-specific-default route.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ip route 0.0.0.0 0.0.0.0 gateway [distance] source‐ip vip
no ip route 0.0.0.0 0.0.0.0 [gateway] [distance] source‐ip vip
0.0.0.0 0.0.0.0 is the IP subnet and mask for a default route. You cannot define a
subnet-specific route on a per-VIP basis.
gateway identifies the gateway to use for this route (for example, 192.168.30.1).
distance (optional; 1-255) is an arbitrary distance metric; if you configure two routes
to the same subnet, the route with the lowest distance is used.
source-ip vip identifies the VIP for this default route. You must choose a VIP that is
already defined on the ARX; use show global server for a list of defined VIPs, and
use the virtual server command to define a new one.
Default(s)
distance - 128
Platforms
ARX-1500 or ARX-2500
Guidelines
This command only functions on the ARX-1500 or ARX-2500. The ip route ...
per-vlan command performs a similar function on all other platforms.
If a client request arrives at a VIP without a per-VIP-default route, the response goes
over the ARX’s default route (defined with the standard ip route command).
10 - 22
ip route ... source-ip
Samples
canbyA(cfg)# ip route 0.0.0.0 0.0.0.0 192.168.121.1 1 source‐ip 192.168.121.76
creates a default route for VIP 192.168.121.76 with the lowest possible distance
metric, 1. Responses to packets from this VIP go back out over the same VIP.
stoweA(cfg)# no ip route 0.0.0.0 0.0.0.0 192.168.90.1 source‐ip 192.168.90.29
removes the default route for VIP 192.168.90.29. Responses to packets from this
VIP use the default route designated by the standard ip route command.
Related Commands
CLI Reference
ip route
ip route ... per-vlan
show ip route
vlan
show vlan summary
critical route
virtual server
10 - 23
Chapter 10
Layer 3 (Network Layer)
ntp server
Purpose
The ARX can synchronize its internal clock with an external Network Time Protocol
(NTP) server. Use the ntp server command to identify an NTP server.
Use the no form of this command to disconnect from an NTP server.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
ntp server ip‐address [version {3 | 4}]
no ntp server ip‐address
ip-address (1-128 characters) identifies the external NTP server by its IP address.
Note
Windows Domain Controllers (DCs) support NTP and can be used as
NTP servers. You should only use a DC as your NTP server if all the
back-end CIFS filers also use the DC in this way.
version {3 | 4} (optional) is the NTP version to use, NTPv3 or SNTPv4.
Default(s)
Guidelines
version - 4 (SNTPv4)
Use the same NTP servers for the ARX that you use for the back-end filers and
front-end clients. For namespace policy it is vital that the ARX is synchronized with
the back-end servers; it is also required for installations that use Kerberos. Note that
synchronization is more important than time accuracy; if all the servers agree on the
wrong time, policy and Kerberos continue to function.
The default protocol for external NTP communication is Simple NTP (SNTP) v4,
defined in RFC 2030. If you set the version to v3, the switch uses NTPv3 defined in
RFC 1305.
You can repeat this command to configure up to 8 NTP servers. The switch selects the
best server as specified by the NTP protocol.
Use show ntp servers to see the current NTP configuration. Use show clock to see
the current time/date setting on the ARX.
You can set the internal clock manually with the clock set command. If this setting
conflicts with NTP-server time, the NTP time overrides the manual setting.
Samples
bstnA(cfg)# ntp server 192.168.25.201
selects an NTP server at 192.168.25.201.
bstnA(cfg)# ntp server 192.168.25.202 version 3
selects another NTP server, but uses NTPv3 to communicate with it.
Related Commands
10 - 24
clock set
show ntp servers
show clock
redundancy (cfg-if-vlan)
redundancy (cfg-if-vlan)
Purpose
You can connect two identical ARXes as a redundant pair. To initially join, or
rendezvous, each switch communicates over one of its management interfaces. This
command makes it possible to use the current in-band (VLAN) management interface
as the rendezvous interface.
An ARX-1500 or ARX-2500 also use this type of management interface as one end of
a redundant-pair link. They use this link to exchange heartbeat messages and metalog
data.
Use the no form to disallow the current interface from being used for a redundant-pair
rendezvous.
Mode
Security Role(s)
Syntax
cfg-if-vlan
network-engineer or crypto-officer
redundancy
no redundancy
Default(s)
no redundancy
Platforms
any except ARX-VE
Guidelines
To select this management interface for rendezvous, go to this switch’s redundant peer
and use the peer command.
Guidelines: ARX-1500
and ARX-2500
As mentioned above, the ARX-1500 or ARX-2500 can also use this management
interface as one end of a redundant-pair link. The redundant pair depends on this link
for ongoing heartbeats and metalog updates.
For the best failover performance in this case, we strongly recommend a gigabit or
ten-gigabit connection to the redundant peer. That is, the current VLAN’s channel (or
member) should connect to the redundant peer and have speeds of 1-gigabit or more.
We also recommend that the connection be direct (without any intervening bridges or
routers), and that the switches are co-located. If the latency is low, an intervening
Gigabit L2 switch is permissible.
When redundancy is enabled and the ARX-1500 or ARX-2500 is using this interface
as a redundant-pair link, the cfg-if-vlan no redundancy command causes the backup
peer to reboot. The reboot does not disrupt any storage services, but the ARX peers
cannot function as a redundant pair while the link is shut down. Additionally, a
quorum-disk failure or disconnection would cause the active peer to reboot, too. If you
proceed with removing the link, you should establish a new one as soon as possible:
use the redundancy protocol, redundancy protocol (cfg-channel), or this
command on another port, channel, or VLAN interface to establish a new
redundant-pair link.
Samples
bstnA(cfg‐if‐vlan[555])# redundancy
allows the in-band-management interface on VLAN 555 to be used for
redundancy rendezvous.
bstnA(cfg‐if‐vlan[8])# no redundancy
disallows rendezvous for the VLAN-8 interface.
CLI Reference
10 - 25
Chapter 10
Layer 3 (Network Layer)
Related Commands
10 - 26
interface vlan
peer
redundancy protocol
redundancy protocol (cfg-channel)
show arp
show arp
Purpose
Mode
Security Role(s)
Syntax
Address-Resolution Protocol (ARP) maps IP addresses to MAC addresses. Every
network-connected processor on the ARX keeps a separate ARP table with its known
IP/MAC entries. Use the show arp command to show one or more ARP tables.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show arp [all]
show arp from slot.processor [type {dynamic | static | local}]
all (optional) specifies all entries on the switch.
from slot.processor (optional) focuses on the ARP table at one processor. This option
is not supported on the ARX-1500, ARX-2500, or ARX-VE:
slot (1-2 for ARX-4000; 1 for all others) is the slot number.
processor is the processor number. Use the show processors command to show
all processors on the ARX, along with their associated module name(s) and status.
type {dynamic | static | local} (optional, if you use the from clause) selects one type
of ARP-table entry, based on how the entry was learned. You must choose one of the
following:
dynamic - learned from neighboring equipment.
static - specified by the arp command.
local - set internally by the switch.
Guidelines
Proc is the processor (in slot.processor format). This only appears if you use an
option, all or from, on a platform other than the ARX-1500, ARX-2500, or ARX-VE.
IP Address and
MAC Address are mapped together. If the MAC address is all zeros, the ARX could
not find the IP address through ARP; likely the IP address does not exist in this case.
VLAN is the VLAN where the IP address was learned or specified.
Type is
–
dynamic if the entry was learned from neighboring equipment,
–
static if the entry was specified by the arp command, or
–
local if the entry is defined by the switch software.
The summary output (from show arp, without any additional arguments) shows
only dynamic-ARP entries.
Age (sec) is the time the entry has been in the ARP table, shown in seconds.
Use the arp command to create a static ARP entry. Use the clear arp command to
clear all dynamic-ARP entries.
CLI Reference
10 - 27
Chapter 10
Layer 3 (Network Layer)
Samples
bstnA(cfg)# show arp
shows a summary of the ARP-table entries on the switch. This includes only
dynamic-ARP entries. See Figure 10.1 for sample output.
bstnA(cfg)# show arp all shows all ARP-table entries from all processors. See Figure 10.2 on
page 10-28 for sample output.
bstnA(cfg)# show arp from 1.1
shows the ARP table for processor 1.1 only. See Figure 10.3 on page 10-30 for
sample output.
bstnA(cfg)# show arp from 1.1 type local
shows the local ARP entries for processor 1.1. See Figure 10.4 on page 10-31
for sample output.
See Figure 10.5 on page 10-31 for sample output on the ARX-2000.
Related Commands
show processors
arp
clear arp
Figure 10.1 Sample Output: show arp (ARX-4000)
bstnA(cfg)# show arp
IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
192.168.25.1 00:01:e8:5e:ea:1f 25 dynamic 0
192.168.25.2 00:01:e8:5e:ea:1f 25 dynamic 0
10.46.28.218 00:00:00:00:00:00 25 dynamic 0
10.1.1.1 00:01:e8:5e:ea:1f mgmt dynamic 0
169.254.42.64 00:0a:49:17:92:46 mgmt dynamic 0
169.254.42.65 00:0a:49:17:92:47 mgmt dynamic 0
169.254.42.66 00:0a:49:17:92:48 mgmt dynamic 0
169.254.42.67 00:0a:49:17:92:49 mgmt dynamic 0
169.254.42.68 00:0a:49:17:92:44 mgmt dynamic 0
169.254.42.69 00:0a:49:17:92:45 mgmt dynamic 0
169.254.42.70 00:0a:49:17:92:46 mgmt dynamic 0
169.254.42.71 00:0a:49:17:92:47 mgmt dynamic 0
169.254.42.72 00:0a:49:17:92:48 mgmt dynamic 0
169.254.42.73 00:0a:49:17:92:49 mgmt dynamic 0
169.254.42.74 00:0a:49:17:92:4a mgmt dynamic 0
169.254.42.75 00:0a:49:17:92:4b mgmt dynamic 0
169.254.42.82 00:0a:49:17:92:45 mgmt dynamic 0
Figure 10.2 Sample Output: show arp all (ARX-4000)
bstnA(cfg)# show arp all
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 169.254.68.74 00:0a:49:17:73:4a mgmt dynamic 0
10 - 28
show arp
1.1 169.254.68.66 00:0a:49:17:73:48 mgmt dynamic 0
1.1 10.1.1.1 00:01:e8:5e:ea:1f mgmt dynamic 0
1.1 169.254.68.75 00:0a:49:17:73:4b mgmt dynamic 0
1.1 169.254.68.71 00:0a:49:17:73:47 mgmt dynamic 0
1.1 169.254.68.73 00:0a:49:17:73:49 mgmt dynamic 0
1.1 169.254.68.67 00:0a:49:17:73:49 mgmt dynamic 0
1.1 169.254.68.69 00:0a:49:17:73:45 mgmt dynamic 0
1.1 169.254.68.82 00:0a:49:17:73:45 mgmt dynamic 0
1.1 169.254.68.68 00:0a:49:17:73:44 mgmt dynamic 0
1.1 169.254.68.64 00:0a:49:17:73:46 mgmt dynamic 0
1.1 169.254.68.65 00:0a:49:17:73:47 mgmt dynamic 0
1.1 169.254.68.70 00:0a:49:17:73:46 mgmt dynamic 0
1.1 169.254.68.72 00:0a:49:17:73:48 mgmt dynamic 0
1.1 10.1.1.7 00:15:17:47:15:e9 mgmt local ‐
1.1 169.254.68.32 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.33 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.76 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.77 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.78 00:0a:49:17:73:09 mgmt local ‐
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 169.254.68.79 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.80 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.81 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.83 00:0a:49:17:73:09 mgmt local ‐
2.1 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.1 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.2 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.2 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.3 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.3 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.4 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.4 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.5 192.168.25.1 00:01:e8:5e:ea:1f 25 dynamic 0
2.5 192.168.25.2 00:01:e8:5e:ea:1f 25 dynamic 0
2.5 10.46.16.218 00:00:00:00:00:00 25 dynamic 0
2.5 192.168.25.15 00:0a:49:17:73:c0 25 local ‐
2.5 192.168.25.12 00:0a:49:17:73:c0 25 local ‐
2.5 192.168.25.141 00:0a:49:17:73:84 25 local ‐
2.5 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.5 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2.6 192.168.25.15 00:0a:49:17:73:c0 25 local ‐
2.6 192.168.25.12 00:0a:49:17:73:c0 25 local ‐
2.6 192.168.25.142 00:0a:49:17:73:85 25 local ‐
2.6 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.6 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.7 192.168.25.15 00:0a:49:17:73:c0 25 local ‐
2.7 192.168.25.12 00:0a:49:17:73:c0 25 local ‐
2.7 192.168.25.31 00:0a:49:17:73:80 25 local ‐
2.7 192.168.25.143 00:0a:49:17:73:86 25 local ‐
2.7 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.7 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.8 192.168.25.15 00:0a:49:17:73:c0 25 local ‐
2.8 192.168.25.12 00:0a:49:17:73:c0 25 local ‐
CLI Reference
10 - 29
Chapter 10
Layer 3 (Network Layer)
2.8 192.168.25.32 00:0a:49:17:73:81 25 local ‐
2.8 192.168.25.144 00:0a:49:17:73:87 25 local ‐
2.8 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.8 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.9 192.168.25.15 00:0a:49:17:73:c0 25 local ‐
2.9 192.168.25.12 00:0a:49:17:73:c0 25 local ‐
2.9 192.168.25.33 00:0a:49:17:73:82 25 local ‐
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2.9 192.168.25.145 00:0a:49:17:73:88 25 local ‐
2.9 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.9 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.10 192.168.25.15 00:0a:49:17:73:c0 25 local ‐
2.10 192.168.25.12 00:0a:49:17:73:c0 25 local ‐
2.10 192.168.25.34 00:0a:49:17:73:83 25 local ‐
2.10 192.168.25.146 00:0a:49:17:73:89 25 local ‐
2.10 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.10 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.11 192.168.25.15 00:0a:49:17:73:c0 25 local ‐
2.11 192.168.25.12 00:0a:49:17:73:c0 25 local ‐
2.11 192.168.25.147 00:0a:49:17:73:8a 25 local ‐
2.11 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.11 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
2.12 192.168.25.15 00:0a:49:17:73:c0 25 local ‐
2.12 192.168.25.12 00:0a:49:17:73:c0 25 local ‐
2.12 192.168.25.148 00:0a:49:17:73:8b 25 local ‐
2.12 10.46.16.253 00:0a:49:17:73:fe 25 local ‐
2.12 192.168.25.5 00:0a:49:17:73:ff 25 local ‐
Figure 10.3 Sample Output: show arp from 1.1 (ARX-4000)
bstnA(cfg)# show arp from 1.1
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 169.254.68.74 00:0a:49:17:73:4a mgmt dynamic 0
1.1 169.254.68.66 00:0a:49:17:73:48 mgmt dynamic 0
1.1 10.1.1.1 00:01:e8:5e:ea:1f mgmt dynamic 0
1.1 169.254.68.75 00:0a:49:17:73:4b mgmt dynamic 0
1.1 169.254.68.71 00:0a:49:17:73:47 mgmt dynamic 0
1.1 169.254.68.73 00:0a:49:17:73:49 mgmt dynamic 0
1.1 169.254.68.67 00:0a:49:17:73:49 mgmt dynamic 0
1.1 169.254.68.69 00:0a:49:17:73:45 mgmt dynamic 0
1.1 169.254.68.82 00:0a:49:17:73:45 mgmt dynamic 0
1.1 169.254.68.68 00:0a:49:17:73:44 mgmt dynamic 0
1.1 169.254.68.64 00:0a:49:17:73:46 mgmt dynamic 0
1.1 169.254.68.65 00:0a:49:17:73:47 mgmt dynamic 0
1.1 169.254.68.70 00:0a:49:17:73:46 mgmt dynamic 0
1.1 169.254.68.72 00:0a:49:17:73:48 mgmt dynamic 0
1.1 10.1.1.7 00:15:17:47:15:e9 mgmt local ‐
1.1 169.254.68.32 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.33 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.76 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.77 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.78 00:0a:49:17:73:09 mgmt local ‐
10 - 30
show arp
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 169.254.68.79 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.80 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.81 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.83 00:0a:49:17:73:09 mgmt local ‐
Figure 10.4 Sample Output: show arp from 1.1 type local (ARX-4000)
bstnA(cfg)# show arp from 1.1 type local
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 10.1.1.7 00:15:17:47:15:e9 mgmt local ‐
1.1 169.254.68.32 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.33 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.76 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.77 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.78 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.79 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.80 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.81 00:0a:49:17:73:09 mgmt local ‐
1.1 169.254.68.83 00:0a:49:17:73:09 mgmt local ‐
Figure 10.5 Sample Output: show arp (ARX-2000)
prtlndA(cfg)# show arp all
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 10.1.23.1 00:01:e8:5e:ea:1f mgmt dynamic 0
1.1 169.254.104.65 00:0a:49:17:b1:41 mgmt dynamic 0
1.1 169.254.104.64 00:0a:49:17:b1:40 mgmt dynamic 0
1.1 169.254.104.66 00:0a:49:17:b1:42 mgmt dynamic 0
1.1 169.254.104.67 00:0a:49:17:b1:43 mgmt dynamic 0
1.1 10.1.23.11 00:15:17:6b:a7:d9 mgmt local ‐
1.1 169.254.104.32 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.33 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.68 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.69 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.70 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.71 00:0a:49:17:b1:09 mgmt local ‐
1.2 192.168.74.1 00:01:e8:5e:ea:1f 74 dynamic 0
1.2 192.168.74.2 00:01:e8:5e:ea:1f 74 dynamic 0
1.2 10.46.26.218 00:00:00:00:00:00 74 dynamic 0
1.2 192.168.74.92 00:0a:49:17:b1:c0 74 local ‐
1.2 192.168.74.91 00:0a:49:17:b1:c0 74 local ‐
1.2 192.168.74.41 00:0a:49:27:84:80 74 local ‐
1.2 192.168.74.21 00:0a:49:17:b1:80 74 local ‐
1.2 10.46.26.253 00:0a:49:17:b1:fe 74 local ‐
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.2 192.168.74.66 00:0a:49:17:b1:ff 74 local ‐
1.3 192.168.25.5 00:0a:49:17:73:ff 74 dynamic 1712
1.3 192.168.74.1 00:01:e8:5e:ea:1f 74 dynamic 0
1.3 192.168.74.2 00:01:e8:5e:ea:1f 74 dynamic 0
1.3 192.168.74.92 00:0a:49:17:b1:c0 74 local ‐
1.3 192.168.74.91 00:0a:49:17:b1:c0 74 local ‐
CLI Reference
10 - 31
Chapter 10
Layer 3 (Network Layer)
1.3 192.168.74.42 00:0a:49:27:84:81 74 local ‐
1.3 192.168.74.22 00:0a:49:17:b1:81 74 local ‐
1.3 10.46.26.253 00:0a:49:17:b1:fe 74 local ‐
1.3 192.168.74.66 00:0a:49:17:b1:ff 74 local ‐
1.4 192.168.74.92 00:0a:49:17:b1:c0 74 local ‐
1.4 192.168.74.91 00:0a:49:17:b1:c0 74 local ‐
1.4 192.168.74.43 00:0a:49:27:84:82 74 local ‐
1.4 192.168.74.23 00:0a:49:17:b1:82 74 local ‐
1.4 10.46.26.253 00:0a:49:17:b1:fe 74 local ‐
1.4 192.168.74.66 00:0a:49:17:b1:ff 74 local ‐
1.5 192.168.74.92 00:0a:49:17:b1:c0 74 local ‐
1.5 192.168.74.91 00:0a:49:17:b1:c0 74 local ‐
1.5 192.168.74.44 00:0a:49:27:84:83 74 local ‐
1.5 192.168.74.24 00:0a:49:17:b1:83 74 local ‐
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.5 10.46.26.253 00:0a:49:17:b1:fe 74 local ‐
1.5 192.168.74.66 00:0a:49:17:b1:ff 74 local ‐
prtlndA(cfg)# show arp from 1.1
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 10.1.23.1 00:01:e8:5e:ea:1f mgmt dynamic 0
1.1 169.254.104.65 00:0a:49:17:b1:41 mgmt dynamic 0
1.1 169.254.104.64 00:0a:49:17:b1:40 mgmt dynamic 0
1.1 169.254.104.66 00:0a:49:17:b1:42 mgmt dynamic 0
1.1 169.254.104.67 00:0a:49:17:b1:43 mgmt dynamic 0
1.1 10.1.23.11 00:15:17:6b:a7:d9 mgmt local ‐
1.1 169.254.104.32 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.33 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.68 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.69 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.70 00:0a:49:17:b1:09 mgmt local ‐
1.1 169.254.104.71 00:0a:49:17:b1:09 mgmt local ‐
prtlndA(cfg)# show arp from 1.1 type dynamic
Proc IP Address MAC Address VLAN Type Age(sec)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 10.1.23.1 00:01:e8:5e:ea:1f mgmt dynamic 0
1.1 169.254.104.65 00:0a:49:17:b1:41 mgmt dynamic 0
1.1 169.254.104.64 00:0a:49:17:b1:40 mgmt dynamic 0
1.1 169.254.104.66 00:0a:49:17:b1:42 mgmt dynamic 0
1.1 169.254.104.67 00:0a:49:17:b1:43 mgmt dynamic 0
10 - 32
show interface
show interface
Purpose
Mode
Security Role(s)
Syntax
Use the show interface command to show the full configuration for all interfaces.
Use show interface summary to see a single status line for each interface.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show interface [summary]
summary (optional) reduces the output to a one-line summary for each interface.
Guidelines
The default command, show interface, displays all interface configurations. The
output is the same for each individual show command: show interface mgmt, show
interface gigabit, show interface vlan, and show ron.
The show interface summary command shows the following fields for each
interface:
Type is mgmt (the out-of-band MGMT interface, if it exists on this chassis), gbe
(GigaBit Ethernet, an external port), or 10gbe (ten-Gigabit Ethernet, a faster
external port on the ARX-4000).
Slot/Port shows the location of the interface. An asterisk (*) indicates that the
interface is used as a redundant-pair link.
Admin State is Enabled or Disabled (also called “shut down”), as set by the
administrator. To change this, use [no] shutdown in the interface’s configuration
mode: see shutdown (cfg-if-gig), shutdown (cfg-if-ten-gig), shutdown
(cfg-mgmt), shutdown (cfg-if-vlan), or shutdown (cfg-if-vlan-ron-tnl). If the
interface is a member of a channel, its administrative state is controlled by its
channel: therefore, this shows “Ch n,” where n is the channel number. You can use
show channel to see the administrative state of a channel.
Link Status is the actual state of the interface (up or down).
Speed and
Duplex are both set by the speed (cfg-if-gig) command.
Description is set by the description command in the interface’s config mode:
description (cfg-mgmt) for fe, description (cfg-if-gig) for gbe, or description
(cfg-if-ten-gig) for 10gbe.
CLI Reference
10 - 33
Chapter 10
Layer 3 (Network Layer)
Samples
bstnA> show interface
shows the configuration of every interface on the current ARX. See Figure 10.6
for sample output.
prtlndA> show interface summary
shows summaries of all interfaces on the “prtlndA” chassis. For sample output,
see Figure 10.7 on page 10-39.
canbyA> show interface summary
shows summaries of all interfaces on the “canbyA” chassis, an ARX-1500. For
sample output, see Figure 10.8 on page 10-40.
Related Commands
show interface gigabit
show interface ten-gigabit
show interface mgmt
show interface vlan
show ron
speed (cfg-if-gig)
description (cfg-mgmt)
description (cfg-if-gig)
description (cfg-if-ten-gig)
Figure 10.6 Sample Output: show interface
bstnA> show interface
Interface Type management
Slot 1
Interface 1
Description
Admin State Enabled
Link Status Up
Speed 1 Gb/s
Duplex Full
Auto Negotiation Enabled
MAC Address 00:04:23:e2:bb:01
MTU Size 1500
Interface Type 10‐gigabit
Slot 2
Interface 1
Description Default
Type 10GBASE‐SR X2
Mode Normal
Admin State Enabled
Link Status Down
Speed 10 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Disabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:32
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
10 - 34
show interface
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type 10‐gigabit
Slot 2
Interface 2
Description Default
Type 10GBASE‐SR X2
Mode Normal
Admin State Enabled
Link Status Down
Speed 10 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Disabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:33
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 3
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:34
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 4
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:35
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
CLI Reference
10 - 35
Chapter 10
Layer 3 (Network Layer)
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 5
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Up
Speed 1 Gb/s
Duplex Full
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:36
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 25 Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 6
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Up
Speed 1 Gb/s
Duplex Full
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:37
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 25 Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 7
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:38
LACP Priority 32768
10 - 36
show interface
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 8
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:39
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 9
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:3a
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 10
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:3b
CLI Reference
10 - 37
Chapter 10
Layer 3 (Network Layer)
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 11
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:3c
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 12
Description Default
Type Copper
Mode Normal
Admin State Enabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:3d
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 13
Description Default
Type Copper
Mode Normal
Admin State Disabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
10 - 38
show interface
MAC Address 00:0a:49:17:78:3e
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type gigabit
Slot 2
Interface 14
Description Default
Type Copper
Mode Normal
Admin State Disabled
Link Status Down
Speed 1 Gb/s
Duplex Unknown
Auto Negotiation(Admin) Enabled
Flow Control(Admin)
Receive Off
Send Off
MAC Address 00:0a:49:17:78:3f
LACP Priority 32768
Storm Control:Broadcast 1000 packets/sec
Multicast 1000 packets/sec
Unknown DA 1000 packets/sec
Port VLAN ID 0
Accept Frames Admit All
Interface Type vlan
Vlan Admin IP Address Subnet Mask Description
‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
25 Enabled 192.168.25.5 255.255.0.0
bstnA>
Figure 10.7 Sample Output: show interface summary (ARX-2000)
prtlndA> show interface summary
Type Slot/ Admin Link Speed Duplex Description
Port State Status
‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
mgmt 1/1 Enabled Up 1 Gb/s Full
gbe 1/1 Enabled Down 1 Gb/s Unknown
gbe 1/2 Enabled Down 1 Gb/s Unknown
gbe 1/3 Enabled Down 1 Gb/s Unknown
gbe 1/4 Enabled Down 1 Gb/s Unknown
gbe 1/5 Enabled Up 1 Gb/s Full
gbe 1/6 Enabled Up 1 Gb/s Full
gbe 1/7 Disabled Down 1 Gb/s Unknown
gbe 1/8 Disabled Down 1 Gb/s Unknown
gbe 1/9 Disabled Down 1 Gb/s Unknown
gbe 1/10 Disabled Down 1 Gb/s Unknown
gbe 1/11 Disabled Down 1 Gb/s Unknown
CLI Reference
10 - 39
Chapter 10
Layer 3 (Network Layer)
gbe 1/12* Enabled Up 1 Gb/s Full
* Redundancy‐Interface
prtlndA>
Figure 10.8 Sample Output: show interface summary (ARX-1500)
canbyA> show interface summary
Type Slot/ Admin Link Speed Duplex Description
Port State Status
‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
mgmt 1/1 Enabled Up Auto‐N Full
gbe 1/2 Enabled Down 1 Gb/s Unknown Default
gbe 1/3 Disabled Down 1 Gb/s Unknown Default
gbe 1/4 Disabled Down 1 Gb/s Unknown Default
gbe 1/5 Disabled Down 1 Gb/s Unknown Default
gbe 1/6 Disabled Down 1 Gb/s Unknown Default
gbe 1/7 Enabled Up 100Mb/s Full Default
gbe 1/8 Enabled Up 100Mb/s Full Default
10 - 40
show interface mgmt
show interface mgmt
Purpose
Mode
Security Role(s)
Syntax
Administrators can log into the CLI or GUI through the out-of-band management
interface, typically labeled “MGMT.” Use the show interface mgmt command to
show the configuration and status of the out-of-band management interface.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show interface mgmt [stats]
stats (optional) displays statistics for the interface.
Platforms
Guidelines
any except ARX-VE
The default output contains the following fields:
Slot is always “1,” and
Interface is also always “1.” The 1/1 interface is the MGMT interface for all
platforms.
Description is an optional description, set by the description (cfg-mgmt)
command.
Admin Status shows whether or not the interface is administratively enabled.
You can disable (or restart) this interface with the shutdown (cfg-mgmt)
command.
Link Status is the actual state of the interface (up or down).
Speed,
Duplex, and
Auto Negotiation are all set by the speed (cfg-mgmt) command.
MAC Address is the MAC for the MGMT interface.
MTU Size shows the Maximum Transmission Unit, or maximum packet size, for
this interface.
IP Address, and
Subnet Mask define the management address and subnet. You can set these with
the ip address (cfg-mgmt) command.
The stats output is a table of counters, separated into Ingress and Egress counts. These
counts restart when the ARX reboots; use the reload command to reboot the ARX.
Use the show interface vlan command to list all of the VLAN-based in-band
management interfaces.
CLI Reference
10 - 41
Chapter 10
Layer 3 (Network Layer)
Samples
bstnA# show interface mgmt
shows the configuration and status of the out-of-band management interface. See
Figure 10.9 for sample output.
bstnA# show interface mgmt stats
shows the statistics for the same interface. Sample output appears in
Figure 10.10.
Related Commands
description (cfg-mgmt)
ip address (cfg-mgmt)
speed (cfg-mgmt)
shutdown (cfg-mgmt)
show interface vlan
Figure 10.9 Sample Output: show interface mgmt
bstnA# show interface mgmt
Slot 1
Interface 1
Description
Admin Status Enabled
Link Status Up
Speed 1 Gb/s
Duplex Full
Auto Negotiation Disabled
MAC Address 00:04:23:e2:9f:95
MTU Size 1500
IP Address 10.1.1.7 Subnet Mask 255.255.255.0
Figure 10.10 Sample Output: show interface mgmt stats
bstnA# show interface mgmt stats
Slot 1
Interface 1
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Ingress Egress
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Octets 3048207 6532008
Total Frames 39131 35497
Dropped Frames 0 0
Error Frames 0 0
FIFO Errors 0 0
Multicast Frames 38
CRC Errors 0
Symbol Errors 0
Oversize Errors 0
Frame Errors 0
Length Errors 0
Alignment Errors 0
Missed Frames 0
Collision Frames 0
10 - 42
show interface vlan
show interface vlan
Purpose
Mode
Security Role(s)
Syntax
Guidelines
You can configure one in-band-management interface per VLAN. Administrators on
the VLAN can log into the CLI through this interface. Use the show interface vlan
command to show the configuration for all in-band management interfaces.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show interface vlan
Vlan is the VLAN ID for the interface.
Admin shows whether or not the interface is administratively enabled. You can disable
(or restart) an in-band-management interface with the shutdown (cfg-if-vlan)
command.
IP Address, and
Subnet Mask define the management address and subnet. You can set these with the
ip address (cfg-if-vlan) command.
Description is an optional description, set by the description (cfg-if-vlan) command.
Use the show interface mgmt command to show the configuration for the single
out-of-band management interface.
Samples
bstnA(cfg)# show interface vlan
shows a summary of configured VLANs. See the sample output below.
Related Commands
description (cfg-if-vlan)
ip address (cfg-if-vlan)
shutdown (cfg-if-vlan)
Figure 10.11 Sample Output: show interface vlan
bstnA(cfg)# show interface vlan
Vlan Admin IP Address Subnet Mask Description
‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ 25 Enabled 192.168.25.5 255.255.255.0 CLI Reference
10 - 43
Chapter 10
Layer 3 (Network Layer)
show ip address
Purpose
Mode
Security Role(s)
Syntax
Use the show ip address command to show configuration details for a Proxy IP,
private IP, VIP, or some other IP address on the ARX.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show ip address ip‐address
ip-address is the desired IP address (for example, 192.168.25.56).
Guidelines
Slot ID shows the location of the module that processes all packets for the address.
Processor is the network processor that serves the address. Every IP address is
assigned to a single network processor. Use the show processors command to show
all processors.
Type is any of the following:
•
External is an IP address not owned by the switch, for example, the IP address of
a router or a back-end filer.
•
Proxy is a proxy-IP address. Use the show ip proxy-addresses command to
show all proxy IPs.
•
VIP is a virtual-IP address. Use the show virtual service command to show all
Virtual IPs.
•
management is the out-of-band-management interface. Use the show interface
mgmt command to show this interface.
•
VLAN is an in-band (VLAN-based) management interface. Use the show
interface vlan command to list these interfaces.
MAC Address is the MAC for the IP.
VLAN ID is the VLAN for IP’s subnet.
Sample
prtlndA(cfg)# show ip address 192.168.74.91
Report for 0.0.0.0
Slot ID :1
Processor :2
Type :VIP
MAC Address:00:0a:49:17:b1:c0
VLAN ID :74
Related Commands
10 - 44
show processors
show ip proxy-addresses
show virtual service
show interface mgmt
show interface vlan
show ip domain
show ip domain
Purpose
Mode
Security Role(s)
Syntax
Guidelines
The ARX can perform DNS lookups to translate IP addresses (for example,
“172.16.36.55”) into FQDNs (for example, “www.mycompany.com”). Use the show
ip domain command to show the current configuration for DNS lookups.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show ip domain
Domain List is analogous to the search list in resolv.conf. To edit this, use the ip
domain-list command.
Name Servers is analogous to the nameserver list in resolv.conf. To edit this, use the
ip name-server command.
Sample
bstnA(cfg)# show ip domain
DNS Server Configuration
Domain List: wwmed.com medarch.org bigorg.org Name Servers: 192.168.25.201 192.168.25.202 192.168.25.209
shows the current configuration for DNS lookups.
Related Commands
CLI Reference
ip domain-list
ip name-server
10 - 45
Chapter 10
Layer 3 (Network Layer)
show ip proxy-addresses
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Every network processor on the ARX has a proxy IP address, used as a home address
for communication with filers and servers on the back end. Use the show ip
proxy-addresses command to show all configured proxy IPs.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show ip proxy‐addresses
This command displays a table of proxy IP addresses, one per row. For a redundant
pair of switches, this shows all proxy IPs for both peers.
Proxy Address is the IP address.
VLAN is the VLAN where the proxy IP resides.
MAC Address is the layer-2-MAC address for the proxy IP.
Owner is the chassis where the proxy IP was configured. This is relevant in a
redundant-switch configuration.
In Use By is the chassis that is currently using the proxy IP. In a redundancy failover,
the surviving chassis assumes all proxy IPs from the failed chassis.
Proc identifies the network processor that is using the proxy IP, in slot.processor
format.
Use the ip proxy-address command to add a range of proxy-IP addresses.
Samples
bstnA# show ip proxy‐addresses
See Figure 10.12 on page 10-46 for sample output from a non-redundant peer.
prtlndA# show ip proxy‐addresses
See Figure 10.12 on page 10-46 for sample output from a redundant peer.
Related Commands
ip proxy-address
show processors
Figure 10.12 Sample Output: show ip proxy-addresses
bstnA# show ip proxy‐addresses
Proxy Address VLAN Mac Address Owner In Use By Proc
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐
192.168.25.31/24 25 00:0a:49:17:78:80 bstnA bstnA 2.1
192.168.25.32/24 25 00:0a:49:17:78:81 bstnA bstnA 2.2
192.168.25.33/24 25 00:0a:49:17:78:82 bstnA bstnA 2.3
192.168.25.34/24 25 00:0a:49:17:78:83 bstnA bstnA 2.4
192.168.25.141/24 25 00:0a:49:17:78:84 bstnA bstnA 2.5
192.168.25.142/24 25 00:0a:49:17:78:85 bstnA bstnA 2.6
192.168.25.143/24 25 00:0a:49:17:78:86 bstnA bstnA 2.7
192.168.25.144/24 25 00:0a:49:17:78:87 bstnA bstnA 2.8
192.168.25.145/24 25 00:0a:49:17:78:88 bstnA bstnA 2.9
192.168.25.146/24 25 00:0a:49:17:78:89 bstnA bstnA 2.10
192.168.25.147/24 25 00:0a:49:17:78:8a bstnA bstnA 2.11
192.168.25.148/24 25 00:0a:49:17:78:8b bstnA bstnA 2.12
10 - 46
show ip proxy-addresses
Figure 10.13 Sample Output: show ip proxy-addresses (Redundant Pair)
prtlndA# show ip proxy‐addresses
Proxy Address VLAN Mac Address Owner In Use By Proc
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐
192.168.74.21/24 74 00:0a:49:17:b1:80 prtlndA prtlndA 1.2
192.168.74.22/24 74 00:0a:49:17:b1:81 prtlndA prtlndA 1.3
192.168.74.23/24 74 00:0a:49:17:b1:82 prtlndA prtlndA 1.4
192.168.74.24/24 74 00:0a:49:17:b1:83 prtlndA prtlndA 1.5
192.168.74.41/24 00:0a:49:17:a1:80 prtlndB prtlndA 1.2
192.168.74.42/24 00:0a:49:17:a1:81 prtlndB prtlndA 1.3
192.168.74.43/24 00:0a:49:17:a1:82 prtlndB prtlndA 1.4
192.168.74.44/24 00:0a:49:17:a1:83 prtlndB prtlndA 1.5
CLI Reference
10 - 47
Chapter 10
Layer 3 (Network Layer)
show ip route
Purpose
Mode
Security Role(s)
Syntax
Use the show ip route command to show the active and static routes on the switch.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show ip route [all | from slot.processor | monitor]
all (optional) specifies all routes on the switch.
from slot.processor (optional) specifies routes from one network processor. This
option is not supported on the ARX-1500, ARX-2500, or ARX-VE:
slot (1-2 on an ARX-4000, 1 on any other platform) is the slot number, and
processor is the processor number. Use the show processors command to show
a complete list of processors.
monitor (optional) shows the status of the next-hop gateway, and how the ARX is
using it.
Guidelines
Every network processor on the ARX has its own IP-routing table. (In addition to the
processors behind the client/server Ethernet ports, this includes processor 1.1 because
it connects to the out-of-band network.) The show ip route all command shows the
routing tables for all processors. Many routes are common to all processors; duplicate
routes are removed from the summary command, show ip route.
Use the ip route command to create a static route.
All versions of this command except show ip route monitor have the following
fields:
Proc is the number of the module processor with the static route, in slot.processor
format. This only appears if you use an option, all or from, on a platform other
than the ARX-1500, ARX-2500, or ARX-VE. Each processor has a separate
routing table. Use the show processors command to show a complete list of
processors and their slots.
Destination/Mask defines the subnet for a route in CIDR format.
Gateway is the next-hop router for the route.
Cost is the relative cost of this route, weighed against any other routes to the same
destination. A lower-cost metric is preferred.
Interface is the interface or VLAN that carries packets to this subnet. “Mgmt” is
the out-of-band management interface, labeled MGMT on the front panel.
Age is the time (in seconds) that the ARX has been in continuous contact with the
Gateway. The ARX uses periodic ARP requests to monitor the gateway while the
route is active; the route is declared “Offline” if it fails to respond to ARPs.
“Direct” means that the route is directly-connected to the interface. “Unacquired”
applies to a per-VLAN-default route (created with ip route ... per-vlan), where
the gateway has not yet responded to ARP requests. “Static” means that the
per-VLAN route has responded to an ARP request and is evidently reachable.
10 - 48
show ip route
Guidelines: show ip
route monitor
The show ip route monitor command has similar output to show ip route, but it
focuses on the status of the connections. It contains the following fields:
Destination/Mask defines the subnet for a route in CIDR format.
Type is the general destination for the route. This is either “VLAN” (indicating a
client/server VLAN) or “Mgmt” (the out-of-band management subnet). “Mgmt”
routes are created with a special flag in the ip route command.
Gateway is the next-hop router for the route.
Cost is the relative cost of this route, weighed against any other routes to the same
destination. A lower-cost metric is preferred.
Status and
Details indicate whether or not this route is in use. If it is, this indicates how the
switch uses the next-hop gateway. If not, it indicates the problem. Here are the
possible conditions in this field:
CLI Reference
–
Up/Current Gateway indicates that the switch uses this route (as opposed
to another static route to the same subnet).
–
VLAN/Current Gateway applies to a per-VLAN-default route, created with
the ip route ... per-vlan variant of the ip route command. This indicates that
VLAN-default route is configured.
–
Up/Backup Gateway is a gateway that is available to reach the subnet, but
is not being used because some other, preferred gateway is being used
instead. Another route should be in the same output with the same
Destination/Mask, a different Gateway, and Status/Details of
Up/Current Gateway. If this subnet’s Current Gateway stops responding
to ARP packets, this route is a candidate to take its place.
–
Down/No Reply shows that the gateway is reachable through layer 2 and
ICMP, but is not replying to IP packets.
–
Down/Unreachable says that the gateway is not on a reachable subnet. Use
ip route to reset the gateway. A gateway to file servers must be on the same
subnet as the proxy-IP addresses (show ip proxy-addresses shows all such
addresses), a gateway to clients must be on the same subnet as the clients’
VIP (use show virtual service for a list of all VIPs), and a gateway to
stations in the out-of-band (OOB) management network must be in the same
subnet as the OOB management address (show interface mgmt).
10 - 49
Chapter 10
Layer 3 (Network Layer)
Samples
bstnA> show ip route
lists the static routes on the switch by IP address. See Figure 10.14 on
page 10-50 for sample output. For sample output on a different platform, see
Figure 10.18 on page 10-52.
bstnA> show ip route monitor
displays the current status of all of the above routes. See Figure 10.15 on
page 10-50 for sample output. For sample output on a different platform, see
Figure 10.19 on page 10-52.
bstnA> show ip route all
shows all static routes for all processors on the switch. See Figure 10.16 on
page 10-50 for sample output. For sample output on a different platform, see
Figure 10.20 on page 10-52.
bstnA> show ip route from 2.1
shows the static routes from processor 1 on module 2 (the NSM, or Data Plane).
See Figure 10.17 on page 10-52 for sample output. For sample output on a
different platform, see Figure 10.21 on page 10-53.
Related Commands
show processors
ip route
Figure 10.14 Sample Output: show ip route
bstnA> show ip route
Destination/Mask Gateway Cost Interface Age
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
0.0.0.0/0 192.168.25.1 128 VLAN25 2489
0.0.0.0/0 10.1.1.1 128 Mgmt 2365
192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
192.168.25.0/24 0.0.0.0 128 VLAN Direct
192.168.78.0/24 0.0.0.0 128 VLAN Direct
192.168.78.0/24 192.168.25.2 128 VLAN25 2489
10.1.1.0/24 0.0.0.0 0 Mgmt Direct
Figure 10.15 Sample Output: show ip route monitor
bstnA> show ip route monitor
Destination/Mask Type Gateway Cost Status Details
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
0.0.0.0/0 Mgmt 10.1.1.1 128 Up Current Gateway 0.0.0.0/0 VLAN 192.168.25.1 128 Up Current Gateway Figure 10.16 Sample Output: show ip route all
bstnA> show ip route all
Proc Destination/Mask Gateway Cost Interface Age
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 192.168.78.0/24 0.0.0.0 128 VLAN Direct
1.1 10.1.1.0/24 0.0.0.0 0 Mgmt Direct
1.1 192.168.25.0/24 0.0.0.0 128 VLAN Direct
1.1 192.168.25.0/24 0.0.0.0 128 VLAN Direct
1.1 10.1.1.0/24 0.0.0.0 0 Mgmt Direct
10 - 50
show ip route
1.1 0.0.0.0/0 10.1.1.1 128 Mgmt 2365
2.1 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.1 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.1 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.1 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.2 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.2 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.2 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.2 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.3 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.3 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.3 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.3 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.4 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.4 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
Proc Destination/Mask Gateway Cost Interface Age
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2.4 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.4 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.5 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.5 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.5 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.5 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.6 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.6 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.6 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.6 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.7 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.7 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.7 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.7 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.8 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.8 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.8 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.8 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.9 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.9 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
Proc Destination/Mask Gateway Cost Interface Age
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2.9 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.9 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.10 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.10 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.10 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.10 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.11 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.11 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.11 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.11 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
2.12 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.12 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.12 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.12 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
CLI Reference
10 - 51
Chapter 10
Layer 3 (Network Layer)
Figure 10.17 Sample Output: show ip route from 2.1
bstnA> show ip route from 2.1
Proc Destination/Mask Gateway Cost Interface Age
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2.1 0.0.0.0/0 192.168.25.1 128 VLAN25 2489
2.1 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.1 192.168.25.0/24 0.0.0.0 0 VLAN25 Direct
2.1 192.168.78.0/24 192.168.25.2 128 VLAN25 2489
Figure 10.18 Sample Output: show ip route (ARX-2000)
prtlndA> show ip route
Destination/Mask Gateway Cost Interface Age
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
0.0.0.0/0 192.168.74.1 128 VLAN74 6794
0.0.0.0/0 10.1.23.1 128 VLAN 9230
192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
192.168.74.0/24 0.0.0.0 128 VLAN Direct
192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
192.168.74.0/24 0.0.0.0 128 VLAN Direct
192.168.78.0/24 0.0.0.0 128 VLAN Direct
192.168.78.0/24 192.168.74.2 128 VLAN74 6799
10.1.23.0/24 0.0.0.0 0 VLAN Direct
Figure 10.19 Sample Output: show ip route monitor (ARX-2000)
prtlndA> show ip route monitor
Destination/Mask Type Gateway Cost Status Details
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
0.0.0.0/0 Mgmt 10.1.23.1 128 Up Current Gateway
0.0.0.0/0 VLAN 192.168.74.1 128 Up Current Gateway
192.168.78.0/24 VLAN 192.168.74.2 128 Up Current Gateway
Figure 10.20 Sample Output: show ip route all (ARX-2000)
prtlndA> show ip route all
Proc Destination/Mask Gateway Cost Interface Age
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 192.168.78.0/24 0.0.0.0 128 VLAN Direct
1.1 10.1.23.0/24 0.0.0.0 0 VLAN Direct
1.1 192.168.74.0/24 0.0.0.0 128 VLAN Direct
1.1 192.168.74.0/24 0.0.0.0 128 VLAN Direct
1.1 10.1.23.0/24 0.0.0.0 0 VLAN Direct
1.1 0.0.0.0/0 10.1.23.1 128 VLAN 9230
1.2 0.0.0.0/0 192.168.74.1 128 VLAN74 6794
1.2 192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
1.2 192.168.78.0/24 192.168.74.2 128 VLAN74 6799
1.2 192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
1.3 0.0.0.0/0 192.168.74.1 128 VLAN74 6794
1.3 192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
1.3 192.168.78.0/24 192.168.74.2 128 VLAN74 6799
1.3 192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
1.4 0.0.0.0/0 192.168.74.1 128 VLAN74 6794
1.4 192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
1.4 192.168.78.0/24 192.168.74.2 128 VLAN74 6799
1.4 192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
1.5 0.0.0.0/0 192.168.74.1 128 VLAN74 6794
1.5 192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
10 - 52
show ip route
Proc Destination/Mask Gateway Cost Interface Age
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.5 192.168.78.0/24 192.168.74.2 128 VLAN74 6799
1.5 192.168.74.0/24 0.0.0.0 0 VLAN74 Direct
Figure 10.21 Sample Output: show ip route from 1.1 (ARX-2000)
prtlndA> show ip route from 1.1
Proc Destination/Mask Gateway Cost Interface Age
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1 192.168.78.0/24 0.0.0.0 128 VLAN Direct
1.1 10.1.23.0/24 0.0.0.0 0 Mgmt Direct
1.1 192.168.74.0/24 0.0.0.0 128 VLAN Direct
1.1 192.168.74.0/24 0.0.0.0 128 VLAN Direct
1.1 10.1.23.0/24 0.0.0.0 0 Mgmt Direct
1.1 0.0.0.0/0 10.1.23.1 128 Mgmt 750
CLI Reference
10 - 53
Chapter 10
Layer 3 (Network Layer)
show ntp servers
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show ntp servers command to display all configured NTP servers.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show ntp servers
This command displays a table of NTP servers. For each server, the table shows a
numeric ID, the NTP protocol for the server (3 for NTPv3 or 4 for SNTPv4), the
number of seconds between Polls, and the server’s IP address.
Use the ntp server command to add an NTP server to the list. Use the show clock
command to verify that the switch is getting the correct time from the NTP server(s).
Related Commands
ntp server
show clock
Figure 10.22 Sample Output: show ntp servers
bstnA(cfg)# show ntp servers
Configured NTP Servers
ID Proto Poll Address
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2 4 64 192.168.25.201
1 4 64 192.168.25.209
10 - 54
show ntp status
show ntp status
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show ntp status command to display operational status for each configured
NTP server.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show ntp status
This command displays operational status information for each configured NTP
server, one row per server. The fields match the output of the pe[er] command on the
Unix ntpq program, or ntpq -p on Windows:
(tally code) - the one-character tally code, representing the server’s current status
(see Table 10.1, “Tally Codes,” on page 56),
remote - the remote NTP server’s hostname or IP address,
refid - the IP address or hostname of the server’s reference clock (another NTP
server; 0.0.0.0 if unknown),
st - the stratum of the server (1-16, where 1 is ideal, 15 is worst, and 16 means
“unusable”),
t - the type of the NTP server (local, unicast, multicast, or broadcast) when the last
packet was received,
when - the time of the last received packet,
poll - the number of seconds between polls,
reach - the reachability register, in octal,
delay - the interval (in milliseconds) to be added to requests that require
authentication,
offset - the number of milliseconds between the server’s clock and the ARX
clock, and
jitter - the estimated time error of the server clock, measured as an exponential
average of RMS time differences.
Use the show ntp servers command to get a list of all configured NTP servers. Use
the show clock command to verify that the switch is getting the correct time from the
NTP server(s).
Related Commands
show ntp servers
show clock
Figure 10.23 Sample Output: show ntp status
bstnA(cfg)# show ntp status
NTP server status
remote refid st t when poll reach delay offset jitter
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
+lager.wwmed navobs1.mit.edu 2 ‐ 14 64 377 0.640 ‐147.94 6.475
*dc1.wwmed.c lager.wwmed 2 ‐ 15 64 377 0.411 145.091 13.112
CLI Reference
10 - 55
Chapter 10
Layer 3 (Network Layer)
Table 10.1 Tally Codes
*
sys.peer - The local switch has declared the peer the “system peer;” the peer
lends its variables to the system variables.
o
pps.peer - The peer has been declared the system peer and lends its variables
to the system variables. However, the actual system synchronization is
derived from a pulse-per-second (PPS) signal, either indirectly via the PPS
reference clock driver or directly via kernel interface.
+
candidate - The peer is a survivor and a candidate for the combining
algorithm.
#
selected - The peer is a survivor, but not among the first six peers sorted by
synchronization distance. If the association is ephemeral, it may be
demobilized to conserve resources.
.
excess - The peer is discarded as not among the first ten peers sorted by
synchronization distance. It is probably a poor candidate for further
consideration.
<Space>
reject - The peer is discarded as unreachable, synchronized to this server
(synch loop) or excessive synchronization distance.
x
falsetick - The peer is discarded by the intersection algorithm as a
falseticker.
‐
outlyer - The clustering algorithm designated the peer as an outlyer and
discarded it.
10 - 56
shutdown (cfg-if-vlan)
shutdown (cfg-if-vlan)
Purpose
From cfg-if-vlan mode, use the shutdown command to shut down the in-band
management interface for a VLAN.
Important
In a redundant pair of ARXes, the network software uses an in-band
(VLAN) management address as a home address for its communication
with the quorum-disk. Without an in-band-management address and an ip
route to the quorum disk, a failover is impossible. If this interface has
redundancy (cfg-if-vlan) enabled, the shutdown command causes the
backup to reboot. Additionally, any ron tunnels that use this address will
fail if you shut it down; a shadow-copy-rule depends on RON tunnels to
communicate with other ARXes in the network.
Use the shutdown command only on the advice of F5 Support.
Use no shutdown to restart the management interface.
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
cfg-if-vlan
network-engineer or crypto-officer
shutdown
no shutdown
shutdown
If you shut down the in-band management interface, administrators are immediately
disconnected from the interface.
An ARX in a redundant pair has additional issues. A redundant ARX requires an
in-band (VLAN) management interface on the same VLAN as its quorum disk. This is
required so that the ARX can reach its quorum disk while in the backup role. Refer to
the quorum-disk documentation for more details. If this interface has redundancy
(cfg-if-vlan) enabled, the interface is even more vital to redundancy; in this case, a
shutdown causes the backup ARX to reboot. Do not shut down this interface if this
ARX has a quorum disk on the current VLAN or if the interface is used as the
redundancy link.
If the current in-band (VLAN) interface terminates any Resilient Overlay Network
(RON) tunnels, this command shuts down communication with all of them. This could
potentially disrupt a shadow-copy rule or management access to another ARX.
Samples
bstnA(cfg‐if‐vlan[4])# shutdown
shuts down the in-band management interface for VLAN 4.
bstnA(cfg‐if‐vlan[4])# no shutdown
restarts the same interface.
CLI Reference
10 - 57
Chapter 10
Layer 3 (Network Layer)
Related Commands
10 - 58
interface vlan
quorum-disk
ron tunnel
shutdown (cfg-mgmt)
shutdown (cfg-mgmt)
Purpose
From cfg-mgmt mode, use the shutdown command to shut down the out-of-band
management interface.
Use no shutdown to restart the management interface.
Mode
Security Role(s)
Syntax
cfg-mgmt
network-engineer or crypto-officer
shutdown
no shutdown
Default(s)
no shutdown: the interface is enabled by default after you go through the initial-boot
process.
Platforms
any except ARX-VE
Guidelines
If you shut down the out-of-band management interface, administrators are
immediately disconnected from the interface.
The ARX-1500 and ARX-2500 use port 1/1 for out-of-band management by default. If
you use this command on one of those platforms, you can then dedicate port 1/1 to
client/server traffic with the interface gigabit 1/1 command and its sub commands.
Samples
bstnA(cfg‐mgmt)# shutdown
shuts down the out-of-band management interface.
bstnA(cfg‐mgmt)# no shutdown
restarts the interface.
Related Commands
CLI Reference
interface mgmt
10 - 59
Chapter 10
Layer 3 (Network Layer)
speed (cfg-mgmt)
Purpose
Mode
Security Role(s)
Syntax
From cfg-mgmt mode, use the speed command to set the speed and duplex
configuration on the fast Ethernet port for the switch’s out-of-band (OOB)
management interface.
cfg-mgmt
network-engineer or crypto-officer
speed {auto | 100‐half | 100‐full | 10‐half | 10‐full | 1000‐full}
auto | 100-half | 100-full | 10-half | 10-full | 1000-full is a required choice:
auto is auto-negotiate (the default) 10/100 megabits-per-second (mbps), half/full
duplex. Makes the port auto-negotiate with its peer. Use this setting to enable
MDI/MDIX cross-over on the OOB-management port.
100-half is fast Ethernet, 100 mbps, half duplex.
100-full is fast Ethernet, 100 mbps, full duplex.
10-half is fast Ethernet, 10 mbps, half duplex.
10-full is fast Ethernet, 10 mbps, full duplex.
1000-full is Gigabit Ethernet, 1000 mbps, full duplex.
Default(s)
auto
Platforms
any except ARX-VE
Guidelines
The ARX has one out-of-band management interface labeled MGMT on the front
panel of the switch.
The MGMT port supports automatic MDI/MDIX cross-over. This feature
automatically corrects the polarity of the attached CAT5 cable, regardless if it is a
cross-over or straight-through type. However, the port must be set to “auto”
(auto-negotiate enabled). When the port speed/duplex is forced, automatic MDI/MDIX
cross-over is disabled, and you must cable the port using standard cross-over or
straight-through cabling. That is, connections between switches and/or routers require
a “crossover” cable, and connections between switches/routers to hosts/end-stations
require a “straight-through” cable.
Sample
bstnA(cfg)# interface mgmt
bstnA(cfg‐mgmt)# speed 100‐half
For the OOB-management interface, sets the fast Ethernet port speed to 100 mbps
and the duplex configuration to half duplex.
Related Commands
10 - 60
interface mgmt
show interface mgmt
wait-for ip-routes
wait-for ip-routes
Purpose
Mode
Security Role(s)
Syntax
Use the wait-for ip-routes command to wait until all of your configured static routes
are operational.
(any)
network-technician, network-engineer, storage-engineer, or crypto-officer
wait‐for ip‐routes [timeout timeout]
timeout (optional, 1-2096) is the timeout value in seconds.
Default(s)
Guidelines
timeout - none, wait indefinitely
This command is useful in CLI scripts.
After you have established one or more static routes with the ip route command, you
can use the wait-for ip-routes command to wait for all of those routes to come online.
This can be useful for CLI scripts, which you can copy onto the switch (with copy ftp,
copy scp, copy {nfs|cifs}, or copy tftp), and run.
If you set a timeout and it expires before the last static route is up, the command exits
with a warning. To interrupt the wait-for ip-routes command, press <Ctrl-C>. You
can use the show ip route monitor command to see the current status of all static
routes.
Samples
stkbrgA# wait‐for ip‐routes
waits indefinitely for all static routes to come up. The CLI prompt does not return
until this command proves that all routes are functional.
stkbrgA# wait‐for ip‐routes timeout 30
waits up to 30 seconds for all static routes to come up.
Related Commands
CLI Reference
ip route
show ip route
10 - 61
Chapter 10
Layer 3 (Network Layer)
10 - 62
11
Licensing
This chapter contains an alphabetical list of commands for activating and
using software licenses in the ARX.
clear active-license
clear active-license
Purpose
Mode
Security Role(s)
Use the clear active-license command to remove the active license from this system.
This renders the current system unlicensed, so that you can no longer use its storage
services or enter gbl mode in the CLI. Use the command only on the advice of F5
Support.
priv-exec
crypto-officer
Syntax
clear active‐license
Default
None
Guidelines
Use this command only on the advice of F5 Support. The CLI prompts for
confirmation before it clears the license; enter yes to proceed.
If the ARX can connect to the Internet, you can use the license activate command to
automatically re-activate the license. Otherwise, you can use a manual activation
method, as described in the documentation for the license create license-dossier
command.
You can use the show active-license command to view the license-expiration time
and all the currently-licensed features on the system.
Sample
stkbrgA# clear active‐license
Warning: Clearing the license renders the ARX inoperable. Continue with operation? [yes/no] yes
clears the license on an ARX named “stkbrgA.”
Related Commands
CLI Reference
license activate
license create license-dossier
show active-license
11 - 3
Chapter 11
Licensing
license activate
Purpose
Mode
Security Role(s)
Syntax
Use the license activate command to activate your software license and begin setting
up storage services on the ARX.
priv-exec
crypto-officer
license activate base‐reg‐key base‐key
license activate add‐on‐key add‐key
base-reg-key base-key (1-33 characters) is the base registration key for the
current ARX. If you purchased hardware with Release 6.00.000 or later, the key
is installed before shipment; use the <tab> key to auto-complete your base
registration key. To upgrade older hardware to Release 6.00.000 or later, contact
your F5 Sales representative to purchase a license and receive the key in an E-mail
message. For trial software, you can get a key for a trial license E-mailed to you
from the same site where you downloaded the software, https://www.f5.com/trial/.
add-on-key add-key (1-15 characters) is a registration key for an add-on license.
You can purchase an add-on license to add more capacity or additional features to
your ARX. As above, contact your F5 Sales representative to purchase an add-on
license and receive the key in an E-mail message.
Guidelines: Trial or
Evaluation Licenses
in a Redundant Pair
Trial licenses, obtained from https://www.f5.com/trial/, and evaluation licenses have
an expiration date built into them. The timer for the license expiration begins when
you run the license activate command or manual activation (described below). If you
are installing one of these temporary licenses on a redundant pair of ARX devices, the
start dates should be no more than 24 hours apart. We recommend activating the
license at both peers on the same day. This avoids a large gap in time where one peer
is licensed and the other peer is unlicensed, and it also avoids an SNMP trap that warns
you of the license mismatch.
Guidelines: Automatic
Activation
This command contacts a license server at F5, http://activate.f5.com/, so the ARX
must have a static route (ip route) to the Internet and access to a DNS server (ip
name-server) before you use it. These network settings should be properly
configured during installation, in the initial-boot script. You can use ping
license-server to confirm that you have a usable connection to the server. If not, you
can use the show ip route command for a list of static routes, and use show ip route
monitor to check the status of each route. You can also use show ip domain to see
your DNS setup, and/or ip name-server to add a new DNS server to the ARX
configuration.
If circumstances or network policy prevents you from connecting the ARX to the
Internet, you can use a manual activation method, as described in the documentation
for the license create license-dossier command.
In a redundant pair of switches, each ARX has its own license. Activate the license on
both peers. If there are any add-on licenses, activate those on both peers, too.
11 - 4
license activate
Guidelines: Automatic
Activation (Cont.)
Your initial license activation requires contact information and acceptance of an
End-User License Agreement (EULA). The CLI only requests this information if you
have not already entered it through other means.
The contact information comes in two parts: general information and an E-mail
address.
The CLI requests general information first, with prompts for the following items:
–
First Name
–
Last Name
–
Company Name
–
Phone
–
Job Title
–
Address
–
City
–
State/Province
–
Postal Code
–
Country
Then the CLI shows you a summary of these items; enter yes to accept the entries,
or no to restart the list.
The CLI then prompts you for an E-mail address. If you see this, enter the E-mail
address and then re-enter it as prompted.
The End-User License Agreement (EULA) appears next and prompts you for
confirmation. The EULA also appears for a re-run of this command if the
agreement text has changed in any way. If the EULA appears, review the
agreement carefully and then enter yes to accept it.
An information message appears at the end indicating the final success or failure of
your license activation.
Use the show active-license command to see all of the licensed limits after you
install the base license.
An add-on license changes the limits expressed in show active-license; the CLI
informs you of all the changes after you run this command with the add-on-key
option.
Sample
stkbrgA# license activate base‐reg‐key CRJGV‐QPDYW‐SATNK‐RGBYY‐DMTMOBL
% INFO: The license has been successfully activated.
automatically activates the license for the “stkbrgA” switch.
Related Commands
CLI Reference
ip route
show ip route
ip name-server
ip domain-list
show ip domain
ping license-server
clear active-license
11 - 5
Chapter 11
Licensing
license activate file
Purpose
Some installations do not permit a network connection from the ARX to the Internet,
but an Internet connection is required to access a valid F5 license server. For these
installations, a manual process is necessary to activate the license on the ARX. The
manual-activation process involves downloading a valid license file from the F5
license server to a remote host, and then transferring the license file to the ARX. The
final step in manual-license activation is activating that valid license file on the ARX.
Use the license activate file command to activate a valid license file, one that was
downloaded from http://activate.f5.com/. You can also use it to activate a copy of the
“active.license” file (which is created by the license activate command).
Mode
Security Role(s)
Syntax
priv-exec
crypto-officer
license activate file file‐name
file-name (1-1024 characters) is the name of the license file to activate. For a full list
of available license files, you can use the show license command.
Guidelines
You can use a faster method for activating your license if the ARX has a valid route to
the license server at http://activate.f5.com/. The ping license-server command tests
the connection between the ARX and the license server. If this ping command
succeeds, you can use the license activate command instead of this one.
Guidelines: Manual
Activation
The manual activation process starts at the ARX CLI, continues on a remote host with
access to the F5 server, and then concludes at the ARX CLI:
•
The license create license-dossier command creates a dossier file to identify
the ARX and enumerate its capabilities. The file name is “arx.dossier;” you can
use the show license-dossier command to confirm that it exists.
•
Use your preferred form of the copy command (such as copy ftp, copy scp, or
copy smtp) to upload the arx.dossier file to a host that can connect to the Internet.
For sites where such an upload is not permitted, you can use an alternative that is
described below.
•
From an HTTP browser on the remote host, connect to the following site and fill
out the forms for getting an ARX license:
http://activate.f5.com/
When prompted to enter the ARX dossier, you can either upload it from the
location above, or you can copy and paste the encrypted output from show
license-dossier.
This creates a file with a “.license” extension (such as “arx.license”) on the
remote host.
11 - 6
•
At the ARX CLI, use copy source-url license arx.license to download the
“.license” file from the remote host to the “license” directory on the ARX.
•
Use this command, license activate file arx.license, to activate this new license
on the ARX. One or more information messages appear at the end indicating the
final success or failure of your license activation.
license activate file
Guidelines: Trial or
Evaluation Licenses
in a Redundant Pair
Sample
Trial licenses, obtained from https://www.f5.com/trial/, and evaluation licenses have
an expiration date built into them. The timer for the license expiration begins when
you run the license activate command or this command. If you are installing one of
these temporary licenses on a redundant pair of ARX devices, the start dates should be
no more than 24 hours apart. We recommend activating the license at both peers on the
same day. This avoids a large gap in time where one peer is licensed and the other
peer is unlicensed, and it also avoids an SNMP trap that warns you of the license
mismatch.
stkbrgA# license activate file arx.license
% INFO: The license has been successfully activated.
activates the license in the “arx.license” file.
Related Commands
CLI Reference
show license
license activate
license create license-dossier
copy ftp
copy {nfs|cifs}
copy scp
copy smtp
show license-dossier
clear active-license
11 - 7
Chapter 11
Licensing
license create license-dossier
Purpose
Mode
Security Role(s)
Syntax
Some installations do not permit a network connection from the ARX to the Internet,
but an Internet connection is required to access a valid F5 license server. For these
installations, a manual process is necessary to activate a license on the ARX. The first
step in manual-license activation is creating a dossier file that describes the current
ARX. Use the license create license-dossier command to create the dossier file.
priv-exec
crypto-officer
license create license‐dossier base‐reg‐key base‐key
license create license‐dossier add‐on‐key add‐key
base-reg-key base-key (1-33 characters) is the base registration key for the
current ARX. If you purchased hardware with Release 6.00.000 or later, the key
is installed before shipment; use the <tab> key to auto-complete your base
registration key. To upgrade older hardware to Release 6.00.000 or later, contact
your F5 Sales representative to purchase a license and receive the key in an E-mail
message. For trial software, you can get a key for a trial license E-mailed to you
from the same site where you downloaded the software, https://www.f5.com/trial/.
add-on-key add-key (1-15 characters) is a registration key for an add-on license.
You can purchase an add-on license to add more capacity or additional features to
your ARX. As above, contact your F5 Sales representative to purchase an add-on
license and receive the key in an E-mail message.
Guidelines
Guidelines: Manual
Activation
You can use a faster method for activating your license if the ARX has a valid route to
the license server at http://activate.f5.com/. The ping license-server command tests
the connection between the ARX and the license server. If this ping command
succeeds, you can use the license activate command instead of this one.
This command creates a dossier file to identify the ARX and enumerate its
capabilities. The file name is “arx.dossier;” you can use the show license-dossier
command to confirm that it exists.
Then use your preferred form of the copy command (such as copy ftp, copy scp, or
copy smtp) to upload the arx.dossier file to a host that can connect to the Internet.
For sites where such an upload is not permitted, you can use an alternative that is
described below.
From an HTTP browser on the remote host, connect to the following site and fill out
the forms for getting an ARX license:
http://activate.f5.com/
When prompted to enter the ARX dossier, you can either upload it from the
location above, or you can copy and paste the encrypted output from show
license-dossier.
This creates a file with a “.license” extension (such as “arx.license”) on the remote
host.
At the ARX CLI, use copy source-url license arx.license to download the
“.license” file from the remote host to the “license” directory on the ARX.
Use license activate file arx.license to activate this new license on the ARX.
11 - 8
license create license-dossier
Sample
stkbrgA# license create license‐dossier base‐reg‐key CRJGV‐QPDYW‐SATNK‐RGBYY‐DMTMOBL
creates a dossier file, “arx.dossier,” for the “stkbrgA” switch.
Related Commands
CLI Reference
license activate
show license
copy ftp
copy {nfs|cifs}
copy scp
copy smtp
show license-dossier
license activate file
clear active-license
11 - 9
Chapter 11
Licensing
ping license-server
Purpose
Mode
Security Role(s)
Syntax
Use the ping license-server command to send a simple request to your license server.
This verifies that you can connect to the license server and use the automatic license
activate command.
(any)
crypto-officer
ping license‐server [base‐reg‐key base‐key]
base-reg-key base-key (1-33 characters) is the base registration key for the
current ARX. If you purchased hardware with Release 6.00.000 or later, the key
is installed before shipment; use the <tab> key to auto-complete your base
registration key. To upgrade older hardware to Release 6.00.000 or later, contact
your F5 Sales representative to purchase a license and receive the key in an E-mail
message. For trial software, you can get a key for a trial license E-mailed to you
from the same site where you downloaded the software, https://www.f5.com/trial/.
This option is unnecessary after activation.
Guidelines
The output from a successful ping shows the current time at the F5 license server,
http://activate.f5.com/.
If the output shows an error instead of a timestamp, the license server is unreachable.
The ARX must have a static route (ip route) to the Internet for this command to
succeed. Use the show ip route command for a list of static routes, and use show ip
route monitor to check the status of each route.
The ARX must also have a DNS server available for translating server FQDNs into IP
addresses; use show ip domain to see your DNS setup, and/or ip name-server to add
a new DNS server to the ARX configuration.
If circumstances or network policy prevents you from connecting the ARX to the
Internet, you can use a manual activation method, as described in the documentation
for the license create license-dossier command.
Sample
stkbrgA# ping license‐server
% INFO: Activation server response: 'Tue Nov 09 14:52:01 UTC 2010'
indicates that you can reach the license server, and that you can therefore use
license activate to automatically activate your software license.
Related Commands
11 - 10
license activate
ip route
show ip route
ip name-server
ip domain-list
show ip domain
show active-license
show active-license
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show active license command to display a complete list of all features and
limits that are currently licensed on this ARX.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show active‐license
This command shows a list of all currently-licensed options. This information is
broken into several tables.
System License Information is information about the active license itself. Here are
some key fields in the output:
Auth Vers. is for internal use only.
Usage indicates the intended usage for the license. This is also for internal use
only.
Registration Key is the base registration key used for license activate and
similar commands.
Licensed version identifies the software release that is licensed. This is a release
number with an x.y.0 format. You are permitted to install any maintenance release
off of the same base, such as x.y.1, x.y.2, and so on.
License Date is the date when the license was first activated with license
activate, license activate file, or a GUI equivalent.
License Start is the earliest date when the license could be valid. This does not
appear for a production license, which has no start or end date.
License End is the expiration date for the license. This field also does not appear
for a production license.
Service Check Date is used for comparison to any software that is installed
later. The date of a major release is included in its release file; if that date is earlier
than the license’s service-check date (in this field), you are permitted to install the
new release. Use the show releases command to get a list of all release files on
the ARX, and use boot system to prepare the ARX to install the new release.
Platform ID identifies the ARX platform to which this license applies. The codes
are Z100 for an ARX-VE, A106 for an ARX-500, D108 for an ARX-2000, D103
for an ARX-4000, C110 for an ARX-1500, or C111 for an ARX-2500.
Service Status is a string to explain the implications of the Service Check
Date above.
Module List contains a sub table for each add-on license. Add-on licenses will be
supported in a future release.
Feature List shows all of the features and limits that the active license supports.
Some of these features contain a suffix of “_4k.” This indicates that the values are
shown in blocks of 4,096. Multiply each such value by 4096 to get the actual
limit.
CLI Reference
11 - 11
Chapter 11
Licensing
Guidelines (Cont.)
Sample
Use the license activate command to automatically activate the license for the current
ARX. Automatic activation is only possible if the ARX has a network connection to
the F5 web site, http://activate.f5.com/; if not, you can use the license create
license-dossier command to start the process of manual activation.
bstnA# show active‐license
shows the active license and all the options that it enables. See Figure 11.1 on
page 11-12 for sample output.
Related Commands
license activate
license create license-dossier
Figure 11.1 Sample Output: show active-license
bstnA# show active‐license
System License Information
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Auth Vers: 5b
Usage: F5 Internal Product Development
Registration Key: W218274‐067731‐88692‐6045‐2946811
Licensed version: 6.0.0
License Date: Nov 23 2010
License Start: Nov 22 2010
License End: May 3 2011
Service Check Date: Apr 3 2011
Platform ID: D103
Service Status: As of 2011‐04‐03 there is no active service contract.
: This may inhibit your ability to upgrade your software.
License Load Date: Apr 4 2011
Module List
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
ARX 4000:
Reg Key: W428510‐1430583
LIC‐PKG‐ARX4‐ENT:
Feature List
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
cifs_services_per_system: 64
direct_attach_points_per_system: 524288
direct_shares_per_system: 16384
direct_shares_per_volume: 255
direct_shares_per_volume_group: 2048
files_per_system_4k: 500000
files_per_volume_4k: 62500
files_per_volume_group_4k: 62500
global_servers_per_system: 64
namespaces_per_system: 16
nfs_services_per_system: 64
protocol_qty_allowed: 3
redundancy: enabled
shares_per_system: 1024
shares_per_volume: 64
shares_per_volume_group: 128
virtual_services_per_system: 64
11 - 12
show active-license
volume_groups_per_system: 16
volumes_per_system: 256
volumes_per_volume_group: 32
CLI Reference
11 - 13
Chapter 11
Licensing
show license-dossier
Purpose
Mode
Security Role(s)
Syntax
Guidelines
A license dossier is a file that describes the ARX and its capabilities. The dossier file
is used for license activation; the license server requires the ARX dossier to provide
you with a license. The dossier is encrypted. When you activate your license manually,
you can copy and paste the encrypted dossier into the form on http://activate.f5.com/.
Use the show license-dossier command to display the dossier file as an encrypted
string.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show license‐dossier
This command is only useful for a manual license activation. You can use a faster
method for activating your license if the ARX has a valid route to the Internet. If the
ARX can connect to the Internet, you can use the license activate command to
automatically activate your license.
This command shows the encrypted string that represents your dossier file, if the file
exists. You can copy this string from the CLI and paste it into the proper field at
http://activate.f5.com/. As an alternative, you can use some form of the copy
command (such as copy ftp, copy scp, or copy smtp) to copy the “arx.dossier” file
to another host, and upload the dossier from that host to http://activate.f5.com/.
Sample
stkbrgA# show license‐dossier
shows the “arx.dossier” file in encrypted form. See Figure 11.2 on page 11-14
for sample output.
Related Commands
license activate
Figure 11.2 Sample Output: show license-dossier
stkbrgA# show license‐dossier
bb614ac893297bd563645a60e136d44952ad1990c831f65be13d88b5268ffec885a5ff45a13f8e25d1de0b60881e1c0e78
a11ec840e7010f02a4d313ec243ba2961935b11d186a924d74188a1f635024f5010716d91f156e1278f4de6a8bcced12d4
cbab70494df4b812e77737d25debb2c3f482c6f1b867cf44db73d316fe67ee09eef5fea1dc675e5caf665344ecfa9b36cd
4bb0b1f9303b848a8c2d602971c1e864c181ec0c0d04579ad47aaf6da42e1d0b80afffe28622e5a2433555c8ca9dde13ab
7fe7e6f9c81d4ceb583b7cc25e6f0798db29c41ef8a65eefa04854fbc12bff8f71f682f3fc94e09cb2bc24c70e47bf3391
238225b5be7478fa59118c53a0ddd347b14e8ad0f69b7826a540969f8d2f2d79290c239d759151e2691dc72d78e33d7fda
91a3271e9ca64a450f6359efd56267f658e1f2e36027b543d897bb61cebd4f129bec14040c58851eb837674469f0e10101
8c9ae035aa55d1682e9a1f30038da69142540cd7766c801d06ae24e8fe1e6456b7e492d724c68a9a8bb5909e8f3e2b22b8
f9daae0f5607fc12629bdc32822ff85cf2d62133349338e24c66710cc83a1df88a4f99f754366ccb639938552fbe43fd82
c3fc4f8515031c273297345017513837aaf4798950fef8a19ab001dd9543facd973bb02033ed0bf74ef919ac51db3b06af
9dd0ad4a8c0c7cae49b2b3070f09fce06ce77fb687c359814cf304b57b2117262b90704ab206b7f768bbe601768851d722
db6df07640fb4c4f8dda28f0c382d58a9e8f7b93d9f5cb18e16b12e31407e8e7b4b32d889aa6baea9f8447e9371c0ea586
0511cc410427c9ebb46ade4c844767d7389f3f385bb9dd4495a5073618c966d90501fc791e293a7febf744969a5893bbc7
bac7682fc00090d5ea954f4781d019ddf87d0e620d5583221b7e1564ac77e6c8c1a087abef548066c7a3ab7d96a3d02230
5f2f09c7fed78d0752384f60506a62f24fa9152523781aab5c5455db15334a4414825b89cf5e38d367471b85e5712acd40
9f56b587ddd4b223babee95de098ff6c1cc973e18521e405c664a0b4d3728fa5cbc050993bc25d5bcf30fd170ef1af8ab3
f5941b1c97e7d4774b5e0b7ff18bf81bc20ce01090db42951734a576e721b9381ecf472f3fac3e7aa89c717e67f0198d4d
7562d95d04f6d9d71c3804ddc0cbacaf3b2991cc5fcb0c3b3a86f61a771f8d57ceb8cec114be658a34b908b76549811aff
4714e955966ec7cef0808a21f82c928393fc805ac6537e021f7de59c02978ff73aeaa2ab6f4bf313841ef84c1c1634b340
6f27ce2d1d82133e0ccc2538fb7788b0c6410f32a944cc855f2345c4c683906d97e896c78a4efdca8ccf4ce7cae5dc94ba
fdf5ceff580732d6234da308abcd52c15b9a0d1766ae8dd6bd59dde0d5b5bac86b14a9ae8a2eb2a4019871a3695052b441
11 - 14
show license-dossier
a36cf777c01354b1e0176de064ad250dffd256cc48490a32ce99bea3876fce8eb01bd2b7bbbe4635fb6c23fc0611b835b0
1effe9758f2e163fe324628ec386e4dd8d257b12a05f5e2d4da3e298248df0b2bfa85c8ab12f8843d1ca4d7ff88354d1e6
4daf9f2deae7842e1812adebdc4a71fbe8addc5e1d051ba51793442740756aa51bc2e34e4ab8add498ff1eccb74a3184db
faf9171ad6837ae2d2bc3e55b96e628179dc5146cc53a502279fb5d895b8634bdfdfe29a7332f0acf22688317d5c4a88cb
806a6a4c18d0f896a8fe854aff4f3bc33b18f20ff0393c40001ec53a435aa570d61faa393332326a4337b64856829a951a
3d2a53e3613b
CLI Reference
11 - 15
Chapter 11
Licensing
11 - 16
12
SNMP
show snmp-server
show snmp-server
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show snmp-server command to see all SNMP-configuration settings.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show snmp‐server
System Information contains configuration information:
•
Name can be reset with the snmp-server name command.
•
Contact can be set with snmp-server contact.
•
Location can be changed with snmp-server location. Name, Contact, and
Location are the configurable parts of the MIB-2 system table.
•
Interface is the interface used for SNMP communication: this is either
“Management,” “VLAN,” or “None,” as set by the cfg-mgmt-access permit
command.
•
Traps shows the scope of SNMP traps that the ARX can send. The options are
“Private Traps enabled” (the traps that are unique to the ARX, cataloged in the
ARX SNMP Reference), “All Traps enabled” (ARX-only traps together with
generic SNMP traps), or “Disabled.” You can set this with the snmp-server traps
command.
Access Mode/Communities is a table of access permissions (read-only, or
read-write) and the community string associated with each. The community string is
encrypted. You can use snmp-server community to set it.
Trap Targets shows all of the SNMP hosts configured to receive traps. Use
snmp-server host to change this list.
Trusted Hosts are allowed to perform gets and/or sets. The snmp-server trusthost
command controls this setting.
Sample
bstnA> show snmp‐server
shows the SNMP configuration for the “bstnA” switch. See Figure 12.1 for
sample output.
Related Commands
CLI Reference
snmp-server contact
snmp-server name
snmp-server location
snmp-server community
snmp-server trusthost
snmp-server traps
snmp-server host
12 - 3
Chapter 12
SNMP
Figure 12.1 Sample Output: show snmp-server
bstnA> show snmp‐server
System Information
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Name: arx1
Contact: jpublic, jpublic@mycompawells.me.org
Location: 2nd floor lab, row 3, bay 4, shelf 5
Interface: Management/VLAN
Traps: All traps enabled
Access Mode Communities
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
read‐write private
read‐only public
Trap Targets
Address Community UDP Port
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
10.1.1.68 public 162
172.16.100.101 public 162
172.16.100.183 public 162
Trusted Hosts
Address
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
10.1.1.68
172.16.100.183
12 - 4
snmp-server community
snmp-server community
Purpose
External SNMP agents use a community string to access the local SNMP agent. Use
the snmp-server community command to enter a valid community string for SNMP
access.
Use the no form of snmp-server community to remove a community string from the
list.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
snmp‐server community community‐string {read‐only | read‐write}
no snmp‐server community community‐string {read‐only | read‐write}
community-string is up to 16 characters.
read-only | read-write is a required choice. This sets the permissions for agents that
access the local SNMP agent.
Default(s)
Guidelines
None
You can use this command multiple times, once for each supported community string.
The no form removes one of the strings from the list.
After you have configured a community string with this command, you can use the
snmp-server trusthost command for each trusted SNMP host.
Samples
bstnA(cfg)# snmp‐server community public read‐only
establishes read-only access for trusted hosts that use the “public” community
string in their SNMP queries.
bstnA(cfg)# no snmp‐server community experimental read‐write
removes a community string, “experimental,” from the list of valid strings.
Related Commands
CLI Reference
snmp-server trusthost
12 - 5
Chapter 12
SNMP
snmp-server contact
Purpose
Use the snmp-server contact command to enter contact information (sysContact,
MIB-2.1.1.4) for the ARX.
Use no snmp-server contact to clear the contact information.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
snmp‐server contact contact‐info
no snmp‐server contact
contact-info (1-255 characters) is the SNMP contact information. Use quotation marks
around the string if it contains any spaces.
Default(s)
Guidelines
Samples
No contact information is set.
The sysContact MIB object is part of the MIB-2.system tree, MIB-2.1.1.4. Use the
hostname command to set the sysName object, and use the snmp-server location
command to set the sysLocation.
bstnA(cfg)# snmp‐server contact “jpublic, jpublic@mycompany.com”
sets the sysContact MIB object for the ARX.
bstnA(cfg)# no snmp‐server contact
erases the setting for the sysContact MIB object.
Related Commands
12 - 6
hostname
snmp-server location
snmp-server host
snmp-server host
Purpose
Use the snmp-server host command to configure a target for SNMP notifications
(such as SNMP traps).
Use the no form of the command to remove an SNMP server from the list.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
snmp‐server host host‐ip community‐string [udp‐port]
no snmp‐server host host‐ip
host-ip is the IP address of the SNMP host (for example, 192.168.70.65).
community-string (up to 16 characters) is sent in each SNMP packet.
udp-port (optional; 1-65535) is the UDP port where the remote host is listening for
SNMP notifications. For most SNMP hosts, the default (162) is sufficient.
Default(s)
Guidelines
162, the well-known port for SNMP notifications, is the default udp-port.
You can use this command multiple times to define up to 6 trap destinations.
Use the snmp-server traps command to enable SNMP traps.
For communication with an SNMP server (host access or trap transmission), you must
also permit access to the SNMP agent through the internal firewall. Use the
management access snmp command to edit the rules for SNMP, then use the
permit command to permit server access through the out-of-band management
interface (labeled MGMT on the front panel), the in-band (VLAN) management
interface(s), or both.
Samples
bstnA(cfg)# snmp‐server host 10.1.1.68 public
bstnA(cfg)# snmp‐server host 172.16.100.101 public
sets two destinations for SNMP notifications.
bstnA(cfg)# no snmp‐server host 192.168.25.215
removes the SNMP host at 192.168.25.215 from the list of trap destinations.
Related Commands
CLI Reference
snmp-server traps
management access ‐> permit
12 - 7
Chapter 12
SNMP
snmp-server location
Purpose
Use the snmp-server location command to enter location information (sysLocation,
MIB-2.1.1.6) for the ARX.
Use the no form of the command to clear the sysLocation setting.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
snmp‐server location location‐info
no snmp‐server location
location-info (1-255 characters) is the SNMP-server location information. Use
quotation marks around the string if it contains any spaces.
Default(s)
Guidelines
Samples
No location information is set.
The sysLocation MIB object is part of the MIB-2.system tree, MIB-2.1.1.6. Use the
hostname command to set the sysName object, and use the snmp-server contact
command to set the sysContact.
bstnA(cfg)# snmp‐server location “2nd floor lab, row 3, bay 4, shelf 5”
sets the sysLocation MIB object for the ARX.
bstnA(cfg)# no snmp‐server location
clears the sysLocation object for the ARX.
Related Commands
12 - 8
hostname
snmp-server contact
snmp-server name
snmp-server name
Purpose
Use the snmp-server name command to enter a new SNMP-advertised name for the
ARX (sysName, MIB-2.1.1.5).
Use the no form of the command to erase the name.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
snmp‐server name machine‐name
no snmp‐server name [machine‐name]
machine-name (1 to 255 characters) is the administrative name of the server.
Default(s)
Guidelines
Sample
None
The sysName MIB object is part of the MIB-2.system tree, MIB-2.1.1.5. Use the
snmp-server location command to set the sysLocation object, and use the
snmp-server contact command to set the sysContact.
bstnA(cfg)# snmp‐server name acopia1
sets the sysName MIB object for the “bstnA” ARX.
Related Commands
CLI Reference
snmp-server location
snmp-server contact
12 - 9
Chapter 12
SNMP
snmp-server traps
Purpose
Use the snmp-server traps command to enable SNMP traps from the ARX.
Use the no snmp-server traps command to disable SNMP traps.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
snmp‐server traps [private]
no snmp‐server traps
private (optional) enables only private traps, and disables the standard generic traps
defined in RFC 1157. If you omit this option, the command enables all traps. Private
traps are the enterprise traps defined specifically for the ARX. For a full list of F5’s
ARX-enterprise (private) traps, see the ARX SNMP Reference.
Default(s)
Guidelines
all traps enabled
This command enables all SNMP traps, with an option to omit the generic traps and
only use private (ARX) traps. The generic traps are defined in RFC 1157, the
specification for SNMP, as one of the following:
•
coldStart
•
warmStart
•
linkDown
•
linkUp
•
authenticationFailure
•
entityConfigChange (defined in the RFC as an enterpriseSpecific trap)
Use the snmp-server host command to provide a destination for SNMP traps.
For communication with an SNMP server (host access or trap transmission), you must
also permit access to the SNMP agent through the internal firewall. Use the
management access snmp command to edit the rules for SNMP, then use the
permit command to permit server access through the out-of-band management
interface (labeled MGMT on the front panel), the in-band (VLAN) management
interface(s), or both.
If you are sending traps out through a channel on the client/server VLANs, use no
trap shutdown to enable SNMP traps on the channel.
Samples
bstnA(cfg)# snmp‐server traps
enables all trap types.
bstnA(cfg)# no snmp‐server traps
disables all traps.
Related Commands
12 - 10
snmp-server host
management access ‐> permit
no trap shutdown
snmp-server trusthost
snmp-server trusthost
Purpose
Use the snmp-server trusthost command to permit SNMP gets and sets from a
remote host.
Use the no form of the command to remove an SNMP host from the list of trusted
hosts.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
snmp‐server trusthost host‐ip
no snmp‐server trusthost host‐ip
host-ip is the IP address of the SNMP host (for example, 192.168.70.65).
Default(s)
Guidelines
All hosts are trusted (if they use the string(s) specified through snmp-server
community) until you limit the number of trusted hosts with this command.
You can use this command multiple times to configure up to 8 trusted hosts. Before
you use this command, all hosts are trusted (though they are denied access through the
firewall; see below).
For communication with an SNMP server (host access or trap transmission), you must
also permit access to the SNMP agent through the internal firewall. Use the
management access snmp command to edit the rules for SNMP, then use the
permit command to permit server access through the out-of-band management
interface (labeled MGMT on the front panel), the in-band (VLAN) management
interface(s), or both.
Samples
bstnA(cfg)# snmp‐server trusthost 10.1.1.68
allows the SNMP host at 10.1.1.68 to access the local SNMP agent.
bstnA(cfg)# no snmp‐server trusthost 172.16.100.101
removes the SNMP host at 172.16.100.101. The local SNMP agent will no longer
accept SNMP gets or sets from that IP address.
Related Commands
CLI Reference
snmp-server community
management access ‐> permit
12 - 11
Chapter 12
SNMP
12 - 12
13
Email Notifications (SMTP)
You can set up the Simple Mail Transfer Protocol (SMTP) to send email
notifications for ARX events.
clear smtp queue
clear smtp queue
Purpose
Mode
Security Role(s)
The SMTP mail queue holds email messages until they are successfully delivered. Use
the clear smtp queue command to delete all such queued messages.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
Syntax
clear smtp queue
Default
None
Guidelines
Messages are only in the mail queue for a very short time before the first attempt to
deliver them. If you can see a message with show smtp queue, the message has not
yet been successfully delivered. Use this command to delete all messages from the
queue.
After deleting the messages, this shows information about each message: the “To” and
“From” fields, the size, and the age (time in the mail queue).
Alternatively, you can retry all queued messages with smtp retry.
Use show smtp status to see details on the most-recent message delivery, and to
view the current configuration for SMTP.
Sample
bstnA# clear smtp queue
To: juser@wwmed.com From:admin@wwmed.com Size:393.00 Age:5h has been deleted.
To: juser@wwmed.com From:admin@wwmed.com Size:393.00 Age:5h has been deleted.
To: juser@wwmed.com From:admin@wwmed.com Size:393.00 Age:19m has been deleted.
To: juser@wwmed.com From:admin@wwmed.com Size:393.00 Age:18m has been deleted.
bstnA#
clears four pending email messages.
Related Commands
CLI Reference
smtp
show smtp queue
smtp retry
show smtp status
13 - 3
Chapter 13
Email Notifications (SMTP)
description (cfg-email-event)
Purpose
Use the optional description command to set a descriptive string for the current
email-event role. An email event role is a configurable list of SNMP traps, along with
a group of users who receive email notifications for those traps. This appears in the
show command.
Use the no form of the command to delete the description.
Mode
Security Role(s)
Syntax
cfg-email-event
network-engineer or crypto-officer
description text
no description
text (1-255 characters) is your description. Surround the text with quotation marks (“
”) if it contains any spaces.
Default(s)
“Built-In” for the default tech-support role
None for new email event roles.
Guidelines
Sample
The description appears in the output for show email-event.
bstnA(cfg‐email‐event[noc3])# description “support team at NOC3”
specifies a description for the “noc3” email event role.
Related Commands
13 - 4
email-event
show email-event
email-event
email-event
Purpose
Use the email-event command to start defining a set of ARX events to be emailed, the
conditions under which the switch sends the email(s), and any recipients who should
receive them. This creates a profile, or role, for one or more users who require event
notification.
Use no email-event to remove an email event role.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
email‐event role
no email‐event role
role (1-128 characters) is a name that you choose for this set of email events, trigger
conditions, and mail recipients (for example, “nocGroup”).
Default
Guidelines
“tech-support” is a default email event role, shipped from the factory
Before an email-event can notify any users of system events, smtp must be
configured for this ARX.
This command places you in cfg-email-event mode, where you can access several
commands that define the email event role. To enable groups of events at a time, use
the group (cfg-email-event) command. You can also use this command to set
thresholds or schedules for email notification (for example, send for every 3
occurrences of a group event, or once each week). You can enable individual events
with the group ... event command, which can also override any default-threshold
settings made for the event’s group. The mail-to (cfg-email-event) command chooses
an email recipient for this set of events; enter this command once for each desired
recipient. You can use the description (cfg-email-event) command to add an
optional description to the email event configuration; this appears in the output of
show email-event. Use enable (cfg-email-event) to enable all of the rules in this
email event configuration. Notification does not begin until you enable the email event
role.
You can reuse the email-event command to define multiple email event roles.
Email messages have a field in the SMTP header where you can set a severity level.
SMTP servers can use this field for sorting and flagging incoming messages; the
server at F5 Support is configured to use this field for prioritizing customer issues. Use
the email-severity command to set the email severity for a given event. The show
email-severity command shows event severities.
To send a small test message to all configured email recipients, use the smtp test
email-event command. After a successful test, you can use smtp welcome to send an
introductory email to all of the recipients.
This email delivery mechanism can be used together with standard SNMP-trap
delivery. Use snmp-server traps to start setting up SNMP traps.
CLI Reference
13 - 5
Chapter 13
Email Notifications (SMTP)
Samples
bstnA(cfg)# email‐event noc3
bstnA(cfg‐email‐event[noc3])# ...
creates an email event role named “noc3.”
bstnA(cfg)# no email‐event testEmail
removes an email event configuration.
Related Commands
13 - 6
mail-to (cfg-email-event)
group (cfg-email-event)
group ... event
description (cfg-email-event)
enable (cfg-email-event)
smtp
snmp-server traps
smtp test email-event
smtp welcome
email-severity
email-severity
Purpose
You can use the email-event feature to send emails to one or more users (possibly
including F5 Support) for certain SNMP traps. A field in the SMTP-message header
contains the severity for the message. This field is not shown in most email
applications, but email servers can use it for prioritization. Use the email-severity
command to modify the email severity for a particular event.
Use no email-severity to revert to a default email severity.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
email‐severity event‐name level {normal | warn | minor | major | critical}
no email‐severity event‐name
event-name (1-64 characters) identifies an event. An event corresponds to one SNMP
trap, cataloged in the ARX SNMP Reference. Use a ? after the email-severity
keyword for a full list of eligible email events (for example, email-severity ?).
normal | warn | minor | major | critical sets the severity for the event’s email
messages.
Default
Guidelines
Defaults vary for each event; use show email-severity all to see them.
To send SNMP traps in email, configure smtp and then set up at least one
email-event role.
Use this command to set a severity level for an event’s email messages. The severity
level appears in a customized field in the SMTP header, “X-ARX-Severity.” SMTP
servers can use this field for sorting and flagging messages; the SMTP server at F5
Support is configured to sort email messages by this setting. You can use this to
prioritize your events for Customer Support.
Each severity that you set with this command is system-wide; it applies to any
email-event role that uses the event.
Use show email-severity to show the current severities for one or more events.
Samples
bstnA(cfg)# email‐severity auto‐reboot level critical
sets the email severity to “critical” for an “auto-reboot” event.
bstnA(cfg)# no email‐severity disk‐state
resets the “disk-state” event to a “normal” severity.
Related Commands
CLI Reference
show email-severity
smtp
email-event
13 - 7
Chapter 13
Email Notifications (SMTP)
enable (cfg-email-event)
Purpose
You can define one or more SNMP-trap events to be emailed to one or more users, as
well as the thresholds for sending each event. One collection of events, thresholds, and
users is called an email event role. Use the enable command to activate the current
role.
Use no enable to disable the current email event role.
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Samples
cfg-email-event
network-engineer or crypto-officer
enable
no enable
Disabled
You must enable an email event role to activate it.
bstnA(cfg‐email‐event[noc3])# enable
enables the current email event role, noc3.
bstnA(cfg‐email‐event[betaTest])# no enable
disables the “betaTest” role.
Related Commands
13 - 8
email-event
from (cfg-smtp)
from (cfg-smtp)
Purpose
Use the from command to set the “From” field in all email messages from the ARX.
Use no from to revert to the default “From” string.
Mode
Security Role(s)
Syntax
cfg-smtp
network-engineer or crypto-officer
from hostname@domain
no from
hostname@domain is 1-132 characters (for example,
“admin@arx1000-B.nemed.com”). Use only alphabetical characters (a-z and A-Z),
numeric characters (0-9), - (dash), _ (underscore), and/or . (period).
Defaults
Guidelines
None
The string you set with this command appears in the header of all email messages, in
the “From” field.
Enter an email address that uses acceptable characters (listed above in Syntax). If there
are any invalid characters, the CLI rejects the string with an error.
To see the current setting for the “From” field, use the show smtp status command.
Samples
bstnA(cfg‐smtp)# from aco_admin@acopia.wwmed.com
sets the “From” field for all outgoing messages.
bstnA(cfg‐smtp)# no from
erases the “From” string and reverts to the default.
Related Commands
CLI Reference
smtp
13 - 9
Chapter 13
Email Notifications (SMTP)
group (cfg-email-event)
Purpose
You can define SNMP-trap events to be emailed to one or more users, as well as the
thresholds for sending each event. One collection of events, thresholds, and users is
called an email event role. Use the group command to add an entire group of events to
an email event role.
Use the no form to remove a group of events from a role.
Mode
Security Role(s)
Syntax
cfg-email-event
network-engineer or crypto-officer
group group‐name [threshold‐counter counter | threshold‐interval time {minutes | hours | days}]
no group group‐name [threshold‐counter counter | threshold‐interval time {minutes | hours | days}]
group-name is chassis, cifs, storage, metadata, nsck, policy, snapshot,
stats-monitor, virtual-server, network, redundancy (for any chassis except the
ARX-VE), or all.
threshold-counter counter (optional, 1-128) sets a threshold based on the number of
events that occur from this group. For example, threshold-counter 4 means that
each event from this group triggers an email if it occurs 4 times.
threshold-interval time {minutes | hours | days} (optional) sets a schedule for this
group. For example, threshold-interval 1 days causes the system to accumulate
traps throughout the day and, if there are any, send a single email describing all of
them. All time calculations begin when you enter this configuration; if the threshold
interval is 1 day, the switch sends the email at the current time of day.
Default
no groups enabled
If you enable a group without setting any threshold, the default is threshold-counter
1.
Platforms
13 - 10
You cannot choose the redundancy group on the ARX-VE.
group (cfg-email-event)
Guidelines
This command enables one group of events for the current email event role. Whenever
the system reaches a threshold you set with this command, it sends an email to any or
all mail-to (cfg-email-event) recipients. You can optionally use the group ... event
command to configure a single event in the group, or to set a different threshold for a
particular event.
The system keeps a maximum of 128 events for any event group. This is a hard
threshold, even if you use the threshold-interval option to create a time-based
schedule. For example, suppose you configure the following:
group cifs threshold‐interval 7 days
This sends an email every week. However, if 128 CIFS events occur before the week
is over, the system delivers an interim email with those events. This resets the start
time for the 7-day schedule: the ARX delivers the next set of CIFS events 7 days later,
or after 128 more events, whichever comes first.
If you use group ... event to add a specific event, the no group command for its
group does not delete that event. For example, the following command sequence does
not delete the “warmstart” event:
group chassis event warmstart
no group chassis
Samples
bstnA(cfg‐email‐event[noc3])# group chassis
adds the group of “chassis” events to this email role. This command uses the
default threshold; every chassis event triggers an email as soon as it happens.
bstnA(cfg‐email‐event[noc3])# group metadata threshold‐counter 5
adds the group of “metadata” events to this email role. Every 5th metadata event
triggers an email.
bstnA(cfg‐email‐event[noc3])# no group storage
removes the “storage” event group. This prevents any storage-group events from
triggering emails.
Related Commands
CLI Reference
email-event
group ... event
13 - 11
Chapter 13
Email Notifications (SMTP)
group ... event
Purpose
You can define one or more SNMP-trap events to be emailed to one or more users, as
well as the thresholds for sending each event. One collection of events, thresholds, and
users is called an email event role. Use the group ... event command to add one event
to an email event role.
Use the no form to remove an event from a role, or to revert its threshold to the group
default.
Mode
Security Role(s)
Syntax
cfg-email-event
network-engineer or crypto-officer
group group‐name event event‐name [threshold‐counter counter | threshold‐interval time {minutes | hours | days}]
no group group‐name event event‐name [threshold‐counter counter | threshold‐interval time {minutes | hours | days}]
group-name is chassis, cifs, storage, metadata, nsck, policy, snapshot,
stats-monitor, virtual-server, network, redundancy (for any chassis except the
ARX-VE), or all.
event-name (1-64 characters) is one of the events in the group. Each of these
corresponds to one SNMP trap, cataloged in the ARX SNMP Reference. Use a ?
after the event keyword for a full list of events in this group (for example, group
chassis event ?).
threshold-counter counter (optional, 1-128) sets a threshold based on the number of
times this event occurs. For example, threshold-counter 4 means that any four
occurrences trigger an email.
threshold-interval time {minutes | hours | days} (optional) sets a schedule for this
event. For example, threshold-interval 1 days causes the system to accumulate
instances of this event throughout the day and, if there are any, send a single email
describing all of them. All time calculations begin when you enter this configuration;
if the threshold interval is 1 day, the switch sends the email at the current time of day.
Default
Platforms
Guidelines
All defaults are defined by the event’s group (see group (cfg-email-event)).
You cannot choose the redundancy group on the ARX-VE.
This command enables one event for the current email event role. Whenever the
system reaches its threshold for this event, it sends an email to any or all mail-to
(cfg-email-event) recipients for this role.
If you do not set any threshold for an event, its group threshold is used (as set by the
group (cfg-email-event) command).
The no form of the command disables the event’s threshold (so that the event defaults
to the threshold for its group), or removes the event altogether. See the Samples,
below.
13 - 12
group ... event
Samples
bstnA(cfg‐email‐event[noc3])# group metadata event online threshold‐counter 2
adds one “metadata” event, “online,” to this email role. The threshold is 2 events;
the system sends an email for every second event that indicates that a metadata
share is online.
bstnA(cfg‐email‐event[testteam])# group virtual‐server event server‐offline
adds the “server-offline” event to email event role, “testteam.” The threshold
defaults to whatever threshold is set for the “virtual-server” group.
bstnA(cfg‐email‐event[noc3])# no group metadata event online threshold‐counter 2
reverts the “online” event to the default threshold. This default is defined by the
“metadata” group.
bstnA(cfg‐email‐event[noc3])# no group chassis event cpu‐status
removes the “cpu-status” event from this email event role.
Related Commands
CLI Reference
email-event
mail-to (cfg-email-event)
group (cfg-email-event)
13 - 13
Chapter 13
Email Notifications (SMTP)
mail-server
Purpose
The mail-server command identifies the next-hop email server for the ARX.
Use no mail-server to delete the email server name.
Mode
Security Role(s)
Syntax
cfg-smtp
network-engineer or crypto-officer
mail‐server ip‐or‐name
no mail‐server
ip-or-name (1-132 characters) identifies the mail server, either by IP address or DNS
name (for example, “192.168.25.44” or “mailServer3.myco.com”).
Default
Guidelines
None
This is required for SMTP to function. This is the local mail server to deliver the
ARX’s email messages to the WAN.
You must have a DNS server configured to use a DNS name in this command. Refer to
the ip name-server documentation to configure a DNS server.
To see the currently configured mail server, use the show smtp status command. To
test the mail-server configuration, use the smtp test server command.
Important
The no mail server command disables all email deliveries.
Sample
bstnA(cfg‐smtp)# mail‐server email1.wwmed.com
identifies the mail server.
Related Commands
13 - 14
smtp
smtp test server
ip name-server
mail-to (cfg-email-event)
mail-to (cfg-email-event)
Purpose
You can define one or more SNMP-trap events to be emailed to one or more users, as
well as the thresholds for sending each event. One collection of events, thresholds, and
users is called an email event role. Use the mail-to command to set one destination
address for the current role’s emails.
Use the no mail-to command to remove an email recipient.
Mode
Security Role(s)
Syntax
cfg-email-event
network-engineer or crypto-officer
mail‐to recipient
no mail‐to recipient
recipient (1-768 characters) is one email recipient (for example,
“juser@nemed.com”).
Default
Guidelines
None
This sets a destination for all emails from this email event role; this address appears in
the “To” field of the emails. You can enter this command multiple times, once for each
recipient. At least five separate destinations are supported.
A sample email appears in Figure 13.1 on page 13-15. You can use the ID
(highlighted in the sample) to look up the trap in the ARX SNMP Reference.
Samples
bstnA(cfg‐email‐event[noc3])# mail‐to juser@wwmed.com
sets up one email recipient for the “noc3” role. If a system event triggers a
threshold, the system sends an email notification to juser@wwmed.com.
bstnA(cfg‐email‐event[noc3])# no mail‐to ex@nemed.com
removes an email recipient from the “noc3” role.
Related Commands
email-event
Figure 13.1 Sample Email Event
From: admin@wwmed.com
Sent: Friday, March 05, 2010 3:13 AM
To: Dan Owen; jqpublic@wwmed.com
Subject: ::trap id:690(share‐remove‐complete)::cn:acopia1::switch:bstnA::loc:2nd
floor lab, row 3, bay 4, shelf 5::desc:ARX‐4000
Software Version: Version 5.02.000.12543 (Mar 2 2010 20:13:33) [nbuilds]
Chassis Serial Number: BZDS72000182
Group: storage
Event: share‐remove‐complete (ID: 690)
Total Events:1
Time(UTC): 2010‐03‐05T08:12:49.972
Events:
Share: medarcv:/test_results:2005_charts Name: [medarcv]
CLI Reference
13 - 15
Chapter 13
Email Notifications (SMTP)
maximum age
Purpose
When the ARX fails to deliver an email message, it retries periodically. If the failures
persist for too long, the ARX deletes the message. Use the maximum age command
to determine the maximum amount of time to retry before deleting the message.
Use no maximum age to return to the default.
Mode
Security Role(s)
Syntax
cfg-smtp
network-engineer or crypto-officer
maximum age days
no maximum age
days (1-366) is the number of days to retry before deleting the message.
Default
Guidelines
4 (days)
The ARX retries a message every n minutes for the first two hours; you can use retry
interval to set the value of n. The retry interval increases geometrically if the failures
persist. After some number of days without success (set by this command, maximum
age), the switch deletes the message from the mail queue.
Use show smtp queue to view all messages currently in the mail queue. These are
the messages that have failed and are being saved for retries. You can use smtp retry
to retry all queued messages now. The clear smtp queue command deletes all the
messages without sending them.
Samples
bstnA(cfg‐smtp)# maximum age 30
keeps all failed emails for up to 30 days before deleting them.
bstnA(cfg‐smtp)# no maximum age
reverts to the default.
Related Commands
13 - 16
smtp
retry interval
smtp retry
clear smtp queue
retry interval
retry interval
Purpose
When the ARX fails to deliver an email message, it waits for some number of minutes
before retrying. Use the retry interval command to set the initial interval between
retries.
Use no retry interval to return to the default interval.
Mode
Security Role(s)
Syntax
cfg-smtp
network-engineer or crypto-officer
retry interval minutes
no retry interval
minutes (1-119) is the number of minutes to wait between email retries.
Default
Guidelines
15 (minutes)
The ARX retries a message every n minutes for the first two hours; this command sets
the value of n. The retry interval increases geometrically if the failures persist. After
some number days without success (set by maximum age), the switch deletes the
message from the mail queue.
Use show smtp queue to view all messages currently in the mail queue. These are
the messages that have failed and are being saved for retries. You can use smtp retry
to retry all queued messages now. The clear smtp queue command deletes all the
messages without sending them.
Samples
bstnA(cfg‐smtp)# retry interval 10
sets a 10-minute interval.
bstnA(cfg‐smtp)# no retry interval
reverts to the default interval.
Related Commands
CLI Reference
smtp
maximum age
show smtp queue
smtp retry
clear smtp queue
13 - 17
Chapter 13
Email Notifications (SMTP)
show email-event
Purpose
Mode
Security Role(s)
Syntax
You can define one or more SNMP-trap events to be emailed to one or more users, as
well as the thresholds for sending each event. One collection of events, thresholds, and
users can be applied to technicians with a certain role. Use the show email-event
command to see the configuration for one or all email event roles.
(all)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show email‐event {role‐name | all}
role-name (1-128 characters) is one role (for example, “tech-support”).
all selects all roles.
Guidelines
The output contains up to four tables per email event role.
SMTP shows a summary of the SMTP settings for this ARX:
From is used in the “From” field of all emails. You can set this with from
(cfg-smtp).
Local Mail Server is the SMTP server that is the next hop for all emails. You can
set this with mail-server.
Email Event describes the configuration of one email-event role:
Role is the name of the email-event role, set with the email-event command.
Description shows the optional description for this role. You can use the
description (cfg-email-event) command to set (or change) this description.
To is a comma-separated list of email recipients. You can add one with the mail-to
(cfg-email-event) command.
Admin State shows whether or not this role is enabled. Use enable
(cfg-email-event) to enable the role.
The next table only appears if at least one event group is defined. It contains one row
per event group, with the following columns in each row:
Group Name is set with the group (cfg-email-event) command.
Threshold Counter is either a number or “n/a.” If this many events from the
group occur, the system sends an email. This is set with the threshold-counter
option in the above group command.
Threshold Interval (every) is either time value (such as “2 hours” or “7 days”)
or “n/a.” If any events from the group occur during this time, the system sends an
email at the end of the time interval. This is set with the threshold-interval option
in the group command.
13 - 18
show email-event
Guidelines (Cont.)
The next table only appears if at least one individual event is defined. It contains one
row per event, with the following columns in each row:
Group Name is set with the group ... event command.
Event Name is set with the same command.
Threshold Counter is either a number or “n/a.” If this many instances of the
event occur, the system sends an email. This is set with the threshold-counter
option in the group ... event command.
Threshold Interval (every) is either time value (such as “10 minutes” or “12
hours”) or “n/a.” If any instances of this event occur during this time, the system
sends an email at the end of the time interval. This is set with the
threshold-interval option in the group ... event command.
Samples
bstnA# show email‐event all
shows all email event roles. See Figure 13.2 on page 13-19 for sample output.
bstnA# show email‐event noc3
shows the configuration for one email event role. See Figure 13.3 on
page 13-20 for sample output.
Related Commands
email-event
mail-to (cfg-email-event)
description (cfg-email-event)
group (cfg-email-event)
group ... event
enable (cfg-email-event)
smtp
from (cfg-smtp)
mail-server
Figure 13.2 Sample Output: show email-event all
bstnA# show email‐event all
SMTP
‐‐‐‐
From : admin@wwmed.com
Local Mail Server: email1.wwmed.com
Email Event
‐‐‐‐‐‐‐‐‐‐‐
Role : noc3
Description: support team at NOC3
To : juser@wwmed.com,jqpublic@wwmed.com
Admin State: Enabled
Group Name Threshold
Counter Interval(every)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
chassis 1 n/a
metadata 5 n/a
Group Name Event Name Threshold
Counter Interval(every)
CLI Reference
13 - 19
Chapter 13
Email Notifications (SMTP)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
metadata online 2 n/a
redundancy ha‐pair‐qd‐offline 1 n/a
storage share‐online 3 n/a
storage share‐remove‐complete 1 n/a
Email Event
‐‐‐‐‐‐‐‐‐‐‐
Role : tech‐support
Description: Built‐In
To : e‐support@acopiasupport.com
Admin State: Enabled
Group Name Threshold
Counter Interval(every)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
chassis 1 n/a
Figure 13.3 Sample Output: show email-event noc3
bstnA# show email‐event noc3
SMTP
‐‐‐‐
From : admin@wwmed.com
Local Mail Server: email1.wwmed.com
Email Event
‐‐‐‐‐‐‐‐‐‐‐
Role : noc3
Description: support team at NOC3
To : juser@wwmed.com,jqpublic@wwmed.com
Admin State: Enabled
Group Name Threshold
Counter Interval(every)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
chassis 1 n/a
metadata 5 n/a
Group Name Event Name Threshold
Counter Interval(every)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
metadata online 2 n/a
redundancy ha‐pair‐qd‐offline 1 n/a
storage share‐online 3 n/a
storage share‐remove‐complete 1 n/a
13 - 20
show email-severity
show email-severity
Purpose
Mode
Security Role(s)
Syntax
You can set up SNMP-trap events to be emailed to one or more users, and you can use
a separate command to set the severity of each event’s email message. The severity is
expressed in a hidden field in the email header, which email servers can use for
flagging and prioritizing email messages. Use the show email-severity command to
see the severities for this switch’s email events.
(all)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show email‐severity {event‐name | all | non‐default}
event-name (1-64 characters) is one event (for example, “module-failure”).
all shows all events.
non-default shows any events that have a non-default severity.
Guidelines
Samples
The output is a table with two columns: Event Name and Severity. You can use the
email-severity command to reset the severity.
bstnA# show email‐severity all
shows all email events and their current severity settings. See Figure 13.4 on
page 13-21 for sample output.
bstnA# show email‐severity non‐default
shows the email events whose severities have been reset. See Figure 13.5 on
page 13-25 for sample output.
bstnA# show email‐severity nvram‐battery‐failure
shows the severity for a particular email event. See Figure 13.6 on page 13-25
for sample output.
Related Commands
email-severity
email-event
Figure 13.4 Sample Output: show email-severity all
bstnA# show email‐severity all
Event Name Severity
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐
System oom‐error major
ad‐policy_violation‐clear normal
ad‐policy_violation‐raise major
archive‐free‐space‐threshold‐clear normal
archive‐free‐space‐threshold‐raise major
archive‐offline major
archive‐online normal
archive‐remove normal
archive‐write‐access‐clear warning
archive‐write‐access‐fail warning
CLI Reference
13 - 21
Chapter 13
Email Notifications (SMTP)
auto‐diagnostics‐failed major
auto‐diagnostics‐failed‐clear normal
bounce‐limit critical
bounce‐limit‐clear normal
clock‐sync‐fail‐clear normal
clock‐sync‐fail‐raise major
core critical
core‐duplicate normal
cpu‐halt major
cpu‐temperature‐failure critical
cpu‐temperature‐status normal
db‐upgrade‐fail‐clear normal
db‐upgrade‐fail‐raise critical
directory‐attribute‐inconsistency‐clear normal
directory‐attribute‐inconsistency‐clear‐all normal
directory‐attribute‐inconsistency‐raise major
directory‐import‐stalled‐clear normal
directory‐import‐stalled‐clear‐all normal
directory‐import‐stalled‐raise major
disk‐control‐failure critical
disk‐control‐status normal
disk‐failure critical
disk‐state normal
dnasInstanceStartupFailure major
dnasforcerecovery major
dns‐name‐update‐cancel normal
dns‐name‐update‐clear normal
dns‐name‐update‐raise minor
dns‐offline major
dns‐online normal
dns‐remove normal
down‐rev‐ad‐forest‐level‐clear normal
down‐rev‐ad‐forest‐level‐raise major
down‐rev‐ntlm‐auth‐srv‐clear normal
down‐rev‐ntlm‐auth‐srv‐raise major
dr‐config_replication‐clear normal
dr‐config_replication‐raise major
fan‐failure critical
fan‐status normal
filer‐errors‐clear major
filer‐errors‐raise major
filer‐slow‐clear major
filer‐slow‐raise major
firmware‐mismatch normal
firmware‐mismatch‐raise major
firmware‐upgrade‐initiated critical
free‐space‐threshold critical
free‐space‐threshold‐clear normal
gateway‐offline critical
gateway‐online normal
gateway‐remove normal
ha‐pair‐cluster‐offline major
ha‐pair‐cluster‐online normal
ha‐pair‐qd‐offline major
ha‐pair‐qd‐online normal
ha‐pair‐qdisk‐freespace‐low warning
ha‐pair‐qdisk‐freespace‐ok normal
ha‐pair‐version‐autosync‐clear normal
ha‐pair‐version‐autosync‐raise major
ha‐pair‐version‐mismatch‐clear normal
ha‐pair‐version‐mismatch‐raise major
kerberos‐cache‐threshold‐clear major
13 - 22
show email-severity
kerberos‐cache‐threshold‐cross major
kerberos‐dc‐offline major
kerberos‐dc‐online normal
kerberos‐dc‐remove normal
kernel‐nmi‐error major
license‐expired‐clear normal
license‐expired‐raise major
license‐ha‐pair‐different‐clear normal
license‐ha‐pair‐different‐raise warning
license‐ha‐pairing‐disabled‐clear normal
license‐ha‐pairing‐disabled‐raise major
license‐not‐found‐clear normal
license‐not‐found‐raise warning
license‐pending‐expiration‐clear normal
license‐pending‐expiration‐raise warning
license‐platform‐limit‐clear normal
license‐platform‐limit‐raise warning
license‐protol‐qty‐clear normal
license‐protol‐qty‐raise warning
logging‐failure‐clear normal
logging‐failure‐raise major
metalog‐latency‐clear normal
metalog‐latency‐raise major
module‐failure critical
module‐status normal
no‐ntlm‐authdc‐clear normal
no‐ntlm‐authdc‐raise major
non‐critical‐resource‐failure major
non‐critical‐resource‐failure‐clear normal
nsckreimport normal
nsm‐resource‐threshold major
nsm‐resource‐threshold‐clear major
nsm‐standby minor
nsm‐standby‐clear normal
nsm‐warm‐restart major
ntlm‐auth‐srv‐offline major
ntlm‐auth‐srv‐offline‐clear normal
ntp‐reachable normal
ntp‐unreachable normal
nvram‐battery‐degraded major
nvram‐battery‐degraded‐clear major
nvram‐battery‐failure critical
nvram‐battery‐status normal
nvram‐ecc‐error critical
nvram‐ecc‐error‐clear normal
nvram‐not‐saved normal
offline critical
om‐transactions‐threshold major
om‐transactions‐threshold‐clear normal
online normal
peer‐critical‐resources‐failed major
peer‐critical‐resources‐healthy normal
policyruleinlinequeueoverflow warning
power‐failure critical
power‐status normal
prewin2k‐mismatch major
prewin2k‐mismatch‐clear normal
raid‐verify‐clear normal
raid‐verify‐raise critical
ram‐ecc‐correctable‐error major
ram‐ecc‐error major
ram‐missing‐clear normal
CLI Reference
13 - 23
Chapter 13
Email Notifications (SMTP)
ram‐missing‐raise critical
res‐file‐near‐full‐cancel warning
res‐file‐near‐full‐clear warning
res‐file‐near‐full‐raise warning
sam‐reference‐offline‐clear warning
sam‐reference‐offline‐raise warning
server‐offline major
server‐online normal
server‐remove warning
service‐acl‐update‐failure major
service‐acl‐update‐success normal
service‐errors‐clear major
service‐errors‐raise major
service‐offline major
service‐online normal
service‐rejoin‐required‐clear normal
service‐rejoin‐required‐raise major
service‐removed normal
service‐slow‐clear major
service‐slow‐raise major
shadowmetadatasharefreespaceerrorclear normal
shadowmetadatasharefreespaceerrorraise critical
shadowmetadatasharefreespacewarnclear normal
shadowmetadatasharefreespacewarnraise major
share‐feature‐mismatch‐clear warning
share‐feature‐mismatch‐raise warning
share‐import‐complete normal
share‐import‐failure major
share‐logon‐failure‐clear major
share‐logon‐failure‐raise major
share‐offline major
share‐online normal
share‐probe‐upgrade‐clear normal
share‐probe‐upgrade‐raise normal
share‐remove‐complete normal
share‐remove‐failure major
share‐timeskew‐clear warning
share‐timeskew‐raise warning
share‐write‐access‐clear warning
share‐write‐access‐fail warning
sharefreespacethresholdclear normal
sharefreespacethresholdraise major
snapshot‐op‐complete normal
snapshot‐op‐fail warning
snapshot‐op‐start normal
spn‐alias‐update‐clear normal
spn‐alias‐update‐raise minor
subshare‐export‐degraded‐clear major
subshare‐export‐degraded‐raise major
suspend‐failover‐clear normal
suspend‐failover‐raise major
system‐bus‐error major
system‐resource‐threshold major
system‐resource‐threshold‐clear major
temperature‐failure critical
temperature‐status normal
tenG‐Phy‐Unsupported major
vcifssvcacctclear normal
vcifssvcacctraise major
vcifsworkjamclear normal
vcifsworkjamraise major
warm‐start critical
13 - 24
show email-severity
x2‐transceiver‐fault major
x2‐transceiver‐fault‐clear normal
xiplip‐inconsistency‐clear normal
xiplip‐inconsistency‐raise critical
Figure 13.5 Sample Output: show email-severity non-default
bstnA# show email‐severity non‐default
Event Name Severity
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐
auto‐reboot critical
cpu‐failure critical
server‐offline critical
Figure 13.6 Sample Output: show email-severity nvram-battery-failure
bstnA# show email‐severity nvram‐battery‐failure
Event Name Severity
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐
nvram‐battery‐failure critical
CLI Reference
13 - 25
Chapter 13
Email Notifications (SMTP)
show smtp queue
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show smtp queue command to see the email messages that are queued for
delivery, if any.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show smtp queue
This command is used to see messages that failed delivery. email messages are in the
queue for a very short time before they are sent out to the mail server; they stay in the
queue longer if the delivery failed. Therefore, if all messages deliver on the first try,
this command shows no messages in the queue.
The output is a table with two rows per message. The top row contains the following
fields:
Status is “pending,” to indicate that the message is waiting for final delivery.
From can be reset (for future emails) with from (cfg-smtp).
Size is in bytes if no unit (K, M, G, or T) appears after the number. K is for
KiloBytes (1024 bytes), M is for MegaBytes (1024*1024 bytes), and so forth.
The bottom row contains two more fields:
Time is when the message was created.
To can be reset for future emails with to.
The ARX retries a message every few minutes (set by retry interval) for the first two
hours. This retry interval increases geometrically if the failures persist. After some
days without success (set by maximum age), the switch deletes the message from the
mail queue. You can use smtp retry to retry all queued messages now. The clear
smtp queue command deletes all the messages without sending them.
Use show smtp status to see details on the most-recent message delivery, and to
view the current configuration for SMTP.
Sample
bstnA# show smtp queue
shows the queue of pending email messages, if any. See Figure 13.7 for sample
output.
Related Commands
smtp
to
from (cfg-smtp)
smtp retry
show smtp status
Figure 13.7 Sample Output: show smtp queue
bstnA# show smtp queue
show smtp queue
Status From Size
Time To
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
13 - 26
show smtp queue
pending admin@wwmed.com 461.00
10/16/2007 13:33:51 GMT juser@wwmed.com
pending admin@wwmed.com 461.00
10/16/2007 13:37:1 GMT juser@wwmed.com
CLI Reference
13 - 27
Chapter 13
Email Notifications (SMTP)
show smtp status
Purpose
Mode
Security Role(s)
Syntax
Guidelines
Use the show smtp status command to see the status of the most recent outbound
email, as well as all SMTP-configuration settings.
(all)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show smtp status
SMTP Last Transfer shows the last email message that was collected for delivery.
This is not the most-recent retry; it is the most-recent message (or test) that was
generated.
Last file is the file name and size for the attachment file.
Status shows the status of the most-recent delivery:
13 - 28
–
Success
–
Delivered to mail-server
–
Deferred means that the message has been added to the mail queue.
–
Configuration error means that the configuration is missing some
information. (see the SMTP Current Configuration section, below)
–
Could not communicate with mailserver indicates a network problem, a
DNS-configuration error, or an SMTP configuration error (such as the wrong
name for mail-server).
–
Message size exceeds limit means that the local mailserver did not accept
the large attachment with the file. You must configure the mail server to
allow very large email attachments.
–
Unable to relay
–
Insufficient disk space indicates that there is not enough disk space to add
the message to the mail queue.
show smtp status
Guidelines (Cont.)
–
Error building mail header,
–
SMTP error,
–
Internal error mailing file, and
–
Error uuencoding file are internal problems.
Message Created is the time when the message was first generated.
The remaining fields show the header for the email message.
SMTP Current Configuration shows the configuration that is in effect. This
configuration will be applied to current and future email messages.
To can be set with to.
From can be set with from (cfg-smtp).
Via is the SMTP server that is the next hop for all emails. You can set this with
mail-server.
Retry Interval is the time between retries for messages in the mail queue. The
ARX uses this interval for the first two hours, then starts using larger intervals if
the failures persist. You can set this initial interval with the retry interval
command.
Maximum Age is maximum number of days to keep a message in the mail queue
before deleting it. Use maximum age to set this value.
Use show smtp queue to see any pending email messages. To send a test message,
use smtp test message. If messages are failing, you can run smtp test server to test
SMTP communication with the local email server.
Sample
bstnA# show smtp status
shows the SMTP status for the current switch. See Figure 13.8 for sample output.
Related Commands
smtp
to
from (cfg-smtp)
mail-server
show smtp queue
smtp test message
smtp test server
Figure 13.8 Sample Output: show smtp status
bstnA# show smtp status
SMTP Last Transfer
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Last file: AcopiaTest (61 bytes)
Status: Sent to email1.wwmed.com
Message Created: 9/15/2009 5:11:38 GMT
To: juser@f5.com
From: admin@wwmed.com
Via: email1.wwmed.com
Subject: Test diags for bstnA running 5.01.000.11891
SMTP Current Configuration
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
To: juser@f5.com
From: admin@wwmed.com
CLI Reference
13 - 29
Chapter 13
Email Notifications (SMTP)
Via: email1.wwmed.com
Retry Interval: 10 minutes
Maximum Age: 30 days
13 - 30
show smtp welcome
show smtp welcome
Purpose
Mode
Security Role(s)
Syntax
You can use the smtp welcome command to send an introductory email to all users of
an email-event role. Use the show smtp welcome command to see the welcome
message for this introductory email.
(all)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show smtp welcome
Guidelines
This command displays the welcome message that appears at the top of an smtp
welcome email.
Sample
bstnA# show smtp welcome
Welcome to the “<EMAIL_EVENT_ROLE>” role.
The host <HOSTNAME> will send email to you based on the following events:
shows the outline of the welcome message. The <EMAIL_EVENT_ROLE>
variable is replaced by the role’s name (set with email-event), and the
<HOSTNAME> is replaced by the ARX’s host name (set with hostname).
Related Commands
CLI Reference
smtp welcome
smtp
email-event
hostname
13 - 31
Chapter 13
Email Notifications (SMTP)
smtp
Purpose
The ARX uses the Simple Mail Transfer Protocol (SMTP) to send email messages to
other machines. Use the smtp command to begin SMTP configuration.
Use no smtp to erase all SMTP configuration parameters and disable email
notifications.
Mode
Security Role(s)
cfg
network-engineer or crypto-officer
Syntax
smtp
no smtp
Default
no smtp
Guidelines
You must configure DNS for the SMTP service to work. See the instructions for ip
name-server. You must have layer-2 and layer-3 connectivity to your server
network(s) before DNS or SMTP can function.
Use this command to enter cfg-smtp mode, where you set up the necessary parameters
for email. You can use from (cfg-smtp) to set the “From” field in all out-bound emails
(for example, “From: hostname@domain”). The mail-server command identifies the
local mail server to be used as the next hop for mail messages. Use the to command to
set one or more destinations for emails. If an email delivery fails, it retries at the
frequency set by retry interval, up to a maximum number of days (maximum age).
After the maximum age expires, the ARX deletes the message.
Guidelines: Testing
and Debugging
To send a test message, use smtp test message reply-to with a local destination for
the message. You can view any undelivered messages with the show smtp queue
command. Use the smtp retry and clear smtp queue commands to manage this mail
queue. If messages are consistently failing, you can run smtp test server to test
SMTP communication with the local email server.
Guidelines:
Applications for SMTP
After you finish configuring SMTP, you can configure certain system events to be
delivered in email messages. Each event is analogous to an SNMP trap; see the ARX
SNMP Reference for a full list of ARX Enterprise traps, including the traps that have
email support. You can choose individual events or groups of them, one or more email
recipients for the events, and thresholds (or a schedule) for sending the emails. All of
these components can be assigned to technicians who perform a specific role. Use the
email-event command to begin configuring one such role. You can create multiple
roles by re-using this command.
SMTP is also useful for sending collected diagnostics and other maintenance files over
email. After you configure SMTP, use the collect command to collect and send
diagnostics. You can also use copy smtp to send log files, reports, or other files that
could be useful for maintenance.
13 - 32
smtp
Samples
bstnA(cfg)# smtp
bstnA(cfg‐smtp)# ...
starts SMTP configuration.
bstnA(cfg)# no smtp
deletes all SMTP configuration and disables email notifications.
Related Commands
CLI Reference
ip name-server
email-event
collect
copy smtp
13 - 33
Chapter 13
Email Notifications (SMTP)
smtp retry
Purpose
Mode
Security Role(s)
The SMTP mail queue holds email messages until they are successfully delivered. Use
the smtp retry command to retry all queued messages at once.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
Syntax
smtp retry
Default
None
Guidelines
This is particularly useful if there was a network problem between the ARX and the
next-hop mail server (mail-server). After you fix the network problem, you can use
this command to re send all queued messages. You can use show smtp queue to see
the mail queue before and after the retry.
As an alternative, you can use clear smtp queue to remove all messages from the
queue.
For each message that is successfully delivered to the mail server, “Message sent”
appears after the command. For each failed delivery, “Message deferred” appears.
When you change a parameter in cfg-smtp mode (see smtp) and then exit the mode,
the ARX automatically retries all messages in the queue using the new parameters.
There is no need to invoke this command under these circumstances.
Use show smtp status to see details on the most-recent message delivery, and to
view the current configuration for SMTP.
Sample
bstnA# smtp retry
retries all pending email messages, if there are any.
Related Commands
13 - 34
smtp
show smtp queue
show smtp status
smtp test email-event
smtp test email-event
Purpose
Mode
Security Role(s)
Syntax
Use the smtp test email-event command to test an email-event configuration. This
sends a test email to all configured recipients.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
smtp test email‐event role‐name
role-name (1-128 characters) is the role to test (for example, “tech-support”). Use
show email-event all for a list of all configured email-event roles.
Default
Guidelines
None
Use this command to send an email message with a small test attachment. the message
goes to all mail-to (cfg-email-event) recipients configured for the chosen
email-event role. Use show email-event role-name to see all recipients for a given
role. You can use this to verify the email-event configuration and SMTP setup.
If the message is successfully delivered to the next-hop mail-server, a message
appears similar to the following:
Message sent to juser@wwmed.com,jqpublic@wwmed.com.
An error appears if there is a delivery problem. In this case, you can use show smtp
queue to see the test message in the mail queue. To retry the message (perhaps after
correcting the network configuration), use smtp retry. Use clear smtp queue to
remove all messages from the queue. If the delivery problems persist, you can run an
SMTP diagnostic test, smtp test server, and send the output back to F5 for analysis.
Note that the test message has a small attachment, so this does not test any errors that
may come up with large attachments. An attachment from copy smtp or collect can
be hundreds of MegaBytes.
Use show smtp status to see details on the most-recent message delivery, and to
view the current configuration for SMTP.
After a successful test, you can use the smtp welcome command to send a welcome
message to all email recipients. This message informs the recipients of the events that
will trigger email messages in the future.
Sample
bstnA# smtp test email‐event noc3
Message sent to juser@wwmed.com,jqpublic@wwmed.com for role "noc3".
successfully sends a test message to the recipients of the “noc3” email event. See
Figure 13.9 for a sample email.
CLI Reference
13 - 35
Chapter 13
Email Notifications (SMTP)
Related Commands
email-event
mail-to (cfg-email-event)
show email-event
smtp
show smtp queue
smtp retry
clear smtp queue
smtp test server
show smtp status
smtp welcome
Figure 13.9 Sample Email from ‘smtp test email-event’
From: admin@wwmed.com
Sent: Tuesday, September 15, 2009 12:40 AM
To: Joe User; jqpublic@wwmed.com
Subject: Email Event Test for the event group noc3 for bstnA running 5.01.000.11891
This is a test of the email event mailer "noc3" on bstnA running 5.01.000.11891.
Email will be sent for events in the following groups:
Group Name Threshold
Counter Interval(every)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
chassis 1 n/a
metadata 5 n/a
Group Name Event Name Threshold
Counter Interval(every)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
metadata online 2 n/a
redundancy ha‐pair‐qd‐offline 1 n/a
storage share‐online 3 n/a
storage share‐remove‐complete 1 n/a
policy shadowmetadatasharefreespaceerrorraise5 n/a
13 - 36
smtp test message
smtp test message
Purpose
Mode
Security Role(s)
Syntax
Use the smtp test message command to send a test email message.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
smtp test message [reply‐to user@domain]
user@domain (optional, 1-256 characters) is an email destination for the test-message
reply.
Default
Guidelines
reply-to user@domain defaults to the setting of the to command if you omit the
option.
Use this command to send an email message with a small test attachment to an SMTP
server at F5. This tests the SMTP configuration settings and the network connection to
the local email server. You can use this to verify the SMTP setup.
The message is delivered to the next-hop mail-server. An error appears if there is a
delivery problem. In this case, or if no reply email arrives for 15 minutes or more, you
can use show smtp queue to see the test message in the mail queue. Also, check the
email filter at the destination mailbox. To retry the message (perhaps after correcting
the network or filter configuration), use smtp retry. Use clear smtp queue to remove
all messages from the queue. If the delivery problems persist, you can run an SMTP
diagnostic test, smtp test server, and send the output back to F5 for analysis.
Note that the test message has a small attachment, so this does not test any errors that
may come up with large attachments. An attachment from copy smtp or collect can
be hundreds of MegaBytes.
Use show smtp status to see details on the most-recent message delivery, and to
view the current configuration for SMTP.
Sample
bstnA# smtp test message reply‐to jsmith@wwmed.com
sends a test message to an SMTP server at F5. If the delivery succeeds, the F5
server will send a reply to “jsmith@wwmed.com.”
Related Commands
CLI Reference
smtp
to
show smtp queue
smtp retry
clear smtp queue
smtp test server
show smtp status
13 - 37
Chapter 13
Email Notifications (SMTP)
smtp test server
Purpose
Mode
Security Role(s)
At the advice of F5 personnel, use the smtp test server command to test the
SMTP-layer connection to the email server.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
Syntax
smtp test server
Default
None
Guidelines
This command runs a series of STMP queries against the next-hop mail-server. After
you enter this command, the CLI shows the detailed results of this test.
Run the test when you see email delivery problems. If the SMTP queue has
undelivered messages in it (show smtp queue), or if smtp test message fails, you
should run this test. Send the results back to F5 for further diagnosis.
Sample
bstnA# smtp test server
tests the connection to the next-hop email server. See Figure 13.10 for sample
output.
Related Commands
smtp
show smtp queue
smtp test message
Figure 13.10 Sample Output: smtp test server
bstnA# smtp test server
spawn telnet email1.wwmed.com 25
Trying 192.168.25.209...
Connected to smtp.wwmed.com.
Escape character is '^]'.
EHLO foo
220 frontend.wwmed.com Internal SMTP Server Thu, 23 Mar 2006 16:02:44 ‐0500 250‐frontend.wwmed.com Hello [192.168.25.5]
250‐TURN
250‐ATRN
250‐SIZE
250‐ETRN
250‐PIPELINING
250‐DSN
250‐ENHANCEDSTATUSCODES
250‐8bitmime
250‐BINARYMIME
250‐CHUNKING
250‐VRFY
250‐X‐EXPS GSSAPI NTLM LOGIN
250‐X‐EXPS=LOGIN
250‐AUTH GSSAPI NTLM LOGIN
250‐AUTH=LOGIN
250‐X‐LINK2STATE
250‐XEXCH50
250 OK
13 - 38
smtp welcome
smtp welcome
Purpose
Mode
Security Role(s)
Syntax
Use the smtp welcome command to send an introductory email message to all users
in an email-event configuration. The introductory message informs the recipients of
the types of system events they will be receiving through email.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
smtp welcome [role‐name]
role-name (optional, 1-128 characters) is the role to receive the email message (for
example, “noc_7”). Use show email-event all for a list of all configured email-event
roles.
Default
Guidelines
role-name defaults to all roles if you omit it. That is, the command sends a welcome
message to all users in all email-event roles.
Use this command to send an introductory email message to the recipients of email
events. the message goes to all mail-to (cfg-email-event) recipients configured for
the chosen email-event role (or all roles, if no specific role was selected). Use show
email-event role-name to see all recipients for a given role.
If the message is successfully delivered to the next-hop mail-server, a message
appears similar to the following:
Message sent to juser@wwmed.com,jqpublic@wwmed.com.
Use show smtp status to see details on the most-recent message delivery, and to
view the current configuration for SMTP. If the message fails, you can use smtp test
email-event to test the email-event configuration and SMTP setup.
The email contains a welcome message and two tables to outline the types of events
that the recipient can expect in email messages. The top table shows event groups, and
the bottom table contains individual events that will trigger an email. The show smtp
welcome command shows the format of the welcome message.
Sample
bstnA# smtp welcome noc3
Message sent to to jqpublic@wwmed.com.
successfully sends a welcome message to the recipients of the “noc3” email event.
See Figure 13.11 for a sample email.
Related Commands
CLI Reference
email-event
mail-to (cfg-email-event)
show email-event
smtp test email-event
clear smtp queue
smtp test server
show smtp status
show smtp welcome
13 - 39
Chapter 13
Email Notifications (SMTP)
Figure 13.11 Sample Email from ‘smtp welcome’
From: admin@wwmed.com
Sent: Tuesday, September 15, 2009 12:40 AM
To: Joe User; jqpublic@wwmed.com
Subject: Welcome to the noc3 role for bstnA running 5.01.000.11891
Welcome to the "noc3" role. The host bstnA will send email to you based on the following events:
Group Name Threshold
Counter Interval(every)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
chassis 1 n/a
metadata 5 n/a
Group Name Event Name Threshold
Counter Interval(every)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
metadata online 2 n/a
redundancy ha‐pair‐qd‐offline 1 n/a
storage share‐online 3 n/a
storage share‐remove‐complete 1 n/a
policy shadowmetadatasharefreespaceerrorraise5 n/a
13 - 40
to
to
Purpose
Use the to command to set destination address(es) for emails from the ARX.
Use the no to command to revert to the default destination.
Mode
Security Role(s)
Syntax
cfg-smtp
network-engineer or crypto-officer
to destination‐list
no to
destination-list (1-1024 characters) is a comma-separated list of email recipients (for
example, “juser@nemed.com” or “jqpublic@wwmed.com,juser@nemed.com”).
Surround this field with quotation marks if it contains any spaces.
Default
Guidelines
e-support@f5.com
This sets the destination(s) for emails from the ARX; these addresses appear in the
“To” field of the emails. These addresses only apply to emails from collect, copy
smtp, and smtp test message. Each email-event role has its own set of email
recipients, configured with the mail-to (cfg-email-event) command.
The default address sends messages back to Technical Support at F5. For most running
systems, this default is appropriate. You can use this command to test email
notifications, or to send email to one or more different support organizations.
To change any address in the list, re-run this command with an entirely new list of
addresses.
To see the current email destination(s), use the show smtp status command.
Samples
bstnA(cfg‐smtp)# to “juser@das1.wwmed.com,e‐support@f5.com”
sets two destinations for all outgoing messages.
bstnA(cfg‐smtp)# no to
resets the destination back to the default.
Related Commands
CLI Reference
smtp
show smtp status
copy smtp
collect
13 - 41
Chapter 13
Email Notifications (SMTP)
13 - 42
14
RON
heartbeat failure
heartbeat failure
Purpose
Mode
Security Role(s)
Syntax
The ARX sends periodic heartbeats to check the health of the RON-tunnel connection.
Use this command to determine the number of consecutive failures before declaring
the tunnel “OFFLINE.”
cfg-if-vlan-ron-tnl
network-engineer or crypto-officer
heartbeat failure max‐failures
max-failures (2-10) is the number of consecutive dropped heartbeats to tolerate before
declaring a failure.
Default(s)
Guidelines
Sample
4
Use the heartbeat interval command to set the number of seconds between
heartbeats. Use the show ron command to see the current connection state for all
RON tunnels.
bstnA(cfg‐if‐vlan‐ron‐tnl[25~toPortland])# heartbeat failure 6
sets the threshold to 6 consecutive heartbeat failures. This interface declares the
tunnel “OFFLINE” if 7 heartbeats fail in a row.
Related Commands
CLI Reference
ron tunnel
heartbeat interval
show ron
14 - 3
Chapter 14
RON
heartbeat interval
Purpose
Mode
Security Role(s)
Syntax
The ARX sends periodic heartbeats to check the RON-tunnel connection. Use this
command to determine the number of seconds between heartbeats.
cfg-if-vlan-ron-tnl
network-engineer or crypto-officer
heartbeat interval seconds
seconds (1-30) is the number of seconds between heartbeats.
Default(s)
Guidelines
Sample
3
Use the heartbeat failure command to set the number of dropped heartbeats to
tolerate before declaring the tunnel “OFFLINE.” Use the show ron command to see
the current connection state for all RON tunnels.
bstnA(cfg‐if‐vlan‐ron‐tnl[25~toPortland])# heartbeat interval 15
sets a 15-second interval between RON heartbeats.
Related Commands
14 - 4
ron tunnel
heartbeat failure
show ron
interface ron
interface ron
Purpose
** Deprecated **
Use this command to edit a legacy RON interface, one that was created before
Software Release 2.0.
Use the no form of the command to remove a legacy RON interface. See the
Guidelines, below.
Mode
Security Role(s)
Syntax
cfg
network-engineer or crypto-officer
interface ron if‐name
no interface ron if‐name
if-name (1-32 characters) identifies the legacy RON interface.
Default(s)
Guidelines
None
This command is deprecated, and exists only to edit the configuration of legacy RON
interfaces and tunnels. Use ron tunnel to create a new RON tunnel, which terminates
at an in-band (VLAN) management IP instead of an additional RON IP address. If
possible, use ron tunnel to duplicate all legacy RON tunnels, go to the remote
switch(es) and run the peer address command with the new RON-tunnel address,
then use no interface ron to remove the legacy tunnels.
This command places you in cfg-ron mode. From there, use the ip address (cfg-ron)
command to edit the local IP address, and the peer address command to change the
peer’s address. You can optionally tune the tunnel’s health-check parameters by
setting the heartbeat interval and the threshold for consecutive heartbeat failure
events before declaring the link OFFLINE. Use shutdown to disable the interface.
To view the current state and configuration of all tunnels, use show ron. For a full
view of Link-State Advertisements from all switches connected via RON, use show
ron database.
If the tunnel is connected and you use no interface ron, the CLI prompts you before
disconnecting it. Enter yes to continue.
Samples
bstnA(cfg)# interface ron haPeer
bstnA(cfg‐ron[haPeer])#
edits the RON interface, “haPeer.”
bstnA(cfg)# no interface ron toPhilidelphia
Tunnel ''toPhilidelphia'' is currently connected.
Delete tunnel ''toPhilidelphia''? [yes/no] yes
bstnA(cfg)# removes the legacy “toPhilidelphia” interface.
Related Commands
CLI Reference
ron tunnel
show ron tunnel
14 - 5
Chapter 14
RON
ip address (cfg-ron)
Purpose
** Deprecated **
Use this command to provide a local IP address for the current (legacy) RON
interface.
Mode
Security Role(s)
Syntax
cfg-ron
network-engineer or crypto-officer
ip address address mask [vlan vlan‐id]
address is the IP address you choose for the RON interface (for example, 10.1.99.78).
mask defines the network part of the address (for example, 255.255.255.0).
vlan vlan-id (optional; 1-4096) specifies a VLAN to carry the tunnel.
Default(s)
vlan-id: 1
Guidelines
Note
This command is unique to a legacy RON interface, which is deprecated
in favor of the new ron tunnel. Whenever possible, duplicate all legacy
RON interfaces as RON tunnels, go to the remote switch(es) and run the
peer address command with the new RON-tunnel address, then return to
the local switch to delete the RON interfaces. (RON tunnels re-use an
in-band-management IP, whereas RON interfaces require an additional
IP address.)
This address must also be configured at the other end of the RON tunnel as the peer
address; the tunnel is not functional until the configurations match at both switches.
This address must be unique from all proxy IPs, VIPs and management IPs.
Samples
bstnA(cfg‐ron[toProv])# ip address 192.168.25.50 255.255.255.0
sets an IP address of 192.168.25.50 for the “toProv” interface.
prtlndB(cfg‐ron[test])# ip address 192.168.74.73 255.255.255.0 vlan 96
sets the IP address for the “test” interface. This address is on VLAN 96.
Related Commands
14 - 6
interface ron
ron tunnel
peer address
ip private subnet reassign
ip private subnet reassign
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Two switches in a RON are said to have a conflict if their private IP subnets are the
same. Use this command to reassign a private subnet to the current switch and reboot
it.
cfg
network-engineer or crypto-officer
ip private subnet reassign
None
Use the show ron or show ron conflicts command to confirm that this switch has a
private subnet that conflicts with another.
Note that this command reboots the current chassis. The CLI prompts for confirmation
before rebooting; enter yes to continue.
Sample
Related Commands
CLI Reference
bstnA(cfg)# ip private subnet reassign
Reassign a new, unused, private subnet and reboot the chassis? [yes/no] yes
...
ron tunnel
show ron
show ron conflicts
14 - 7
Chapter 14
RON
peer address
Purpose
Mode
Security Role(s)
Syntax
Use this command to provide the IP address for the remote end of the RON tunnel.
cfg-if-vlan-ron-tnl
network-engineer or crypto-officer
peer address remote‐address
remote-address is the remote IP address (for example, 10.1.33.8) for the in-band
(VLAN) interface at the other end of the tunnel.
Default(s)
Guidelines
Sample
None
Each end of the RON tunnel terminates at an in-band (VLAN) management interface,
created with the interface vlan command. This command identifies the management
interface’s ip address (cfg-if-vlan) at the other end of the tunnel. At the other end of
the tunnel, the peer address points back to the local in-band-management IP.
prtlndA(cfg‐if‐vlan‐ron‐tnl[74~toBoston])# peer address 192.168.25.5
sets an IP address of 192.168.25.5 for the remote end of the “toBoston” tunnel.
Related Commands
14 - 8
ron tunnel
ip address (cfg-if-vlan)
rconsole
rconsole
Purpose
Mode
Security Role(s)
Syntax
Use the rconsole command to start a new CLI session on an ARX at the other end of a
RON tunnel.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
rconsole hostname [username]
hostname (1-128 characters) is the remote switch name.
username (optional, 1-32 characters) is a valid administrative user account on the
remote ARX. If you omit this, the command uses the name you used to log into the
current CLI session. Note that this administrative account may not exist at the remote
ARX, or may have a different password.
Default(s)
Guidelines
username - the administrative account you used to log into the local CLI.
The rconsole command starts a new CLI session on a remote ARX. This occurs
through a Secure Shell (SSH). The other switch must be reachable using a RON
tunnel, and the name of the switch must be known to RON. To see the current switch
names available through RON, use the show ron command. Those switches showing
the connection status ‘ONLINE’ are available through the rconsole command.
The remote CLI prompts you for a password. This is the password for the username
account on the remote switch; administrative accounts are configured independently at
every switch in the RON (see user). Passwords are not guaranteed to be consistent
throughout a RON.
Sample
bstnA# rconsole prtlndA admin
Password: myP@55w0RD
prtlndA> starts a CLI session on the switch, ‘prtlndA’ connected through the RON. This
login uses “admin” as a user name.
Related Commands
CLI Reference
ron tunnel
show ron
user
14 - 9
Chapter 14
RON
ron evict
Purpose
Mode
Security Role(s)
Syntax
Use this command to remove an offline ARX from the RON.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
ron evict host‐name
host-name (1-128 characters) is the name of the switch to remove from the RON.
Default(s)
Guidelines
None
If the switch is to be replaced, we recommend that you avoid this command. The
show ron command shows the UUID for the former RON member, and this number is
very important for a smooth switch replacement.
The switch must be offline to be evicted. This means that there can be no working
RON tunnels to the switch. The show ron command shows whether or not the switch
is offline.
Sample
bstnA# ron evict pawtucket
removes the switch, “pawtucket,” from the RON.
Related Commands
14 - 10
ron tunnel
show ron
ron tunnel
ron tunnel
Purpose
Use this command to create one end of a resilient overlay network (RON) tunnel.
RON tunnels are used for communication between two or more ARXes.
Use the no form of the command to remove a RON-tunnel interface (see Guidelines
below).
Mode
Security Role(s)
Syntax
cfg-if-vlan
network-engineer or crypto-officer
ron tunnel name
no ron tunnel name
name (1-32 characters) is a name you choose for the RON tunnel.
Default(s)
Guidelines
None
Use this command to begin the configuration at one end of a RON tunnel. A RON
tunnel terminates at an in-band (VLAN) management interface; use interface vlan to
create such an interface. The in-band-management IP is the IP address of the RON
tunnel’s local end.
This command places you in cfg-if-vlan-ron-tnl mode. From there, use the peer
address command to identify the peer’s address (that is, the IP address of the peer’s
in-band management interface). You can optionally tune the tunnel’s health-check
parameters by setting the heartbeat interval and the threshold for consecutive
heartbeat failure events before declaring the tunnel “OFFLINE.” Then use no
shutdown (cfg-if-vlan-ron-tnl) to enable the tunnel interface. To start traffic on the
tunnel, repeat this process (reversing the IP addresses) at the other end.
Multiple RON tunnels can terminate in a single in-band management interface.
After you connect two switches with a RON tunnel, you can access the peer switch’s
CLI through the rconsole command.
The show ron command shows a high-level status for the entire RON. To view the
current state and configuration of a tunnel, use show ron tunnel. For a full view of
Link-State Advertisements from all switches connected via RON, use show ron
database. Use show ron conflicts to see which switches (if any) have a
private-subnet conflict; to resolve a conflict, use ip private subnet reassign.
Samples
bstnA(cfg)# interface vlan 89
bstnA(cfg‐if‐vlan[89])# ron tunnel toEllesworth
bstnA(cfg‐if‐vlan‐ron‐tnl[toEllesworth])#
creates the tunnel, “toEllesworth.”
bstnA(cfg‐if‐vlan[89])# no ron tunnel toPhilidelphia
Tunnel ''toPhilidelphia'' is currently connected.
Delete tunnel ''toPhilidelphia''? [yes/no] yes
bstnA(cfg‐if‐vlan[89])# removes the tunnel, “toPhilidelphia.”
Related Commands
CLI Reference
interface vlan
show ron tunnel
14 - 11
Chapter 14
RON
show ron
Purpose
Mode
Security Role(s)
Syntax
Use this command to display the current RON configuration and status.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, and operator
show ron [member]
member (optional, 1-128 characters) specifies the hostname for one member of the
RON. If you omit this, the command shows all RON members.
Default(s)
Guidelines
None
This command displays a two-line entry for each member of the RON. The first line
identifies the switch and its high-level status.
Switch Name identifies the member switch.
HA Peer Switch for the switch, if there is one. This is the switch’s redundant
peer.
Uptime is the time since the switch’s last reboot.
The second line has information about the RON (and possibly the redundant pair).
Status is ONLINE, OFFLINE, SUBNET CONFLICT, or unknown. The
SUBNET CONFLICT status indicates that the private subnet is the same as some
other switch in the RON; use show ron conflicts to find which switches conflict
with which.
UUID is the Universally-Unique ID for the switch. All of the shares owned by this
switch are marked with this UUID. In a redundant pair, a share is owned by a
switch when its volume’s volume-group is set at the switch. You set a switch’s
UUID during installation.
Management Addr is the Out-of-band MGMT interface, if configured.
Otherwise, it is the address of the in-band (VLAN) management interface of the
lowest-numbered VLAN.
If you choose one member, the output focuses on that host only. The fields are the
same, presented in a different format.
Use ron tunnel to create one end of a RON tunnel.
Samples
prtlndA# show ron
displays all hosts in the RON. Figure 14.1 shows a sample.
prtlndA# show ron prtlndB
displays the RON status for one redundant peer. Figure 14.2 shows a sample.
14 - 12
show ron
Related Commands
ron tunnel
rconsole
show ron conflicts
show ron database
show ron route
volume-group
Figure 14.1 Sample Output: show ron
prtlndA# show ron
Switch Name HA Peer Switch Uptime
Status UUID Management Addr
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
bstnA (None) 0 days, 02:00:57
ONLINE d9bdece8‐9866‐11d8‐91e3‐f48e42637d58 10.1.1.7
gffstnA (None) 0 days, 02:30:46
ONLINE e5d870ae‐571e‐1352‐916b‐ef324fbc05a2 10.1.49.60
minturnA (None) 0 days, 02:30:10
ONLINE 3d17e8ce‐571e‐11dc‐9852‐ef323fbb290f 10.1.27.69
provA (None) 0 days, 02:27:55
ONLINE db922942‐876f‐11d8‐9110‐8dtu78fc8329 10.1.38.19
prtlndA prtlndB 0 days, 02:24:30
ONLINE 876616f6‐79ac‐11d8‐946f‐958fcb4e6e35 10.1.23.11
prtlndB prtlndA 0 days, 02:22:16
ONLINE 64dcab94‐a2b6‐11d8‐9d25‐bf2c991c83f9 10.1.23.12
Figure 14.2 Sample Output: show ron prtlndB
prtlndA# show ron prtlndB
Switch Name: prtlndB
HA Peer Switch: prtlndA
Status: ONLINE
Uptime: 0 days, 00:14:18
UUID: 64dcab94‐a2b6‐11d8‐9d25‐bf2c991c83f9
CLI Reference
14 - 13
Chapter 14
RON
show ron conflicts
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Sample
Two switches in a RON are said to have a conflict if their private IP subnets are the
same. The show ron conflicts command shows all conflicting switches in the current
RON.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, and operator
show ron conflicts
None
This shows a table of RON conflicts, one row per conflicting switch. The Accessible
Switch is available from the local switch, and the Conflicting Switch is not; some
other switch in the RON might show the same conflict with the switch roles reversed.
Each of these switches can only communicate with a limited number of peers in the
RON, if any. To correct the problem and bring conflicting switches fully into the
RON, go to one conflicting switch and use ip private subnet reassign.
prtlndA> show ron conflicts
Accessible Switch Conflicting Switch
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
BIG6000‐WEST ARX‐500‐SJC
displays all private-subnet conflicts in the RON.
Related Commands
14 - 14
ip private subnet reassign
ron tunnel
show ron database
show ron database
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Use this command to display the RON-routing database.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, and operator
show ron database
None
You can connect one ARX to another with a RON tunnel: use this command to show
routing information and statistics for each ARX connected to the current switch. The
output displays one table per host switch. Each table contains the following
information:
Hostname
Status is “Current,” “Stale,” or “ERROR.” This represents the status of the peer’s
Link-State Advertisement (LSA). Peers exchange periodic LSAs with information
about the tunnel state(s); this table expresses the latest LSA received from the
Hostname.
“Stale” indicates that the peer is unreachable, so at least one LSA was missed
since the one shown.
“ERROR” indicates that this peer has the same private subnet as another peer in
the RON. This is an unsupportable configuration. An ERROR message at the
bottom of the output shows which peers have the conflict. Go to either switch’s
CLI and use ip private subnet reassign to change its subnet.
Serial # is the serial number for the peer’s latest LSA. This number increments
whenever the switch receives a new LSA from this peer.
Age is the number of seconds since the last LSA was received from the remote peer.
Private Subnet(s) is the host’s private subnet. If the host is part of a redundant pair,
this also shows the private subnet for the host’s peer.
A sub table shows all tunnels configured for the host. Each tunnel appears in one row
with the following information:
Tunnel is the name of the tunnel, set with the ron tunnel command.
Peer is the host switch at the other end of the tunnel. You can change this with the
cfg-if-vlan-ron-tnl peer address command.
State is Down, Connecting, Connected, Shutdown, or Unknown. A new tunnel
transitions from “Shutdown” to “Connecting” to “Connected.” “Down” indicates
link failure: too many consecutive heartbeats were dropped (see heartbeat failure
and heartbeat interval). “Shutdown” indicates that the tunnel was disabled with
the shutdown (cfg-if-vlan-ron-tnl) command.
RTT(ms) is the average Round-Trip Time (RTT) through the tunnel, in
milliseconds.
Loss(%) is the percentage of packets lost in the tunnel.
TCP (Kb/s) is the estimated TCP throughput (in Kilobits per second) on the
tunnel.
Loss*RTT is reserved for future use.
CLI Reference
14 - 15
Chapter 14
RON
Sample
prtlndA# show ron database
displays the full RON database at the switch named “prtlndA.” See Figure 14.3
on page 14-16 for sample output.
Related Commands
ron tunnel
show ron tunnel
show ron
rconsole
Figure 14.3 Sample Output: show ron database
prtlndA# show ron database
Hostname Status Serial # Age Private Subnet(s)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
bstnA Current 4AEFC347 535 169.254.11.0/24
Tunnel Peer State RTT(ms) Loss(%) TCP(Kb/s) Loss*RTT
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
toGoffstown gffstnA Connected 0.1 0.6 122070 1
toMinturn minturnA Connected 0.1 0.6 122070 1
toPortland prtlndA Connected 0.1 0.6 122070 1
toPortlandB prtlndB Connected 0.1 0.6 122070 1
toProvidence provA Connected 0.1 0.6 122070 0
Hostname Status Serial # Age Private Subnet(s)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
gffstnA Current 4AEFBDAC 340 169.254.104.0/24
Tunnel Peer State RTT(ms) Loss(%) TCP(Kb/s) Loss*RTT
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
toBoston bstnA Connected 0.1 0.6 122070 0
toPortland prtlndA Connected 0.1 0.6 122070 1
toProvidence provA Connected 0.1 0.6 122070 1
Hostname Status Serial # Age Private Subnet(s)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
minturnA Current 4AEFBD94 230 169.254.80.0/24
Tunnel Peer State RTT(ms) Loss(%) TCP(Kb/s) Loss*RTT
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
toBoston bstnA Connected 0.1 0.6 122070 1
toPortland prtlndA Connected 0.1 0.6 122070 1
Hostname Status Serial # Age Private Subnet(s)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
provA Current 4AEFBD63 685 169.254.127.0/26
Tunnel Peer State RTT(ms) Loss(%) TCP(Kb/s) Loss*RTT
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
toBoston bstnA Connected 0.1 0.6 122070 1
toGoffstown gffstnA Connected 0.1 0.6 122070 0
Hostname Status Serial # Age Private Subnet(s)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
14 - 16
show ron database
prtlndA Current 4AEFBD8C 695 169.254.66.0/24 169.254.96.0/24
Tunnel Peer State RTT(ms) Loss(%) TCP(Kb/s) Loss*RTT
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Redundancy prtlndB Connected 0 0.6 122070 0
toBoston bstnA Connected 0.1 0.6 122070 1
toGoffstown gffstnA Connected 0.1 0.6 122070 1
toMinturn minturnA Connected 0.2 0.6 122070 1
Hostname Status Serial # Age Private Subnet(s)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
prtlndB Current 4AEFBE05 620 169.254.96.0/24 169.254.66.0/24
Tunnel Peer State RTT(ms) Loss(%) TCP(Kb/s) Loss*RTT
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Redundancy prtlndA Connected 0 0.6 122070 0
toBoston bstnA Connected 0.1 0.6 122070 1
CLI Reference
14 - 17
Chapter 14
RON
show ron route
Purpose
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
This command shows the IP-routing table used by the RON process.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, and operator
show ron route
None
This shows a table of RON routes, one row per tunnel. Each row contains four fields:
Destination is the host name of the peer switch at the other end of the tunnel.
Subnet is the private-IP subnet of the peer switch.
Via Tunnel is tunnel for sending packets to the Subnet.
Milliseconds is average round-trip time, through the tunnel and back.
Sample
prtlndA> show ron route
displays the RON routing table. See Figure 14.4 for sample output.
Related Commands
ron tunnel
Figure 14.4 Sample Output: show ron route
prtlndA> show ron route
Default Policy
‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Destination Subnet via Tunnel Milliseconds
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
bstnA 169.254.11.0/24 toBoston 0.1
gffstnA 169.254.104.0/24 toGoffstown 0.1
minturnA 169.254.80.0/24 toMinturn 0.2
provA 169.254.127.0/26 toGoffstown 0.2
prtlndB 169.254.96.0/24 Redundancy 0
14 - 18
show ron tunnel
show ron tunnel
Purpose
Mode
Security Role(s)
Syntax
Use this command to display RON-tunnel configuration.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, and operator
show ron tunnel [name | redundancy | all]
name (optional, 1-32 characters) identifies a particular RON tunnel to display. If you
omit this, the command shows a summary of all RON tunnels.
redundancy (optional) is the name of an automatically-generated tunnel. This
only appears on an ARX-1500 or ARX-2500 with a redundant peer. This tunnel
carries redundancy-related traffic over the redundancy link that connects the
redundant pair. The ARX creates this tunnel when you enter the redundancy
command to join a redundant pair.
all shows details for all RON tunnels on the ARX.
Default(s)
Guidelines
Guidelines: Summary
Output
None.
A Resilient Overlay Network (RON) connects multiple ARX devices. One RON
tunnel connects two of them; use the ron tunnel command to create a RON tunnel.
This command shows the configuration and state of RON tunnels.
The show ron tunnel command (without a specific tunnel or the all keyword) shows a
table of all RON tunnels. Each row summarizes the tunnel configuration and state:
Name is the tunnel name, set by the ron tunnel command.
State is Shutdown, Connecting, Connected, Unreachable, No Response,
Mismatch, Error, or Unknown. A new tunnel transitions from “Shutdown” to
“Connecting” to “Connected.” The error states are listed here.
–
Unreachable means there is no local route to the tunnel’s remote endpoint.
Use ip route to create a static route.
–
No response indicates that the remote peer is not responding to standard
RON packets (such as RON heartbeats), nor is it responding to lower-level
ICMP pings. Either the network is down or the remote switch is down.
–
Mismatch means that ICMP pings worked but the standard RON heartbeats
did not. This implies the local configuration of the remote IP address is
wrong (see peer address), or that the remote switch does not have a tunnel
coming back to the local switch.
When the tunnel is first coming up, it is in this state between the time that the
lower layers are connected and RON processes start. This is normal.
CLI Reference
–
Shutdown indicates that the tunnel was disabled with the shutdown
(cfg-if-vlan-ron-tnl) command.
–
Error should never appear. Contact F5 if you see this.
14 - 19
Chapter 14
RON
Guidelines: Summary
Output (Cont.)
Interface shows the in-band management interface that serves as the local end of
the tunnel (created with interface vlan).
Remote Addr is the IP address of the peer’s end of the tunnel. Use the peer
address command to change this. (The local address is the address of the tunnel’s
in-band management interface, set with ip address (cfg-if-vlan).)
Up Time is the amount of time that the RON tunnel has been “Connected.”
Guidelines: Detailed
Output
Include the interface name (or all) to display details for the tunnel(s):
Name is the tunnel name.
Peer is the host name of the remote peer.
Tunnel State is the same as State in the summary version.
Uptime shows how long the tunnel’s state has been “Connected.”
Interface shows the in-band management interface that serves as the local end of
the tunnel (created with interface vlan).
Remote Address is the IP addresses at the other end of the tunnel. Use peer
address to change the remote address.
Security Policy is reserved for future use.
Ping Fail Limit is the number of consecutive heartbeat failures to tolerate before
declaring the Tunnel State “No response.” Use heartbeat failure to change this
threshold.
Ping Interval is the number of seconds between heartbeats. Use heartbeat
interval to change it.
Round Trip Time is the average number of milliseconds for a packet to go
through the tunnel and back.
Packet Lost Rate is the percentage of packets lost in the tunnel.
TCP Throughput is the tunnel’s estimated throughput in bytes per second.
Loss RTT Product is reserved for future use.
RON Packets In and RON Packets Out counts the packets that are
directly-related to RON, such as heartbeats and Link-State Advertisements
(LSAs).
Data Packets In and Data Packets Out counts all other packets, including
shadow-copy data.
Data Bytes In and Data Bytes Out is the total bytes (of Data Packets)
exchanged.
Local Processor is the CPU where the tunnel terminates, in slot.processor
format. Use show processors to see a list of all processors and their roles. This
does not appear for the ARX-1500 or ARX-2500; all RON tunnels terminate at
processor 1.1 on those platforms.
Last Error Code is 0 (zero), an error number, “Network Unreachable,” or “Host
Unreachable.” If an error number appears here, contact F5 for interpretation.
Control Errors is the number of errors from RON control packets, such as RON
heartbeats and LSAs.
Data Errors is the number of failed data packets. These are packets unrelated to
RON control, such as replicated files.
14 - 20
show ron tunnel
Samples
prtlndA> show ron tunnel
displays a summary of all configured RON tunnels. See Figure 14.5 for sample
output.
prtlndA> show ron tunnel toBoston
displays details for a RON tunnel named, “toBoston.” See Figure 14.6 on
page 14-21.
prtlndA> show ron tunnel all
displays details for all RON tunnels.
stoweA> show ron tunnel redundancy
displays details for the redundancy tunnel on an ARX-2500, “stoweA.” See
Figure 14.7 on page 14-22.
Related Commands
ron tunnel
rconsole
show ron
show ron database
Figure 14.5 Sample Output: show ron tunnel
prtlndA> show ron tunnel
Name State Interface Remote Addr Up Time
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
toBoston Connected VLAN/74 192.168.25.5 0d, 00:16:17
toGoffstown Connected VLAN/74 192.168.158.147 0d, 00:16:17
toMinturn Connected VLAN/74 192.168.81.22 0d, 00:16:27
Figure 14.6 Sample Output: show ron tunnel toBoston
prtlndA(cfg)# show ron tunnel toBoston
Name: toBoston
Peer: bstnA
Tunnel State: Connected
Uptime: 0d, 00:16:17
Interface: VLAN/74 Remote Address: 192.168.25.5
Security Policy:
Ping Fail Limit: 3
Ping Interval: 10 (seconds)
Round Trip Time: 0.12 (ms)
Packet Lost Rate: 0.59 (%)
TCP Throughput: 125000000 (Bytes/sec)
Loss‐RTT Product: 1 (us)
RON Packets In: 235
RON Packets Out: 138
Data Packets In: 434741
Data Packets Out: 97751
Data Bytes In: 546980 (KB)
Data Bytes Out: 6264 (KB)
Local Processor: 2.2
Last Error Code: 0
Control Errors: 0
CLI Reference
14 - 21
Chapter 14
RON
Data Errors: 0
Figure 14.7 Sample Output: show ron tunnel redundancy
stoweA(cfg)# show ron tunnel redundancy
Name: Redundancy
Peer: stoweB
Tunnel State: Connected
Uptime: 0d, 01:01:55
Interface: VLAN/1010
Remote Address: 10.50.250.9
Security Policy:
Ping Fail Limit: 12
Ping Interval: 1 (seconds)
Round Trip Time: 0.08 (ms)
Packet Lost Rate: 0.59 (%)
TCP Throughput: 125000000 (Bytes/sec)
Loss‐RTT Product: 0 (us)
RON Packets In: 9893
RON Packets Out: 10052
Data Packets In: 19151
Data Packets Out: 19291
Data Bytes In: 2762 (KB)
Data Bytes Out: 2902 (KB)
Last Error Code: 0
Control Errors: 0
Data Errors: 0
14 - 22
shutdown (cfg-if-vlan-ron-tnl)
shutdown (cfg-if-vlan-ron-tnl)
Purpose
Use the no form of the command to open the local end of the RON tunnel.
Use this command to shut down a RON tunnel at the local end.
Mode
Security Role(s)
Syntax
Default(s)
Guidelines
Samples
cfg-if-vlan-ron-tnl
network-engineer or crypto-officer
no shutdown
shutdown
shutdown
Use the show ron tunnel command to view RON-tunnel status.
bstnA(cfg‐if‐vlan‐ron‐tnl[testTunnel])# shutdown
shuts down the current RON tunnel, “testTunnel.”
bstnA(cfg‐if‐vlan‐ron‐tnl[toLA])# no shutdown
activates the current RON tunnel.
Related Commands
CLI Reference
ron tunnel
show ron tunnel
14 - 23
Chapter 14
RON
14 - 24
15
Redundant Pairs (HA)
clear counters redundancy
clear counters redundancy
Purpose
Mode
Security Role(s)
Syntax
Use this command to clear the counters in the various show redundancy ...
commands.
priv-exec
network-technician, network-engineer, storage-engineer, or crypto-officer
clear counters redundancy [heartbeat | transition | network | critical‐services]
heartbeat (optional) clears only the heartbeat-related counters. This applies to
heartbeats over the redundant-pair link (from show redundancy peer) as well as
quorum-disk heartbeats (from show redundancy quorum-disk).
transition (optional) clears the counters associated with state/status transitions. This
applies to all transition counters in all show redundancy ... commands.
network (optional) clears only the network counters, from the show redundancy
network output. See clear counters redundancy network for details.
critical-services (optional) clears the counters associated with critical-services (from
show redundancy critical-services).
Default(s)
If you omit all of the optional flags, this clears all redundancy counters from all show
redundancy ... commands.
Platforms
any except ARX-VE
Guidelines
These counters appear in the output of four show commands:
•
show redundancy peer,
•
show redundancy quorum-disk,
•
show redundancy network, and
•
show redundancy critical-services.
The first two of these commands have heartbeat counters that track the number of
exchanged heartbeats. All of them have transition counters that track the number of
times that the connection state has changed.
Samples
bstnA# clear counters redundancy
bstnA#
clears all counters.
bstnA# clear counters redundancy heartbeat
bstnA#
clears only the heartbeat-related counters. This does not clear any
transition-related counters.
bstnA# clear counters redundancy transition
bstnA#
clears all transition-related counters from all show redundancy ... output.
CLI Reference
15 - 3
Chapter 15
Redundant Pairs (HA)
Related Commands
15 - 4
show redundancy peer
show redundancy quorum-disk
show redundancy network
show redundancy critical-services
clear counters redundancy network
critical route
critical route
Purpose
Use this command to designate an external subnet as “critical,” so that a failover may
occur if there is no route to the subnet.
Use the no form of the command to make a subnet non-critical.
Mode
Security Role(s)
Syntax
cfg-redundancy
network-engineer or crypto-officer
critical route subnet mask
no critical route subnet mask
subnet (0.0.0.0-255.255.255.255) is the IP address of the subnet. This must be
reachable through at least one static route; use show ip route to view all static routes.
mask (0.0.0.0-255.255.255.255) is the netmask, which identifies the network part of
the subnet address.
Default(s)
No critical routes
Platforms
any except ARX-VE
Guidelines
The CLI prompts for confirmation if the route is down, the peer is down, or there is
some other issue. Enter yes if you want to proceed anyway.
You can re-issue this command multiple times to establish multiple critical routes.
If a critical route fails on the current peer and the other peer has no failures, control
fails over to the other peer. If the other peer has any failures that would ordinarily
cause a failover (such as a major hardware fault), no failover occurs. This prevents
unnecessary failovers.
The ARX tests for failure with regular ARP requests. Every 20 seconds, the ARX
sends an ARP to the route’s gateway. (The gateway is configured with the ip route
command.) If the gateway fails to respond, the ARX waits an additional 20 seconds
before asking the peer if it is possible to fail over. The ARPs continue indefinitely at
20-second intervals. If the gateway responds before the failover is initiated, the
failover does not occur.
The ARX uses one of its in-band (VLAN) management addresses to send those ARP
requests. The subnet you identify with this command must have a management address
for its VLAN. Use the interface vlan command to create an in-band management
address for a the subnet’s VLAN.
From gbl-ns-vol-shr mode, you can declare a namespace share as a critical resource
with the critical command.
Critical routes (unlike critical shares) are not shared between redundant switches. This
is because the switches may have different visibility into the network. To duplicate a
critical route, issue this command on both peers.
To show all critical routes and shares on the current peer, use the show redundancy
critical-services command.
CLI Reference
15 - 5
Chapter 15
Redundant Pairs (HA)
Samples
bstnA(cfg‐redundancy)# critical route 172.16.54.0 255.255.255.0
designates a class-C subnet as a critical route. If the ARX loses all routes to that
subnet and its redundant peer has no serious issues, a failover occurs.
bstnA(cfg‐redundancy)# no critical route 172.16.0.0 255.255.0.0
removes a class-B subnet from the list of critical subnets.
Related Commands
15 - 6
redundancy
show redundancy critical-services
critical
interface vlan
enable (cfg-redundancy)
enable (cfg-redundancy)
Purpose
Mode
Security Role(s)
Syntax
Use this command to enable redundant pairing on the current switch.
cfg-redundancy
network-engineer or crypto-officer
enable
no enable
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Before you enable redundant pairing through enable (cfg-redundancy), you must
complete the following steps:
1.
For ARX-2000 or ARX-4000: Prepare interfaces or a channel to connect
the switches.
At both switches, define an interface that can be used in a redundant-pair link
(redundancy protocol), or define a larger channel between the two switches
(redundancy protocol (cfg-channel)).
This is unnecessary for the ARX-500, which has a dedicated port for this link.
2.
For ARX-500 only: configure a ron tunnel between the switches to carry
the redundancy heartbeats.
3.
At each switch, identify the redundant peer using the peer command.
4.
Define the quorum disk by using the quorum-disk command on both
switches. Each peer writes its heartbeats to the same external-filer share,
called a quorum disk, and reads the heartbeats from its peer. The quorum
disk configuration must be identical on both switches.
The enable command then starts the initial rendezvous of the switches. Once this
command is invoked on the peer switch, the rendezvous can proceed. The pair is
joined after the rendezvous is complete.
Guidelines:
Resilvering
Guidelines:
Senior-Switch
Election
CLI Reference
The enable command invokes the initial-rendezvous process, which then starts the
metalog (namespace log) resilvering process. Metalog resilvering is duplicating the
metalog data from the active peer to the backup peer. The metalog data must be
mirrored on both peers to ensure that the namespace software can fail over. You may
want to monitor the resilvering process if the peers are separated by a long distance:
you can use the show redundancy metalog command for this. If resilvering times
out due to excessive latency, you can use the resilver-timeout command to reset the
timeout value.
The senior switch is elected based on its global configuration; if switch A has any
namespaces or global servers and switch B does not, switch A becomes the senior
switch. If neither has any namespaces or global servers, the one with the lower
rendezvous address (established with the peer command) is elected senior. If both
have namespaces and/or global servers, the rendezvous fails; see below.
15 - 7
Chapter 15
Redundant Pairs (HA)
Guidelines: Failure
Recovery
One of the switches (if not both) should be devoid of any namespaces or global servers
before you enable redundancy. If both have examples of these global-configuration
objects, the rendezvous fails. Use the show redundancy history command to detect
this failure. To recover, use the clear global-config command to remove all
global-config from one of the peers and reboot it. Then enable redundancy again.
The rendezvous also fails if the private subnets of the peers match, or if one peer’s
private subnet matches any private subnet in the other’s RON. The show redundancy
history command indicates this problem if it occurs. To recover, use no enable to
undo the redundancy configuration, use ip private subnet reassign on one of the
switches, then try enabling redundancy again.
The switches continue to retry the rendezvous indefinitely. If you decide to abandon
the pairing, you can use no enable to stop the switches from retrying. The no enable
feature is disabled after the pair successfully forms.
Sample
prtlndA(cfg‐redundancy)# enable
enables redundant pairing on the current switch.
Related Commands
15 - 8
redundancy protocol
redundancy protocol (cfg-channel)
redundancy
peer
quorum-disk
show redundancy
show redundancy history
nsm binary-core-files
nsm binary-core-files
Purpose
By default, an NSM processor creates a detailed binary-core file if it has a failure. On
the advice of F5 Support, you can use no nsm binary-core-files to return to the
smaller ASCII form of NSM-core files.
The nsm binary-core-files command re-instates detailed core files from NSM
processors. The core file is useful for diagnosing processor failures.
Mode
Security Role(s)
Syntax
cfg
crypto-officer
nsm binary‐core‐files
no nsm binary‐core‐files
Default(s)
nsm binary‐core‐files
Platforms
ARX-500, ARX-2000, and ARX-4000
Guidelines
Only use this command on the advice of F5 Support.
An NSM processor requires very-little time to generate the smaller ASCII form of
NSM-core files, but they offer less information for later diagnosis. An NSM processor
requires up to three minutes to generate the detailed binary-core file, but it fails over to
its peer processor at the beginning of the process. If two peer processors fail at the
same time, the ARX fails over to its redundant peer before they write their core files.
The extra time to write the binary-core file(s) has no effect on clients.
Important
A standalone ARX, without a redundant peer, loses service for up to three
minutes if two peer processors fail at the same time. Without an ARX
peer, clients must wait for the peer processors to write their binary-core
files. For this reason and others, we recommend redundant ARXes at all
live customer deployments.
An ARX-500 requires nsm recovery before you can enable this feature.
Use the show nsm command to see the current setting for binary-core files.
Sample
bstnA(cfg)# nsm binary‐core‐files
sets the current chassis to produce detailed, binary-core files in the event of any
NSM-processor failure.
Related Commands
CLI Reference
nsm recovery
show nsm
15 - 9
Chapter 15
Redundant Pairs (HA)
nsm recovery
Purpose
Each NSM-processor core has a redundant peer that takes over in case of a failure. A
recovered processor goes into a “Standby” state while its peer processor manages all
network traffic for both. If the peer processor fails, all network traffic fails back to the
peer that failed first. On the advice of F5 Support, you can use no nsm recovery to
prevent NSM-processor recoveries on this ARX.
The nsm recovery command re-enables this ARX’s NSM processors to recover from
failures.
Mode
Security Role(s)
Syntax
cfg
crypto-officer
nsm recovery
no nsm recovery
Default(s)
nsm recovery
Platforms
ARX-500, ARX-2000, and ARX-4000
Guidelines
Only use this command on the advice of F5 Support.
The show processors command shows all NSM processors that are in the standby
state.
This command cannot run on an ARX-2000 chassis. An ARX-2000 contains four
cores on a single chip, so it cannot benefit from the nsm recovery command. If a core
fails on the ARX-2000, it remains in the “Failed” state while its peer core processes all
of its traffic.
On an ARX-500, this must be enabled before you can enable nsm binary-core-files.
The nsm binary-core files command enhances the diagnostic files produced by an
NSM processor when it fails. It is enabled by default.
You can use the show nsm command to see the current setting for NSM-processor
recovery and/or binary-core files.
Guidelines: Enabling
Warm Restarts
Samples
You also have the option to make individual cores restart independently, without
necessarily putting the entire NSM processor into the “Standby” state. Use the nsm
warm-restart command to enable these restarts.
prtlndA(cfg)# no nsm recovery
stops NSM-processor recovery on the current chassis. If a processor fails, it fails
over to its peer once; if the peer fails later, the ARX reboots.
bstnA(cfg)# nsm recovery
sets up the NSM-processors to recover after a failure and assume a hot-standby
state.
Related Commands
15 - 10
nsm binary-core-files
nsm warm-restart
show nsm
nsm warm-restart
nsm warm-restart
Purpose
An NSM-processor core can attempt to restart after a failure, without causing its entire
NSM processor to reboot and go into a “Standby” state. Other cores on the same NSM
processor are unaffected by this warm-restart of the failed core. Use the nsm
warm-restart command to make NSM cores attempt these warm restarts.
The no nsm warm-restart command returns to the default: if any core fails on an
NSM processor, the entire processor reboots.
Mode
Security Role(s)
Syntax
cfg
crypto-officer
nsm warm‐restart
no nsm warm‐restart
Default(s)
nsm warm‐restart
Platforms
ARX-2000 and ARX-4000
Guidelines
This command localizes the effects of an NSM-core failure. Only the core that failed
restarts, without affecting any sister cores on the same processor.
A warm restart produces a core-memory file, visible with the show cores command.
The core-memory files produced by this failure are smaller than those produced by a
full NSM restart, but they contain enough information for F5 Engineering to analyze
the failure. The size of the core-memory file is unaffected by the nsm
binary-core-files command.
There are two internal counters, restart count and restart limit, that prevent repetitive
warm restarts. The restart limit is 3, and the restart count applies to an entire NSM
processor (or CPU). If core 1 fails on a four-core CPU, and then core 3 fails on the
same CPU, the NSM CPU has a restart count of 2. If the restart count reaches the
restart limit (3), the entire NSM CPU reboots and behaves as dictated by the nsm
recovery setting.
Each restart event times out after 24 hours, decrementing the restart count by one. For
example,
•
At noon on Thursday, core 1 restarts - restart count = 1.
•
At 5PM on Thursday, core 3 restarts - restart count = 2.
•
At noon on Friday, core 1’s restart times out - restart count = 1.
•
At 5PM on Friday, core 3’s restart times out - restart count = 0.
You can use the show nsm command to see the current settings for NSM warm
restarts, NSM-processor recovery, NSM binary-core files. To see the history of warm
restarts on this system, use the show nsm warm-restart history command.
Hardware faults are too severe to allow for a warm restart. For hardware faults, the
NSM processor fully reboots and restarts as set by the nsm recovery command.
Sample
bstnA(cfg)# nsm warm‐restart
sets up the NSM-processor cores to independently restart on failure, without
affecting any other cores on the same processor.
CLI Reference
15 - 11
Chapter 15
Redundant Pairs (HA)
Related Commands
15 - 12
nsm recovery
nsm binary-core-files
show nsm
show nsm warm-restart history
peer
peer
Purpose
At each redundant peer, use this command to identify the other switch.
Use the no form of the command to remove the redundant-peer configuration.
Mode
Security Role(s)
Syntax
cfg-redundancy
network-engineer or crypto-officer
peer peer‐address
no peer
peer-address (0.0.0.0-255.255.255.255) is one of the peer switch’s management-IP
addresses. This can be the out-of-band (MGMT) interface or one of the switch’s
inband (VLAN) management interfaces. For the ARX-1500 and ARX-2500, you must
use the inband management interface defined for the redundancy link: define a special
VLAN for the link (with vlan and members (cfg-vlan) for a standalone link, or with
vlan (cfg-channel) for a channel), and use the interface vlan and ip address
(cfg-if-vlan) commands to create the inband-management IP.
Default(s)
Port default is 49800.
Platforms
any except ARX-VE
Guidelines
A rendezvous occurs after you issue enable (cfg-redundancy) at the second switch.
Each switch uses its peer-address to contact the other switch and exchange
information for the join operation. It also uses this address for regular heartbeat
exchanges.
Define the redundant peer before issuing enable (cfg-redundancy) on the switches.
Use the show redundancy peer command to see the current configuration for the
peer, as well as heartbeat counters.
Sample
bstnA(cfg‐redundancy)# peer 10.1.1.12
identifies the switch at 10.1.1.12 as the current switch’s redundant peer.
Related Commands
CLI Reference
redundancy
enable (cfg-redundancy)
show redundancy peer
15 - 13
Chapter 15
Redundant Pairs (HA)
quorum-disk
Purpose
Mode
Security Role(s)
Syntax: NFS
Use this command to set up a quorum disk for a redundant pair.
cfg-redundancy
network-engineer or crypto-officer
quorum‐disk nfs‐server:/export[path] {nfs2 | nfs3 | nfs3tcp}
nfs-server:/export[path] (1-1024 characters) selects an NFS export:
nfs-server is the IP address for the filer (for example, 192.168.70.65). This
address must be on a server (proxy-IP) subnet (see ip proxy-address) or
reachable through a gateway on that subnet (via static route: see ip route to create
a static route).
export is the path to an NFS export on the server.
path (optional) is the specific directory to use.
nfs2 | nfs3 | nfs3tcp is a required choice; this is the NFS protocol to use for accessing
the quorum-disk share.
Syntax: CIFS
quorum‐disk \\cifs‐server\share[\path] cifs [DOMAIN/]username spn spn
\\cifs-server\share[path] (1-1024 characters) is the syntax for a CIFS share.
cifs-server is the IP address for the filer (for example, 192.168.23.23). This
address must be reachable, as described above for an NFS filer.
share is the specific share to use.
path (optional) is a path within the share.
cifs is a required keyword.
[DOMAIN/]username (1-1024 characters) is the username that the redundancy
software can use to write to the CIFS share. If you use a short DOMAIN name, like
“medarch,” you authenticate with NTLM or NTLMv2. If you use an FQDN for the
domain, like “medarch.org,” you use Kerberos authentication.
spn spn (required for a Windows 2008 cluster, optional for other servers; 1-255
characters) is the Service-Principal Name (SPN) for the back-end server. You require a
SPN to connect to a CIFS service on any Windows 2008 cluster.
Default(s)
path defaults to the top of the NFS export or CIFS share.
Platforms
any except ARX-VE
Guidelines
The quorum disk is an NFS or CIFS share on any reliable, external filer. Each peer
records its heartbeat messages on the quorum disk, and reads the heartbeat messages
from the other. This is another path for reading the peer’s heartbeats, in addition to the
path through the redundant-pair link.
The quorum disk also records ballot information for senior-switch election (see show
redundancy ballots).
15 - 14
quorum-disk
Guidelines:
Filer/Share
Requirements
Use a highly-available, high-performance filer for the quorum disk. Round trip data
write times for 1 block of quorum-disk data must be below 1 second. Slow-performing
filers may cause the redundancy state to fluctuate and could lead to unnecessary switch
down time.
The quorum disk’s volume must be capable of storing 1 MB of file data. Use a share
that blocks until the data is written to disk; no caching should be enabled for the share.
If the quorum disk is an NFS export, it must be configured (at the filer) for
synchronous writes. Use the ‘sync’ option. We also recommend that you specify the
no_wdelay option. CIFS shares do not have this configuration issue; they perform
synchronous writes on request.
Guidelines: Filer
Connectivity
Guidelines: Command
Usage
Each peer uses one of its in-band (VLAN) management addresses to communicate
with the quorum disk’s filer. Use the interface vlan command to create an in-band
management address for a particular VLAN. The switch can reach the quorum-disk
filer through this interface if
•
the filer is on the same VLAN as the management interface, or
•
the filer is reachable through a static ip route that goes through a gateway on the
same VLAN as the management interface.
If you connect to a CIFS share, the CLI prompts for a password to use for accessing
the filer. It prompts a second time to confirm the password. For both prompts, enter the
password for the username.
Use the show redundancy quorum-disk command to view the current configuration
for the quorum disk, as well as some counters.
Samples
bstnA(cfg‐redundancy)# quorum‐disk 172.16.4.98:/lhome/qdisk1 nfs3
configures an NFS quorum disk.
provB(cfg)# quorum‐disk \\10.10.201.8\qd cifs BOSTONCIFS/juser spn svcA@BOSTONCIFS
Password: jpasswd
Confirm: jpasswd
configures a CIFS quorum disk.
Related Commands
CLI Reference
redundancy
show redundancy quorum-disk
15 - 15
Chapter 15
Redundant Pairs (HA)
redundancy
Purpose
Mode
Security Role(s)
Syntax
Use this command to start configuring redundancy between two switches. If an ARX
with a redundant peer experiences a catastrophic failure, all of its services fail over to
its peer ARX.
cfg
network-engineer or crypto-officer
redundancy
Default(s)
None.
Platforms
any except ARX-VE
Guidelines: Before
You Begin
Before you configure redundancy, you must connect the two peers together with a
redundancy link. You can use a single port for this, but we recommend two or more
ports in a channel.
The ARX-1500 and ARX-2500 use layer-3 (IP) networking software for exchanging
heartbeats and important metalog data between the peers, so they require layer-3
configuration for their redundancy link. Use these commands to set up a layer-3
connection:
•
•
Establish a new VLAN for this link. This requires different CLI commands for a
channel than it does for a stand-alone port:
–
For a channel, use the vlan (cfg-channel) command to assign the channel
to the VLAN.
–
For a single port, use the vlan command to create a new VLAN, then use
members (cfg-vlan) to assign the single port to that VLAN.
Use the interface vlan to create a management-IP interface on the VLAN; this
puts you into cfg-if-vlan mode.
–
From cfg-if-vlan mode, use the ip address (cfg-if-vlan) command to
establish an in-band (VLAN) IP address. You later use this
VLAN-management IP address to identify this ARX to its peer, as described
below.
–
From the same mode, use redundancy (cfg-if-vlan) to designate the
interface for exchanging metalog data and heartbeats.
–
From the same mode, use no shutdown (cfg-if-vlan) to enable the
management interface.
Other platforms use a layer-2 connection for their redundancy link. After cabling the
peers together, you use the redundancy protocol command on the link’s interface to
designate it for use as this link. If you use multiple links in a channel, as
recommended, you use the redundancy protocol (cfg-channel) command instead.
15 - 16
redundancy
Guidelines
The cfg redundancy command brings you to cfg-redundancy mode, where you
configure the parameters for creating a redundant pair. From this mode, you use the
peer command to identify the redundant peer; for the ARX-1500 and ARX-2500, you
must use the other peer’s in-band (VLAN) IP address at the other end of the
redundancy link. You also use quorum-disk to identify an external-filer share to be
used as a quorum disk. Repeat these steps at the peer switch, which must have
redundancy parameters that agree. Once the parameters match on both switches, you
enable the redundant pair with enable (cfg-redundancy) at each peer.
The enable command invokes the initial-rendezvous process, which then starts the
metalog (namespace log) resilvering process. Metalog resilvering is duplicating the
metalog data from the active peer to the backup peer. The metalog data must be
mirrored on both peers to ensure that the namespace software can fail over. You may
want to monitor the resilvering process if the peers are separated by a long distance:
you can use the show redundancy metalog command for this. If resilvering times
out due to excessive latency, you can use the resilver-timeout command to reset the
timeout value.
For rare situations where network maintenance may cause unwanted failovers, you can
use the suspend-failover command to suspend failovers for a short time. Use the no
form of the command to lift the suspension when the maintenance is finished.
Guidelines: ARX-1500
and ARX-2500
Redundancy
The ARX-1500 and ARX-2500 store their metalog data on their internal disks, along
with logs, software-release files, and other management data. Managed volumes write
their metalog data as clients change the volume state; the metalog is used to restore the
volume configuration in the event of a failure. The metalog is also copied to the
redundant peer. The speed of many volume operations depends on fast metalog writes.
Some other system operations create a large number of writes to the internal disk,
potentially slowing metalog writes. This can slow volume performance, even if it
occurs on the backup peer. For example, the process of upgrading the software release
is extremely disk intensive, and may cause a noticeable performance degradation.
During an upgrade, you use
•
the copy command (copy ftp, copy {nfs|cifs}, copy scp, or copy tftp) to copy a
full release file to the disk, and
•
the boot system command to unpack the release file on the disk.
You should perform such disk-intensive operations during off-peak hours on the
ARX-1500 and ARX-2500. This is true whether you run the operations on the active
peer or the backup.
Guidelines: ARX-VE
Redundancy
Sample
The ARX-VE is a Virtual Appliance (VA, similar to a VM) that runs on a standard
hypervisor, and uses the same redundancy mechanisms that are used in a VM cluster.
If the ARX-VE’s hypervisor host fails, an identical ARX-VE on a peer hypervisor
resumes processing. This does not require any additional configuration on the ARX, so
the redundancy command, cfg-redundancy mode, and other ARX-redundancy
operations are excluded from the ARX-VE CLI.
bstnA(cfg)# redundancy
bstnA(cfg‐redundancy)# ...
starts redundancy configuration.
CLI Reference
15 - 17
Chapter 15
Redundant Pairs (HA)
Related Commands
15 - 18
enable (cfg-redundancy)
quorum-disk
show redundancy
show redundancy metalog
resilver-timeout
suspend-failover
redundancy force-active
redundancy force-active
Purpose
Mode
Security Role(s)
Syntax
Use this command to resolve a rare scenario (described below) where one peer has
failed unrecoverably and the other will not take over as the active peer.
priv-exec
network-technician, network-engineer, or crypto-officer
redundancy force‐active
Default(s)
None.
Platforms
any except ARX-VE
Guidelines
This command forcibly promotes the backup peer to active status.
Important
This command discards any forward progress made at the other peer. It
also re-imports all namespaces, forcing all clients to re-mount all
front-end services. Never use this command unless under the
circumstances below, and with the advice of F5 personnel.
Consider a redundant pair where Peer A is active and Peer B is either active or backup.
Peer B fails, then (later) Peer A fails unrecoverably. When Peer B recovers, it refuses
to take an active role because it knows that it was down while Peer A was active: Peer
A may therefore have changed its configuration or managed some transactions with
back-end filers. If Peer B were to take control, all such configuration changes and
transactions would be lost. In this scenario, Peer B waits indefinitely for Peer A and
the redundant pair never comes back online.
You need to force Peer B to take an active role, thus abandoning any configuration
changes or transactions that occurred on Peer A. The peer switch must be offline, and
the current switch must have been up and waiting for its peer to come online for at
least 5 minutes. Also, the quorum disk must be online and available. Use the show
redundancy command to verify that the peer is down and the quorum disk is
connected.
The CLI warns you before discarding transactions and rebooting both peers. Enter yes
to proceed.
Sample
bstnA(cfg)# redundancy force‐active
CAUTION: To avoid data corruption, the peer switch MUST BE OFFLINE and
remain offline while this command executes. Any global configuration
changes made on the Active peer switch while this switch was
unavailable will be lost. All namespaces will be re‐imported
automatically to ensure consistency in the metadata. All in‐flight
transactions not synchronized will be lost. NFS‐based clients will
need to remount. Please contact Technical support for further advice.
Proceed? [yes/no] yes
bstnA(cfg)# ...
CLI Reference
15 - 19
Chapter 15
Redundant Pairs (HA)
forces the “bstnA” switch to take active status in its redundant pair.
Related Commands
15 - 20
show redundancy
resilver-timeout
resilver-timeout
Purpose
The redundant peers exchange their metalog (namespace-transaction) data during
initial rendezvous, or after a failover. This is called resilvering the metalog data. At
some sites, the latency between peers is high enough that the resilvering process times
out before the pair can form. On the advice of F5 Support, you can use this command
to increase the time allowed for resilvering.
Use the no form of the command to reset the resilvering timeout to its default.
Mode
Security Role(s)
Syntax
cfg-redundancy
network-engineer or crypto-officer
resilver‐timeout minutes
no resilver‐timeout
minutes (6-60) is the maximum number of minutes for resilvering. If this time expires
before resilvering is complete, the redundant pair cannot form.
Default(s)
6 minutes
Platforms
any except ARX-VE
Guidelines
A rendezvous occurs after you issue enable (cfg-redundancy) at the second switch.
A failover occurs whenever the active switch fails and the backup switch takes control.
You can use this command to increase the time allotted for resilvering metalog data
during a rendezvous or a failover.
The default is sufficient for most sites. Use this command only on the advice of F5
Support. It is unnecessary if you use a direct layer-2 connection for the redundancy
link. The packet latency on a direct connection is typically very short.
If resilvering times out, the redundancy software retries until it succeeds. This severely
impacts system performance. You can use the show redundancy history command
to see the results of resilvering (referenced as “synchronization” in that output), and
determine whether or not it is repetitively timing out. You can use show redundancy
metalog to monitor the resilvering process as it occurs.
Use the show redundancy resilver-timeout command to see current timeout value
for resilvering.
Sample
provA(cfg‐redundancy)# resilver‐timeout 10
sets the resilvering timeout to 10 minutes on the “provA” switch. The resilvering
process has 10 minutes to complete after rendezvous or failover.
Related Commands
CLI Reference
redundancy
show redundancy resilver-timeout
show redundancy metalog
15 - 21
Chapter 15
Redundant Pairs (HA)
show nsm
Purpose
Mode
Security Role(s)
Syntax
The show nsm command shows the current state of the NSM-maintenance features:
processor recovery and binary-core files. For each of these features, this command
shows the administrative setting as well as whether or not the setting is operational.
(any)
crypto-officer
show nsm [recovery | binary‐core‐files | warm‐restart]
recovery | binary-core-files | warm-restart (optional) focuses the output on the state
of a single NSM-maintenance feature. If you omit these, the output shows the state of
all NSM features.
Platforms
Guidelines
ARX-500, ARX-2000, and ARX-4000
The output contains a separate table for each NSM-maintenance feature, Recovery,
Binary Core Files, and Warm-Restart. Each table has one row per NSM, where each
row has the following fields:
Proc identifies an NSM processor, in slot.processor format.
Status - Admin is the status that was last set for this feature.
Status - Operational is the feature’s actual status.
You can use [no] nsm recovery to disable or re-enable NSM-processor recovery. You
can also use [no] nsm binary-core-files to change NSM-processor core files to an
ASCII format or a larger binary format. NSM recovery must be enabled before you
can enable NSM binary-core files. Only change these settings on the advice of F5
Support. The final table concerns the [no] nsm warm-restart command; this allows a
processor core to fail and recover independently, without rebooting the entire
processor.
15 - 22
show nsm
Sample
bstnA# show nsm binary‐core‐files
Binary Core Files:
Status
Proc Admin Operational
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐
2.1 Enabled Enabled
2.2 Enabled Enabled
2.3 Enabled Enabled
2.4 Enabled Enabled
2.5 Enabled Enabled
2.6 Enabled Enabled
2.7 Enabled Enabled
2.8 Enabled Enabled
2.9 Enabled Enabled
2.10 Enabled Enabled
2.11 Enabled Enabled
2.12 Enabled Enabled
shows that the current chassis is configured to produce detailed, binary core files
in the event of an NSM-processor failure.
Related Commands
CLI Reference
nsm recovery
nsm binary-core-files
nsm warm-restart
15 - 23
Chapter 15
Redundant Pairs (HA)
show nsm warm-restart history
Purpose
Mode
Security Role(s)
Syntax
To show the history of warm restarts by the NSM-processor cores, use the show nsm
warm-restart history command.
(any)
crypto-officer
show nsm warm‐restart history [processor slot.processor]
processor slot.processor (optional) specifies one NSM processor for which to view
this history. If you omit this option, the output includes warm-restart history for all
NSM processors.
slot (2 for ARX-4000; 1 for any other) is the slot number.
processor is the processor number. Use the show processors command to show
all processors and their associated slot.processor IDs.
Platforms
Guidelines
ARX-500, ARX-2000, and ARX-4000
An NSM warm restart occurs when an NSM-processor core encounters a catastrophic
software failure and reboots, without causing any other cores to reboot with it. A
warm restart is only possible on a system where nsm warm-restart is enabled.
The output contains two tables, one that shows the most-recent recent warm restart and
another that shows the current values for restart count and restart limit. The restart
count is the sum of all restarts for a given CPU’s cores, and the restart limit is the
maximum number of restarts for each CPU. If a core fails after its CPU’s restart count
reaches the restart limit, the entire CPU reboots. The full-CPU reboot follows the rules
set by the nsm recovery command.
The first table has one row per NSM processor, with the following fields:
Proc identifies the NSM processor, in slot.processor format. This identifies a
specific core on the CPU.
CPU identifies the NSM-processor CPU, where each CPU typically contains
multiple cores. This field identifies the CPUs with a letter, such as A, B, or C.
Restart Number is the most-recent restart number for this core. The full restart
count for the CPU is the sum of all its cores’ Restart Numbers. As mentioned
above, you use the nsm warm-restart command to make warm restarts possible
for NSM cores.
Date/Time (UTC) is time stamp (if any) for the most-recent warm restart.
The second table shows the number of restarts remaining for each hardware CPU from
the first table:
Slot is the slot number for the NSM processor.
CPU identifies the NSM-processor CPU, where each CPU typically contains
multiple cores. This maps to the CPU field in the table above.
Restart Remaining is the number of warm restarts remaining for this NSM CPU.
This count decreases by one every time one of the CPU’s cores has a warm
restart. It increases by one every time a warm restart ages by 24 hours.
Restart Limit is the total number of restarts allowed for each CPU.
15 - 24
show nsm warm-restart history
Samples
bstnA# show nsm warm‐restart history
shows the warm-restart history for all NSM processors in the “bstnA” chassis. See
Figure 15.1 for sample output., without any warm restarts.
prtlndA# show nsm warm‐restart history
shows the warm-restart history for all NSM processors in the “prtlndA” chassis.
See 15.2, on page 15-26 for sample output., where two warm restarts occurred
in the last 24 hours.
Related Commands
nsm recovery
nsm binary-core-files
nsm warm-restart
Figure 15.1 Sample Output: show nsm warm-restart history
bstnA# show nsm warm‐restart history
Proc CPU Restart Date/Time(UTC)
Number
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2.1 A 0
2.2 A 0
2.3 A 0
2.4 A 0
2.5 B 0
2.6 B 0
2.7 B 0
2.8 B 0
2.9 C 0
2.10 C 0
2.11 C 0
2.12 C 0
Slot CPU Restart
Remaining
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
2 A 3
2 B 3
2 C 3
Restart Limit: 3
CLI Reference
15 - 25
Chapter 15
Redundant Pairs (HA)
Figure 15.2 Sample Output: show nsm warm-restart history (with restarts)
prtlndA# show nsm warm‐restart history
Proc CPU Restart Date/Time(UTC)
Number
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1.2 A 1 06/22/2011 02:51:36 ‐0400
1.3 A 1 06/22/2011 02:52:00 ‐0400
1.4 B 0
1.5 B 0
Slot CPU Restart
Remaining
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1 A 1
1 B 3
Restart Limit: 3
15 - 26
show redundancy
show redundancy
Purpose
Mode
Security Role(s)
Syntax
Use this command to show high-level status for the redundant pair.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Node is 1 for the initial-senior switch, 2 for the initial-junior switch, or QD for the
quorum disk. The asterisk (*) indicates the local node.
Switch/Quorum Disk identifies each node with a hostname or IP address.
Status is Up, “Up,NoFovr,” Down, Suspended, or Unknown for a redundant peer.
The “UpNoFovr” status indicates that someone used suspend-failover to temporarily
freeze the Active/Backup status of the peers and suspend failovers.
The status is Up, “Up,NoHb,” Pending, or Down for the quorum disk. “Up,NoHb”
means that the quorum disk is up but not showing any heartbeats from the peer yet.
Role is Active, Backup, or Quorum. The senior peer is always Active, meaning it can
run namespace software and virtual servers. The junior peer is “Backup;” it is a hot
standby for the active peer.
Transitions: Total is the number of times that the Status has changed. This
increments for each failover. If there has never been a failover, the Total is “Never.”
Transitions: Last (UTC) is the timestamp for the last status change, in Universal
Coordinated Time (UTC).
Sample
Related Commands
See the sample output in Figure 15.3.
redundancy
Figure 15.3 Sample Output: show redundancy
prtlndA> show redundancy
Transitions
Node Switch/Quorum Disk Status Role Total Last (UTC)
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
*1 prtlndA Up Active Never ‐
2 prtlndB Up Backup 1 05:33:19 09/14/2009
QD 192.168.74.83 Up Quorum 1 05:33:07 09/14/2009
CLI Reference
15 - 27
Chapter 15
Redundant Pairs (HA)
show redundancy all
Purpose
Mode
Security Role(s)
Syntax
Use this command to show all redundant-pair information with a single command.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy all
Default(s)
None
Platforms
any except ARX-VE
Guidelines
This command shows all flavors of show redundancy ... output, in the following
order:
1.
show redundancy
2.
show redundancy history
3.
show redundancy peer
4.
show redundancy ballots
5.
show redundancy network
6.
show redundancy critical-services
7.
show redundancy resilver-timeout
8.
show redundancy quorum-disk
For details about the show redundancy all output, refer to the command descriptions
for these individual commands.
Sample
Related Commands
See the sample output in Figure 15.4.
redundancy
Figure 15.4 Sample Output: show redundancy all
prtlndA> show redundancy all
Transitions
Node Switch/Quorum Disk Status Role Total Last (UTC)
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
*1 prtlndA Up Active Never ‐
2 prtlndB Up Backup 2 06:21:10 08/25/2010
QD 192.168.74.83 Up Quorum 1 06:18:55 08/25/2010
Date/Time(UTC) Recent History
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
08‐25 06:21:15 Quorum disk is online, system is ready for failover
08‐25 06:21:10 Peer switch 'prtlndB' is now online
08‐25 06:19:20 Local switch wins seniority election (sr=1, epoch=3)
08‐25 06:19:10 Quorum disk is online, system is ready for failover
08‐25 06:19:05 Peer switch 'prtlndB' is now offline
08‐25 06:19:05 Peer is down, local switch will take over services (sr=1, epoch=3)
15 - 28
show redundancy all
08‐25 06:18:55 Quorum disk 192.168.74.83:/exports/quorum‐disk/portland1 is now online.
08‐25 06:18:45 Neither peer nor quorum disk is reachable, networking may not yet be online.
08‐25 06:18:24 Quorum disk 192.168.74.83:/exports/quorum‐disk/portland1 not responding after 4 seconds (possibly offline).
08‐25 06:16:18 Site quorum manager daemon started.
Peer
Name: prtlndB
IP Address: 10.1.23.12
Port: 49800
Status: Backup
Heartbeats
Sent: 838
Received: 792
Transitions
Count: 2
Last: 06:21:10 08/25/2010
Reason: Peer switch 'prtlndB' is now online
Ballot Cast
Node Switch/Quorum Disk Senior Switch Epoch
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
*1 prtlndA prtlndA 3
2 prtlndB prtlndA 2
QD 192.168.74.83 prtlndA 3
Last vote occurred at: 06:19:20 08/25/2010
Network VLAN Port(s) Admin Link Spanning‐Tree
State Status Status
‐‐‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
External 1 1/1 Enabled Down Disabled
External 1 1/2 Enabled Down Disabled
External 1 1/3 Enabled Down Disabled
External 1 1/4 Enabled Down Disabled
External 1 1/5 Enabled Up Manual Forwarding
External 1 1/6 Enabled Up Manual Forwarding
External 1 1/7 Disabled Down Disabled
External 1 1/8 Disabled Down Disabled
External 1 1/9 Disabled Down Disabled
External 1 1/10 Disabled Down Disabled
External 1 1/11 Disabled Down Disabled
External 74 1/5 Enabled Up Manual Forwarding
External 74 1/6 Enabled Up Manual Forwarding
Private 1008 1/12 Enabled Up Manual Forwarding
Metalog 1009 1/12 Enabled Up Manual Forwarding
Link Transitions:
Count: 3
Last: 06:18:15 08/25/2010
Reason: Port 1/12 link up
Last Cleared: Never
Transitions
Type Service Status Count Last (UTC)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
CLI Reference
15 - 29
Chapter 15
Redundant Pairs (HA)
meta‐only 192.168.74.89:/vol/vol1/mdata_A Up 1 2010‐08‐25 06:23:02
meta‐only 192.168.74.89:/vol/vol1/mdata_B Up 1 2010‐08‐25 06:23:12
quorum 192.168.74.83:/exports/quorum‐disk/portland1 Up 1 2010‐08‐25 06:18:55
route 0.0.0.0/0 Up 0 Never
share nemed~/acctShdw~back2 Up 0 Never
Counters last cleared: Never
Resilver Timeout: 6 minutes
Path: 192.168.74.83:/exports/quorum‐disk/portland1
Protocol: nfs2
Status: Up
Heartbeats
Sent: 1054
Received: 1006
Transitions
Count: 1
Last: 06:18:55 08/25/2010
Reason: Quorum disk 192.168.74.83:/exports/quorum‐disk/portland1 is now online.
Heartbeat Latency:
Heartbeat Latency Intervals (msec)
Time Interval [0‐499] [500‐999] [1000‐3999] [No Response]
‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02:00 ‐ 02:36 1056 0 0 0
01:00 ‐ 02:00 0 0 0 0
00:00 ‐ 01:00 0 0 0 0
23:00 ‐ 24:00 0 0 0 0
22:00 ‐ 23:00 0 0 0 0
21:00 ‐ 22:00 0 0 0 0
20:00 ‐ 21:00 0 0 0 0
19:00 ‐ 20:00 0 0 0 0
18:00 ‐ 19:00 0 0 0 0
17:00 ‐ 18:00 0 0 0 0
16:00 ‐ 17:00 0 0 0 0
15:00 ‐ 16:00 0 0 0 0
14:00 ‐ 15:00 0 0 0 0
13:00 ‐ 14:00 0 0 0 0
12:00 ‐ 13:00 0 0 0 0
11:00 ‐ 12:00 0 0 0 0
10:00 ‐ 11:00 0 0 0 0
09:00 ‐ 10:00 0 0 0 0
08:00 ‐ 09:00 0 0 0 0
07:00 ‐ 08:00 0 0 0 0
06:00 ‐ 07:00 0 0 0 0
05:00 ‐ 06:00 0 0 0 0
04:00 ‐ 05:00 0 0 0 0
03:00 ‐ 04:00 0 0 0 0
Heartbeat latency summary:
0‐499msec : 100.00%
500‐999 msec : 0.00%
1000‐3999 msec : 0.00%
No response : 0.00%
15 - 30
show redundancy ballots
show redundancy ballots
Purpose
Mode
Security Role(s)
Syntax
Each failover is followed by an election process to choose the senior switch. Use this
command to show the ballots from the most-recent redundancy election.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy ballots
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Node is 1 for the initial-senior switch, 2 for the initial-junior switch, or QD for the
quorum disk. The asterisk (*) indicates the local node.
Switch/Quorum Disk identifies each peer with a hostname or IP address.
Ballot Cast shows the most-recent seniority vote from each node:
Senior Switch is the switch that the node believes should be senior, and
Epoch is the epoch number that the node last recorded. All three quorum
members keep a common epoch number that increments with each failover. If one
node has a lower epoch number than the others, its vote for Senior Switch is
discounted.
Guidelines:
Redundancy
Elections
Each switch, as well as the quorum disk, stores an epoch number and the identity of
the senior switch. After a switch failure, this information is exchanged as election
ballots to determine which peer should have seniority. Ballots with higher epoch
numbers carry more weight in the election. If two nodes agree but disagree with the
third, the majority rules. The results determine which peer is senior.
None of the ballots are authoritative; use the show redundancy command to see
which peer(s) is/are currently active. (The senior switch is always active, the junior
switch is active after the initial rendezvous but backup after a failover.)
For example, the following table shows that the Quorum Disk and the second peer,
“prtlndB,” agree on the Epoch number (9) and the senior peer (node 2, which is
prtlndB). The “prtlndA” peer cast the dissenting vote (1, or itself, as senior) with a
lower Epoch number (8). From this output, we can infer that “prtlndA” was senior
before it failed, then became junior when it rejoined the pair.
...
Ballot Cast
Node Switch/Quorum Disk Senior Switch Epoch
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
*1 prtlndA 1 8 2 prtlndB 2 9 QD 192.168.74.83 2 9 ...
Ballots are only cast when a node fails, so all ballots are 0 (zero) when the pair first
forms. In this case, both nodes are always active and Node 1 is always senior.
Sample
CLI Reference
See the sample output in Figure 15.5.
15 - 31
Chapter 15
Redundant Pairs (HA)
Related Commands
redundancy
show redundancy
Figure 15.5 Sample Output: show redundancy ballots
prtlndA> show redundancy ballots
Ballot Cast
Node Switch/Quorum Disk Senior Switch Epoch
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
*1 prtlndA prtlndA 3
2 prtlndB prtlndA 2
QD 192.168.74.83 prtlndA 3
Last vote occurred at: 06:19:20 08/25/2010
15 - 32
show redundancy critical-services
show redundancy critical-services
Purpose
Mode
Security Role(s)
Syntax
If the current switch loses contact with a critical service (such as a critical namespace
share or a critical subnet), a failover may occur. Use this command to show all of the
critical services configured for the current peer.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy critical‐services
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Each critical service has one row in the table:
Type is “quorum” “share,” “route,” or “meta-only.” The quorum disk is a critical
resource by default, and you cannot remove it from this list. To declare a
namespace share as “critical,” use critical in gbl-ns-vol-shr mode. To create a
critical route, use critical route in cfg-redundancy mode. A “meta-only” resource
is a dedicated metadata share that is critical: use metadata share to configure a
dedicated metadata share, and use metadata critical to make it a critical resource.
Service specifies the exact route or share. For a quorum disk, this shows the
machine and path to the share. For shares, this shows the share in
namespace~volume~share-name format. For a critical route, this shows the
critical subnet in ip-address/subnet-length (CIDR) format.
Status is “Up,” “Down,” or “Config.” A “Config” status indicates that the critical
service is configured but the Up or Down status has not been determined yet.
Transitions: Count is the number of times that the Status has changed.
Transitions: Last (UTC) is the timestamp for the last status change, in Universal
Coordinated Time (UTC). If there has never been a failover, this shows “Never.”
Counters Last Cleared is the timestamp for the last time someone ran clear
counters redundancy [critical-services].
Guidelines: Failover
Algorithm
Only an active switch can initiate a critical-services failover. By default, both switches
are active. After a failover, only the senior switch is active.
If an active switch loses a critical share or route, it requests a failover. If the peer has
all critical routes, shares, and access to the quorum disk, the failover occurs.
Conversely, the peer rejects the failover if it has lost any of its own critical resources: a
failover in this case could cause more service outages than it resolves.
Note the difference in the way that the quorum disk is treated. Peer A does not initiate
a failover if it loses access to the quorum disk. If peer A loses some other critical
service (such as a critical share), it does initiate a failover. In this case, peer B rejects
the failover if peer B cannot access the quorum disk. Loss of the quorum disk can
prevent a failover, but never causes a failover.
Sample
CLI Reference
See the sample output in Figure 15.6.
15 - 33
Chapter 15
Redundant Pairs (HA)
Related Commands
critical
critical route
metadata critical
clear counters redundancy
Figure 15.6 Sample Output: show redundancy critical-services
prtlndA> show redundancy critical‐services
Transitions
Type Service Status Count Last (UTC)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
meta‐only 192.168.74.89:/vol/vol1/mdata_A Up 1 2010‐03‐02 07:41:21
meta‐only 192.168.74.89:/vol/vol1/mdata_B Up 1 2010‐03‐02 07:41:28
quorum 192.168.74.83:/exports/quorum‐disk/portland1 Up 1 2010‐03‐02 07:39:42
route 0.0.0.0/0 Up 0 Never
share nemed~/acctShdw~back2 Up 0 Never
Counters last cleared: Never
15 - 34
show redundancy history
show redundancy history
Purpose
Mode
Security Role(s)
Syntax
Use this command to show some high-level redundancy logs kept at the local switch.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy history
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Recent History messages include:
•
Remote peer has gone offline
•
Pair status changed from
–
Inactive to Rendezvous,
–
Rendezvous to Joining, or
–
Joining to Formed.
•
Incumbent switch wins seniority election (sr=1, epoch=4)
•
Site quorum manager daemon started
Errors with forming the pair appear here when they occur. Many of them are
self-explanatory, but some of them (such as “DbSync” errors) may require
intervention from F5 Support.
Sample
Related Commands
See the sample output in Figure 15.7.
redundancy
Figure 15.7 Sample Output: show redundancy history
prtlndB# show redundancy history
Date/Time(UTC) Recent History
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
09‐14 05:33:24 Quorum disk is online, system is ready for failover
09‐14 05:33:19 Synchronization complete, ready for failover
09‐14 05:33:19 Pair status changed from Joining to Formed
09‐14 05:33:19 Peer switch 'prtlndA' is now online
09‐14 05:33:07 Quorum disk 192.168.74.83:/exports/quorum‐disk/portland1/ is online, proceeding to verify rendezvous.
09‐14 05:33:07 Quorum disk 192.168.74.83:/exports/quorum‐disk/portland1 is now online.
09‐14 05:33:01 Pair status changed from Rendezvous to Joining
09‐14 05:33:01 Switch 'prtlndA' has a lower rendezvous IP address than 'prtlndB'. [10.1.23.11, 10.1.23.12]
09‐14 05:32:56 Cannot rendezvous because quorum disk 192.168.74.83:/exports/quorum‐disk/portland1 is offline.
09‐14 05:32:56 Pair status changed from Inactive to Rendezvous
09‐14 04:21:50 Site quorum manager daemon started.
CLI Reference
15 - 35
Chapter 15
Redundant Pairs (HA)
show redundancy license
Purpose
Mode
Security Role(s)
Syntax
Both peers in a redundant pair require the same license, to prevent any loss of service
after a failover. A failover to a peer with a lesser license would result in fewer
supported features and fewer available system resources. To confirm that the licenses
are the same between the current peers, use the show redundancy license command.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy license
Default(s)
None
Platforms
any except ARX-VE
Guidelines
The output contains a success message if the licenses are the same for both peers.
Otherwise, it returns a failure message along with all mis-matched features.
In the case of a failure, you need to determine which peer has the desired license, and
then activate or re-activate the license at the other peer. Run show active-license at
each peer to see details about the licenses there. If the peer can connect to the Internet,
you can use the license activate command to automatically activate the license there.
Otherwise, you can use a manual activation method, as described in the documentation
for the license create license-dossier command.
Sample
prtlndA> show redundancy license
% INFO: The HA peer license is equivalent to the license on this ARX.
shows that the licenses match between the peers.
Related Commands
15 - 36
show active-license
license activate
license create license-dossier
redundancy
show redundancy
show redundancy metalog
show redundancy metalog
Purpose
Mode
Security Role(s)
Syntax
Metalog (namespace transaction) data is mirrored between redundant peers during
their initial rendezvous, and it is duplicated between the peers during normal
operation. The duplication process is called resilvering. You can use the show
redundancy metalog command to see the current state of the metalog-resilvering
process between peers. This command is especially useful for monitoring the
connection between redundant peers that are separated by long distances.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy metalog
Default(s)
None
Platforms
any except ARX-VE
Guidelines
The active peer’s metalog data must be mirrored at the backup peer so that namespace
software can recover after a failover. Use this command to monitor the resilvering
process.
This command only functions on the active peer.
Use this output to gauge the latency and performance of the redundant-pair link. An
overly-long latency between peers can cause a large number of metalog-packet
retransmits (see below), and may lead to slow responses that are noticeable to
namespace/volume/front-end service clients.
On all platforms, the namespace software keeps metalog read/write statistics. You can
use the show statistics metalog command to see these metalog-usage statistics from
a namespace-software perspective.
The ARX-1500 and ARX-2500 store their metalog data on their internal disks. On
those platforms, you can use the show metalog usage command to see the
metalog-usage statistics.
The ARX-VE stores its metalog data on an external data store. On the ARX-VE, you
can use the probe metalog latency command to test the latency between the ARX
and this external storage.
CLI Reference
15 - 37
Chapter 15
Redundant Pairs (HA)
Guidelines: Output
The output shows the current state of the resilvering process:
State is
•
Resilvering - the active peer is copying all of its metalog data to the backup peer
during a rendezvous.
•
Peer Online - the metalog data was 100% duplicated after rendezvous, and now
the active peer is sending metalog updates as they occur.
•
Peer Offline
The next three fields only appear for the Resilvering state, which occurs during
rendezvous:
Started is the start time for the rendezvous process.
Timeout indicates the total time allowed for resilvering. The resilvering process
times out, sends an SNMP trap, and restarts if it exceeds this time limit. You can
use the resilver-timeout command to reset this time limit.
Time Remaining is the estimated time left for resilvering. This estimate is based
on the current data-transfer rate and the amount of data left to transfer.
Byte Count is the number of bytes of metalog data transferred to the backup peer. If
the initial Resilvering process is still underway, this also shows the total size of the
metalog data to be copied to the backup peer.
Retransmits counts the retransmissions of individual metalog packets. A retransmit
occurs if an internal timeout passes before the packet is acknowledged by the backup
peer. This field counts the total retransmits that occurred since the most recent start of
the resilvering operation. A long latency between peers may increase the number of
retransmits. This always displays 0 (zero) for the ARX-1500 or ARX-2500 when they
are resilvering. These platforms use a different transmission mechanism for their
metalog packet.
Latency shows the minimum, maximum, and average latency for sending packets of
metalog data to the backup peer. These are measured in micro-seconds (us).
Data Rate shows the average megabits per second for the transfer of metalog data.
This field only appears while resilvering is occurring.
Samples
nyc15> show redundancy metalog
State: Resilvering Started: 01/31/2012 22:48:03 +0000 Timeout: 00:06:00 sec Time Remaining: 00:00:58 sec Byte Count: 992 M of 3.7 G (26%)
Retransmits: 0 Latency:
Min: 18538 usec Max: 77860 usec Avg: 22715 usec Data Rate: 47.2 Mb/s
shows the state of metalog resilvering on the “nyc15” chassis.
15 - 38
show redundancy metalog
prtlndA> show redundancy metalog
State: Peer Online
Byte Count: 55 M
Retransmits: 0
Latency:
Min: 80 usec
Max: 127 usec
Avg: 83 usec
shows the state of metalog resilvering on the “prtlndA” chassis. In this case, the
initial resilvering is complete and the active peer is sending metalog updates as it
generates them.
Related Commands
CLI Reference
resilver-timeout
redundancy
show redundancy
show metalog usage
show statistics metalog
probe metalog latency
15 - 39
Chapter 15
Redundant Pairs (HA)
show redundancy peer
Purpose
Mode
Security Role(s)
Syntax
Use this command to show the configuration and counters associated with the current
switch’s redundant peer.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy peer
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Peer is the heading for peer-identification parameters:
Name is set by the hostname command at the peer’s CLI.
IP Address is the peer’s management IP that is chosen for the rendezvous. You
can change this with the peer command.
Port is the peer port used for rendezvous. You can use an option in the peer
command to change the port number.
Status is Active, Backup, Down, or Unknown..
Heartbeats are counters for the number of redundancy heartbeats sent and received.
You can use the clear counters redundancy command to clear this counter.
Transitions are the number of changes in redundancy Status for this peer. You can use
the clear counters redundancy command to clear this counter, too.
Sample
Related Commands
See the sample output in Figure 15.8.
redundancy
peer
clear counters redundancy
Figure 15.8 Sample Output: show redundancy peer
prtlndA> show redundancy peer
Peer
Name: prtlndB
IP Address: 10.1.23.11
Port: 49800
Status: Backup
Heartbeats
Sent: 573
Received: 572
Transitions
Count: 1
Last: 05:33:19 09/14/2009
Reason: Peer switch 'prtlndB' is now online
15 - 40
show redundancy quorum-disk
show redundancy quorum-disk
Purpose
Mode
Security Role(s)
Syntax
A quorum disk is a filer share that each switch uses to write its own heartbeats and
read the heartbeats from its peer. Use this command to show the configuration and
counters associated with the quorum disk.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy quorum‐disk
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Path is in machine:/path format (for an NFS export) or \\machine\path format (for a
CIFS share). This is the external-filer share used as the quorum disk. From
cfg-redundancy mode, use quorum-disk to reset this.
Protocol is the file-access protocol (nfs2, nfs3, nfs3tcp, or cifs) used to access the
quorum-disk share. This flag is also set with the quorum-disk command.
If the protocol is cifs, the following fields appear to describe the CIFS options used to
access the quorum disk. These are all options from the quorum-disk command:
QD User is the Windows username that the ARX uses as its identity when
accessing the quorum disk.
User Domain is the Windows domain for the above username.
QD SPN is the Service Principle Name (SPN) for the quorum disk’s host server.
Status is Up, Pending, or Down. Pending indicates that the quorum disk is functional
but the redundant pair is in the process of forming.
Heartbeats are counters for the number of redundancy heartbeats sent to the quorum
disk by the current node, and received from the quorum disk by the current node. You
can use the clear counters redundancy command to clear this counter.
Transitions shows the changes in Status for the quorum disk:
Count is the number of changes. This should be a low number; the only valid
reason for a quorum-disk transition is a planned outage of the quorum-disk filer
(such as a hardware upgrade).
Last is the time stamp for the most-recent transition.
Reason is the log message associated with the Status change.
You can use the clear counters redundancy command to clear the transitions
counter, too.
CLI Reference
15 - 41
Chapter 15
Redundant Pairs (HA)
Guidelines (Cont.)
Heartbeat Latency is a chart of latency measures over the past 24 hours. This is the
latency (round-trip time) for heartbeat packets between the current peer and the
quorum disk. Each row shows the latency measures in one hour:
Time Interval shows the start and end time for the hour, in local time.
[0-499] is a count of heartbeats with a latency of 0-499 milliseconds. This column
should have by far the highest count of all of them.
[500-999] is the number of heartbeats that took 500-999 milliseconds to make a
round trip. This is a long latency and should be uncommon.
[1-3999] shows how many heartbeats took 1 second to 3,999 milliseconds
(almost 4 seconds). This latency should be extremely rare, if it ever occurs.
[No Response] is the number of heartbeats that were lost. This number should be
0, unless there is a planned outage for the quorum disk. If either peer reboots
while one of them is disconnected from the quorum disk, they both may reboot
simultaneously.
Heartbeat Latency Summary shows the percentage of heartbeats in each of the
above time intervals.
If the Heartbeat Latency and Heartbeat Latency Summary tables indicate long
latencies, choose a faster quorum disk. You can run the quorum-disk command on
both peers to change the quorum disk.
Sample
Related Commands
See the sample output in Figure 15.9.
redundancy
quorum-disk
clear counters redundancy
Figure 15.9 Sample Output: show redundancy quorum-disk
prtlndA> show redundancy quorum‐disk
Path: 192.168.74.83:/exports/quorum‐disk/portland1
Protocol: nfs2
Status: Up
Heartbeats
Sent: 886
Received: 884
Transitions
Count: 1
Last: 07:39:42 03/02/2010
Reason: Quorum disk 192.168.74.83:/exports/quorum‐disk/portland1 is now online.
Heartbeat Latency:
Heartbeat Latency Intervals (msec)
Time Interval [0‐499] [500‐999] [1000‐3999] [No Response]
‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
02:00 ‐ 02:54 887 0 0 0
01:00 ‐ 02:00 0 0 0 0
00:00 ‐ 01:00 0 0 0 0
23:00 ‐ 24:00 0 0 0 0
22:00 ‐ 23:00 0 0 0 0
21:00 ‐ 22:00 0 0 0 0
20:00 ‐ 21:00 0 0 0 0
19:00 ‐ 20:00 0 0 0 0
15 - 42
show redundancy quorum-disk
18:00 ‐ 19:00 0 0 0 0
17:00 ‐ 18:00 0 0 0 0
16:00 ‐ 17:00 0 0 0 0
15:00 ‐ 16:00 0 0 0 0
14:00 ‐ 15:00 0 0 0 0
13:00 ‐ 14:00 0 0 0 0
12:00 ‐ 13:00 0 0 0 0
11:00 ‐ 12:00 0 0 0 0
10:00 ‐ 11:00 0 0 0 0
09:00 ‐ 10:00 0 0 0 0
08:00 ‐ 09:00 0 0 0 0
07:00 ‐ 08:00 0 0 0 0
06:00 ‐ 07:00 0 0 0 0
05:00 ‐ 06:00 0 0 0 0
04:00 ‐ 05:00 0 0 0 0
03:00 ‐ 04:00 0 0 0 0
Heartbeat latency summary:
0‐499msec : 100.00%
500‐999 msec : 0.00%
1000‐3999 msec : 0.00%
No response : 0.00%
CLI Reference
15 - 43
Chapter 15
Redundant Pairs (HA)
show redundancy reboot-history
Purpose
Mode
Security Role(s)
Syntax
Use this command to show the history for all redundancy-related reboots.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy reboot‐history
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Version is the software version running at the time the reboot was issued.
Time of reboot is a timestamp from the beginning of the reboot.
Message is the message that appeared on the Console to announce the reboot.
Sample
Related Commands
See the sample output in Figure 15.10.
redundancy
Figure 15.10 Sample Output: show redundancy reboot-history
prtlndA# show redundancy reboot‐history
Version 5.02.000.12539 (Feb 18 2010 18:03:22) [nbuilds]
Time of reboot: Mon Mar 1 12:57:53 2010
Message: user initiated reboot: admin at console
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Version 5.02.000.12542 (Mar 1 2010 10:54:49) [nbuilds]
Time of reboot: Mon Mar 1 14:19:44 2010
Message: user initiated reboot: admin at console
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Version 5.02.000.12542 (Mar 1 2010 10:54:49) [nbuilds]
Time of reboot: Tue Mar 2 00:05:03 2010
Message: user initiated reboot: admin at console
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Version 5.02.000.12542 (Feb 26 2010 18:21:06) [nbuilds]
Time of reboot: Tue Mar 2 07:31:39 2010
Message: software reboot: Dual reboot request was issued
15 - 44
show redundancy resilver-timeout
show redundancy resilver-timeout
Purpose
Mode
Security Role(s)
Syntax
Initial rendezvous and standard managed-volume processing involves duplicating the
metalog (namespace transaction) data from the active peer to the backup. This process
is called resilvering. Use this command to show the maximum time allowed for
resilvering. If this time expires before resilvering is complete, the redundant pair
cannot form.
(any)
crypto-officer, storage-engineer, network-engineer, network-technician, or operator
show redundancy resilver‐timeout
Default(s)
None
Platforms
any except ARX-VE
Guidelines
Sample
The output is a single value, the timeout allowed for resilvering. You can use the
resilver-timeout command to reset this. The show redundancy metalog command
shows the current state of the resilvering process.
prtlndA# show redundancy resilver‐timeout
Resilver Timeout: 6 minutes
Related Commands
CLI Reference
resilver-timeout
redundancy
show redundancy
show redundancy metalog
15 - 45
Chapter 15
Redundant Pairs (HA)
suspend-failover
Purpose
There are occasions when site maintenance may inadvertently cause
redundancy-inspired failovers and reboots. These can complicate the maintenance
procedure. You can use the suspend-failover command to prevent any failovers until
further notice.
You can later lift the suspension with no suspend-failover.
Mode
Security Role(s)
Syntax
cfg-redundancy
network-engineer or crypto-officer
suspend‐failover
no suspend‐failover [force]
force (optional) is only necessary when the peer switch is disabled or otherwise
unreachable. This causes the current switch to assume the active role in the pair,
whether or not it previously had the active role. This is similar to the behavior from the
redundancy force-active command.
Important
If you use the force option on the backup peer when the other peer is still
active and connected, this command creates a “split-brain” condition.
Default(s)
no suspend‐failover
Platforms
any except ARX-VE
Guidelines
Use this command only under the guidance of F5 personnel.
This command locks the redundancy state until the suspension is lifted. The peers
retain their active and backup roles during the suspension. The CLI prompts for
confirmation before doing this; enter yes to proceed.
You can only use this command when redundancy is enabled, the peer is reachable and
ready to take control, the quorum disk is functioning normally, and all critical services
are healthy on the active peer. Use the show redundancy command to verify that the
peer and quorum disk are functioning, and use show redundancy critical-services to
check on critical services.
During a period of failover suspension, both peers continue to record conditions that
would typically cause failovers and/or failover-related reboots. These appear in the
syslog (use show logs syslog to view the syslog), and some result in SNMP traps
(see the ARX SNMP Reference for a full list of traps). Traps and logs also appear for
any suppressed failovers or reboots.
15 - 46
suspend-failover
Guidelines: Force
Option
As stated above, you should only use the force option if the peer is disabled or
otherwise unreachable. If the peer is reachable and active, the force option may cause
both peers to take the active role and work at cross purposes. This is called a
“split-brain” situation, and it can create serious issues that are very difficult to repair.
The CLI prompts for special confirmation before lifting suspension in this way.
A switch that is properly forced can successfully re-join its peer later, but there is
another possibility of “split brain” during that rendezvous. The rendezvous happens
automatically when you first boot the repaired peer. A “split-brain” may occur if the
running switch has any connectivity issues during the rendezvous. Verify that the
running switch has full network connectivity and all of its critical resources, especially
the quorum-disk link, before booting its repaired peer.
Samples
prtlndA(cfg‐redundancy)# suspend‐failover
Are you sure you want to suspend redundancy? [yes/no] yes
suspends failovers and failover-related reboots on “prtlndA” and its redundant
peer.
bstnA(cfg‐redundancy)# no suspend‐failover
lifts the failover suspension from “bstnA” and its redundant peer.
bstnA(cfg‐redundancy)# no suspend‐failover force
The force option should only be used when the peer switch is disabled. The peer should be off or isolated from the network. Otherwise, services could be severely disrupted.
Are you sure you want to proceed? [yes/no] yes
forces a resumption of standard-redundancy. This should only be used if the
redundant peer is offline.
Related Commands
CLI Reference
show redundancy
show redundancy critical-services
15 - 47
Chapter 15
Redundant Pairs (HA)
15 - 48
16
Active Directory Discovery
active-directory update seed-domain
active-directory update seed-domain
Purpose
The ARX must understand the Active-Directory (AD) hierarchy in the Windows
network. That is, each ARX-CIFS service (and, in some sites, the authentication
software for the CLI/GUI) must know where to find the correct DC for each domain in
the AD forest. The ARX database requires a full representation of the AD forest, with
the IP addresses of at least one DC per domain.
Use the active-directory update seed-domain command to discover an AD forest in
your network and add its representation to the ARX.
Mode
Security Role(s)
Syntax
priv-exec
storage-engineer or crypto-officer
active‐directory update seed‐domain seed proxy‐user proxy
[domain‐controllers max‐dcs] [site‐name site]
[verbose] [tentative]
seed (1-255 characters) is the name of one domain in the forest. The ARX uses this
domain name to begin its forest discovery. This becomes the name of the AD-forest in
the ARX configuration.
proxy (1-32 characters) is a proxy-user with credentials for accessing the seed
domain’s DC(s). These credentials can belong to the seed domain itself, or any domain
that is trusted by the seed domain. The ARX queries the DC for the names of other
domains in the same AD forest.
max-dcs (optional, 1-100) sets a maximum number of DCs used in each domain. The
ARX queries its DNS server to discover all the DCs in each domain; if the DNS server
returns more DCs than max-dcs, the ARX takes the top DCs from the DNS list. The
ARX uses the order returned from DNS.
site (optional, 1-64 characters) identifies the AD site for the ARX. If it knows of
multiple DCs that can answer the same query, the ARX prefers DCs in its own site (if
there are any) over DCs in any other site. The site name is defined on a DC with the
Active Directory Sites and Services plugin. The site name is case insensitive, so
“boston” and “BOSTON” are equivalent. If you omit this, the ARX software uses the
AD site configured for the ip proxy-address subnet. Use this option if the AD’s site
configuration does not include the proxy-IP subnet.
verbose (optional) causes the command to show the results of the forest discovery as it
progresses.
tentative (optional) makes the ARX perform the AD-forest discovery without creating
the actual active-directory-forest configuration.
Default(s)
max-dcs - all DCs returned from each DNS query.
site - the AD site configured on the external Active Directory for the proxy-IP subnet.
This default requires that the proxy-IP subnet is defined in the AD; you can add the
subnet on a DC with the Active Directory Sites and Services plugin.
CLI Reference
16 - 3
Chapter 16
Active Directory Discovery
Guidelines
The ARX uses a DNS query to find the DC(s) in this domain, then queries one of the
DCs for the other domains in the forest. The DNS server that you use must be able to
translate for all DCs in the target forest. Use the ip name-server command to add a
DNS server to the ARX configuration.
The active-directory update seed-domain command automatically discovers an
Active Directory (AD) forest and adds it to the ARX configuration. The switch uses
this information to support CIFS authentications in single- and multi-domain
environments. After a successful discovery, the ARX configuration contains an
AD-forest object with the name of the seed domain that you provided.
This creates a report named “active-directory-seed_domain.rpt,” where seed_domain
is the seed domain that you chose in the command. The CLI displays the name of the
report after you issue the command. Use show reports type AdUp to list all
AD-discovery reports. To follow the progress of the AD-discovery operation, you can
use tail reports report-name follow. Use show reports report-name to read the
report. You can search through the report with grep. To copy or delete it, use the copy
or delete commands. If you want to truncate the report before it finishes, use the
truncate-report command. See Figure 16.1 on page 16-6 for a sampl