F5 Networks

CLI Documentation

  • F5.COM
  • GITHUB
  • DEVCENTRAL
  • SUPPORT
  • F5 r5000/r10000 CLI Reference
    • config-mode-commands
      • base-commands
      • cluster
      • components
      • fdb
      • file
      • first_file
      • images
      • interfaces
      • lacp
      • lldp
      • port-mappings
      • portgroups
      • stp
      • system-aaa-authentication
      • system-aaa-password-policy
      • system-aaa-primary-key
      • system-aaa-server-groups
      • system-aaa-tls
      • system-allowed-ips
      • system-appliance-mode
      • system-clock
      • system-config
      • system-database
      • system-diagnostics-core-files
      • system-diagnostics-ihealth
      • system-diagnostics-qkview
      • system-dns
      • system-image
      • system-licensing
      • system-locator
      • system-logging
      • system-mgmt-ip
      • system-network
      • system-ntp
      • system-raid
      • system
      • tenants
      • vlan-listeners
      • vlans
    • operational-mode-commands
      • operational-mode-commands
    • pipe-mode-commands
      • pipe-mode-commands
    • show-commands
      • first_file
      • show-SNMP-FRAMEWORK-MIB
      • show-cli
      • show-cluster
      • show-components
      • show-configuration
      • show-dag-states
      • show-fdb
      • show-file
      • show-fpga-tables
      • show-history
      • show-images
      • show-interfaces
      • show-lacp
      • show-lldp
      • show-parser
      • show-port-mappings
      • show-portgroups
      • show-restconf-state
      • show-running-config
      • show-service-instances
      • show-service-pods
      • show-services
      • show-stp
      • show-system-aaa
      • show-system-alarms
      • show-system-appliance-mode
      • show-system-clock
      • show-system-diagnostics
      • show-system-dns
      • show-system-events
      • show-system-health
      • show-system-image
      • show-system-licensing
      • show-system-locator
      • show-system-logging
      • show-system-mgmt-ip
      • show-system-network
      • show-system-ntp
      • show-system-raid
      • show-system-state
      • show-tenants
      • show-vlan-listeners
      • show-vlans
  • F5 r2000/r4000 CLI Reference
    • config-mode-commands
      • base-commands
      • cluster
      • components
      • file
      • first_file
      • images
      • interfaces
      • lacp
      • lldp
      • port-profile
      • portgroups
      • system-aaa-authentication
      • system-aaa-password-policy
      • system-aaa-primary-key
      • system-aaa-server-groups
      • system-aaa-tls
      • system-allowed-ips
      • system-appliance-mode
      • system-clock
      • system-config
      • system-database
      • system-diagnostics-core-files
      • system-diagnostics-ihealth
      • system-diagnostics-qkview
      • system-dns
      • system-image
      • system-licensing
      • system-locator
      • system-logging
      • system-mgmt-ip
      • system-network
      • system-ntp
      • system-reboot
      • system-set-datetime
      • tenants
      • vlans
    • operational-mode-commands
      • operational-mode-commands
    • pipe-mode-commands
      • pipe-mode-commands
    • show-commands
      • first_file
      • show-SNMP-FRAMEWORK-MIB
      • show-cli
      • show-cluster
      • show-components
      • show-configuration
      • show-file
      • show-history
      • show-images
      • show-interfaces
      • show-lacp
      • show-lldp
      • show-parser
      • show-port-profile
      • show-portgroups
      • show-restconf-state
      • show-running-config
      • show-service-pods
      • show-system-aaa
      • show-system-alarms
      • show-system-appliance-mode
      • show-system-clock
      • show-system-diagnostics
      • show-system-dns
      • show-system-events
      • show-system-health
      • show-system-image
      • show-system-licensing
      • show-system-locator
      • show-system-logging
      • show-system-mgmt-ip
      • show-system-network
      • show-system-ntp
      • show-system-state
      • show-tenants
      • show-vlans

CLI Reference

F5 r5000/r10000 CLI Reference


config-mode-commands


abort

COMMAND abort

DESCRIPTION Abort a configuration session.

ARGUMENTS This command has no arguments.


annotate

COMMAND annotate

DESCRIPTION Associate an annotation (comment) with a given configuration or validation statement or pattern. To remove an annotation, leave the text empty.

Note: Only available when the system has been configured with attributes enabled.

ARGUMENTS

<statement> <text>

  • type: string
  • description: A statement with which an annotation is to be associated and the text to be associated for a part of the configuration.

clear

COMMAND clear

DESCRIPTION Remove all configuration changes.

ARGUMENTS

history

  • description: Clear command history.

commit

COMMAND commit

DESCRIPTION Commit the current set of changes to the running configuration.

ARGUMENTS

abort <id>

  • type: int
  • description: Halt a pending commit using the persist-id <id> argument.

and-quit

  • description: Commit the current set of changes and exit configuration mode.

check

  • description: Validate the current configuration and indicate any configuration errors.

comment <text>

  • type: string
  • description: Add a text comment about the commit operation. If the text string includes spaces, enclose the string in quotation marks (" ").

label

  • type: string
  • description: Add a text label that describes the commit operation. If the text string includes spaces, enclose the string in quotation marks (" ").

no-confirm

  • description: Commit the current set of changes without querying the user. If needed, you can specify the persist token as an argument to this command using the persist-id argument.

save-running <filename>

  • type: string
  • description: Save a copy of the configuration to a specified file.

compare

COMMAND compare

DESCRIPTION Compare two configuration subtrees.

ARGUMENTS

<config>

  • type: string
  • description: Compare the running configuration to a saved configuration.

copy

COMMAND copy

DESCRIPTION Copy the running configuration.

ARGUMENTS

<identifier>

  • type: int
  • description: The file identifier.

<path-to-file>

  • type: string
  • description: Path of the file to be compared.

<file>

  • type: string
  • description: File name to be compared.

describe

COMMAND describe

DESCRIPTION Display detailed information about a command.

ARGUMENTS

<command>

  • type: string
  • description: The source of the command (YANG, clispec, etc.).

<path-to-file>

  • type: string
  • description: The path in the YANG file.

do

COMMAND do

DESCRIPTION Run a command in operational (user) mode.

ARGUMENTS

<command>

  • type: string
  • description: Command to be run in operational mode.

end

COMMAND end

DESCRIPTION Exit configuration mode. If no changes have been made to the configuration, you are prompted to save before exiting configuration mode.

ARGUMENTS

no-confirm

  • description: Exit configuration mode immediately, without committing any changes to the configuration.

exit

COMMAND exit

DESCRIPTION Exit from the current mode in the configuration or exit configuration mode completely.

ARGUMENTS

configuration-mode

  • description: Exit from configuration mode regardless of mode. If changes have been made to the configuration, you are prompted to save before exiting configuration mode.

level

  • description: Exit from the current level. If performed on the top level, exits configuration mode. This is the default value.

no-confirm

  • description: Exit configuration mode immediately, without committing any changes to the configuration.

help

COMMAND help

DESCRIPTION Display help information about a specified command.

ARGUMENTS

<command>

  • type: string
  • description: Command for which you want to view help.

insert

COMMAND insert

DESCRIPTION Insert a parameter or element.

ARGUMENTS

<path-to-file>

  • type: string
  • description: Element or parameter to insert. If the element already exists and has the indexedView option set in the data model, then the old element will be renamed to element+1 and the new element inserted in its place.

load

COMMAND load

DESCRIPTION Load configuration from an ASCII file or from terminal.

ARGUMENTS

merge <filename/terminal>

  • description: Merge with the existing configuration.

override <filename/terminal>

  • description: Overwrite the old configuration.

replace <filename/terminal>

  • description: Replace the old configuration.

move

COMMAND move

DESCRIPTION Move an element or parameter.

ARGUMENTS

<path-to-file> <position>

  • type: strings
  • description: Element or parameter to move and the position to move this element. The element can be moved first, last (default), before, or after an element.

no

COMMAND no

DESCRIPTION Delete or unset a configuration command.

ARGUMENTS

<command>

  • type: string
  • description: Command to delete or unset.

pwd

COMMAND pwd

DESCRIPTION Display the current path in the configuration hierarchy.

ARGUMENTS This command has no arguments.


rename

COMMAND rename

DESCRIPTION Rename an instance.

ARGUMENTS

<path>

  • description: Path for the instance.

<identifier>

  • description: New identifier for the instance.

resolved

COMMAND resolved

DESCRIPTION Indicate that conflicts have been resolved.

ARGUMENTS This command has no arguments.


revert

COMMAND revert

DESCRIPTION Copy the running configuration.

ARGUMENTS

no-confirm

  • description: Copy the running configuration without prompting the user to confirm.

rollback

COMMAND rollback

DESCRIPTION Returns the configuration to a previously committed configuration.

ARGUMENTS

configuration <rollback-version>

  • type: int
  • description: Return to an earlier committed version. The most recently committed configuration (the running configuration) is number 0, the next most recent is 1, and so on.

selective <rollback-version>

  • type: int
  • description: Return to a specific earlier committed configuration. This might succeed or fail depending on the content of the delta rollback.

EXAMPLES

Return to the configuration changes made in rollback versions 0 and 1:

appliance-1# rollback configuration 1

Return to the configuration changes made only in rollback version 1:

appliance-1# rollback selective 1

save

COMMAND save

DESCRIPTION Save the whole or parts of the current configuration to a file.

ARGUMENTS

<filename>

  • description: Filename to which the configuration is saved. By default, the configuration is saved in curly bracket format.

xml

  • description: Save the configuration in XML format.

service

COMMAND service

DESCRIPTION Configures the CLI prompt. By default, the CLI prompt consists of the system name followed by an angle bracket (>) for user mode or a pound sign (#) for privileged mode. Use the the prompt string or the no service prompt config command to customize the CLI prompt for your system.

ARGUMENTS

prompt

  • description: Text of CLI prompt to be used.

show

COMMAND show

DESCRIPTION Display a specified parameter.

ARGUMENTS

configuration

  • description: Display the current configuration buffer.

full-configuration

  • description: Display the current configuration.

history <number-of-items-to-show>

  • type: int
  • description: Display CLI command history.

parser <command-prefix>

  • type: string
  • description: Display all possible commands starting with <command-prefix>.

tag

COMMAND tag

DESCRIPTION Configure statement tags.

ARGUMENTS

add <statement> <tag>

  • type: string
  • description: Add a tag to a configuration statement.

clear <statement>

  • type: string
  • description: Remove all tags from a configuration statement.

del <statement> <tag>

  • type: string
  • description: Remove a tag from a statement.

top

COMMAND top

DESCRIPTION Exit to the top level of the configuration hierarchy. You can optionally run a command after exiting to the top level.

ARGUMENTS

<command>

  • type: string
  • description: Optional command to run after exiting to the top level.

validate

COMMAND validate

DESCRIPTION Verify that the candidate configuration contains no errors. This performs the same operation as commit check.

ARGUMENTS This command has no arguments.


cluster nodes node

COMMAND cluster nodes node

DESCRIPTION Configure whether a node is enabled or disabled on the system.

ARGUMENTS

config enabled

  • description: Enable a node on the system.

config disabled

  • description: Disable a node on the system.

config name <string>

  • type: string
  • description: A descriptive name for the node.

EXAMPLE

Disable node-1 on the system:

appliance-1(config)# cluster nodes node node-1 config disabled

cluster nodes node reboot

COMMAND cluster nodes node reboot

DESCRIPTION Reboot a node on the system.

ARGUMENTS

This command has no arguments.


cluster disk-usage-threshold

COMMAND cluster disk-usage-threshold

DESCRIPTION Configure options for triggering disk usage alarms.

ARGUMENTS

config critical-limit <percentage>

  • type: unsignedByte
  • description: Percentage of disk usage that is allowed before triggering a critical alarm. The range is from 0 to 100%.

config error-limit <percentage>

  • type: unsignedByte
  • description: Percentage of disk usage that is allowed before triggering an error alarm. The range is from 0 to 100%.

config growth-rate-limit <percentage>

  • type: unsignedByte
  • description: Percentage of allowed disk usage growth. The range is from 0 to 100%.

config interval <time-in-minutes>

  • type: unsignedByte
  • description: Time, in minutes, at which the system monitors disk usage.

config warning-limit <percentage>

  • type: unsignedByte
  • description: Percentage of disk usage that is allowed before triggering a warning alarm. The range is from 0 to 100%.

components

COMMAND components

DESCRIPTION

Configure properties for hardware components.

ARGUMENTS

The availability of options for this command depends on which hardware component you are configuring.

component <specific-component>

  • type: string
  • description: Name of the specific component. Available options are:
    • lcd
    • platform
    • psu-1
    • psu-2

component <specific-component> config name

  • type: string
  • description: An optional descriptive name for a specific component.

component <specific-component> properties property <specific-property>

  • type: string
  • description: An optional descriptive name or value for a specific component.

component <specific-component> subcomponents subcomponent <specific-subcomponent>

  • type: string
  • description: An optional descriptive name or value for a specific component.

fdb mac-table entries entry

COMMAND fdb mac-table entries entry

DESCRIPTION Configure a Layer 2 forwarding database (FDB) entry in the system.

IMPORTANT: The FDB table is managed by the system, and manual configuration requires intricate knowledge of the hardware data path. You should configure an FDB object only under the guidance of F5 Technical Support. Manually configuring FDB objects can potentially impact the flow of network traffic through the system.

ARGUMENTS

<mac-address>

  • type: mac-address
  • description: Hex list representation of the Layer 2 MAC address. The format must be exactly 6 octets in the format xx:xx:xx:xx:xx:xx.

range

  • type: integer
  • description: Integer value of the VLAN that is associated with the mac-address for the FDB object.

[ tag_type_s_tag_c_tag | tag_type_vid | tag_type_vlan_tag | tag_type_vni ]

  • type: enumeration
  • description: The manner in which the FDB will interpret the VLAN value during lookup processing.

file config concurrent-operations-limit

COMMAND file config concurrent-operations-limit

DESCRIPTION Specify how many concurrent file operations are allowed at a time.

ARGUMENTS

<number-of-file-ops>

  • type: byte
  • description: The number of concurrent file operations allowed at a time.

EXAMPLE

Limit the number of concurrent file operations to 10:

appliance-1-active# file config concurrent-operations-limit 10

file known-hosts known-host

COMMAND file known-hosts known-host

DESCRIPTION Add the IP address (and therefore, the public key) of a specified remote-host to the system known_hosts file.

ARGUMENTS

config fingerprint

  • type: boolean
  • description: Fingerprint received from remote-host string.

config remote-host

  • type: string
  • description: The remote system FQDN or IPv4/IPv6 address. The minimum length is 1 character, and the maximum length is 253 characters.

file import

COMMAND file import

DESCRIPTION Transfer a remote file to the system. These directories are available for use for file import operations on the system:

  • images/staging
  • images/import
  • images/tenant
  • diags/shared
  • configs/

ARGUMENTS

insecure

  • description: Disable SSL certificate verification of the remote system.

local-file <path-to-file>

  • type: string
  • description: Path to the local file.

password <password>

  • type: string
  • description: Password for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

protocol [ scp | sftp | https ]

  • type: enumeration
  • description: Protocol to be used for file transfer.

remote-file <path-to-file>

  • type: string
  • description: Path to the remote file.

remote-host <path-to-file>

  • type: string
  • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

remote-port <port-number>

  • type: unsignedShort
  • description: Port number to use for file transfer. The range is from 1 to 65535.

remote-url <url>

  • type: string
  • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

username <username>

  • type: string
  • description: Username for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

web-token <webtoken>

  • type: string
  • description: Web token for connecting to the remote server.

EXAMPLE

Transfer a file named myfile.iso from the remote host files.company.com on port 443 to the images/staging directory on the system:

appliance-1(config)# file import local-file images/staging remote-file images/myfile.iso remote-host files.company.com remote-port 443
result File transfer is initiated.(images/staging/myfile.iso)

file export

COMMAND file export

DESCRIPTION Transfer a file from the system to a remote system. These directories are available for use for file export operations on the system:

  • log
  • log/conf
  • diags/crash
  • diags/core
  • images/staging
  • images/import
  • images/tenant
  • diags/shared
  • configs/

insecure

  • description: Disable SSL certificate verification of the remote system.

local-file <path-to-file>

  • type: string
  • description: Path to the local file.

password <password>

  • type: string
  • description: Password for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

protocol [ scp | sftp | https ]

  • type: enumeration
  • description: Protocol to be used for file transfer.

remote-file <path-to-file>

  • type: string
  • description: Path to the remote file.

remote-host <path-to-file>

  • type: string
  • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

remote-port <port-number>

  • type: unsignedShort
  • description: Port number to use for file transfer. The range is from 1 to 65535.

remote-url <url>

  • type: string
  • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

username <username>

  • type: string
  • description: Username for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

web-token <webtoken>

  • type: string
  • description: Web token for connecting to the remote server.

EXAMPLE

Transfer a file named appliance.log from the local host to the /home/jdoe/ directory at files.company.com, using the username jdoe:

appliance-1(config)# file export local-file log/host/appliance.log remote-host files.company.com remote-file home/jdoe/appliance.log username jdoe password
Value for 'password' (<string>): *********
result File transfer is initiated.(log/host/appliance.log)

file delete

COMMAND file delete

DESCRIPTION Delete a specified file from the system. You can use file delete only on files in the diags/shared and core directories.

ARGUMENTS

file-name <path-to-file>

  • type: string
  • description: File to be deleted.

EXAMPLE

Delete a specified QKView file from the system:

appliance-1(config)# file delete file-name diags/shared/qkview/qkview.tar
    result Deleting the file

file list

COMMAND file list

DESCRIPTION Display a list of directories and files in a specified path.

ARGUMENTS

path <filepath>

  • type: string
  • description: Path for which you want to view the included files and directories.

EXAMPLE

Display a list of files in images/staging:

appliance-1(config)# file list path images/staging
entries {
    name
F5OS-A-1.0.0-1234.CANDIDATE.iso
}

file show

COMMAND file show

DESCRIPTION Display the contents of a specified file. This command works only in operational mode, not config mode.

ARGUMENTS

<path-to-file>

  • type: string
  • description: File that you want to view.

EXAMPLE

Display the contents of the file log/appliance.log:

appliance-1# file show log/host/appliance.log
2021-11-08 13:48:56.925181150 - Registry port is 2000 for orchestration-manager
2021-11-08 21:49:07.870995 - OMD log is initialized
2021-11-08 21:49:07.870995 - 8:1266673408 - applianceMainEventLoop::Orchestration manager startup.
2021-11-08 21:49:07.873428 - 8:1249888000 - Can now ping appliance-1.chassis.local (100.65.60.1).
2021-11-08 21:54:13.842022 - 8:1266673408 - Waiting for connectivity checks on System.
2021-11-08 21:54:39.498702 - 8:1249888000 - Successfully ssh'd to appliance 127.0.0.1.
2021-11-08 21:54:55.758399 - 8:1266673408 - Connectivity checks passed for System.
2021-11-08 21:55:38.332719 - 8:1266673408 - K3S cluster installation in appliance is succeeded.
2021-11-08 21:56:00.811884 - 8:1266673408 - Appliance 1 is ready in k3s cluster.
appliance-flannel_image|localhost:2000/appliance-flannel:0.13.0
...

file tail

COMMAND file tail

DESCRIPTION Display only the last 10 lines of a specified file. This command works only in operational mode, not config mode.

ARGUMENTS

<path-to-file>

  • type: string
  • description: File that you want to view.

-f

  • description: Display appended data as the file grows. Type Ctrl+C to cancel the operation.

-n <number-of-lines>

  • description: Display a specific number of lines, instead of only the last 10 lines.

EXAMPLES

Display only the last 10 lines of log/host/appliance.log:

appliance-1# file tail log/host/appliance.log
Upgrade found appliance-flannel_image|localhost:2001/appliance-flannel:0.13.0
appliance-multus_image|localhost:2001/appliance-multus:3.6.0
Upgrade found appliance-multus_image|localhost:2001/appliance-multus:3.6.0
2021-11-10 17:33:36.195643 - 8:695531264 - K3s IMAGE update is succeeded.
2021-11-11 21:46:29.832495 - 8:469759744 - K3S cluster is NOT ready.
2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.

Display the last 10 lines of log/host/appliance.log and keep appending output as the file grows:

appliance-1(config)# file tail -f log/host/appliance.log
Upgrade found appliance-flannel_image|localhost:2001/appliance-flannel:0.13.0
appliance-multus_image|localhost:2001/appliance-multus:3.6.0
Upgrade found appliance-multus_image|localhost:2001/appliance-multus:3.6.0
2021-11-10 17:33:36.195643 - 8:695531264 - K3s IMAGE update is succeeded.
2021-11-11 21:46:29.832495 - 8:469759744 - K3S cluster is NOT ready.
2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.

Display only the last five lines of log/appliance.log:

appliance-1(config)# file tail -n 5 log/host/appliance.log
2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.

file transfer-status

COMMAND file transfer-status

DESCRIPTION Display the status of file transfer operations. This command works in both operational mode and config mode.

ARGUMENTS

file-name <path-to-file>

  • type: string
  • description: View the status of a specific file that you have transferred.

EXAMPLE

Check the status of file transfers:

appliance-1(config)# file transfer-status
result
S.No.|Operation |Protocol|Local File Path |Remote Host |Remote File Path |Status
1 |Import file|HTTPS |images/staging/myfile.iso |files.company.com |images/myfile.iso |In Progress (15.0%)

````

Config Mode Commands


images remove

COMMAND images remove

DESCRIPTION Remove tenant image.

ARGUMENTS

name <image-name>.bundle

  • type: string
  • description: Name of the .bundle image file.

EXAMPLE

Remove the .bundle file named BIGIP-15.1.5-0.0.11.ALL-F5OS.zip.bundle:

appliance-1(config)# images remove name BIGIP-15.1.5-0.0.11.ALL-F5OS.zip.bundle
result Successful.

interfaces interface

COMMAND interfaces interface

DESCRIPTION Configure network interface attributes.

ARGUMENTS

config description <description>

  • type: string
  • description: The description of the interface.

config enabled

  • type: boolean
  • description: The configured, desired state of the interface. This field can be set only to ieee8023adLag when creating LAG interfaces.

config name <name>

  • type: string
  • description: The name of the interface. The minimum length is 1 character, and the maximum length is 63 characters.

config type <type>

  • type: identityref
  • description: The type of the interface.

EXAMPLE

Configure a description for interface 1.0 and verify that it was configured correctly:

appliance-1(config)# interfaces interface 1.0 config description "100G Link"
appliance-1(config-interface-1/1.0)# commit
Commit complete.
appliance-1(config-interface-1.0)# exit
appliance-1(config)# end
appliance-1# show running-config interfaces interface 1.0 config
interfaces interface 1/1.0
 config name 1.0
 config type ethernetCsmacd
 config description "100G Link"
 config enabled
!

interfaces interface <lag-name> aggregation config

COMMAND interfaces interface <lag-name> aggregation config

DESCRIPTION Configure link aggregation groups (LAGs) and their attributes.

ARGUMENTS

lag-type [ STATIC | LACP ]

  • type: aggregation-type
  • description: Link aggregation type.

distribution-hash [ dst-mac | src-dst-ipport | src-dst-mac ]

  • type: enumeration.
  • description: Supported load balancing hash values. Available options are:
    • dst-mac
    • src-dst-ipport
    • src-dst-mac

switched-vlan config native-vlan <vlan-id>

  • type: unsignedShort
  • description: The native VLAN identifier for untagged frames arriving on a trunk interface. The range is from 1 to 4094.

switched-vlan config trunk-vlans <vlan-ids>

  • type: list of unsignedShort
  • description: VLANs that the LAG members may carry. The range is from 1 to 4094.

EXAMPLE

Create a LAG named test-lag that uses dst-mac for the hash, assign trunk VLAN IDs 99 and 101, and then verify that it was configured correctly:

appliance-1(config)# interfaces interface test-lag aggregation config distribution-hash dst-mac
appliance-1(config)# commit
appliance-1(config)# interfaces interface test-lag aggregation switched-vlan config trunk-vlans [ 99 101 ]
appliance-1(config)# commit

appliance-1# show running-config interfaces interface test-lag aggregation switched-vlan config
interfaces interface test-lag
 aggregation switched-vlan config trunk-vlans [ 99 101 ]
!

interfaces interface <interface-name> ethernet

COMMAND interfaces interface <interface-name> ethernet

DESCRIPTION Configure physical interfaces attributes.

ARGUMENTS

config aggregate-id <aggregate-interface>

  • type: leafref
  • description: The logical aggregate interface (LAG) to which this interface belongs. The user is prompted with a list of configured LAGs.

switched-vlan config native-vlan

  • type: unsignedShort
  • description: The native VLAN identifier for untagged frames arriving on the Ethernet interface. The range is from 1 to 4094.

switched-vlan config trunk-vlans

  • type: list of unsignedShort
  • description: VLANs that the Ethernet interface can carry. The range is from 1 to 4094.

interfaces interface <interface-name> ethernet config

COMMAND interfaces interface <interface-name> ethernet config

DESCRIPTION Configure Ethernet options for a specified interface.

ARGUMENTS

aggregate-id <interface>

  • description: The logical aggregate interface to which this interface belongs.

interfaces interface mgmt ethernet config

COMMAND interfaces interface mgmt ethernet config

DESCRIPTION Configure Ethernet options for the management interface.

ARGUMENTS

auto-negotiate [ false | true ]

  • description: Whether to enable auto negotiation. Set to true to enable auto negotiate or false to disable it.

duplex-mode [ FULL | HALF ]

  • description: Whether to enable full or half duplex on an interface. Set to FULL to enable full duplex on an interface or set to HALF to enable half duplex on an interface.

port-speed

  • description: The port speed for the management interface. Available options are:
    • SPEED_1GB
    • SPEED_10MB
    • SPEED_100MB

EXAMPLE

Configure the management interface to use the FULL duplex mode:

appliance-1(config)# interfaces interface mgmt ethernet config duplex-mode FULL

lacp config system-priority

COMMAND lacp config system-priority

DESCRIPTION System priority and system MAC are combined as system-id, which is required by the LACP protocol. System MAC is not configurable.

ARGUMENTS

<priority>

  • type: unsignedShort
  • description: System priority used by the node on this LAG interface. A lower value indicates higher priority for determining which node is the controlling system. The default value is 32768.

EXAMPLES

Configure system priority to be 1000:

appliance-1(config)# lacp config system-priority 1000

lacp interfaces interface

COMMAND lacp interfaces interface <lag-interface> config name <interface>

DESCRIPTION

Configure LACP to manage the LAG interface. To use LACP to manage a LAG interface, the LAG interface must already exist or be created first. LAG interfaces can have multiple interface members, and the LAG interface state is up as long as there is at least one active member. There must be valid VLANs attached to LAG interface to pass user traffic. Be sure that the VLAN exists before attaching it to a LAG interface.

ARGUMENTS

interval [ FAST | SLOW ]

  • description: The interval at which interfaces send LACP packets. Set the interval to FAST to have packets sent every second. Set the interval to SLOW to have packets sent every 30 seconds.

lacp-mode [ ACTIVE | PASSIVE ]

  • description: Set to PASSIVE to place a port into a passive negotiating state, in which the port responds to received LACP packets, but does not initiate LACP negotiation. Set to ACTIVE to place a port into an active negotiating state, in which the port initiates negotiations with other ports by sending LACP packets.

name <name>

  • type: string
  • description: User-defined name for the LACP interface. The minimum length is 1 character, and the maximum length is 63 characters.

system-id-mac <mac-address>

  • type: mac-address
  • description: Hex list representation of the Layer 2 MAC address. The format must be exactly 6 octets in the format xx:xx:xx:xx:xx:xx.

system-priority <priority>

  • type: unsignedShort
  • description: System priority used by the node on this LAG interface. A lower value indicates higher priority for determining which node is the controlling system.

EXAMPLES

Configure an LACP interface, set it to place the port into an active negotiating state, and set the interval to have packets sent every second:

appliance-1(config)# lacp interfaces interface lag1 config lacp-mode ACTIVE interval FAST

Create a LAG interface named lag1 with the type ieee8023adLag:

appliance-1(config)# interfaces interface lag1 config type ieee8023adLag; commit

Enable LACP on a LAG interface named lag1:

appliance-1(config)# interfaces interface lag1 aggregation config lag-type LACP; commit

Create an LACP interface named lag1 with default parameters (internal is set to SLOW, lacp-mode is set to ACTIVE):

appliance-1(config)# lacp interfaces interface lag1 config name lag1; commit

Add interface 1/1.0 and 1/2.0 as interface members into a LAG named lag1:

appliance-1(config)# interfaces interface 1/1.0 ethernet config aggregate-id lag1
appliance-1(config)#  interfaces interface 1/2.0 ethernet config aggregate-id lag1
appliance-1(config)#  commit

Attach VLANs 1000 and 1001 to a LAG interface named lag1:

appliance-1(config)# interfaces interface lag1 aggregation switched-vlan config trunk-vlans [ 1000 1001 ]
appliance-1(config)# commit

lldp config

COMMAND lldp config

DESCRIPTION Configure Link Layer Discovery Protocol (LLDP) on the system.

ARGUMENTS

disabled

  • type: boolean
  • description: Disable LLDP on the system.

enabled

  • type: boolean
  • description: Enable LLDP on the system.

max-neighbors-per-port <neighbors>

  • type: unsignedShort
  • description: Maximum number of LLDP neighbors per port. The default value is 10.

reinit-delay <delay>

  • type: unsignedShort
  • description: System delay time to re-initialize LLDP data unit (LLDPDU). The default value is 2.

system-description <description>

  • type: string
  • description: System description for LLDP. The minimum length is 0 characters, and the maximum length is 255 characters.

system-name <name>

  • type: string
  • description: System name for LLDP. The minimum length is 0 characters, and the maximum length is 255 characters.

tx-delay <delay>

  • type: unsignedShort
  • description: System delay time to transmit LLDPDU. The default value is 2.

tx-hold <hold>

  • type: unsignedShort
  • description: System hold time to transmit LLDPDU. The default value is 4.

tx-interval <interval>

  • type: unsignedShort
  • description: System interval to transmit LLDPDU. The range is from 5 to 32768. The default value is 30.

EXAMPLE

Configure a system-description for LLDP and verify that it was configured correctly:

appliance-1(config)# lldp config system-description "Test system description"
appliance-1(config)# commit
Commit complete.
appliance-1(config)# end
appliance-1# show running-config lldp config
lldp config enabled
lldp config system-description "Test system description"
lldp config tx-interval 30
lldp config tx-hold    4
lldp config reinit-delay 2
lldp config tx-delay   2
lldp config max-neighbors-per-port 10

lldp interfaces interface <interface-name> config

COMMAND lldp interfaces interface <interface-name> config

DESCRIPTION Configure LLDP attributes for an interface.

ARGUMENTS

name <name>

  • type: string
  • description: The name of the LLDP interface. The minimum length is 1 character, and the maximum length is 63 characters.

enabled

  • type: boolean
  • description: Enable LLDP for the specified interface.

disabled

  • type: boolean
  • description: Disable LLDP for the specified interface.

tlv-advertisement-state [ none | txonly | rxonly | txrx ]

  • type: lldp-tlv-advertisement-direction, description: txrx
  • description: LLDP PDU direction for LLDP Type-Length-Value (TLV) advertisement.

tlvmap <tlvmap_bit>

  • type: lldp-tlvmap-bits
  • description: Bitmap to define the LLDP TLV to be transmitted. Available options are:
    • chassis-id
    • link-aggregation
    • macphy
    • management-address
    • mfs
    • port-description
    • port-id
    • power-mdi
    • ppvid
    • product-model
    • protocol-identity
    • pvid
    • system-capabilities
    • system-description
    • system-name
    • ttl
    • vlan-name

EXAMPLE

Configure a tlv-advertisement-state for LLDP interface 1.0 and verify that it was configured correctly:

appliance-1(config)# lldp interfaces interface 1.0 config tlv-advertisement-state txrx
appliance-1(config-interface-1.0)# commit
Commit complete.
appliance-1(config-interface-1.0)# top
appliance-1(config)# end
appliance-1# show running-config lldp interfaces interface 1.0
lldp interfaces interface 1.0
 config name             1.0
 config enabled
 config tlv-advertisement-state txrx
 config tlvmap           chassis-id,port-id,ttl,port-description,system-name,system-description,system-capabilities,pvid,ppvid,vlan-name,protocol-identity,macphy,link-aggregation,power-mdi,mfs,product-model
!

port-mappings port-mapping

COMMAND port-mappings port-mapping

DESCRIPTION Configure port mapping for front-panel interfaces.

ARGUMENTS

<port-mapping-name> pipeline [ PIPELINE-1 | PIPELINE-2 | PIPELINE-3 | PIPELINE-4 ]

  • type: enumeration
  • description: Pipeline component for port mapping functionality.

portgroups portgroup

COMMAND portgroups portgroup

DESCRIPTION Configure port group attributes.

ARGUMENTS

<portgroup> config name <name>

  • type: string
  • description: The name of the port group.

<portgroup> config mode [ MODE_4x10GB | MODE_4x25GB | MODE_40GB | MODE_100GB ]

  • type: enumeration
  • description: The mode of the port group. All port groups on the system must be configured with the same mode. Changing to a different mode will restart the system. Available options are:
    • MODE_100GB
    • MODE_4x25GB
    • MODE_40GB
    • MODE_4x10GB
    • MODE_10GB
    • MODE_25GB

<portgroup> config ddm ddm-poll-frequency <frequency>

  • type: unsignedInt
  • description: DDM polling frequency in seconds. Set to 0 (zero) to disable the polling.

EXAMPLE

Configure a port group on interface 1 to use a DDM polling frequency of 20 seconds:

appliance-1(config)# portgroups portgroup 1 config ddm ddm-poll-frequency 20

Configure the port mode on interface 1 to be MODE_25GB:

appliance-1(config)# portgroups portgroup 1 config mode MODE_25GB

stp

COMMAND stp

DESCRIPTION Configure Spanning Tree Protocol (STP) on the system.


stp global config enabled-protocol

COMMAND stp global config enabled-protocol

DESCRIPTION Configures whether Spanning Tree Protocol (STP) is enabled on the system. If empty, STP is disabled. There can be only one spanning tree protocol enabled at a time. When configuring anything for stp stp, stp rstp, or stp mstp, ensure that the respective protocol has been configured as the global enabled-protocol.

When any spanning-tree protocol is configured, all interfaces in the system not configured for the respective spanning-tree protocol will be blocked to avoid broadcast storms. Deleting the enabled-protocol removes the blocking state.

ARGUMENTS

[ MSTP | RAPID_PVST | RSTP | STP ]

  • description: The global STP protocol enabled on the system.

EXAMPLE

Enable STP as the as the global STP protocol and verify that it was configured correctly:

appliance-1(config)# stp global config enabled-protocol [ STP ] ; commit
Commit complete.
appliance-1(config)# show full-configuration stp global
stp global config enabled-protocol [ STP ]

Enable RSTP as the as the global STP protocol and verify that it was configured correctly:

appliance-1(config)# stp global config enabled-protocol [ RSTP ] ; commit
Commit complete.
appliance-1(config)# show full-configuration stp global
stp global config enabled-protocol [ RSTP ]

Enable MSTP as the as the global STP protocol and verify that it was configured correctly:

appliance-1(config)# stp global config enabled-protocol [ MSTP ] ; commit
Commit complete.
appliance-1(config)# show full-configuration stp global
stp global config enabled-protocol [ MSTP ]

Disable STP on the system:

appliance-1(config)# no stp global config enabled-protocol ; commit
Commit complete.
appliance-1(config)# show full-configuration stp global
% No entries found.

stp interfaces interface

COMMAND stp interfaces interface

DESCRIPTION Configure specific STP features for an interface.

ARGUMENTS

<interface> config edge-port [ EDGE_ENABLE | EDGE_DISABLE | EDGE_AUTO ]

  • type: enumeration
  • description: Set the interface as an edge port. This transitions the port automatically to the spanning tree forwarding state without passing through the blocking or learning states.

<interface> config link-type [ P2P | SHARED ]

  • type: enumeration
  • description: Set the interface link type to one of these options:
    • P2P: Use the optimizations for point-to-point spanning tree links. Point-to-point links connect two spanning tree bridges only.
    • SHARED: Use the optimizations for shared spanning tree links. Shared links connect two or more spanning tree bridges.

<interface> config name <name>

  • type: string
  • description: Set a reference to the STP Ethernet interface. The minimum length is 1 character, and the maximum length is 63 characters.

stp mstp config

COMMAND stp mstp config

DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the MSTP protocol.

ARGUMENTS

forwarding-delay <time-in-seconds>

  • type: unsignedByte
  • description: The delay used by STP bridges to transition root and designated ports to forwarding. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)) F5 recommends keeping the default value. The range is from 4 to 30 seconds.

hello-time <time-in-seconds>

  • type: unsignedByte
  • description: The interval between periodic transmissions of configuration messages by designated ports. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 1 to 10 seconds.
  • hold-count <bpdus-per-second>

    • type: unsignedByte
    • description: The maximum number of PortFast Bridge Protocol Data Units (BPDUs) per second that the switch can send from an interface. F5 recommends keeping the default value. The range is from 1 to 10 BPDUs.

    max-age <time-in-seconds>

    • type: unsignedByte
    • description: The maximum age of the information transmitted by the bridge when it is the root bridge. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 6 to 40 seconds.

    max-hop <number-of-hops>

    • type: unsignedByte
    • description: The max hop determines the number of bridges in an MST region that a BPDU can traverse before it is discarded. F5 recommends keeping the default value. The range is from 1 to 255 hops.

    name

    • type: string
    • description: The Configuration Name in the MST Configuration Identifier. The minimum length is 1 character, and the maximum length is 32 characters.

    revision

    • type: unsignedInt
    • description: The Revision Level in the MST Configuration Identifier.

    EXAMPLES

    Configure MSTP named my-region with a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds, a hold count of 7 BPDUs per second, a revision level of 1, and a maximum hop of 21 hops, and then verify that it was configured correctly:

    appliance-1(config)# stp mstp config forwarding-delay 16 hello-time 3 max-age 21 hold-count 7 name my-region revision 1 max-hop 21 ; commit
    Commit complete.
    appliance-1(config)# show full-configuration stp mstp config
    stp mstp config name my-region
    stp mstp config revision 1
    stp mstp config max-hop 21
    stp mstp config hello-time 3
    stp mstp config max-age 21
    stp mstp config forwarding-delay 16
    stp mstp config hold-count 7
    

    stp mstp mst-instances mst-instance

    COMMAND stp mstp mst-instances mst-instance

    DESCRIPTION Configure a specific MST instance.

    ARGUMENTS

    <instance>

    • type: unsignedShort,
    • description: MST instance. The range is from 1 to 4094.

    config bridge-priority [ 0 | 4096 | 8192 | 12288 | 16384 | 20480 | 24576 | 28672 | 32768 | 36864 | 40960 | 45056 | 49152 | 53248 | 57344 | 61440 ]

    • type: unsignedInt
    • description: The manageable component of the Bridge Identifier. F5 recommends configuring bridge-priority to a high value so that this device does not become the root bridge.

    config mst-id <mst-identifier>

    • type: unsignedShort
    • description: In an MSTP Bridge, an MSTID, that is, a value used to identify a spanning tree (or MST) instance. The range is from 1 to 4094.

    config vlan <vlan-identifier>

    • type: list
    • description: List of VLANs mapped to the MST instance. The range is from 1 to 4094.

    EXAMPLE

    Configure MST instance 5 with a bridge priority of 36864, MST identifier of 5, and mapped to VLANs 100 and 101, and then verify that it was configured correctly:

    appliance-1(config)# stp mstp mst-instances mst-instance 5 config bridge-priority 36864 mst-id 5 vlan [ 100 101 ]
    appliance-1(config-mst-instance-5)# commit
    Commit complete.
    appliance-1(config-mst-instance-5)# show full
    stp mstp mst-instances mst-instance 5
    config mst-id 5
    config vlan [ 100 101 ]
    config bridge-priority 36864
    !
    

    stp mstp mst-instances mst-instance {mst-id} interfaces interface


    COMMAND stp mstp mst-instances mst-instance {mst-id} interfaces interface

    DESCRIPTION Configure data for MSTP on each interface. Must be configured in conjunction with an STP interface

    ARGUMENTS

    <interface>

    • description: The STP interface.

    config cost

    • type: unsignedInt
    • description: The port's contribution, when it is the Root Port, to the Root Path Cost for the Bridge. The range is from 0 to 200000000.

    config name <name>

    • type: string
    • description: Reference to the STP ethernet interface. The minimum length is 1 character, and the maximum length is 63 characters.

    config port-priority <priority>

    • type: unsignedByte
    • description: The manageable component of the Port Identifier, also known as port (or interface) priority. Configure in increments of 16. The range is from 1 to 240.

    EXAMPLE

    Configure MST instance 5 with interface 1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:

    appliance-1(config)# show full-configuration stp interfaces
    stp interfaces interface 1
    config name 1
    config edge-port EDGE_AUTO
    config link-type P2P
    !
    appliance-1(config)# stp mstp mst-instances mst-instance 5 interfaces interface 1 config name 1 cost 100 port-priority 128 ; commit
    Commit complete.
    appliance-1(config-interface-1)# top
    appliance-1(config)# show full-configuration stp mstp mst-instances mst-instance 5
    stp mstp mst-instances mst-instance 5
    config mst-id 5
    config vlan [ 100 101 ]
    config bridge-priority 36864
    interfaces interface 1
    config name 1
    config cost 100
    config port-priority 128
    !
    

    stp rstp config

    COMMAND stp rstp config

    DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the RSTP protocol.

    ARGUMENTS

    bridge-priority [ 0 | 4096 | 8192 | 12288 | 16384 | 20480 | 24576 | 28672 | 32768 | 36864 | 40960 | 45056 | 49152 | 53248 | 57344 | 61440 ]

    • type: unsignedInt
    • description: The manageable component of the Bridge Identifier. F5 recommends configuring bridge-priority to a high value so that this device does not become the root bridge.

    forwarding-delay <time-in-seconds>

    • type: unsignedByte
    • description: The delay used by STP bridges to transition root and designated ports to forwarding. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 4 to 30 seconds.

    hello-time <time-in-seconds>

    • type: unsignedByte
    • description: The interval between periodic transmissions of configuration messages by designated ports. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 1 to 10 seconds.

    hold-count <bpdus-per-second>

    • type: unsignedByte
    • description: The maximum number of BPDUs per second that the switch can send from an interface. F5 recommends keeping the default value. The range is from 1 to 30 BPDUs per second.

    max-age <time-in-seconds>

    • type: unsignedByte
    • description: The maximum age of the information transmitted by the bridge when it is the root bridge. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 6 to 40 seconds.

    EXAMPLES

    Configure RSTP with a bridge priority of 36864, a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds, a hold count of 7 BPDUs per seconds, and then verify that it was configured correctly:

    appliance-1(config)# stp rstp config bridge-priority 36864 forwarding-delay 16 hello-time 3 max-age 21 hold-count 7 ; commit
    Commit complete.
    appliance-1(config)# show full-configuration stp rstp config
    stp rstp config hello-time 3
    stp rstp config max-age 21
    stp rstp config forwarding-delay 16
    stp rstp config hold-count 7
    stp rstp config bridge-priority 36864
    

    stp rstp interfaces interface

    COMMAND stp rstp interfaces interface

    DESCRIPTION Configuration data for MSTP on each interface. Must be configured in conjunction with an STP interface.

    ARGUMENTS

    <interface>

    • description: The STP interface.

    config cost

    • type: unsignedInt
    • description: The port's contribution, when it is the Root Port, to the Root Path Cost for the Bridge. The range is from 0 to 200000000.

    config name <name>

    • type: string
    • description: Reference to the STP ethernet interface. The minimum length is 1 character, and the maximum length is 63 characters.

    config port-priority <priority>

    • type: unsignedByte
    • description: The manageable component of the Port Identifier, also known as port (or interface) priority. Configure in increments of 16. The range is from 1 to 240.

    EXAMPLE

    Configure RSTP instance 1 with interface 1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:

    appliance-1(config)# show full-configuration stp interfaces
    stp interfaces interface 1
    config name 1
    config edge-port EDGE_AUTO
    config link-type P2P
    !
    appliance-1(config)# stp rstp interfaces interface 1 config name 1 cost 100 port-priority 128 ; commit
    Commit complete.
    appliance-1(config-interface-1)# show full
    stp rstp interfaces interface 1
    config name 1
    config cost 100
    config port-priority 128
    !
    

    stp stp config

    COMMAND stp stp config bridge-priority

    DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the MSTP protocol.

    ARGUMENTS

    bridge-priority [ 0 | 4096 | 8192 | 12288 | 16384 | 20480 | 24576 | 28672 | 32768 | 36864 | 40960 | 45056 | 49152 | 53248 | 57344 | 61440 ]

    • type: unsignedInt
    • description: The manageable component of the Bridge Identifier. F5 recommends configuring bridge-priority to a high value so that this device does not become the root bridge.

    forwarding-delay <time-in-seconds>

    • type: unsignedByte
    • description: The delay used by STP bridges to transition root and designated ports to forwarding. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 4 to 30 seconds.

    hello-time <time-in-seconds>

    • type: unsignedByte
    • description: The interval between periodic transmissions of configuration messages by designated ports. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 1 to 10 seconds.

    hold-count <bpdus-per-second>

    • type: unsignedByte
    • description: The maximum number of BPDUs per second that the switch can send from an interface. F5 recommends keeping the default value. The range is from 1 to 30 BPDUs per second.

    max-age <time-in-seconds>

    • type: unsignedByte
    • description: The maximum age of the information transmitted by the bridge when it is the root bridge. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 6 to 40 seconds.

    EXAMPLES

    Configure STP with a bridge priority of 36864, a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds, a hold count of 7 BPDUs per seconds, and then verify that it was configured correctly:

    appliance-1(config)# stp stp config bridge-priority 36864 forwarding-delay 16 hello-time 3 hold-count 7 max-age 21 ; commit
    Commit complete.
    appliance-1(config)# show full-configuration stp stp config
    stp stp config hello-time 3
    stp stp config max-age 21
    stp stp config forwarding-delay 16
    stp stp config hold-count 7
    stp stp config bridge-priority 36864
    

    stp stp interfaces interface

    COMMAND stp stp interfaces interface

    DESCRIPTION Configuration data for MSTP on each interface. Must be configured in conjunction with an STP interface.

    ARGUMENTS

    <interface>

    • description: The STP interface.

    config cost

    • type: unsignedInt
    • description: The port's contribution, when it is the Root Port, to the Root Path Cost for the Bridge. The range is from 0 to 200000000.

    config name <name>

    • type: string
    • description: Reference to the STP ethernet interface. The minimum length is 1 character, and the maximum length is 63 characters.

    config port-priority <priority>

    • type: unsignedByte
    • description: The manageable component of the Port Identifier, also known as port (or interface) priority. Configure in increments of 16. The range is from 1 to 240.

    EXAMPLE

    Configure STP instance 1 with interface 1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:

    appliance-1(config)# show full-configuration stp interfaces
    stp interfaces interface 1
    config name 1
    config edge-port EDGE_AUTO
    config link-type P2P
    !
    appliance-1(config)# stp stp interfaces interface 1 config name 1 cost 100 port-priority 128 ; commit
    Commit complete.
    appliance-1(config-interface-1)# show full
    stp stp interfaces interface 1
    config name 1
    config cost 100
    config port-priority 128
    !
    

    system aaa authentication config authentication-method

    COMMAND

    system aaa authentication config authentication-method

    DESCRIPTION

    Specify which authentication methods can be used to authenticate and authorize users. You can enable all methods and indicate the order in which you'd like the methods to be attempted when a user logs in.

    ARGUMENTS

    [ LDAP_ALL | LOCAL | RADIUS_ALL | TACACS_ALL ]

    • type: enumeration
    • description: Set one or more types. Authentication is tried on the order in which it is configured here.

    EXAMPLE

    Attempt to authenticate in this order: LDAP, then RADIUS, and then local (/etc/password):

    appliance-1(config)# system aaa authentication config authentication-method [ LDAP_ALL RADIUS_ALL LOCAL ]
    

    system aaa authentication ldap active_directory

    COMMAND system aaa authentication ldap active_directory

    DESCRIPTION

    Specify whether to enable LDAP Active Directory (AD).

    ARGUMENTS

    [ false | true ]

    • type: enumeration
    • description: Set to true to enable LDAP AD or false to disable it. The default value is false.

    EXAMPLE

    Enable LDAP AD on the system:

    appliance-1(config)# system aaa authentication ldap active_directory true
    

    system aaa authentication ldap base

    COMMAND

    system aaa authentication ldap base

    DESCRIPTION

    Specify the search base distinguished name (DN) for LDAP authentication. Note that the configuration of base values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters. These must be the same as what is configured in the LDAP server.

    ARGUMENTS

    <dn-name>

    • type: list of string
    • description: The distinguished name from which to start the search for the LDAP user. The default format is 1 to 255 alphanumeric characters. Allowed special characters include: = . , -

    EXAMPLE

    appliance-1(config)# system aaa authentication ldap base dc=xyz,dc=com
    appliance-1(config)# system aaa authentication ldap base [ dc=xyz,dc=com dc=abc,dc=com ]
    

    system aaa authentication ldap bind_timelimit

    COMMAND system aaa authentication ldap bind_timelimit

    DESCRIPTION

    Specify a maximum amount of time to wait for LDAP authentication to return a result.

    ARGUMENTS

    <value-in-seconds>

    • type: unsignedShort
    • description: The maximum bind time limit, in seconds. The default value is 30.

    EXAMPLE

    Set a maximum bind time limit of 60 seconds:

    appliance-1(config)# system aaa authentication ldap bind_timelimit 60
    

    system aaa authentication ldap binddn

    COMMAND

    system aaa authentication ldap binddn

    DESCRIPTION

    Specify the distinguished name (DN) of an account that can search the base DN. If no account is specified, the LDAP connection establishes without authentication. Note that the configuration of binddn values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters; these must be the same as what is configured in the LDAP server.

    ARGUMENTS

    <dn-acct-info>

    • type: string
    • description: The account that is allowed to search the base DN. The default format is 1 to 255 alphanumeric characters. Allowed special characters include: = . , -

    EXAMPLE

    Set the distinguished name of a specified account for searching the base DN:

    appliance-1(config)# system aaa authentication ldap binddn cn=admin,dc=xyz,dc=com
    

    system aaa authentication ldap bindpw

    COMMAND

    system aaa authentication ldap bindpw

    DESCRIPTION

    Specify the password of the search account identified in binddn.

    ARGUMENTS

    <password>

    • type: AES encrypted string
    • description: The password for the search account on the LDAP server. This option is required if you enter a value for the binddn option. The default value is none.

    EXAMPLE

    Specify a password for the search account on the LDAP server:

    appliance-1(config)# system aaa authentication ldap bindpw <password>
    

    system aaa authentication ldap idle_timelimit

    COMMAND

    system aaa authentication ldap idle_timelimit

    DESCRIPTION

    Configure the maximum amount of time before the LDAP connection can be inactive before it times out.

    ARGUMENTS

    <number-of-seconds>

    • type: unsignedShort
    • description: The maximum idle timeout, in seconds. The default value is 30.

    EXAMPLE

    Set a maximum idle timeout of 60 seconds:

    appliance-1(config)# system aaa authentication ldap idle_timelimit 60
    

    system aaa authentication ldap ldap_version

    COMMAND

    system aaa authentication ldap ldap_version

    DESCRIPTION

    Specify the LDAP protocol version number.

    ARGUMENTS

    <version-number>

    • type: unsignedByte
    • description: The protocol version number for the LDAP server. The range is from 1 to 3. The default value is 3.

    EXAMPLE

    Specify that LDAPv3 is used for the LDAP server:

    appliance-1(config)# system aaa authentication ldap ldap_version 3
    

    system aaa authentication ldap ssl

    COMMAND

    system aaa authentication ldap ssl

    DESCRIPTION

    Specify whether to enable Transport Layer Security (TLS) functionality for the LDAP server.

    ARGUMENTS

    on

    • type: string
    • description: Enable TLS to secure all connections.

    off

    • type: string
    • description: Disable TLS to secure all connections.

    start_tls

    • type: string
    • description: Start a connection in unencrypted mode on a port configured for plain text and negotiates TLS/SSL encryption with the client. If selected, it is used rather than raw LDAP over SSL.

    EXAMPLE

    Specify that TLS is enabled for all connections:

    appliance-1(config)# system aaa authentication ldap ssl on
    

    system aaa authentication ldap timelimit

    COMMAND

    system aaa authentication ldap timelimit

    DESCRIPTION

    Specify a maximum time limit to use when performing LDAP searches to receive an LDAP response.

    ARGUMENTS

    <number-of-seconds>

    • type: unsignedShort
    • description: The time limit, in seconds, used for LDAP searches.

    EXAMPLE

    Specify a maximum time limit of 60 seconds for LDAP searches:

    appliance-1(config)# system aaa authentication ldap timelimit 60
    

    system aaa authentication ldap tls_cacert

    COMMAND

    system aaa authentication ldap tls_cacert

    DESCRIPTION

    Specify the CA certificate to be used for authenticating the TLS connection with the CA server. Also validates an issued certificate from a CA prior to accepting it into the system.

    ARGUMENTS

    <path-to-cacert>

    • type: string
    • description: The PEM-formatted X.509 certificate (self-signed or from a CA). The default value is none.

    EXAMPLE

    Specify a certificate for authenticating the TLS connection:

    appliance-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
    

    system aaa authentication ldap tls_cert

    COMMAND

    system aaa authentication ldap tls_cert

    DESCRIPTION

    Specify the file that contains the certificate for the client's key.

    ARGUMENTS

    <path-to-cacert>

    • type: string
    • description: The file that contains the certificate.

    EXAMPLE

    Specify a file that contains the certificate for a client's key:

    appliance-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
    

    system aaa authentication ldap tls_ciphers

    COMMAND

    system aaa authentication ldap tls_ciphers

    DESCRIPTION

    Specify acceptable cipher suites for the TLS library in use. For example, ECDHE-RSAAES256-GCM-SHA384 or ECDHE-RSA-AES128-GCM-SHA256.

    The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.

    ARGUMENTS

    <cipher-suite>

    • type: string
    • description: The cipher suite for the TLS library in use.

    EXAMPLE

    Specify the cipher suite for the TLS library in use:

    appliance-1(config)# system aaa authentication ldap tls_cyphers <cipher-suite>
    

    system aaa authentication ldap tls_key

    COMMAND

    system aaa authentication ldap tls_key

    DESCRIPTION

    Specify the file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert command.

    ARGUMENTS

    <path-to-file>

    • type: AES encrypted string
    • description: The file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert command.

    system aaa authentication ldap tls_reqcert

    COMMAND

    system aaa authentication ldap tls_reqcert

    DESCRIPTION

    Specify what checks to perform on certificates in a TLS session. The default value is never.

    ARGUMENTS

    never

    • type: string
    • description: This level indicates that a certificate is not required. This is the default level.

    allow

    • type: string
    • description: This level indicates that a certificate is requested. If none is provided, the session proceeds normally. If a certificate is provided, but the server is unable to verify it, the certificate is ignored and the session proceeds normally, as if no certificate had been provided.

    try

    • type: string
    • description: This level indicates that a certificate is requested. If no certificate is provided, the session proceeds normally. If a certificate is provided, and it cannot be verified, the session is terminated immediately.

    [ demand | hard ]

    • type: string
    • description: This level indicates that a certificate is requested and a valid certificate must be provided, otherwise the session is terminated immediately.

    EXAMPLE

    Specify that a certificate is not required for a TLS session:

    appliance-1(config)# system aaa authentication ldap tls_reqcert never
    

    system aaa authentication roles role

    COMMAND

    system aaa authentication roles role

    DESCRIPTION

    Specify the primary role assigned to the user.

    ARGUMENTS

    config gid

    • type: unsignedInt
    • description: The assigned system group ID for the role.

    config rolename

    • type: string
    • description: The assigned role name for the role; must comply with Linux naming policies.

    config users

    • type: list of strings
    • description: The roles assigned to the user.

    EXAMPLE

    Configure which rolename and system group ID is used for a specified role:

    appliance-1(config)# system aaa authentication roles role <rolename> config rolename <rolename> gid <unix-gid>
    

    system aaa authentication users user

    COMMAND

    system aaa authentication users user

    DESCRIPTION

    Configure options for users.

    ARGUMENTS

    config expiry-date <yyyy-mm-dd>

    • type: string
    • description: The date that you want the account to expire, in yyyy-mm-dd format. The default value is -1 (no expiration date). Use 1 to indicate expired.

    config last-change [ 0 | <yyyy-mm-dd> ]

    • type: int
    • description: Date of last password change, in yyyy-mm-dd format. Use 0 (zero) to indicate that the user must change the password at their next log in.

    config role

    • type: string
    • description: The role to which the user is assigned.

    tally-count

    • type: unsignedInt
    • description: The number of login failures, excluding root and admin users.

    config username

    • type: string
    • description: The name of the user.

    config set-password

    • type: string
    • description: Used by admin roles to change the password for other users.

    config change-password

    • type: string
    • description: Used by non-admin users to change their own password. This requires that they know their old password.

    EXAMPLE

    Configure a user named jdoe so that the user must change their password at their next log in and indicate that the account has no expiration date:

    appliance-1(config)# system aaa authentication users user jdoe config last-change 0 expiry-date -1
    

    system aaa password-policy config apply-to-root

    COMMAND

    system aaa password-policy config apply-to-root

    DESCRIPTION

    Specify whether to enforce password policies when the user configuring passwords is the root user. If enabled (true), the system returns an error on failed check if the root user changing the password. If disabled (false), the system displays a message about the failed check, but allows the root user to change the password and bypass password policies.

    ARGUMENTS

    [ false | true ]

    • type: enumeration
    • description: Set to true to enforce password policies even if it is the root user configuring passwords or false to disable it. The default value is false.

    system aaa password-policy config max-age

    COMMAND

    system aaa password-policy config max-age

    DESCRIPTION

    Configure the number of days that users can keep using the same password without changing it.

    ARGUMENTS

    max-age <days>

    • type: unsignedInt
    • description: The maximum number of days that a user can use the same password. The range of values is from 0 to 999999 days. Set to -1 to indicate that the password never expires.

    system aaa password-policy config max-login-failures

    COMMAND

    system aaa password-policy config max-login-failures

    DESCRIPTION

    Configure the maximum number of unsuccessful login attempts that are permitted before a user is locked out.

    ARGUMENTS

    max-login-failures <number-of-failures>

    • type: unsignedInt
    • description: The maximum number of unsuccessful login attempts that are permitted before a user is locked out. The range of values is from 0 to 65535.

    system aaa password-policy config min-length

    COMMAND

    system aaa password-policy config min-length

    DESCRIPTION

    Configure a minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default value is 9. If you want to allow passwords that are as short as 5 characters, you should not use min-length.

    ARGUMENTS

    min-length <size>

    • type: unsignedInt
    • description: The minimum length of new passwords. The range of values is from 6 to 255.

    system aaa password-policy config reject-username

    COMMAND

    system aaa password-policy config reject-username

    DESCRIPTION

    Check whether the user name is contained in the new password, either in straight or reversed form. If it is found, the new password is rejected.

    ARGUMENTS

    [ false | true ]

    • type: enumeration
    • description: Set to false to allow the user name in a new password or true to reject new passwords that contain the user name in some form. The default value is false.

    system aaa password-policy config required-differences

    COMMAND

    system aaa password-policy config required-differences

    DESCRIPTION

    Configure the number of character changes that are required in the new password that differentiate it from the old password.

    ARGUMENTS

    <number-of-diffs>

    • type: unsignedInt
    • description: The number of character changes required in a new password to differentiate it from the old password. The range is from 0 to 127. The default value is 5.

    system aaa password-policy config required-lowercase

    COMMAND

    system aaa password-policy config required-lowercase

    DESCRIPTION

    Configure the minimum number of lowercase character required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of lowercase characters required for a password. The range is from 0 to 127.

    system aaa password-policy config required-numeric

    COMMAND

    system aaa password-policy config required-numeric

    DESCRIPTION

    Configure the minimum number of numeric characters required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of numeric characters required for a password. The range is from 0 to 127.

    system aaa password-policy config required-special

    COMMAND

    system aaa password-policy config required-special

    DESCRIPTION

    Configure the minimum number of numeric characters required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of special characters required for a password. The range is from 0 to 127.

    system aaa password-policy config required-uppercase

    COMMAND

    system aaa password-policy config required-uppercase

    DESCRIPTION

    Configure the minimum number of numeric characters required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of uppercase characters required for a password. The range is from 0 to 127.

    system aaa password-policy config retries

    COMMAND

    system aaa password-policy config retries

    DESCRIPTION

    Configure the number of retries allowed when user authentication is unsuccessful.

    ARGUMENTS

    <number-of-retries>

    • type: unsignedInt
    • description: The number of retries allowed after unsuccessful user authentication. The range is from 0 to 127.

    system aaa password-policy config root-lockout

    COMMAND

    system aaa password-policy config root-lockout

    DESCRIPTION

    Configure whether the root account can be locked out after unsuccessful login attempts.

    ARGUMENTS

    [ false | true ]

    • type: enumeration
    • description: Set to false to disable root lockout after a number of unsuccessful login attempts or true to enable it. The default value is false.

    system aaa password-policy config root-unlock-time

    COMMAND system aaa password-policy config root-unlock-time

    DESCRIPTION

    Configure the time in seconds before the root user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts.

    ARGUMENTS

    <time-in-seconds>

    • type: unsignedInt
    • description: The amount of time (in seconds) after unsuccessful root user authentication before the user can retry logging in. The range is from 0 to 999999 seconds.

    system aaa password-policy config unlock-time

    COMMAND

    system aaa password-policy config unlock-time

    DESCRIPTION

    Configure the time in seconds before a user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts. If this option is not configured, the account is locked until the lock is removed manually by an administrator.

    ARGUMENTS

    <time-in-seconds>

    • type: unsignedInt
    • description: The amount of time (in seconds) after unsuccessful user authentication before the user can retry logging in. The range is from 0 to 999999 seconds.

    system aaa primary-key set

    COMMAND

    system aaa primary-key set

    DESCRIPTION

    Change the system primary encryption key with passphrase and salt. This is useful while migrating configuration from one machine to another.

    ARGUMENTS

    passphrase

    • type: string
    • description: The passphrase for the key. The minimum length is 6 characters, and the maximum length is 255 characters.

    confirm-passphrase

    • type: string
    • description: Set the option to confirm the passphrase input again.

    salt

    • type: string
    • description: The salt for the key. The minimum length is 6 characters, and the maximum length is 255 characters.

    confirm-salt

    • type: string
    • description: Set the option to confirm the salt input again.

    EXAMPLE

    Change the primary key, set a passphrase and salt, and then display the status of the key migration process:

    appliance-1(config)# system aaa primary-key set
    Value for 'passphrase' (<string, min: 6 chars, max: 255 chars>): ******
    Value for 'confirm-passphrase' (<string, min: 6 chars, max: 255 chars>): ******
    Value for 'salt' (<string, min: 6 chars, max: 255 chars>): *********
    Value for 'confirm-salt' (<string, min: 6 chars, max: 255 chars>): *********
    response description: Key migration is initiated. Use 'show system primary-key state status' to get status
    
    
    appliance-1# show system aaa primary-key state
    system aaa primary-key state hash Jt221bA3Xj73bClXPY9pdfQzauNUGO92hv1eXZbKcD/4G+Dr3u6hyFoahL+r3iIopJm4IzIInSwYsilAGdY08w==
    system aaa primary-key state status "COMPLETE        Initiated: Fri Dec 10 22:33:02 2021"
    

    system aaa server-groups server-group

    COMMAND

    system aaa server-groups server-group

    DESCRIPTION

    Configure one or more AAA servers of type RADIUS, LDAP, or TACACS+. The first server in the list is always used by default unless it is unavailable, in which case the next server in the list is used. You can configure the order of servers in the server group.

    ARGUMENTS

    <group-name> config name <name>

    • type: string
    • description: A descriptive name for the server.

    <group-name> config type [ TACACS | RADIUS | LDAP ]

    • type: enumeration
    • description: The type of authentication.

    <group-name> servers server <ip-address>

    • type: string
    • description: IP address for authentication server.

    system aaa tls ca-bundles ca-bundle

    COMMAND system aaa tls ca-bundles ca-bundle

    DESCRIPTION Configure a certificate authority bundle.

    ARGUMENTS

    name config content

    • type: string
    • description: Contents of a CA Bundle. The minimum length is 1 character.

    name config name

    • type: string
    • description: Name of CA Bundle.

    system aaa tls config certificate

    COMMAND

    system aaa tls config certificate

    DESCRIPTION

    Configure an SSL server certificate to be used for the webUI (HTTPS) or REST interface of the system.

    ARGUMENTS

    <certificate>

    • type: string
    • description: Valid certificate content.

    EXAMPLE

    Add a certificate and key to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the certificate/key. After you have added a certificate, you must add a key using system aaa tls config key, commit the changes:

    appliance-1(config)# system aaa tls config certificate
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# system aaa tls config key
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# commit
    Commit complete.
    

    system aaa tls config key

    COMMAND

    system aaa tls config key

    DESCRIPTION

    Configure a PEM-encoded private key to be used for the webUI (HTTPS) or REST interface of the system. Key value is encrypted in DB storage.

    ARGUMENTS

    <key>

    • type: AES encrypted string
    • description: Valid key content.

    EXAMPLE

    Add a TLS key and certificate to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the key/certificate. After you have added a key, you must add a certificate using system aaa tls config certificate:

    appliance-1(config)# system aaa tls config key
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# system aaa tls config certificate
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# commit
    Commit complete.
    

    system aaa tls crls crl

    COMMAND system aaa tls crls crl

    DESCRIPTION Configure a Certificate Revocation List Entry (CRL).

    ARGUMENTS

    config name <name>

    • type: string
    • description: Name of CRL entry.

    config revocation-key <crl>

    • type: string
    • description: Specifies the PEM-encoded CRL. The minimum length is 1 character.

    EXAMPLE

    Add a new CRL to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the CRL key.

    appliance-1(config)# system aaa tls crls crl *crl Name*
    Value for 'config revocation-key' (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# commit
    Commit complete.
    

    system aaa tls create-self-signed-cert

    COMMAND system aaa tls create-self-signed-cert

    DESCRIPTION Create an OpenSSL key for use with AAA/TLS.

    ARGUMENTS

    key-type [ rsa | ecdsa ]

    • type: enumeration
    • description: Key type to use with the self-signed certificate. Available options are RSA and ECDSA (Elliptic Curve Digital Signature Algorithm).

    key-size <key-size>

    • type: unsignedInt,
    • description: Size of key. The range is from 2048 to 8192 bytes.

    days-valid <number>

    • type: unsignedInt
    • description: The number of days for which a certificate is valid.

    curve-name <curve-type>

    • type: enumeration
    • description: The ECDSA curve type to use. The default value is secp521r1. Available options are:
      • brainpoolP160r1: RFC 5639 curve over a 160 bit prime field
      • brainpoolP160t1: RFC 5639 curve over a 160 bit prime field
      • brainpoolP192r1: RFC 5639 curve over a 192 bit prime field
      • brainpoolP192t1: RFC 5639 curve over a 192 bit prime field
      • brainpoolP224r1: RFC 5639 curve over a 224 bit prime field
      • brainpoolP224t1: RFC 5639 curve over a 224 bit prime field
      • brainpoolP256r1: RFC 5639 curve over a 256 bit prime field
      • brainpoolP256t1: RFC 5639 curve over a 256 bit prime field
      • brainpoolP320r1: RFC 5639 curve over a 320 bit prime field
      • brainpoolP320t1: RFC 5639 curve over a 320 bit prime field
      • brainpoolP384r1: RFC 5639 curve over a 384 bit prime field
      • brainpoolP384t1: RFC 5639 curve over a 384 bit prime field
      • brainpoolP512r1: RFC 5639 curve over a 512 bit prime field
      • brainpoolP512t1: RFC 5639 curve over a 512 bit prime field
      • prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
      • prime192v2: X9.62 curve over a 192 bit prime field
      • prime192v3: X9.62 curve over a 192 bit prime field
      • prime239v1: X9.62 curve over a 239 bit prime field
      • prime239v2: X9.62 curve over a 239 bit prime field
      • prime239v3: X9.62 curve over a 239 bit prime field
      • prime256v1: X9.62/SECG curve over a 256 bit prime field
      • secp112r1: SECG/WTLS curve over a 112 bit prime field
      • secp112r2: SECG curve over a 112 bit prime field
      • secp128r1: SECG curve over a 128 bit prime field
      • secp128r2: SECG curve over a 128 bit prime field
      • secp160k1: SECG curve over a 160 bit prime field
      • secp160r1: SECG curve over a 160 bit prime field
      • secp160r2: SECG/WTLS curve over a 160 bit prime field
      • secp192k1: SECG curve over a 192 bit prime field
      • secp224k1: SECG curve over a 224 bit prime field
      • secp224r1: NIST/SECG curve over a 224 bit prime field
      • secp256k1: SECG curve over a 256 bit prime field
      • secp384r1: NIST/SECG curve over a 384 bit prime field
      • secp521r1: NIST/SECG curve over a 521 bit prime field
      • wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
      • wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
      • wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
      • wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
      • wap-wsg-idm-ecid-wtls12: WTLS curve over a 224 bit prime field

    name <common-name>

    • type: string
    • description: Common name for the certificate. (for example, the server's hostname). The minimum length is 1 character, and the maximum length is 63 characters.

    organization <org-name>

    • type: string
    • description: Certificate originator organization name (for example, your company's name). The minimum length is 1 character, and the maximum length is 63 characters.

    unit <unit-name>

    • type: string
    • description: Organizational unit name (for example, IT). The minimum length is 1 character, and the maximum length is 31 characters.

    city <city-name>

    • type: string
    • description: City or locality name (for example, Seattle). The minimum length is 1 character, and the maximum length is 127 characters.

    region <region-name>

    • type: string
    • description: State, county, or region (for example, Washington). The minimum length is 1 character, and the maximum length is 127 characters.

    country <country-code>

    • type: string
    • description: Two-letter country code (for example, US). Length must be exactly 2 characters.

    email <email-address>

    • type: string
    • description: Email address for certificate contact. The minimum length is 1 character, and the maximum length is 255 characters.

    version <version-number>

    • type: unsignedShort
    • description: Version number for the certificate.

    store-tls [ false | true ]

    • type: enumeration
    • description: Set to true to store the self-signed certificate pair in the the system-aaa-tls-config or false to specify that it should not be stored.

    EXAMPLE

    Create a private key and self-signed certificate:

    appliance-1(config)# system aaa tls create-self-signed-cert city Seattle country US days-valid 365 email j.doe@company.com key-type ecdsa name company.com organization "Company" region Washington unit IT version 1 curve-name prime239v2 store-tls false
    response
    -----BEGIN EC PRIVATE KEY-----
    MHECA1d8wiyJEVihDTnVi+v9RjfK3LhZ2Pd4R7B1MJf3lyXaoaAKBggqhkjOPQMB
    BaFAAz4ABHFISUTEi8wEdG0iBF3iqTi5m5b62xUSbhOJrXR8d0S6h+anvpo9xrH3
    QKbVuacd9H4cMj2tX/wyqVNePg==
    -----END EC PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIICAzCCAa4CCQCR5RKtuBFcxTAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMx
    EzARBgNVBAgMCl1t462pbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEzARBgNVBAoM
    CkY1IE5ldG9ya3MxEDAOBgNVBAsMB1NXRElBR1MxETAPBgNVBAMMCEdvZHppbGxh
    MR0wGwYJKoZIhvcNAQkBFg5qLm1vb3JlQGY1LmNvbTAeFw0yMTAzMjcwMjE2NTFa
    Fw0yMjAzMjcwMjE2NTFaMIGNMQswCQYDVQQGEwJVUzORBTWGA1UECAwKV2FzaGlu
    Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECgwKRjUgTmV0b3JrczEQMA4G
    A1UECwwHU1dESUFHUzERMA8GA1UEAwwIR29kemlsbGExHTAbBgkqhkiG9w0BCQEW
    DmoubW9vcmVAZRWPuB9tMFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEcUhJRMSL
    zAR0bSIEXeKpOLmblvrbFRJuE4mtdHx3RLqH5qe+mj3GsfdAptW5pwXtlI0yPa1f
    /DKpU14+MAoGCCqGSM49BAMCA0MAMEACHh38OAyBB5T9ScBklBXZUIuynHq3/tr4
    3VUQsMtYHQIeeP3vCrRm2qjPtK62QwtbkqDA9h2qTvuDj6uYL8EI
    -----END CERTIFICATE-----
    

    system aaa tls create-csr

    COMMAND system aaa tls create-csr

    DESCRIPTION Create a certificate signing request (CSR).

    ARGUMENTS

    name <common-name>

    • type: string
    • description: Common name for the certificate. (for example, the server's hostname). The minimum length is 1 character, and the maximum length is 63 characters.

    organization <org-name>

    • type: string
    • description: Certificate originator organization name (for example, your company's name). The minimum length is 1 character, and the maximum length is 63 characters.

    unit <unit-name>

    • type: string
    • description: Organizational unit name (for example, IT). The minimum length is 1 character, and the maximum length is 31 characters.

    city <city-name>

    • type: string
    • description: City or locality name (for example, Seattle). The minimum length is 1 character, and the maximum length is 127 characters.

    region <region-name>

    • type: string
    • description: State, county, or region (for example, Washington). The minimum length is 1 character, and the maximum length is 127 characters.

    country <country-code>

    • type: string
    • description: Two-letter country code (for example, US). Length must be exactly 2 characters.

    email <email-address>

    • type: string
    • description: Email address for certificate contact. The minimum length is 1 character, and the maximum length is 255 characters.

    version <version-number>

    • type: unsignedShort
    • description: Version number for the certificate.

    EXAMPLE

    Create a CSR:

    system aaa tls create-csr name company.com email j.doe@company.com organization "Company" unit IT
    response -----BEGIN CERTIFICATE REQUEST-----
    JRISPzCCAbsCAQEwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
    MRAwDgYDVQQHEwdTZWF0dGxlMRQwEgYDVQQKFAtGNVH4TW03b3JrczEUMBIGA1UE
    CxMLZGV2ZWxvcG1lbnQxGTAXBgkqhkiG9w0BCQEWCmRldkBmNS5jb20xEDAOBgNV
    BAMTB3Rlc3Rjc3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCinnAV
    Dv/G6+qbiBVO7zIPmFFatYcrzdUnvpTGXfPuh6VBRqcW90jJy12FwtYOL8P6mED+
    gfjpxRWe+PNursjZSIDpyh7Dn+F3MRF3zkgnSKlYKI9qqzlRHRAwi2U7GfujeR5H
    CXrJ4uxYK2Wp8WVSa7TWwj6Bnps8Uldnj0kenBJ1eUVUXoQAbUmZQg6l+qhKRiDh
    3E/xMOtaGWg0SjD7dEQij5l+8FBEHVhQKEr93GT1ifR62/MZSnPw2MY5OJ69p2Wn
    k7Fr7m4I5z9lxJduYDNmiddVilpWdqRaCB2j29XCmpVJduF2v6EsMx693K18IJ1h
    iRice6oKL7eoI/NdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAGjWSAqKUPqMY
    eLlSDJ9Bc4R+ckia5r/TITqamMN+m8TqQI8Pk0tAnwHCl8HHS+4cI8QuupgS/3aU
    ls7OtxceoQZ1VFX2sQFkrDJFe0ewZQLm5diip5kxFrnap0oA0wRy84ks0wxeiCWD
    New3hgSXfzyXI0g0auT6KNwsGaO8ZuhOX3ICNnSLbfb9T4zbhfI9jKopXQgZG/LO
    pOct33fdpf/U6kQA9Rw/nzs3Hz/nsVleOrl3TH1+9veMMF+6eq8KKPpbYKh9bhA+
    pYI3TtbZHuyRyQbq/r4gf4JkIu/PGszzy/rsDWy+b9g9nXMh1oFj+xhTrBjBk8a2
    0ov+Osy2iA==
    -----END CERTIFICATE REQUEST-----
    

    system allowed-ips allowed-ip

    COMMAND system allowed-ips allowed-ip

    DESCRIPTION

    Configure the system to allow traffic only from specified IP addresses. This is applicable only for ports 161, 8888, 443, 80, and 7001.

    ARGUMENTS

    <allowlist-profile-name> config ipv4 <ip-address>

    • type: string
    • description: IPv4 address of the system to add to the allow list.

    <allowlist-profile-name> config ipv4 port <port-number>

    • type: unsignedShort
    • description: Port number to use for IPv4 address entry in allow list. The range is from 1 to 65535.

    <allowlist-profile-name> config ipv6 address <ip-address>

    • type: string
    • description: IPv6 address of the system to add to the allow list.

    <allowlist-profile-name> config ipv6 port <port-number>

    • type: unsignedShort
    • description: Port number to use for IPv6 address entry in allow list. The range is from 1 to 65535.

    EXAMPLE

    Add a specified IPv4 address to the system allow list:

    appliance-1(config)# system allowed-ips allowed-ip test config ipv4 address 192.0.2.33 port 161
    

    system appliance-mode config

    COMMAND system appliance-mode config

    DESCRIPTION Configure whether appliance mode is enabled or disabled on the system. Appliance mode adds a layer of security by restricting user access to root and the bash shell. When enabled, the root user cannot log in to the device by any means, including from the serial console. You can enable appliance mode at these levels:

    • System: Run system appliance-mode on the system.
    • Tenant: Run tenants tenant <tenant-name\> config appliance-mode on the system.

    ARGUMENTS

    [ disabled | enabled ]

    • type: boolean
    • description: Specify enabled to enable appliance mode on the system. Specify disabled to disable it.

    EXAMPLE

    Enable appliance mode and then verify that appliance mode is enabled:

    appliance-1(config)# system appliance-mode config enabled
    appliance-1(config)# commit
    appliance-1(config)# end
    appliance-1# show system appliance-mode
    system appliance-mode state enabled
    

    Disable appliance mode and then verify that appliance mode is disabled:

    appliance-1(config)# system appliance-mode config disabled
    appliance-1(config)# commit
    appliance-1(config)# end
    appliance-1# show system appliance-mode
    system appliance-mode state disabled
    

    system clock config timezone-name

    COMMAND system clock config timezone-name

    DESCRIPTION Configure the time zone (tz) database name (for example, Europe/Stockholm) to use for the system. For a list of valid time zone names, see www.iana.org/time-zones.

    ARGUMENTS

    <tz-database-name>

    • type: string
    • description: The tz database names to be used by the system.

    EXAMPLES

    Configure the system to use the America/Los_Angeles time zone:

    appliance-1(config)# system clock config timezone-name America/Los_Angeles
    

    Configure the system to use the Asia/Calcutta time zone:

    appliance-1(config)# system clock config timezone-name Asia/Calcutta
    

    system config hostname

    COMMAND system config hostname

    DESCRIPTION Configure a hostname for the system.

    ARGUMENTS

    <hostname>

    • type: string
    • description: The hostname for the system. The hostname must be fully qualified domain name (FQDN). The minimum length is 1 character, and the maximum length is 253 characters.

    EXAMPLE

    Configure the hostname to be test.company.com:

    appliance-1(config)# system config hostname test.company.com
    

    system config login-banner

    COMMAND system config login-banner

    DESCRIPTION

    Configure a banner message to be displayed before users log in to the system.

    ARGUMENTS

    <message>

    • type: string
    • description: The login banner message for the system.

    EXAMPLE

    Configure a banner message:

    appliance-1(config)# system config login-banner
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
    

    system config motd-banner

    COMMAND system config motd-banner

    DESCRIPTION

    Configure a message of the day (MOTD) banner to display after users log in to the system.

    <message>

    • type: string
    • description: The MOTD banner message for the system.

    EXAMPLE

    Configure a MOTD banner message:

    appliance-1(config)# system config motd-banner
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    ATTENTION!
    This system is scheduled for maintenance in two days.
    

    system database config-backup

    COMMAND system database config-backup

    DESCRIPTION Generate a backup of the system configuration in the form of an XML file.

    ARGUMENTS

    name <filename>

    • type: string
    • description: The name of the backup file.

    proceed [ no | yes ]

    • type: boolean
    • description: Set to yes to overwrite the file if a file by that name exists or no to disable the file overwrite. The default value is no.

    EXAMPLE

    Create a backup file of the system configuration named backup-nov2021 and overwrite it if a file by that name already exists:

    appliance-1(config)# system database config-backup name backup-nov2021 overwrite yes
    response Succeeded.
    

    system database config-restore

    COMMAND system database config-restore

    DESCRIPTION Restore the system configuration from an XML backup file.

    ARGUMENTS

    name <filename>

    • type: string
    • description: The name of the backup file.

    proceed [ no | yes ]

    • type: boolean
    • description: Set to yes to overwrite the configuration database or no to disable the overwrite. The default value is no.

    EXAMPLE

    Restore the system configuration from a backup file named backup-nov2021:

    appliance-1(config)# system database config-restore name backup-nov2021
    

    system database reset-to-default

    COMMAND system database reset-to-default

    DESCRIPTION Revert the system to the default configuration and clear any existing configuration information.

    IMPORTANT: This deletes all configuration on the system, including IP addresses, passwords, and tenant images.

    ARGUMENTS

    proceed [ no | yes ]

    • type: enumeration
    • description: Specify no to show a confirmation prompt prior to resetting the configuration to the default. Specify yes to bypass a confirmation prompt.

    EXAMPLE

    Revert the system to the default configuration:

    appliance-1(config)# system database config reset-to-default yes
    

    system diagnostics core-files list

    COMMAND system diagnostics core-files list

    DESCRIPTION List core files for the system.

    EXAMPLE

    List all core files on the system:

    appliance-1# system diagnostics core-files list
    files [ appliance-1:/var/shared/core/container/RAIDMonitorMain-1.core.gz appliance-1:/var/shared/core/container/RAIDMonitorMain-2.core.gz ]
    

    system diagnostics core-files delete

    COMMAND system diagnostics core-files delete

    DESCRIPTION Delete core files from the system.

    ARGUMENTS

    files

    • type: list of strings
    • description: The hostname, path, and name of core files to be deleted. To delete more than one file, separate file names with a space.

    EXAMPLE

    List all core files on the system and specify one to delete:

    appliance-1(config)# system diagnostics core-files list
    files [ appliance-1:/var/shared/core/container/RAIDMonitorMain-1.core.gz appliance-1:/var/shared/core/container/RAIDMonitorMain-2.core.gz appliance-1:/var/shared/core/container/platform-mgr-1.core.gz appliance-1:/var/shared/core/host/vm-default_big--1.core.gz ]
    appliance-1# system diagnostics core-files delete files [ appliance-1:/var/shared/core/container/RAIDMonitorMain-1.core.gz ]
    

    system diagnostics ihealth config authserver

    COMMAND system diagnostics ihealth config authserver

    DESCRIPTION Specify a separate endpoint for authenticating and uploading QKView files to the iHealth service. The authserver config element enables you to specify an authentication server URL for the iHealth service. By default, authserver is set to the F5 iHealth authentication server https://api.f5.com/auth/pub/sso/login/ihealth-api.

    ARGUMENTS

    authserver

    • type: string
    • description: The FQDN for the authentication server.

    EXAMPLE

    Specify an authentication server for the iHealth service:

    appliance-1(config)# system diagnostics ihealth config authserver
    (<string>) (https://api.f5.com/auth/pub/sso/login/ihealth-api): https://api.f5networks.net/auth/pub/sso/login/ihealth-api
    

    system diagnostics ihealth config password

    COMMAND system diagnostics ihealth config password

    DESCRIPTION Specify the password used to log in to iHealth. This password is given in plain text, but will be encrypted when stored in the system.

    ARGUMENTS

    password

    • type: AES encrypted string
    • description: The password string for the iHealth user.

    EXAMPLE

    Specify a password to be used for logging in to iHealth:

    appliance-1(config)# system diagnostics ihealth config password
    (<AES encrypted string>): **********
    

    system diagnostics ihealth config server

    COMMAND system diagnostics ihealth config server

    DESCRIPTION Specify the iHealth service has a separate endpoint for authenticating and uploading QKView files. The server config element enables you to specify an upload server URL for the iHealth service. By default, the server is set to the F5 iHealth upload server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True.

    ARGUMENTS

    server

    • type: string
    • description: The FQDN for the iHealth upload server.

    EXAMPLE

    Specify an upload server for the iHealth service:

    appliance-1(config)# system diagnostics ihealth config server
    (<string>) (https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True): https://ihealth-api.f5networks.net/qkview-analyzer/api/qkviews?visible_in_gui=True
    

    system diagnostics ihealth config username

    COMMAND system diagnostics ihealth config username

    DESCRIPTION Specify the username used to access the iHealth service.

    ARGUMENTS

    username

    • type: string
    • description: The username used for accessing the iHealth service.

    EXAMPLE

    Specify a user name to be used when logging in to iHealth:

    appliance-1(config)# system diagnostics ihealth config username
    (<string>) (user@f5.com): user2@f5.com
    

    system diagnostics ihealth upload

    COMMAND system diagnostics ihealth upload

    DESCRIPTION Initiate a QKView file upload to iHealth. It returns a upload id, which is needed to check upload status or cancel an upload.

    ARGUMENTS

    qkview-file

    • type: string
    • description: The name of the QKView file to be uploaded. Use the system diagnostics qkview list command to see a list of available files. Note: Be sure to add /diags/shared/QKView/ as a prefix to the QKView file name.

    description

    • type: string
    • description: A short description of the QKView file. For example, "data path performance."

    service-request-number

    • type: string
    • description: The F5 service request number for F5 support. For example, 1-123123123 or C1231231.

    EXAMPLE

    Upload a file named /diags/shared/qkview/test.qkview to iHealth:

    appliance-1(config)# system diagnostics ihealth upload qkview-file /diags/shared/qkview/test.qkview description testing service-request-number C523232
    message HTTP/1.1 202 Accepted
    Location: /support/ihealth/status/iuw53AYW
    Date: Tue, 30 Nov 2021 12:09:08 GMT
    Content-Length: 0
    

    system diagnostics ihealth cancel

    COMMAND system diagnostics ihealth cancel

    DESCRIPTION Cancel a QKView upload that is in progress. If the upload is already complete, it cannot be cancelled. To remove the QKView, log in to the iHealth server and manually delete the QKView, if needed.

    ARGUMENTS

    upload-id

    • type: string
    • description: The upload-id that is returned when initiating an upload.

    EXAMPLE

    Cancel the QKView upload with an upload-id of iuw53AYW.

    appliance-1(config)# system diagnostics ihealth cancel upload-id iuw53AYW
    message HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Location: /support/ihealth/status/iuw53AYW
    Date: Tue, 30 Nov 2021 12:10:01 GMT
    Content-Length: 44
    

    system diagnostics qkview capture

    COMMAND system diagnostics qkview capture

    DESCRIPTION Generate a system diagnostic snapshot, called a QKView. The system can support only one snapshot collection at a time. QKView files are stored in the host directory: diags/shared/qkview/.

    ARGUMENTS

    filename <name>

    • type: string
    • description: The name of the file to which QKView data is written. The default filename is <system-name>.qkview.

    timeout <time-in-seconds>

    • type: int
    • description: The time in seconds after which to stop QKView collection. The default value is 0, which indicates no timeout.

    exclude-cores [ false | true ]

    • type: boolean
    • description: Set to true if core files should be excluded from QKView. The default value is false.

    maxcoresize <size-in-mb>

    • type: int
    • description: If this argument is specified, core files greater than this size (in MB) are excluded. The range is from 2 MB to 1000 MB. The default value is 25 MB.

    maxfilesize <size-in-mb>

    • type: int
    • description: If this argument is specified, all files greater than this size (in MB) are excluded. The range is from 2 MB to 1000 MB. The default value is 500 MB.

    EXAMPLE

    Generate a QKView and name the file client-qkview.tar, exclude core files, set the maximum core size to 500 MB, set the maximum file size to 500 MB, and set a timeout value of 0 (zero), which indicates no timeout, and then check the status of the QKView generation process:

    appliance-1(config)# system diagnostics qkview capture filename client-qkview exclude-cores true maxcoresize 500 maxfilesize 500 timeout 0
    result  Qkview file client-qkview is being collected
    return code 200
    
    appliance-1(config)# system diagnostics qkview status
    result  {"Busy":true,"Percent":12,"Status":"collecting","Message":"Collecting Data","Filename":"client-qkview"}
    
    resultint 0
    

    system diagnostics qkview cancel

    COMMAND system diagnostics qkview cancel

    DESCRIPTION Cancel a QKView that is in progress.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Cancel the currently running QKView:

    appliance-1(config)# system diagnostics qkview cancel
    result  Qkview with filename client-qkview.tar was canceled
    return code 200
    
    resultint 0
    

    system diagnostics qkview status

    COMMAND system diagnostics qkview status

    DESCRIPTION Get the status of a QKView that is in progress or the status of the last QKView collected.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    View the status of the currently running QKView:

    appliance-1(config)# system diagnostics qkview status
    result  {"Busy":true,"Percent":73,"Status":"collecting","Message":"Collecting Data","Filename":"myqkview.tar"}
    
    resultint 0
    
    appliance-1(config)# system diagnostics qkview status
    result  {"Busy":false,"Percent":100,"Status":"canceled","Message":"Collection canceled by user. Partial qkview saved.","Filename":"client-qkview.tar.canceled"}
    
    resultint 0
    

    system diagnostics qkview delete

    COMMAND system diagnostics qkview delete

    DESCRIPTION Delete a QKView file.

    ARGUMENTS

    filename

    • type: string
    • description: The name of file to delete.

    EXAMPLE

    Delete the QKView file named client-qkview.tar.canceled.

    appliance-1(config)# system diagnostics qkview delete filename client-qkview.tar.canceled
    result  Deleted Qkview file client-qkview.tar.canceled
    return code 200
    
    resultint 0
    

    system diagnostics qkview list

    COMMAND system diagnostics qkview list

    DESCRIPTION Show a list of QKView files.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    List all QKView files on the system:

    appliance-1(config)# system diagnostics qkview list
    result  {"Qkviews":[{"Filename":"client-qkview.tar.canceled","Date":"2021-11-26T23:39:48.783066588Z","Size":131310},{"Filename":"myqkview.tar","Date":"2021-11-26T23:37:43.786269089Z","Size":668708104}]}
    
    resultint 0
    

    system dns config search

    COMMAND system dns config search

    DESCRIPTION Configure a DNS search domain for the system to use.

    ARGUMENTS

    <domain-name>

    • type: list of strings
    • description: The DNS search domain. The minimum length is 1 character, and the maximum length is 253 chars.

    system dns host-entries host-entry

    COMMAND system dns host-entries host-entry

    DESCRIPTION Configure a DNS host entry for the system to use.

    ARGUMENTS

    config config alias

    • type: list of strings
    • description: The alias for a DNS hostname entry.

    config config hostname

    • type: string
    • description: The hostname for a DNS entry.

    config config ipv4-address

    • type: list of strings
    • description: The hostname for a DNS entry.

    config config ipv6-address

    • type: list of strings
    • description: The hostname for a DNS entry.

    system dns servers

    COMMAND system dns servers

    DESCRIPTION Configure a DNS server for the system to use.

    ARGUMENTS

    server <name>

    • type: string
    • description: The DNS server name.

    address <ip-address>

    • type: string
    • description: The IP address of the DNS server.

    port <port-number>

    • type: unsignedShort
    • description: The port number of the DNS server. The default value is 53.

    EXAMPLE

    Configure a DNS server and then verify that it was completed:

    appliance-1(config)# system dns servers server 192.0.2.11 config port 53
    appliance-1(config-server-192.0.2.11)# commit
    Commit complete.
    appliance-1(config-server-192.0.2.11)# exit
    appliance-1(config)# end
    appliance-1# show running-config system dns
    system dns servers server 192.0.2.11
     config port 53
    !
    

    system image check-version

    COMMAND system image check-version

    DESCRIPTION Check whether the system is compatible with a specific system image service version upgrade version.

    ARGUMENTS

    iso-version <version>

    • type: string
    • description: System image ISO version.

    os-version <version>

    • type: string
    • description: System image OS version.

    service-version <version>

    • type: string
    • description: System image service version.

    EXAMPLE

    Verify that the system is compatible with service version number 1.0.0-3456:

    appliance-1(config)# system image check-version service-version 1.0.0-3456
    

    system image remove

    COMMAND system image remove

    DESCRIPTION Remove a system image.

    ARGUMENTS

    os <version>

    • type: string
    • description: OS version to remove.

    service <version>

    • type: string
    • description: Service version to remove.

    iso <version>

    • type: string
    • description: ISO version to remove

    system image set-version

    COMMAND system image set-version

    DESCRIPTION Trigger an install after verifying schema compatibility using check-version.

    ARGUMENTS

    iso-version <version>

    • type: string
    • description: System image ISO version.

    os-version

    • type: string
    • description: System image OS version.

    proceed [ no | yes ]

    • type: enumeration
    • description: Specify no to show a confirmation prompt prior to resetting the configuration to the default. Specify yes to bypass a confirmation prompt.

    service-version

    • type: string
    • description: System image service version.

    EXAMPLE

    Upgrade the system to iso version 1.0.0-3456:

    appliance-1(config)# system image set-version iso-version 1.0.0-3456
    

    Upgrade the os version to 1.0.0-3456:

    appliance-1(config)# system image set-version os-version 1.0.0-3456
    

    Upgrade the service version to 1.0.0-3456:

    appliance-1(config)# system image set-version service-version 1.0.0-3456
    

    system licensing install

    COMMAND system licensing install

    DESCRIPTION Perform an automatic system license installation. The system must be connected to the Internet to use the automatic method.

    ARGUMENTS

    add-on-keys <key>

    • type: string (array)
    • description: A 14-character string that informs the license server about which add-on products you are entitled to license.

    license-server <ip-address-or-host-name>

    • type: ip (ip-address), port (unsigned short), name (string)
    • description: IP address or host name of license server. You can specify IP address, port, and name of license server.

    registration-key <key>

    • type: string
    • description: A 27-character string that informs the license server about which F5 products you are entitled to license. The base registration key is preinstalled on your system. If you do not already have a base registration key, you can obtain one from F5 Technical Support.

    EXAMPLE

    Install a base license on the system:

    appliance-1(config)# system licensing install registration-key A1234-56789-01234-56789-0123456
    result License installed successfully.
    

    system licensing manual-install license

    COMMAND system licensing manual-install

    DESCRIPTION Perform a manual system license installation.

    ARGUMENTS

    license <license-text>

    • type: string
    • description: License information for the system. Before you use system licensing manual-install, you use system licensing get-dossier to get the system dossier text, and then activate the license at activate.f5.com.

    EXAMPLE

    License the system using license information from activate.f5.com:

    appliance-1(config)# system licensing manual-install license
    Value for 'license' (<string>):
    [Multiline mode, exit with ctrl-D.]
    > #
    > Auth vers : 5b
    > #
    > #
    > # BIG-IP System License Key File
    > # DO NOT EDIT THIS FILE!!
    > #
    > # Install this file as "/config/bigip.license".
    > #
    > # Contact information in file /CONTACTS
    > #
    > #
    > # Warning: Changing the system time while this system is running
    > # with a time-limited license may make the system unusable.
    > #
    > Usage : F5 Internal Product Development
    > #
    > #
    > # Only the specific use referenced above is allowed. Any other uses are prohibited.
    > #
    > Vendor : F5, Inc.
    > #
    > # Module List
    > #
    > active module : Local Traffic Manager, r10900 |K284576-4014992|Rate Shaping|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop
    ...
    

    system licensing get-dossier

    COMMAND system licensing get-dossier

    DESCRIPTION Generate an encrypted system dossier that can be used for retrieving a license from the F5 license server. This is used to perform a manual license installation.

    ARGUMENTS

    add-on-keys <key>

    • type: string (array)
    • description: A 14-character string that informs the license server about which add-on products you are entitled to license.

    registration-key <key>

    • type: string
    • description: A 27-character string that informs the license server about which F5 products you are entitled to license. The base registration key is preinstalled on your system. If you do not already have a base registration key, you can obtain one from F5 Technical Support.

    EXAMPLE

    Get a system licensing dossier from F5:

    appliance-1(config)# system licensing get-dossier
    system-dossier 48d05131e8688755efde6b1081af5e190793e5a0cfb70cd2da9da8c4c9d9d412a6360a11b869f2dfc779ef7c91df246f7184fe0010b7bcbd420e1664cb1d13b9890ec812bedf05d8cd530c87t82d13a7b63b9823ebdafc5f9061d6c12eb09a5a973361681d31a07dc92d774345cc52e70f8026729df4e2b5c9e6c22f96764e1cdd402f9e499841253259122877a85d7145a658a8444b0b6bc2dc8b9ef4a0156b8af2baa14500e9ce8c3ebcdf4060b35e1748aee093f0bb2349f53bf72f94c61979d1b8ccaf01c84235acf025f3cb3cad3f2cac9938b7481635280cc1589fac997aa4f6db9e8e04d02af5d91f5cd570fc261612233a1204e27a0d2ffd62e4107f89ad286a42ae07cea0918a7be0ba50e307664f8aaf9334051abb6d1559771d2fbfeb8f67335a8325b63a00ddfed563a926d595f1fe049bedf418dd997120945b1d622a574bd957fe6c60924c5562e6cf8ba837124a16bd2a49d1af0ace1f9dbe02af626336e073e8a2802949812eb0227faed9ad787c945c486dbc6d45327688025bcac81e472f3720c615f52455c8e0b235262cb4c8f2dd1ef8c753966fe11798db01714fd95e11348e1036f1ff69da16342595650c91b771cf7a28970c3caffa988faaf8f01cbd846151cd17201c3c8e58b18587e52a8be18f2ac9f175a41296fe9de3532433e94817f9b08ab2d9f66cdb76506e7d4156f9eb8af96aee363e8ab18eec930f6cc1c2dc80e2b254fbc9e31851a10f34506d71e1e5d60344a1ed5ec021c0e63513fd833ea8286258f6094592c7d04f9d29db93114518024b9129acb36ce41b1d1c7405db549f3aaa697919592a6dabfece7295cf57d8b950fcfed6cc40286d830be12097b0e3c0f9acbc07ccdb110b3cc98ca5a1ac09d6b152b2ace004d613364242a031e21057d3dc270ba00fe6918b3075b4692f55ca71fe6cd76c91f4beb19af97bb47dd677a77159e78adfa7e7cf0feb8a3490fc59fe660b26eb5268ecfed6f03c41ea0edadc7bc7573e91d0ad01313ee07e8719ec4d59fd6c90fcdbd29407f0a7666ff9de33251b04e270eb2d46c6cf8583d163c47d5768
    

    system licensing get-eula

    COMMAND system licensing get-eula

    DESCRIPTION Retrieve the End User License Agreement (EULA) from the F5 License Server.

    ARGUMENTS

    add-on-keys <key>

    • type: string (array)
    • description: A 14-character string that informs the license server about which add-on products you are entitled to license.

    registration-key <key>

    • type: string
    • description: A 27-character string that informs the license server about which F5 products you are entitled to license. The base registration key is preinstalled on your system. If you do not already have a base registration key, you can obtain one from F5 Technical Support.

    EXAMPLE

    Gets the contents of the latest F5 EULA:

    appliance-1(config)# system licensing get-eula
    eula-text END USER LICENSE AGREEMENT
    
    DOC-0355-16
    
    IMPORTANT " READ BEFORE INSTALLING OR OPERATING THIS PRODUCT
    
    YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BY INSTALLING,
    HAVING INSTALLED, COPYING, OR OTHERWISE USING THE SOFTWARE.  IF YOU
    DO NOT AGREE, DO NOT INSTALL OR USE THE SOFTWARE.
    
    This End User License Agreement ("License") applies to the software
    product(s) ("Software") you have licensed from us whether on
    a stand-alone basis or as part of any hardware ("Hardware") you
    purchase from us, (the Hardware and Software together, the "Product").
    ...
    

    system locator

    COMMAND system locator config enabled

    DESCRIPTION Configure whether the system locator function is enabled. Enabling this function illuminates the F5 logo ball so that you can more easily locate a chassis in a data center.

    ARGUMENTS

    config [ disabled | enabled ]

    • type: boolean
    • description: Specify enabled to enable the chassis locator function. Specify disabled to disable it.

    system logging remote-servers remote-server

    COMMAND system logging remote-servers remote-server

    DESCRIPTION Configure information about remote logging servers.

    ARGUMENTS

    config <ip-address-or-fqdn>

    • type: string
    • description: Host IP address or hostname of the remote log server. The minimum length is 1 character, and the maximum length is 253 characters.

    config config proto [ tcp | udp ]

    • type: enumeration
    • description: Remote server connection protocol. The default value is udp.

    config config remote-port <port-number>

    • type: unsignedShort
    • description: Destination port number for syslog messages. The default value is 514.

    selectors selector

    • description: Selector facility or severity selector on which to filter messages. F5OS supports only the LOCAL0 logging facility. All logs are directed to this facility, and it is the only one that you can use for remote logging.

    EXAMPLE

    Create a logging destination:

    appliance-1(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp
    appliance-1(config-remote-server-192.0.2.240)# commit
    Commit complete.
    

    Delete a logging destination:

    appliance-1(config)# no system logging remote-servers remote-server 192.0.2.240
    appliance-1(config)# commit
    Commit complete.
    

    system logging host-logs

    COMMAND system logging host-logs

    DESCRIPTION Configure settings for sending host logs to remote logging servers.

    ARGUMENTS

    config files file <dir-or-file-name>

    • type: string
    • description: File or directory to be sent.

    config remote-forwarding [ enabled | disabled ]

    • type: enumeration
    • description: Specify enabled to enable remote forwarding of active node host logs. Specify disabled to disable it.

    config remote-forwarding enabled include-standby

    • description: If remote forwarding is enabled, specify that the standby node will forward host logs to the active node.

    config selectors selector <selector>

    • description: Specify the facility, or class of host messages, to forward. Any logs directed to these will be forwarded, provided that host-logs is enabled and a remote server configuration is present. Available options are:
      • ALL
      • AUDIT
      • AUTH
      • AUTHPRIV
      • CONSOLE
      • KERNEL
      • LOCAL0 LOCAL7
      • MAIL
      • NTP
      • SYSLOG
      • SYSTEM_DAEMON
      • USER

    EXAMPLE

    Enable remote forwarding:

    appliance-1(config)# system logging host-logs config remote-forwarding enabled
    

    system logging sw-components sw-component

    COMMAND system logging sw-components sw-component

    DESCRIPTION Configure logging for platform software components. Available options are:

    • alert-service
    • api-svc-gateway
    • appliance-orchestration-agent
    • appliance-orchestration-manager
    • authd
    • confd-key-migrationd
    • dagd-service
    • datapath-cp-proxy
    • diag-agent
    • disk-usage-statd
    • dma-agent
    • fips-service
    • fpgamgr
    • ihealth-upload-service
    • ihealthd
    • image-agent
    • kubehelper
    • l2-agent
    • lacpd
    • license-service
    • line-dma-agent
    • lldpd
    • lopd
    • network-manager
    • nic-manager
    • optics-mgr
    • platform-diag
    • platform-fwu
    • platform-hal
    • platform-mgr
    • platform-monitor
    • platform-stats-bridge
    • qkviewd
    • rsyslog-configd
    • snmp-trapd
    • stpd
    • sw-rbcast
    • sys-host-config
    • system-control
    • tcpdumpd-manager
    • tmstat-agent
    • tmstat-merged
    • upgrade-service
    • user-manager
    • vconsole

    ARGUMENTS

    <component-name> config description

    • type: string
    • description: Text that describes the platform software component. This value is read-only.

    <component-name> config name

    • type: string
    • description: Name of the platform software component. This value is read-only.

    <component-name> config severity [ ALERT | CRITICAL | DEBUG | EMERGENCY | ERROR | INFORMATIONAL | NOTICE | WARNING ]

    • type: enumeration
    • description: Software component logging severity level. The default value is INFORMATIONAL. Available options, in decreasing order of severity, are:
      • EMERGENCY: System is unusable.
      • ALERT: Serious errors that require immediate administrator intervention.
      • CRITICAL: Critical errors, including hardware and file system failures.
      • ERROR: Non-critical, but possibly important, error messages.
      • WARNING: Messages that should be logged and reviewed.
      • NOTICE: Messages that contain useful information, but may be ignored.
      • INFORMATIONAL: Messages that contain useful information, but may be ignored. This is the default value.
      • DEBUG: Verbose messages used for troubleshooting.

    system mgmt-ip config dhcp-enabled

    COMMAND system mgmt-ip config dhcp-enabled

    DESCRIPTION Enable or disable DHCP for the system management IP address. DHCP is supported only on static interfaces.

    ARGUMENTS

    dhcp-enabled [ false | true ]

    • type: boolean
    • description: Set to true to enable DHCP for the management IP address or false to disable it. The default value is false.

    EXAMPLE

    Enable DHCP for the management IP address:

    appliance-1(config)# system mgmt-ip config dhcp-enabled true
    

    system mgmt-ip config ipv4 gateway

    COMMAND system mgmt-ip config ipv4 gateway

    DESCRIPTION Configure a gateway IPv4 address.

    ARGUMENTS

    <ip-address>

    • type: string
    • description: IPv4 address.

    EXAMPLE

    Configure the gateway IPv4 address to be 192.0.2.1:

    appliance-1(config)# system mgmt-ip config ipv4 gateway 192.0.2.1
    

    system mgmt-ip config ipv4 prefix-length

    COMMAND system mgmt-ip config ipv4 prefix-length

    DESCRIPTION Configure the IPv4 prefix length.

    ARGUMENTS

    <length>

    • type: int
    • description: IPv4 prefix length. The range is from 0 to 32.

    EXAMPLE

    Configure the IPv4 prefix length to be 24:

    appliance-1(config)# system mgmt-ip config ipv4 prefix-length 24
    

    system mgmt-ip config ipv4 system address

    COMMAND system mgmt-ip config ipv4 system address

    DESCRIPTION

    Configure an IPv4 management IP address for the system.

    ARGUMENTS

    <ip-address>

    • type: string
    • description: IPv4 address.

    system mgmt-ip config ipv6 gateway

    COMMAND system mgmt-ip config ipv6 gateway

    DESCRIPTION

    Configure a gateway IPv6 address.

    ARGUMENTS

    <ip-address>

    • type: string
    • description: IPv6 address.

    EXAMPLE

    Configure the gateway IPv6 address to be ::1:

    appliance-1(config)# system mgmt-ip config ipv6 gateway ::1
    

    system mgmt-ip config ipv6 prefix-length

    COMMAND system mgmt-ip config ipv6 prefix-length

    DESCRIPTION Configure IPv6 prefix length.

    ARGUMENTS

    <length>

    • type: int
    • description: IPv6 prefix length. The range is from 0 to 128.

    EXAMPLE

    Configure the IPv6 prefix length to be 64:

    appliance-1(config)# system mgmt-ip config ipv6 prefix-length 64
    

    system mgmt-ip config ipv6 system address

    COMMAND system mgmt-ip config ipv6 system address

    DESCRIPTION Configure an IPv6 management IP address for the system.

    ARGUMENTS

    <ip-address>

    • type: string
    • description: IPv6 address.

    system network config network-range-type

    DESCRIPTION Configure the internal address range.

    ARGUMENTS

    [ RFC1918 RFC6598 ]

    • description: Network range type for internal networking purposes. Available options are:
      • RFC1918: The system uses 10.[0-15]/12, as specified by RFC1918.
      • RFC6598: The system uses 100.64/10, as specified by RFC6598. This option ignores prefix. This is the default value.

    EXAMPLE

    Configure the range type to be RFC6598:

    appliance-1(config)# system network config network-range-type RFC6598
    

    system network config network-range-type RFC1918 chassis-id

    COMMAND system network config network-range-type RFC1918 chassis-id

    DESCRIPTION Set the chassis ID that is used to determine internal address ranges.

    IMPORTANT: F5 strongly recommends that you do not change this setting.

    ARGUMENTS

    chassis-id

    • type: int
    • description: Chassis ID for internal networking purposes. The range is from 1 to 4. The default value is 1.

    system network config network-range-type RFC1918 prefix

    COMMAND system network config network-range-type RFC1918 prefix

    DESCRIPTION

    Configure the internal network prefix index that is used to select the range of IP addresses used internally within the appliance. If needed, select a network prefix that ensures that internal appliance addresses do not overlap with site-local addresses that are accessible to the system.

    ARGUMENTS

    • type: unsignedByte
    • description: Range of internal IP addresses to use. The network prefix indexes range from 0 to 15, and each corresponds to a range of appliance network IP addresses. Available options are:
      • 0 - 10.[0-15].0.0/16
      • 1 - 10.[16-31].0.0/16
      • 2 - 10.[32-47].0.0/16
      • 3 - 10.[48-63].0.0/16
      • 4 - 10.[64-79].0.0/16
      • 5 - 10.[80-95].0.0/16
      • 6 - 10.[96-111].0.0/16
      • 7 - 10.[112-127].0.0/16
      • 8 - 10.[128-143].0.0/16
      • 9 - 10.[144-159].0.0/16
      • 10 - 10.[160-175].0.0/16
      • 11 - 10.[176-191].0.0/16
      • 12 - 10.[192-207].0.0/16
      • 13 - 10.[208-223].0.0/16
      • 14 - 10.[224-239].0.0/16
      • 15 - 10.[240-255].0.0/16

    EXAMPLE

    Configure the internal network range to use 10.[16-31].0.0/16:

    appliance-1(config)# system network config network-range-type RFC1918 prefix 1
    

    system ntp config

    COMMAND system ntp config

    DESCRIPTION Enable the Network Time Protocol (NTP) protocol and indicate that the system should synchronize the system clock with an NTP server defined in the ntp/server list.

    ARGUMENTS

    [ disabled | enabled ]

    • type: enumeration
    • description: Specify enabled to enable using NTP. Specify disabled to disable it.

    EXAMPLE

    Disable the use of NTP:

    appliance-1(config)# system ntp config disabled
    

    system ntp ntp-keys ntp-key

    COMMAND system ntp ntp-keys ntp-key

    DESCRIPTION Configure the list of Network Time Protocol (NTP) authentication keys.

    ARGUMENTS

    config key-id <id>

    • type: unsignedShort
    • description: An identifier used by the client and server to designate a secret key. The client and server must use the same key ID.

    config key-type <type>

    • type: NTP_AUTH_TYPE
    • description: Encryption type used for the NTP authentication key. For example, NTP_AUTH_MD5.

    config key-value <auth-key-value>

    • type: string
    • description: NTP authentication key value.

    system ntp servers server

    COMMAND system ntp servers server

    DESCRIPTION Configure which NTP servers can be used for system clock synchronization. If system ntp is enabled, then the system will attempt to contact and use the specified NTP servers.

    ARGUMENTS

    <ip-address-or-dns-name>

    • type: string
    • description: NTP Server address with which system clock synchronizes. The range is from 1 character to 253 characters.

    <ip-address-or-dns-name> config association-type [ PEER | POOL | SERVER ]

    • type: string
    • description: Classify the NTP configuration using these association types. The default value is SERVER.

    <ip-address-or-dns-name> config iburst [ false | true ]

    • type: boolean
    • description: Specify true to enable iburst for the NTP service. Specify false to disable it.

    <ip-address-or-dns-name> config port <port-number>

    • type: unsignedShort
    • description: Port number on which the NTP Service listens. The default value is 123.

    <ip-address-or-dns-name> config prefer [ false | true ]

    • type: boolean
    • description: Specify true to indicate that this server should be the preferred one. Specify false if not.

    <ip-address-or-dns-name> config version

    • type: unsignedByte
    • description: Version number to put in outgoing NTP packets. The range is from 0 to 4.

    EXAMPLES

    Configure an NTP server with the address pool.ntp.org, where the association type is POOL, and it is the preferred server:

    appliance-1(config)# system ntp servers server pool.ntp.org config association-type POOL prefer true
    appliance-1(config-server-pool.ntp.org)# top
    appliance-1(config)# system ntp config enabled
    appliance-1(config)# commit
    Commit complete.
    

    Configure an NTP server with the address time.f5net.com, where the association type is SERVER, iburst is enabled, port is 123, it is the preferred server, and version number is 4:

    appliance-1(config)# system ntp servers server time.f5net.com
    appliance-1(config-server-time.f5net.com)# config address time.f5net.com
    appliance-1(config-server-time.f5net.com)# config association-type SERVER
    appliance-1(config-server-time.f5net.com)# config iburst true
    appliance-1(config-server-time.f5net.com)# config port 123
    appliance-1(config-server-time.f5net.com)# config prefer true
    appliance-1(config-server-time.f5net.com)# config version 4
    appliance-1(config-server-time.f5net.com)# commit
    Commit complete.
    

    system raid add

    COMMAND system raid add

    DESCRIPTION Add a new drive to the RAID array.

    ARGUMENTS

    drive [ ssd1 | ssd2 ]

    • type: enumeration
    • description: Drive to add to the array.

    EXAMPLE

    Add ssd1 to the system's RAID array:

    appliance-1(config)# system raid add drive ssd1
    

    system raid remove

    COMMAND system raid remove

    DESCRIPTION Remove a drive from the RAID array.

    ARGUMENTS

    drive [ ssd1 | ssd2 ]

    • type: enumeration
    • description: Drive to remove from the array.

    EXAMPLE

    Remove ssd1 from the system's RAID array:

    appliance-1(config)# system raid remove drive ssd1
    

    system reboot

    COMMAND system reboot

    DESCRIPTION Trigger a restart of the system. This resets the management IP connection.

    ARGUMENTS

    This command has no arguments.

    EXAMPLE

    Reboot the system and when prompted whether to confirm the reboot, enter yes:

    appliance-1(config)# system reboot
    The reboot of the system results in data plane and management connectivity to be disrupted. Proceed? [no,yes] 
    

    system set-datetime

    COMMAND system set-datetime

    DESCRIPTION Configure the date and time for the system.

    ARGUMENTS

    date <date>

    • type: string
    • description: The system date, in the format YYYY-MM-DD.

    time

    • type: string
    • description: The system time, in the format HH:MM:SS.

    EXAMPLES

    Configure the system date to be 2021-11-11:

    appliance-1(config)# system set-datetime date 2021-11-11
    

    Configure the system time to be 11:11:00:

    appliance-1(config)# system set-datetime date 11:11:00
    

    tenants tenant

    COMMAND tenants tenant

    DESCRIPTION Provision and deploy a tenant on the system.

    ARGUMENTS

    config config <tenant-name>

    • type: string
    • description: User-specified name for a tenant. The minimum length is 1 character, and the maximum length is 50 characters.

    <tenant-name> config appliance-mode [ disabled | enabled ]

    • type: string
    • description: Specify enabled to enable appliance node at the tenant level. Specify disabled to disable it.

    <tenant-name> config cryptos [ disabled | enabled ]

    • type: string
    • description: Specify enabled to enable crypto devices for the tenant level. Specify disabled to disable it.

    <tenant-name> config gateway <ip-address>

    • type: IP Address
    • description: Configure an IPv4 or IPv6 gateway address for the tenant management IP address.

    <tenant-name> config image <image-name>

    • type: string
    • description: Configure an image file to use for the tenant.

    <tenant-name> config memory <amount-of-memory>

    • type: Unsigned long
    • description: Configure the amount of memory in MBs for the tenant. The range is from 4096 to 102400 MBs.

    <tenant-name> config mgmt-ip <ip-address>

    • type: IP Address
    • description: Configure the IPv4 or IPv6 management IP address for tenant management access. You can configure the management IP address only when a tenant is not in the deployed state.

    <tenant-name> config nodes <node-number>

    • type: Unsigned byte
    • description: Configure the node in which to schedule the tenant.

    <tenant-name> config prefix-length <length>

    • type: Unsigned byte
    • description: Configure the prefix length for the management IP of the tenant. The range is from 0 to 128.

    <tenant-name> config running-state [ configured | provisioned | deployed ]

    • type: string
    • description: Configure the desired state of the tenant.

    <tenant-name> config storage size <size>

    • type: Unsigned short
    • description: Configure the storage quota in GBs for the tenant. The default value is 76 GB. The range is from 22 to 700 GB.

    <tenant-name> config type <tenant-type>

    • type: enumeration
    • description: Configure the type (for example, BIG-IP) of the tenant.

    <tenant-name> config vcpu-cores-per-node <number-of-cores>

    • type: Unsigned byte
    • description: Configure the number of logical CPU cores for the tenant.

    <tenant-name> config vlans <vlan-id>

    • type: Unsigned byte
    • description: Configure the VLAN ID from the system VLAN table for the tenant.

    EXAMPLE

    Configure a tenant named bigip-vm of type BIG-IP, using a specified image file, assigned to node 1, using port 22, a management IP address of 192.0.2.61, a netmask of 255.255.255.0, a gateway of 192.0.2.1, using VLAN 100, and a running state of deployed.

    appliance-1(config)# tenants tenant bigip-vm config type BIG-IP image BIGIP-bigip15.1.6.123.ALL-F5OS.qcow2.zip.bundle nodes 1 port 22 mgmt-ip 192.0.2.71 netmask 255.255.255.0 gateway 192.0.2.254 vlans 100 running-state deployed
    

    vlan-listeners vlan-listener

    COMMAND vlan-listeners vlan-listener

    DESCRIPTION A vlan-listener is a system-generated object and should only be configured manually under the guidance of F5 Technical Support. Manually configuring a vlan-listener object could potentially impact the flow of network traffic through the system.

    ARGUMENTS

    • type: string
    • description: The name of the interface associated with the vlan-listener.

    range <vlan-id>

    • type: vlan-id
    • description: Integer value of the VLAN that is associated with the vlan-listener.

    [ <interface> | <vlan-id> ] config entry-type [ RBCAST-LISTENER | STATIC | VLAN-LISTENER ]

    • type: enumeration
    • description:

    [ <interface> | <vlan-id> ] config ifh-fields cmds

    • type: unsignedByte
    • description: 0 .. 7

    [ <interface> | <vlan-id> ] config ifh-fields did

    • type: unsignedShort
    • description:

    [ <interface> | <vlan-id> ] config ifh-fields dms

    • type: unsignedByte
    • description:

    [ <interface> | <vlan-id> ] config ifh-fields mirroring [ disabled | enabled ]

    • type: enumeration
    • description:

    [ <interface> | <vlan-id> ] config ifh-fields ndi-id

    • type: unsignedShort
    • description:

    [ <interface> | <vlan-id> ] config ifh-fields sep

    • type: unsignedByte
    • description:

    [ <interface> | <vlan-id> ] config ifh-fields svc

    • type: unsignedShort
    • description:

    [ <interface> | <vlan-id> ] config ifh-fields vtc

    • type: unsignedByte
    • description:

    [ <interface> | <vlan-id> ] config owner

    • type: string
    • description:

    [ <interface> | <vlan-id> ] config service-ids

    • type: list of unsignedShort
    • description:

    vlans vlan

    COMMAND vlans vlan

    DESCRIPTION Creates a VLAN object that can be referenced by other configuration commands. This command is intended to be expanded for future use and is currently not necessary for proper configuration of the system.

    ARGUMENTS

    [ <vlan-id> | range ]

    • type: vlan-id
    • description: Integer value for the VLAN or a range of VLAN IDs.

    [ <vlan-id> | range ] config name <name>

    • type: string
    • description: Name of the VLAN. The minimum length is 1 character, and the maximum length is 56 characters.

    [ <vlan-id> | range ] config vlan-id

    • type: unsigned short
    • description: Numerical value of the VLAN tag associated with the VLAN. The range is from 1 to 4094.

    EXAMPLE

    Configure VLAN 100, with the name 100 and a vlan-id of 100:

    appliance-1(config)# vlans vlan 100 config name 100 vlan-id 100
    

    Configure a VLAN range of 100-101:

    appliance-1(config)# vlans vlan range 100-101
    

    operational-mode-commands


    Operational Mode Commands


    autowizard

    COMMAND autowizard

    DESCRIPTION Specify whether to query automatically for mandatory elements.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify true to query automatically for mandatory elements. Specify false to disable it.

    cd

    COMMAND cd

    DESCRIPTION Change the working directory to a specific folder.

    ARGUMENTS

    <directory>

    • type: string
    • description: Directory name to which you want to change.

    clear

    COMMAND clear

    DESCRIPTION Remove all configuration changes.

    ARGUMENTS

    history

    • description: Clear operational and configuration mode history.

    compare

    COMMAND compare

    DESCRIPTION Compare two configuration subtrees.

    ARGUMENTS

    <config>

    • type: string
    • description: Compare the running configuration to a saved configuration.

    complete-on-space

    COMMAND complete-on-space

    DESCRIPTION Specify whether to have the CLI complete a command name automatically when you type an unambiguous string and then press the space bar, or have the CLI list all possible completions when you type an ambiguous string and then press the space bar.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify true to enable the ability to have the CLI complete a command name automatically when you press the space bar. Specify false to disable it.

    config

    COMMAND config

    DESCRIPTION Enter configuration mode. In configuration mode, you are editing a copy of the running configuration, called the candidate configuration, not the actual running configuration. Your changes take effect only when you issue a commit command.

    ARGUMENTS

    terminal

    • description: Allow editing from this terminal only. This edits a private copy of the running configuration. This private copy is not locked, so another user could also edit it at the same time.

    no-confirm

    • description: Do not allow a commit confirmation. This edits a private copy of the running configuration and does not allow the commit confirmed command to be used to commit the configuration.

    exclusive

    • description: Specify an exclusive edit mode. This locks the running configuration and the candidate configuration, and edits the candidate configuration. No one else can edit the candidate configuration as long as it is locked.

    describe

    COMMAND describe

    DESCRIPTION Display internal information about how a command is implemented.

    ARGUMENTS

    <command>

    • type: string
    • description: Command for which you want to view implementation information.

    devtools

    COMMAND devtools

    DESCRIPTION Enable/disable development tools.

    ARGUMENTS

    [ true | false ]

    • description: Set to true to enable development tools or false to disable it.

    display-level

    COMMAND display-level

    DESCRIPTION Set the depth of the configuration shown for show commands.

    ARGUMENTS

    <depth>

    • type: unsigned long integer
    • description: Maximum depth to display for show commands. The <depth> can be a value from 1 to 64.

    exit

    COMMAND exit

    DESCRIPTION Exit the CLI session.

    ARGUMENTS This command has no arguments.


    file

    COMMAND file

    DESCRIPTION Perform file operations.

    ARGUMENTS

    For detailed information about these arguments, see the file page under config-mode-commands.

    • delete
    • export
    • import
    • list
    • show
    • tail
    • transfer-status

    help

    COMMAND help

    DESCRIPTION Display help information about a specified command.

    ARGUMENTS

    <command>

    • type: string
    • description: Command for which you want to view help.

    history

    COMMAND history

    DESCRIPTION Configure the command history cache size.

    ARGUMENTS

    <size>

    • type: int
    • description: Number of commands tracked by CLI history. The <size> can be a value from 0 through 1000.

    id

    COMMAND id

    DESCRIPTION Display information about the current user, including user, gid, group, and gids.

    ARGUMENTS This command has no arguments.


    idle-timeout

    COMMAND idle-timeout

    DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.

    ARGUMENTS

    <timeout>

    • type: int
    • description: Number of seconds that the CLI is inactive before a user is logged out. A value of 0 (zero) sets the time to infinity, so the user is never logged out. The timeout can be a value from 0 through 8192 seconds. The default value is 1800 seconds (30 minutes).

    ignore-leading-space

    COMMAND ignore-leading-space

    DESCRIPTION Specify whether to consider or ignore leading whitespace at the beginning of a command.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Set to false to ignore leading whitespace or true to consider it.

    job

    COMMAND job

    DESCRIPTION Perform job operations.

    ARGUMENTS

    stop

    • description: Stop a specified job.

    leaf-prompting

    COMMAND leaf-prompting

    DESCRIPTION Specify whether to enable or disable automatic querying for leaf values.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify false to disable leaf prompting and specify true to enable it.

    logout

    COMMAND logout

    DESCRIPTION Log out a specific session or user from all sessions.

    ARGUMENTS

    session <session-id>

    • type: string
    • description: Log out a specific session by providing a value for <session-id>.

    user <user-name>

    • type: string
    • description: Log out a specific user by providing a value for <user-name>.

    no

    COMMAND no

    DESCRIPTION Delete or unset a configuration command.

    ARGUMENTS

    <command>

    • type: string
    • description: Command to delete or unset.

    output-file

    COMMAND output-file

    DESCRIPTION Copy command output to a file or terminal.

    ARGUMENTS

    <terminal-or-filename>

    • type: string
    • description: Specify whether to output to the terminal or to a specified file.

    paginate

    COMMAND paginate

    DESCRIPTION Specify whether to control the pagination of CLI command output.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify false to display command output continuously, regardless of the CLI screen height. Specify true to display all command output one screen at a time. To display the next screen of output, press the space bar. This is the default setting.

    prompt1

    COMMAND prompt1

    DESCRIPTION Set the operational mode prompt.

    ARGUMENTS

    <prompt-text>

    • type: string
    • description: Text to display at the operational mode prompt. Enclose the text in quotation marks. You can use regular ASCII characters and these special characters:
      • \d - Current date in the format yyyy-mm-dd (for example, 2013-12-02).
      • \h - Hostname up to the first period (.). You configure the hostname with the system hostname command.
      • \H - Full hostname. You configure the hostname with the system hostname command.
      • \s - Source IP address of the local system.
      • \t - Current time in 24-hour hh:mm:ss format.
      • \A - Current time in 24-hour format.
      • \T - Current time in 12-hour hh:mm:ss format.
      • \@ - Current time in 12-hour hh:mm format.
      • \u - Login username of the current user.
      • \m - Mode name.
      • \m{n} - Mode name, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).
      • \M - Mode name in parentheses.
      • \M{n} - Mode name in parentheses, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).

    prompt2

    COMMAND prompt2

    DESCRIPTION Set the configuration mode prompt.

    ARGUMENTS

    <prompt-text>

    • type: string
    • description: Text to display at the operational mode prompt. Enclose the text in quotation marks. You can use regular ASCII characters and these special characters:
      • \d - Current date in the format yyyy-mm-dd (for example, 2013-12-02).
      • \h - Hostname up to the first period (.). You configure the hostname with the system hostname command.
      • \H - Full hostname. You configure the hostname with the system hostname command.
      • \s - Source IP address of the local system.
      • \t - Current time in 24-hour hh:mm:ss format.
      • \A - Current time in 24-hour format.
      • \T - Current time in 12-hour hh:mm:ss format.
      • \@ - Current time in 12-hour hh:mm format.
      • \u - Login username of the current user.
      • \m - Mode name.
      • \m{n} - Mode name, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).
      • \M - Mode name in parentheses.
      • \M{n} - Mode name in parentheses, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).

    pwd

    COMMAND pwd

    DESCRIPTION Display the current path in the configuration hierarchy.

    ARGUMENTS This command has no arguments.


    quit

    COMMAND quit

    DESCRIPTION Exit the CLI session.

    ARGUMENTS This command has no arguments.


    screen-length

    COMMAND screen-length

    DESCRIPTION Configure the length of the terminal window.

    ARGUMENTS

    <number-of-rows>

    • type: int
    • description: The length of the terminal screen, in rows. The <number-of-rows> can be from 0 through 256. When you set the screen length to 0 (zero), the CLI does not paginate command output.

    screen-width

    COMMAND screen-width

    DESCRIPTION Configure the width of the terminal window.

    ARGUMENTS

    <number-of-columns>

    • type: int
    • description: The width of the terminal screen, in columns. The <number-of-rows> can be from 200 through 256.

    script

    COMMAND script

    DESCRIPTION Perform script actions.

    ARGUMENTS

    reload

  • description: Manually reload scripts. Available options are:
    • all: Show information about all scripts, regardless of whether they have been changed.
    • debug: Show additional debug information about scripts.
    • diff: Show information about scripts that have changed since the last reload. This is the default value.
    • errors: Show information about scripts that have errors, regardless of whether they have been changed. Typical errors include invalid file permissions and syntax errors.

  • send

    COMMAND send

    DESCRIPTION Send a message to the terminal of a specified user or all users.

    ARGUMENTS

    [ all | username <\username> ]

    • description: Specify all to send a message to all users. Specify username <username> to send a message only to a specified user.

    <message>

    • type: string
    • description: Contents of message to send to specified user(s).

    show

    COMMAND show

    DESCRIPTION Show information about the system.

    ARGUMENTS

    <system-component>

    • type: string
    • description: The component about which you want to view information.

    show-defaults

    COMMAND show-defaults

    DESCRIPTION Specify whether to display the default configuration.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify true to display the default values. Specify false to hide the default values.

    source

    COMMAND source

    DESCRIPTION Run commands from <file> as if they had been entered by the user.

    ARGUMENTS

    <file>

    • description: User-specified file.

    system

    COMMAND system

    DESCRIPTION Perform system operations. Available options are:

    • aaa - For more information, see system aaa.
    • database - For more information, see system database.
    • diagnostics - For more information, see system diagnostics.
    • events - Clear system events.
    • reboot - Restart the system.

    terminal

    COMMAND terminal

    DESCRIPTION Set the terminal type.

    ARGUMENTS

    [ generic | xterm | vt100 | ansi | linux ]

    • description: The type of terminal. Available options are:
      • generic
      • xterm
      • vt100
      • ansi
      • linux

    timestamp

    COMMAND timestamp

    DESCRIPTION Configure whether to display the timestamp.

    ARGUMENTS

    [ enable | disable ]

    • type: boolean
    • description: Specify enable to show the timestamp. Specify disable to hide the timestamp.

    who

    COMMAND who

    DESCRIPTION Display information on currently-logged on users. The command output displays the session ID, user name, context, from (IP address), protocol, date, and mode (operational or configuration).

    ARGUMENTS This command has no arguments.


    write

    COMMAND write

    DESCRIPTION Display the running configuration of the system on the terminal. This command is equivalent to the show running-config command.

    ARGUMENTS

    terminal

    • description: Displays the running configuration. To show the configuration of a specific component, press the Tab key to view additional options.

    pipe-mode-commands


    Pipe Mode Commands


    annotation

    COMMAND annotation

    DESCRIPTION Display only statements whose annotation matches a provided configuration statement or pattern.

    Note: Only available when the system has been configured with attributes enabled.

    ARGUMENTS

    <statement> <text>

    • type: string
    • description: Statement and text to search in a provided configuration statement.

    append

    COMMAND append

    DESCRIPTION Append command output text to a file.

    ARGUMENTS

    <filename>

    • type: string
    • description: Append command output to a specified file.

    begin

    COMMAND begin

    DESCRIPTION Display the command output starting at the first match of a specified string.

    ARGUMENTS

    <regularexpression-_restricted_subset>

    • type: string
    • description: Text string to find, where command output will begin displaying. The string is case sensitive.

    best-effort

    COMMAND best-effort

    DESCRIPTION Display command output or continue loading a file, even if a failure has occurred that might interfere with this process.

    ARGUMENTS This command has no arguments.


    context-match

    COMMAND context-match

    DESCRIPTION Display the upper hierarchy in which a pattern appears in the configuration.

    ARGUMENTS

    <pattern>

    • type: string
    • description: Characters from the output to match.

    count

    COMMAND count

    DESCRIPTION Count the number of lines in the command output.

    ARGUMENTS This command has no arguments.


    csv

    COMMAND csv

    DESCRIPTION Display table output in CSV format.

    ARGUMENTS This command has no arguments.


    de-select

    COMMAND de-select

    DESCRIPTION Do not show a specified field in the command output.

    ARGUMENTS

    <column-to-de-select>

    • type: string
    • description: The field that you do not want to display in the command output.

    debug

    COMMAND debug

    DESCRIPTION Display debug information.

    ARGUMENTS This command has no arguments.


    details

    COMMAND details

    DESCRIPTION Display the default values for commands in the running configuration.

    ARGUMENTS This command has no arguments.


    display

    COMMAND display

    DESCRIPTION Display options.

    ARGUMENTS This command has no arguments.


    exclude

    COMMAND exclude

    DESCRIPTION Exclude lines from the command output that match a string defined by a specified regular expression.

    ARGUMENTS

    <regular_expression-_restricted_subset>

    • type: string
    • description: String to match when excluding lines from the command output.

    extended

    COMMAND extended

    DESCRIPTION Display referring entries or elements.

    ARGUMENTS This command has no arguments.


    force

    COMMAND force

    DESCRIPTION Log out any users who are locking the configuration.

    ARGUMENTS This command has no arguments.


    hide

    COMMAND hide

    DESCRIPTION Hide display options.

    ARGUMENTS This command has no arguments.


    icount

    COMMAND icount

    DESCRIPTION Count the number of matching instances.

    ARGUMENTS This command has no arguments.


    include

    COMMAND include

    DESCRIPTION Include only lines in the command output that contain the string defined by a specified regular expression.

    ARGUMENTS

    <regular_expression-_restricted_subset>

    • type: string
    • description: String to match when including in the command output.

    linnum

    COMMAND linnum

    DESCRIPTION Display a line number at the beginning of each line in the displayed output.

    ARGUMENTS This command has no arguments.


    match-all

    COMMAND match-all

    DESCRIPTION Display the command output that matches all command output filters.

    ARGUMENTS This command has no arguments.


    match-any

    COMMAND match-any

    DESCRIPTION Display the command output that matches any one of the the command output filters. This is the default behavior when matching command output.

    ARGUMENTS This command has no arguments.


    more

    COMMAND more

    DESCRIPTION Paginate the command output. This is the default behavior.

    ARGUMENTS This command has no arguments.


    nomore

    COMMAND nomore

    DESCRIPTION Do not paginate command output.

    ARGUMENTS This command has no arguments.


    notab

    COMMAND notab

    DESCRIPTION Display tabular command output in a list instead of in a table. If the tabular command output is wider than the screen width, the output automatically displays in a list.

    ARGUMENTS This command has no arguments.


    repeat

    COMMAND repeat

    DESCRIPTION Repeat the output of a show command periodically.

    ARGUMENTS

    <interval-in-seconds>

    • type: int
    • description: How often to repeat the command, in seconds. Type Ctrl-C to terminate the display.

    save

    COMMAND save

    DESCRIPTION Save the command output text to a file.

    ARGUMENTS

    <filename>

    • type: string
    • description: The name of the file where command output is saved.

    select

    COMMAND select

    DESCRIPTION Display selected fields in the command output.

    ARGUMENTS

    <column-to-select>

    • type: string
    • description: The field(s) that you want to display in the command output.

    sort-by

    COMMAND sort-by

    DESCRIPTION Display command output with values sorted in a specified field.

    ARGUMENTS

    <index>

    • type: string
    • description: Name of the field to sort by in the command output.

    suppress-validate-warning-prompt

    COMMAND suppress-validate-warning-prompt

    DESCRIPTION Suppress the validation warning prompt.

    ARGUMENTS This command has no arguments.


    tab

    COMMAND tab

    DESCRIPTION Display tabular command output in table, even if the table is wider than the screen width. If the command output is wider than the screen width, wrap the output onto two or more lines.

    ARGUMENTS This command has no arguments.


    tags

    COMMAND tags

    DESCRIPTION Display only statements with tags that match a pattern.

    ARGUMENTS

    <pattern>

    • type: string
    • description: Characters from the output to match.

    trace

    COMMAND trace

    DESCRIPTION Display trace information.

    ARGUMENTS This command has no arguments.


    until

    COMMAND until

    DESCRIPTION Display the command output, ending with the line that matches a specified string.

    ARGUMENTS

    <regular_expression-_restricted_subset>

    • type: string
    • description: Text string to find to start displaying the command output.

    show-commands

    Show Commands


    show SNMP-FRAMEWORK-MIB

    COMMAND show SNMP-FRAMEWORK-MIB

    DESCRIPTION Display information about the SNMP engine Management Information Base (MIB).

    EXAMPLES

    Display information about the SNMP engine:

    appliance-1# show SNMP-FRAMEWORK-MIB
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:61:81:05:01
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 7
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 127740
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000
    

    show SNMP-MPD-MIB

    COMMAND show SNMP-MPD-MIB

    DESCRIPTION Display information about the SNMP Message Processing and Dispatching (MPD) MIB.

    EXAMPLES

    Display SNMP MPD information:

    appliance-1# show SNMP-MPD-MIB
    SNMP-MPD-MIB snmpMPDStats snmpUnknownSecurityModels 0
    SNMP-MPD-MIB snmpMPDStats snmpInvalidMsgs 0
    SNMP-MPD-MIB snmpMPDStats snmpUnknownPDUHandlers 0
    

    show SNMP-TARGET-MIB

    COMMAND show SNMP-TARGET-MIB

    DESCRIPTION Display information about the SNMP TARGET MIB.

    EXAMPLES

    Display the SNMP TARGET MIB information:

    appliance-1# show SNMP-TARGET-MIB
    SNMP-TARGET-MIB snmpTargetObjects snmpUnavailableContexts 0
    SNMP-TARGET-MIB snmpTargetObjects snmpUnknownContexts 0
    

    show SNMP-USER-BASED-MIB

    COMMAND show SNMP-USER-BASED-MIB

    DESCRIPTION Display information about objects that belong to SNMP files based on user-based security.

    EXAMPLES

    Display the SNMP TARGET user-based information:

    appliance-1# show SNMP-USER-BASED-SM-MIB
    SNMP-USER-BASED-SM-MIB usmStats usmStatsUnsupportedSecLevels 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsNotInTimeWindows 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsUnknownUserNames 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsUnknownEngineIDs 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsWrongDigests 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsDecryptionErrors 0
    

    show SNMPv2-MIB

    COMMAND show SNMPv2-MIB

    DESCRIPTION Display information about the SNMP version 2 MIB.

    EXAMPLES

    Display the SNMP version 2 MIB information:

    appliance-1# show SNMPv2-MIB
    SNMPv2-MIB system sysDescr "Linux 3.10.0-1160.25.1.F5.4.el7_8.x86_64 : Appliance services version 1.1.0-5810"
    SNMPv2-MIB system sysObjectID 1.3.6.1.2.1.1
    SNMPv2-MIB system sysUpTime 28545699
    SNMPv2-MIB system sysServices 72
    SNMPv2-MIB system sysORLastChange 9
    SNMPv2-MIB snmp snmpInPkts 0
    SNMPv2-MIB snmp snmpInBadVersions 0
    SNMPv2-MIB snmp snmpInBadCommunityNames 0
    SNMPv2-MIB snmp snmpInBadCommunityUses 0
    SNMPv2-MIB snmp snmpInASNParseErrs 0
    SNMPv2-MIB snmp snmpSilentDrops 0
    SNMPv2-MIB snmp snmpProxyDrops 0
    SNMPv2-MIB snmpSet snmpSetSerialNo 836391230
                                                                                                               SYS
    SYS                                                                                                        ORUP
    ORINDEX  SYS ORID             SYS ORDESCR                                                                  TIME
    -----------------------------------------------------------------------------------------------------------------
    1        1.3.6.1.4.1.12276.1  F5 Networks enterprise Platform MIB                                          9
    2        1.3.6.1.2.1.31       The MIB module to describe generic objects for network interface sub-layers  9
    

    show cli

    COMMAND show cli

    DESCRIPTION Display the default CLI session settings.

    ARGUMENTS

    This command has no arguments.

    EXAMPLES

    Display the current default CLI session settings:

    appliance-1# show cli
    autowizard            true
    complete-on-space     false
    devtools              false
    display-level         99999999
    history               100
    idle-timeout          0
    ignore-leading-space  false
    leaf-prompting        true
    output-file           terminal
    paginate              true
    prompt1               \h\M#
    prompt2               \h(\m)#
    screen-length         70
    screen-width          125
    service prompt config true
    show-defaults         false
    terminal              xterm-256color
    timestamp             disable
    

    show cluster

    COMMAND show cluster

    DESCRIPTION Display the current state of the OpenShift cluster and the last 25 OpenShift events that have occurred during installation and during normal operation.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display the current cluster state:

    appliance-1# show cluster
    cluster state
    cluster disk-usage-threshold state warning-limit 85
    cluster disk-usage-threshold state error-limit 90
    cluster disk-usage-threshold state critical-limit 97
    cluster disk-usage-threshold state growth-rate-limit 10
    cluster disk-usage-threshold state interval 60
    cluster nodes node node-1
     state enabled      true
     state node-running-state running
     state platform fpga-state FPGA_RDY
     state platform dma-agent-state DMA_AGENT_RDY
     state node-info creation-time 2021-11-08T21:55:12Z
     state node-info cpu 48
     state node-info pods 110
     state node-info memory 26215440Ki
     state ready-info ready true
     state ready-info last-transition-time 2021-12-04T00:29:25Z
     state ready-info message "kubelet is posting ready status"
     state out-of-disk-info last-transition-time ""
     state out-of-disk-info message ""
     state disk-pressure-info disk-pressure true
     state disk-pressure-info last-transition-time 2021-12-04T00:29:34Z
     state disk-pressure-info message "kubelet has disk pressure"
     state disk-usage used-percent 39
     state disk-usage growth-rate 1
     state disk-usage status in-range
    DISK DATA  DISK DATA
    NAME       VALUE
    -------------------------
    available  68550262784
    capacity   117807665152
    used       43249483776
    
    TENANT
    NAME    QAT DEVICE NAME   BDF
    -----------------------------------
    big-ip  qat_dev_vf00pf00  53:01.0
            qat_dev_vf00pf01  54:01.0
            qat_dev_vf00pf02  55:01.0
    
    NAMESPACE  TYPE  REASON  OBJECT  MESSAGE
    ------------------------------------------
                             -
    
    cluster cluster-status summary-status "K3S cluster is NOT initialized."
    INDEX  STATUS
    ---------------------------------------------------------------------------------------------
    0      2022-01-04 16:53:01.280210 -  applianceMainEventLoop::Orchestration manager startup.
    

    show cluster cluster-status

    COMMAND show cluster cluster-status

    DESCRIPTION Display the current state of a specific OpenShift event that has occurred during installation and during normal operation.

    ARGUMENTS

    cluster-status <event-number>

    • description: Show a specific OpenShift event.

    cluster-status summary-status

    • description: Show a summary of the status.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display cluster status:

    appliance-1# show cluster cluster-status
    cluster cluster-status summary-status "K3S cluster is NOT initialized."
    INDEX  STATUS
    ---------------------------------------------------------------------------------------------
    0      2022-01-04 16:53:01.280210 -  applianceMainEventLoop::Orchestration manager startup.
    

    show cluster disk-usage-threshold

    COMMAND show cluster disk-usage-threshold

    DESCRIPTION Display the current configuration of disk usage threshold.

    ARGUMENTS

    state critical-limit

    • description: The percentage of disk usage allowed before triggering a critical alarm.

    state error-limit

    • description: The percentage of disk usage allowed before triggering an error alarm.

    state growth-rate-limit

    • description: The percentage of disk usage growth rate allowed.

    state interval

    • description: The interval measured, in minutes, at which disk usage is monitored.

    state warning-limit

    • description: The percentage of disk usage allowed before triggering a warning alarm.

    EXAMPLE

    Display the current configuration for all disk usage threshold options:

    appliance-1# show cluster disk-usage-threshold
    cluster disk-usage-threshold state warning-limit 85
    cluster disk-usage-threshold state error-limit 90
    cluster disk-usage-threshold state critical-limit 97
    cluster disk-usage-threshold state growth-rate-limit 10
    cluster disk-usage-threshold state interval 60
    

    show cluster events

    COMMAND show cluster events

    DESCRIPTION Display information about cluster events, including namespace, type, reason, object and message.

    ARGUMENTS

    [ message | namespace | object | reason | type ]

    • description: Display specific information about a cluster event.

    show cluster install-status

    COMMAND show cluster install-status

    DESCRIPTION Display the status of the OpenShift cluster installation, including the state of the various stages of the OpenShift installation.

    ARGUMENTS

    This command has no arguments.


    show cluster nodes

    COMMAND show cluster nodes node

    DESCRIPTION Display the state of a specific node in the system.

    ARGUMENTS

    node <node>

    • type: string
    • description: Specific node to display.

    EXAMPLE

    Display the state of the node node-1:

    appliance-1# show cluster nodes node node-1
    cluster nodes node node-1
     state enabled      true
     state node-running-state running
     state platform fpga-state FPGA_RDY
     state platform dma-agent-state DMA_AGENT_RDY
     state node-info creation-time 2021-11-08T21:55:12Z
     state node-info cpu 48
     state node-info pods 110
     state node-info memory 26215440Ki
     state ready-info ready true
     state ready-info last-transition-time 2021-12-04T00:29:25Z
     state ready-info message "kubelet is posting ready status"
     state out-of-disk-info last-transition-time ""
     state out-of-disk-info message ""
     state disk-pressure-info disk-pressure true
     state disk-pressure-info last-transition-time 2021-12-04T00:29:34Z
     state disk-pressure-info message "kubelet has disk pressure"
     state disk-usage used-percent 39
     state disk-usage growth-rate 1
     state disk-usage status in-range
    DISK DATA  DISK DATA
    NAME       VALUE
    -------------------------
    available  68530409472
    capacity   117807665152
    used       43269337088
    
    TENANT
    NAME    QAT DEVICE NAME   BDF
    -----------------------------------
    big-ip  qat_dev_vf00pf00  53:01.0
            qat_dev_vf00pf01  54:01.0
            qat_dev_vf00pf02  55:01.0
    

    show cluster state

    COMMAND show cluster state

    DESCRIPTION Display the current state of the cluster.

    ARGUMENTS

    This command has no arguments.


    show components

    COMMAND show components

    DESCRIPTION Display information about hardware inventory and firmware components.

    ARGUMENTS

    The availability of options for this command depends on which hardware component you are configuring.

    component <specific-component>

    • type: string
    • description: Name of the specific component. Available options are:
    • cpu
    • integrated-circuit
    • properties
    • psu-stats
    • software
    • state
    • storage
    • subcomponents

    component properties property

    • type: string
    • description: View information about firmware properties to verify the firmware version for components or verify that a firmware update has completed successfully. When a firmware update is in progress, the UPDATE STATUS is running, and it changes to complete when the update completes.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLES

    Display details about psu-1:

    appliance-1# show components component psu-1
    components component psu-1
     state serial-no FZ2104Q71234
     state part-no MW2100
     state empty false
     psu-stats psu-current-in 1.234
     psu-stats psu-current-out 17.375
     psu-stats psu-voltage-in 202.0
     psu-stats psu-voltage-out 12.015
     psu-stats psu-temperature-1 39.0
     psu-stats psu-temperature-2 41.0
     psu-stats psu-temperature-3 41.0
     psu-stats psu-fan-1-speed 19680
    

    Display all information about the platform:

    appliance-1# show components component platform
    components component platform
     state description    "r10900"
     state serial-no      f5-abcd-efgh
     state part-no        "200-0413-02 REV 2"
     state empty          false
     state tpm-integrity-status Valid
     state memory available 15305256960
     state memory free 14715150336
     state memory used-percent 94
     state temperature current 27.2
     state temperature average 28.6
     state temperature minimum 26.8
     state temperature maximum 31.3
                                                                                       UPDATE
    NAME                        NAME  VALUE                              CONFIGURABLE  STATUS
    -------------------------------------------------------------------------------------------
    QAT0                        -     Lewisburg C62X Crypto/Compression  false         -
    QAT1                        -     Lewisburg C62X Crypto/Compression  false         -
    QAT2                        -     Lewisburg C62X Crypto/Compression  false         -
    QAT3                        -     Lewisburg C62X Crypto/Compression  false         -
    QAT4                        -     Lewisburg C62X Crypto/Compression  false         -
    QAT5                        -     Lewisburg C62X Crypto/Compression  false         -
    fw-version-bios             -     1.02.108.1                         false         none
    fw-version-bios-me          -     4.4.4.58                           false         none
    fw-version-cpld             -     02.0A.00                           false         none
    fw-version-drive-nvme0      -     VDV10170                           false         none
    fw-version-drive-nvme1      -     VDV10170                           false         none
    fw-version-drive-u.2.slot1  -     VDV10170                           false         none
    fw-version-drive-u.2.slot2  -     VDV10170                           false         none
    fw-version-lcd-app          -     1.01.057.00.1                      false         none
    fw-version-lcd-bootloader   -     1.01.027.00.1                      false         none
    fw-version-lcd-ui           -     1.5.1                              false         none
    fw-version-lop-app          -     1.00.214.0.1                       false         none
    fw-version-lop-bootloader   -     1.02.062.0.1                       false         none
    fw-version-sirr             -     1.1.29                             false         none
    
     storage state disks disk nvme0n1
      state model "INTEL SSDPE2KX010T8"
      state vendor Intel
    ...
    

    show configuration commit changes

    COMMAND show configuration commit changes

    DESCRIPTION Display changes that were made to the running configuration by previous configuration commits, including changes committed for a specified commit ID.

    ARGUMENTS

    <id>

    • type: int
    • description: Display information for a specific configuration commit.

    EXAMPLES

    Display information about the last commit:

    appliance-1# show configuration commit changes
    !
    ! Created by: admin
    ! Date: 2022-01-05 19:52:30
    ! Client: rest
    !
    system clock config timezone-name America/Los_Angeles
    

    Display information about commit ID 2:

    appliance-1# show configuration commit changes 2
    !
    ! Created by: admin
    ! Date: 2022-01-05 00:36:06
    ! Client: cli
    !
    system ntp servers server ntp.pool.org
     config address ntp.pool.org
    !
    system ntp servers server ntp.pool.org
    !
    

    show configuration commit list

    COMMAND show configuration commit list

    DESCRIPTION Display information about the configuration commits stored in the commit database.

    ARGUMENTS

    <number-of-commits>

    • type: int
    • description: Display a specific number of configuration commits.

    EXAMPLE

    Display information about the five most recent configuration commits:

    appliance-1# show configuration commit list 5
    2022-01-06 02:57:46
    SNo. ID       User       Client      Time Stamp          Label       Comment
    ~~~~ ~~       ~~~~       ~~~~~~      ~~~~~~~~~~          ~~~~~       ~~~~~~~
    0    10103    admin      rest        2022-01-05 19:52:30
    1    10101    admin      system      2022-01-05 19:47:06
    2    10100    admin      cli         2022-01-05 00:36:06
    3    10099    admin      cli         2022-01-04 17:00:10
    4    10098    admin      rest        2022-01-04 16:56:09
    

    show configuration rollback changes

    COMMAND show configuration rollback changes

    DESCRIPTION Display changes that would be made by the rollback configuration command or to display the list of commit IDs.

    ARGUMENTS

    <id>

    • type: int
    • description: Display information for a specific configuration commit.

    EXAMPLE

    Display changes that would be made by rolling back to the most recent configuration commit:

    appliance-1# show configuration rollback changes
    no system clock config timezone-name America/Los_Angeles
    

    show dag-states

    COMMAND

    show dag-states

    DESCRIPTION

    Display system level packet disaggregation (DAG) state. This table is populated by the system with a row per running tenant. The data shows the where a packet can be distributed to when received by an interface.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display the current disaggregation state:

    appliance-1# show dag-states
    dag-states dag-state big-ip
     publisher              dagd
     publisher-instance     1
     publish-time           1638493412
     commit-tenant-instance 1
     commit-time            1638493412
     dag-version            16
     tenant-instance-ids    [ 15 63 ]
     sdag-table             "f f f f f f f f f f f f f f f f f f f f f f f f"
     sdag-table-hash        0
    

    show dag-states dag-state

    COMMAND

    show dag-states dag-state

    DESCRIPTION

    Display only a specific dag-state for a given tenant name.

    ARGUMENTS

    Available options are:

    • commit-tenant-instance: Instance that committed this data.
    • commit-time: Timestamp of commit.
    • dag-version: Version of disaggregation library used by tenant.
    • publish-time: Timestamp of publish.
    • publisher: Software component that published this data.
    • publisher-instance: Tenant instance that published this data.
    • sdag-table: A list of instance ids used by system to hash packets.
    • sdag-table-hash: A hash of the full sdag table.
    • tenant instance ids: Available tenants for packets to which packets are distributed.

    EXAMPLE

    appliance-1# show dag-states dag-state big-ip
    dag-states dag-state big-ip
     publisher              dagd
     publisher-instance     1
     publish-time           1638493412
     commit-tenant-instance 1
     commit-time            1638493412
     dag-version            16
     tenant-instance-ids    [ 15 63 ]
     sdag-table             "f f f f f f f f f f f f f f f f f f f f f f f f"
     sdag-table-hash        0
    

    show fdb

    COMMAND show fdb

    DESCRIPTION Show Layer 2 forwarding database (FDB) entries in the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    mac-table

    • description: FDB (forwarding database) table used to store learned MAC addresses.

    EXAMPLE

    Display all FDB information using table output:

    appliance-1# show fdb | tab
    
    show fdb | tab
                                                                                              NDI
    MAC ADDRESS        VLAN  TAG TYPE      VLAN  TAG TYPE      VID   ENTRY TYPE   OWNER  AGE  ID    SVC  VTC  SEP  DMS  DID  CMDS  MIRRORING  INTERFACE
    -----------------------------------------------------------------------------------------------------------------------------------------------------
    00:94:a1:8e:4c:09  1040  tag_type_vid  1040  tag_type_vid  1040  L2-LISTENER  -      -    4095  8    -    -    -    -    1     -          -
    00:94:a1:8e:4c:09  1041  tag_type_vid  1041  tag_type_vid  1041  L2-LISTENER  -      -    4095  8    -    -    -    -    1     -          -
    
    

    Show FDB MAC table information:

    appliance-1# show fdb mac-table
    fdb mac-table entries entry 00:94:a1:8e:4c:09 100 tag_type_vid
     state vlan 100
     state tag-type tag_type_vid
     state vid  100
     state entry-type L2-LISTENER
     state owner defaultbip-1
     state ifh-fields ndi-id 4095
     state ifh-fields svc 8
     state ifh-fields cmds 1
    fdb mac-table entries entry 00:94:a1:8e:4c:09 101 tag_type_vid
     state vlan 101
     state tag-type tag_type_vid
     state vid  101
     state entry-type L2-LISTENER
     state owner defaultbip-1
     state ifh-fields ndi-id 4095
     state ifh-fields svc 8
     state ifh-fields cmds 1
    

    show file

    COMMAND show file

    DESCRIPTION Display current configuration for known hosts and status of file transfers.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    known-hosts

    • description: Show hosts listed in the system known_hosts file.

    transfer-operations

    • description: Show recent file transfer operations.

    EXAMPLE

    Display the status of recent file transfers:

    appliance-1# show file transfer-operations
    file transfer-operations transfer-operation images/tenant/BIGIP-15.1.4-0.0.10.ALL-F5OS.qcow2.zip.bundle sea.company.com v15.1.4/daily/build10.0/VM/BIGIP-15.1.4-0.0.10.ALL-F5OS.qcow2.zip.bundle "Import file" "HTTPS   "
     status    "In Progress (41.0%)"
     timestamp "Thu Jan  6 03:16:42 2022"
    

    show fpga-tables

    COMMAND show fpga-tables

    DESCRIPTION Display current configuration for FPGA tables.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    xbar-ports xbar-port port<n>_mod<n>

    • description: Show statistics for a specified XBAR port.

    EXAMPLE

    Display information about port_mod0:

    appliance-1# show fpga-tables xbar-ports xbar-port port0_mod0
    fpga-tables xbar-ports xbar-port port0_mod0
     state counters rx-pkt-cnt 4125
     state counters rx-byte-cnt 1419000
     state counters tx-pkt-cnt 0
     state counters tx-byte-cnt 0
     state counters tx-obuff-drops 0
     state counters mcast-rx-full-drops 0
     state counters mcast-tx-full-drops 0
     state counters rx-cos0-drops 0
     state counters rx-cos1-drops 0
     state counters rx-cos2-drops 0
     state counters rx-cos3-drops 0
     state counters rx-cos4-drops 0
     state counters rx-cos5-drops 0
     state counters rx-cos6-drops 0
     state counters rx-cos7-drops 0
     state counters tx-cos0-drops 0
     state counters tx-cos1-drops 0
     state counters tx-cos2-drops 0
     state counters tx-cos3-drops 0
     state counters tx-cos4-drops 0
     state counters tx-cos5-drops 0
     state counters tx-cos6-drops 0
     state counters tx-cos7-drops 0
     state counters rx-mcast-pkt-cnt 0
     state counters rx-mcast-byte-cnt 0
     state counters rx-mcast-drops 0
     state counters tx-mcast-pkt-cnt 0
     state counters tx-mcast-byte-cnt 0
     state counters tx-mcast-drops 0
     state counters rx-dst-dis-pkt-cnt 0
     state counters mirror-pkts-cnt 0
     state counters mirror-bytes-cnt 0
    

    show history

    COMMAND show history

    DESCRIPTION Display a history of commands run on the system.

    ARGUMENTS

    • type: int
    • description: Number of commands to show in the command history.

    EXAMPLE

    Display the last three commands that were run on the system:

    appliance-1# show history 3
    03:24:37 -- show file transfer-operations state
    03:24:57 -- idle-timeout 0
    03:25:26 -- show file transfer-operations
    

    show images

    COMMAND show images

    DESCRIPTION Display all tenant images imported to the system. Also shows which image is currently in use and its status.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display all tenant images on the system:

    appliance-1# show images
                                                                       IN
    NAME                                                               USE    STATUS
    ------------------------------------------------------------------------------------
    BIGIP-15.1.4-0.0.10.ALL-F5OS.qcow2.zip.bundle                      false  verified
    

    show interfaces

    COMMAND show interfaces

    DESCRIPTION Display information about front-panel network interfaces. This includes options for link aggregation.

    ARGUMENTS

    <interface-name>

    • type: string
    • description: Limit the output to the specified interface. Available options are:
      • 1.0 - <n>.0
      • <lag-name>

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    <interface-name> aggregation

    • description: Limit the output to aggregation-specific information for the specified interface(s).

    <interface-name> ethernet

    • description: Limit the output to Ethernet-specific information for the specified interface(s).

    <interface-name> state

    • description: Limit the output to the operational state of the specified interface(s).

    EXAMPLES

    Display only the first level of interface information:

    appliance-1# show interfaces displaylevel 1
    interfaces interface 1.0
    interfaces interface 2.0
    interfaces interface 3.0
    interfaces interface 4.0
    interfaces interface 5.0
    interfaces interface 6.0
    interfaces interface 7.0
    interfaces interface 8.0
    interfaces interface 9.0
    interfaces interface 10.0
    interfaces interface 11.0
    interfaces interface 12.0
    interfaces interface 13.0
    interfaces interface 14.0
    interfaces interface 15.0
    interfaces interface 16.0
    interfaces interface 17.0
    interfaces interface 18.0
    interfaces interface 19.0
    interfaces interface 20.0
    interfaces interface mgmt
    interfaces interface test-lag
    

    Display information only about interface 2.0:

    appliance-1# show interfaces interface 2.0
    interfaces interface 2.0
     state name               2.0
     state type               ethernetCsmacd
     state mtu                9600
     state enabled            true
     state ifindex            24
     state oper-status        DOWN
     state counters in-octets 0
     state counters in-unicast-pkts 0
     state counters in-broadcast-pkts 0
     state counters in-multicast-pkts 0
     state counters in-discards 0
     state counters in-errors 0
     state counters in-fcs-errors 0
     state counters out-octets 0
     state counters out-unicast-pkts 0
     state counters out-broadcast-pkts 0
     state counters out-multicast-pkts 0
     state counters out-discards 0
     state counters out-errors 0
     state forward-error-correction auto
     state lacp_state         LACP_DEFAULTED
     ethernet state port-speed SPEED_100GB
     ethernet state hw-mac-address 00:94:a1:69:34:12
     ethernet state counters in-mac-control-frames 0
     ethernet state counters in-mac-pause-frames 0
     ethernet state counters in-oversize-frames 0
     ethernet state counters in-jabber-frames 0
     ethernet state counters in-fragment-frames 0
     ethernet state counters in-8021q-frames 0
     ethernet state counters in-crc-errors 0
     ethernet state counters out-mac-control-frames 0
     ethernet state counters out-mac-pause-frames 0
     ethernet state counters out-8021q-frames 0
     ethernet state flow-control rx on
    

    Display information about a LAG interface named test-lag:

    appliance-1# show interfaces interface test-lag
    interfaces interface test-lag
    state name               test-lag
    state type               ieee8023adLag
    state mtu                9600
    state oper-status        DOWN
    state forward-error-correction auto
    aggregation state lag-type STATIC
    aggregation state lag-speed 0
    aggregation state distribution-hash src-dst-ipport
    aggregation state mac-address 00:94:a1:69:34:26
    aggregation state lagid 1
    MEMBER  MEMBER
    NAME    STATUS
    ----------------
    1.0     DOWN
    

    show lacp

    COMMAND

    show lacp

    DESCRIPTION

    Display the current LACP configuration and state information for global and all LACP interfaces.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display information about configured LACP interfaces:

    appliance-1# show lacp
    lacp state system-id-mac 00:94:a1:69:34:23
    lacp interfaces interface lacp-test
     state name lacp-test
     state interval SLOW
     state lacp-mode ACTIVE
    

    show lacp interfaces

    COMMAND

    show lacp interfaces

    DESCRIPTION

    Show current LACP state for all LACP interfaces.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    system-id-mac

    • description: Combination of LACP system-priority and the stack MAC address.

    system-priority

    • description: Priority assigned to the system for LACP. A smaller value indicates a higher priority.

    show lacp state for a specific lacp interface

    COMMAND

    show lacp interfaces interface

    DESCRIPTION

    Show current LACP config and state information for an LACP interface.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    <interface-name>

    • description: The interface to display.

    EXAMPLE

    Display information about the testLAG interface:

    appliance-1# show lacp interfaces interface testLAG
    lacp interfaces interface testLAG
     state name    testLAG
     state interval FAST
     state lacp-mode ACTIVE
     state system-id-mac 0:94:a1:8e:4c:8
    

    show lacp state

    COMMAND

    show lacp state

    DESCRIPTION

    Display global LACP state information.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    system-id-mac

    • description: Combination of LACP system-priority and the stack MAC address.

    system-priority

    • description: Priority assigned to the system for LACP. A smaller value indicates a higher priority.

    EXAMPLE

    Display the global state of LACP:

    appliance-1# show lacp state
    lacp state system-id-mac 00:94:a1:66:e0:08
    

    show lldp

    COMMAND show lldp

    DESCRIPTION Display the information about Link Layer Discovery Protocol (LLDP) on the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    interfaces interface <interface-name>

    • type: string
    • description: Name of a specific LLDP interface.

    state

    • type: string
    • description: Show the state for a specific option. Available options are:
      • chassis-id
      • chassis-id-type
      • disabled
      • enabled
      • system-description
      • system-name

    EXAMPLES

    Display all LLDP information:

    appliance-1# show lldp
    lldp state enabled
    lldp state chassis-id f5-abcd-efgh
    lldp state chassis-id-type LOCAL
    lldp interfaces interface 1.0
     state name 1.0
     state enabled
     state counters frame-in 0
     state counters frame-out 4202
    

    Show whether LLDP is enabled or disabled:

    appliance-1# show lldp state enabled
    lldp state enabled
    

    show parser

    COMMAND show parser

    DESCRIPTION Display information about available commands and their syntax.

    ARGUMENTS

    dump

    • description: Display information about all available commands.

    EXAMPLE

    Display information about all commands:

    appliance-1# show parser dump
    autowizard [false/true]
    cd <Dir>
    cd
    clear history
    compare file <File> [brief]
    compare file <File> [brief] SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry
    compare file <File> [brief] SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry
    compare file <File> [brief] SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry
    compare file <File> [brief] SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry
    compare file <File> [brief] SNMP-USER-BASED-SM-MIB usmUserTable usmUserEntry
    compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmAccessTable vacmAccessEntry
    compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry
    compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmViewTreeFamilyTable vacmViewTreeFamilyEntry
    compare file <File> [brief] SNMPv2-MIB snmp snmpEnableAuthenTraps
    compare file <File> [brief] SNMPv2-MIB system sysContact
    compare file <File> [brief] SNMPv2-MIB system sysLocation
    compare file <File> [brief] SNMPv2-MIB system sysName
    compare file <File> [brief] cluster disk-usage-threshold config critical-limit
    compare file <File> [brief] cluster disk-usage-threshold config error-limit
    compare file <File> [brief] cluster disk-usage-threshold config growth-rate-limit
    compare file <File> [brief] cluster disk-usage-threshold config interval
    compare file <File> [brief] cluster disk-usage-threshold config warning-limit
    compare file <File> [brief] cluster nodes node
    compare file <File> [brief] components component
    compare file <File> [brief] fdb mac-table entries entry
    compare file <File> [brief] file config concurrent-operations-limit
    compare file <File> [brief] file known-hosts known-host
    compare file <File> [brief] fpga-tables xbar-ports xbar-port
    compare file <File> [brief] interfaces interface
    compare file <File> [brief] lacp config system-priority
    compare file <File> [brief] lacp interfaces interface
    compare file <File> [brief] lldp config disabled
    compare file <File> [brief] lldp interfaces interface
    compare file <File> [brief] port-mappings port-mapping
    compare file <File> [brief] portgroups portgroup
    compare file <File> [brief] stp global config
    compare file <File> [brief] stp interfaces interface
    compare file <File> [brief] stp mstp config hold-count
    compare file <File> [brief] stp mstp mst-instances mst-instance
    compare file <File> [brief] stp rstp config hold-count
    compare file <File> [brief] stp rstp interfaces interface
    compare file <File> [brief] stp stp config hold-count
    compare file <File> [brief] stp stp interfaces interface
    ...
    

    show port-mappings

    COMMAND show port-mappings

    DESCRIPTION Display information about port mappings.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    port-mapping <port-mapping-entry>

    • description: Limit the output to the specified port mapping.

    port-mapping pipeline PIPELINE-<n>

    • description: Limit the output to the specified pipeline.

    EXAMPLES

    Display information about all pipelines:

    appliance-1# show port-mappings port-mapping pipeline
                                                                                 NUM
                                            CAPACITY  ALLOCATED  OVERSUBSCRIBE   ALLOCATED  MAX
    NAME       INDEX       PIPELINE GROUP   BW        BW         STATUS          PORTS      PORTS  PORTS
    -----------------------------------------------------------------------------------------------------------------------------
    appliance-1  PIPELINE-1  PIPELINEGROUP-1  100       200        OVERSUBSCRIBED  5          8      [ 1.0 3.0 4.0 5.0 6.0 ]
               PIPELINE-2  PIPELINEGROUP-1  100       200        OVERSUBSCRIBED  5          8      [ 10.0 2.0 7.0 8.0 9.0 ]
    default-2  PIPELINE-3  PIPELINEGROUP-2  100       200        OVERSUBSCRIBED  5          8      [ 11.0 13.0 14.0 15.0 16.0 ]
               PIPELINE-4  PIPELINEGROUP-2  100       200        OVERSUBSCRIBED  5          8      [ 12.0 17.0 18.0 19.0 20.0 ]
    

    show portgroups

    COMMAND show portgroups

    DESCRIPTION Display information about portgroups.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    portgroup <specific-portgroup>

    • description: Limit the output to the specified portgroup.

    portgroup <specific-portgroup> state

    • description: Limit the output to the operational state of the specified portgroup(s). Available options are:
      • ddm
      • displaylevel
      • media
      • optic-state
      • transmitter-technology
      • vendor-name
      • vendor-oui
      • vendor-partnum
      • vendor-revision
      • vendor-serialnum

    EXAMPLES

    Display all information about portgroup 1:

    appliance-1# show portgroups portgroup 1
    portgroups portgroup 1
     state vendor-name      "F5 INC."
     state vendor-oui       009065
     state vendor-partnum   "OPT-0031        "
     state vendor-revision  A0
     state vendor-serialnum "X1KA007         "
     state transmitter-technology "850 nm VCSEL"
     state media            100GBASE-SR4
     state optic-state      QUALIFIED
     state ddm rx-pwr low-threshold alarm -14.0
     state ddm rx-pwr low-threshold warn -11.0
     state ddm rx-pwr instant val-lane1 -2.9
     state ddm rx-pwr instant val-lane2 -2.8
     state ddm rx-pwr instant val-lane3 -2.76
     state ddm rx-pwr instant val-lane4 -2.92
     state ddm rx-pwr high-threshold alarm 3.4
     state ddm rx-pwr high-threshold warn 2.4
     state ddm tx-pwr low-threshold alarm -10.0
     state ddm tx-pwr low-threshold warn -8.0
     state ddm tx-pwr instant val-lane1 -1.19
     state ddm tx-pwr instant val-lane2 -0.98
     state ddm tx-pwr instant val-lane3 -0.98
     state ddm tx-pwr instant val-lane4 -1.1
     state ddm tx-pwr high-threshold alarm 5.0
     state ddm tx-pwr high-threshold warn 3.0
     state ddm temp low-threshold alarm -5.0
     state ddm temp low-threshold warn 0.0
     state ddm temp instant val 33.3359
     state ddm temp high-threshold alarm 75.0
     state ddm temp high-threshold warn 70.0
     state ddm bias low-threshold alarm 0.003
     state ddm bias low-threshold warn 0.005
     state ddm bias instant val-lane1 0.00746
     state ddm bias instant val-lane2 0.00754
     state ddm bias instant val-lane3 0.00753
     state ddm bias instant val-lane4 0.007516
     state ddm bias high-threshold alarm 0.013
     state ddm bias high-threshold warn 0.011
     state ddm vcc low-threshold alarm 2.97
     state ddm vcc low-threshold warn 3.135
     state ddm vcc instant val 3.2288
     state ddm vcc high-threshold alarm 3.63
     state ddm vcc high-threshold warn 3.465
    

    Display only the optic-state of portgroup 2:

    appliance-1# show portgroups portgroup 2 state optic-state
    state optic-state QUALIFIED
    

    show restconf-state

    COMMAND show restconf-state

    DESCRIPTION Display capabilities supported by the RESTCONF server.

    ARGUMENTS

    capabilities capability

    • description: Display all capabilities supported by the RESTCONF server.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display all supported capabilities:

    appliance-1# show restconf-state
    restconf-state capabilities capability urn:ietf:params:restconf:capability:defaults:1.0?basic-mode=report-all
    restconf-state capabilities capability urn:ietf:params:restconf:capability:depth:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:fields:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:with-defaults:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:filter:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:replay:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:yang-patch:1.0
    restconf-state capabilities capability http://tail-f.com/ns/restconf/collection/1.0
    restconf-state capabilities capability http://tail-f.com/ns/restconf/query-api/1.0
    restconf-state capabilities capability http://tail-f.com/ns/restconf/unhide/1.0
    

    show running-config

    COMMAND show running-config

    DESCRIPTION Display the current configuration for the system. By default, the whole configuration is displayed. You can limit what is shown by supplying a pathfilter. The pathfilter may be either a path pointing to a specific instance, or if an instance id is omitted, the part following the omitted instance is treated as a filter.

    ARGUMENTS

    For information about these arguments, see these sections on the show-SNMP-FRAMEWORK-MIB page.

    • SNMP-COMMUNITY-MIB
    • SNMP-NOTIFICATION-MIB
    • SNMP-TARGET-MIB
    • SNMP-USER-BASED-SM-MIB
    • SNMP-VIEW-BASED-ACM-MIB
    • SNMPv2-MIB
    • components
    • fdb
    • file
    • fpga-tables
    • interfaces
    • lacp
    • lldp
    • port-mappings
    • portgroups
    • stp
    • system
    • tenants
    • vlan-listeners
    • vlans

    EXAMPLE

    Display the current running configuration for file operations:

    appliance-1# show running-config file
    file config concurrent-operations-limit 5
    

    Display information about interface 11.0:

    appliance-1# show running-config interfaces interface 11.0
    interfaces interface 11.0
     config name 11.0
     config type ethernetCsmacd
     config enabled
    

    show service-instances

    COMMAND show service-instances

    DESCRIPTION

    Services are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system. A service might have multiple instances.

    This command displays all the service instances on the system.

    IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    service-instance

    • type: string
    • description: Display information about a specific service instance.

    EXAMPLES

    Display the service-type value for each service-instance:

    appliance-1# show service-instances service-instance service-type  | tab
                  SLOT  INSTANCE
    TENANT NAME   ID    ID          SERVICE TYPE
    ---------------------------------------------------
    L2HostLearn   1     4291376965  ST_SYSTEM_SERVICE
    L2HostLearn   1     4291376966  ST_SYSTEM_SERVICE
    SwRbcaster-1  1     3100278637  ST_SYSTEM_SERVICE
    lacpd         1     3495072231  ST_SYSTEM_SERVICE
    lldpd         1     2423009794  ST_SYSTEM_SERVICE
    stpd          1     3777547480  ST_SYSTEM_SERVICE
    

    show service-pods

    COMMAND show service-pods

    DESCRIPTION

    A system service is deployed in a Pod.

    IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    service-pod

    • type: string
    • description: Display information about a specific service pod.

    EXAMPLES

    Display information about the pod image version:

    appliance-1# show service-pods service-pod pod-image-version
    SERVICE NAME              POD IMAGE VERSION
    --------------------------------------------------------------------------------
    compute                   1.0.17
    coredns                   1.8.3
    helper-job-hnet-big-ip-1  5.1.0-appliance-master.2021-09-21-14-38-09.Sf319b34d
    kube-flannel              0.13.0
    kube-multus               3.6.0
    lb-port-443               v0.2.0
    local-path-provisioner    v0.0.19
    metrics-server            v0.3.6
    pause                     3.1
    traefik-ingress-lb        2.4.8
    virt-api                  1.0.17
    virt-controller           1.0.17
    virt-handler              1.0.17
    

    show services

    COMMAND show services

    DESCRIPTION

    Services are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system.

    IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    service

    • type: string
    • description: Display information about a specific service.

    EXAMPLES

    Display information about services:

    appliance-1# show services
                                                USE                                       USE
    SERVICE  HASH   FIELD   FULL        TUNNEL  IP     HASH   FIELD   FULL        TUNNEL  IP     TENANT
    ID       ALG    SELECT  MASK  MASK  SELECT  PROTO  ALG    SELECT  MASK  MASK  SELECT  PROTO  NAME
    -----------------------------------------------------------------------------------------------------
    8        dagv2  port    true        outer   false  dagv2  port    true        outer   false  big-ip
    

    show stp

    COMMAND

    show stp

    DESCRIPTION

    Displays the state of Spanning Tree Protocol (STP) on the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLES

    Display all STP information:

    appliance-1# show SNMP-FRAMEWORK-MIB
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:61:81:05:01
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 7
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 127740
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000
    appliance-1# show stp
    stp global state enabled-protocol [ STP ]
    stp rstp state hold-count 6
    stp mstp state hold-count 6
    stp stp state hello-time   2
    stp stp state max-age      20
    stp stp state forwarding-delay 15
    stp stp state hold-count   6
    stp stp state bridge-priority 32768
    stp stp state bridge-address 0:94:a1:69:34:23
    stp stp state designated-root-priority 32768
    stp stp state designated-root-address 0:94:a1:69:34:23
    stp stp state root-port    0
    stp stp state root-cost    0
    stp stp state topology-changes 0
    stp stp state time-since-topology-change 1641442985
    

    Display only STP information:

    appliance-1# show stp stp
    stp stp state hello-time   2
    stp stp state max-age      20
    stp stp state forwarding-delay 15
    stp stp state hold-count   6
    stp stp state bridge-priority 32768
    stp stp state bridge-address 0:94:a1:69:34:23
    stp stp state designated-root-priority 32768
    stp stp state designated-root-address 0:94:a1:69:34:23
    stp stp state root-port    0
    stp stp state root-cost    0
    stp stp state topology-changes 0
    stp stp state time-since-topology-change 1641443111
    

    stp global config enabled-protocol

    COMMAND

    show stp global state enabled-protocol

    DESCRIPTION

    Display which STP protocol is currently enabled for the system. There is either one enabled protocol per system or none.

    EXAMPLE

    Display the currently-enabled protocol:

    appliance-1# show stp global state enabled-protocol
    stp global state enabled-protocol [ STP ]
    

    show stp interfaces interface

    COMMAND

    show stp interfaces interface

    DESCRIPTION

    Display information about configured STP interfaces, including the current link type and edge port status.

    ARGUMENTS

    <interface>

    • description: Display information about only a specific STP interface, including the current link type and edge port status.

    EXAMPLE

    Display information about all configured STP interfaces:

    appliance-1# show stp interfaces
                                LINK
    NAME   NAME   EDGE PORT     TYPE
    ----------------------------------
    1.0    1.0    EDGE_DISABLE  P2P
    

    show stp mstp

    COMMAND

    show stp mstp

    DESCRIPTION

    Display all system state related to the MSTP protocol. These fields are populated only when the STP global enabled-protocol is MSTP.

    EXAMPLE

    Display MSTP information:

    appliance-1# show stp mstp
    stp mstp state name 32768:0:94:a1:69:34:23
    stp mstp state revision 0
    stp mstp state max-hop 20
    stp mstp state hello-time 2
    stp mstp state max-age 20
    stp mstp state forwarding-delay 15
    stp mstp state hold-count 6
    

    show stp mstp mst-instances

    COMMAND

    show stp mstp mst-instances

    DESCRIPTION

    Display all configured MST instances and their state.

    EXAMPLE

    Display information about all configured MST instances:

    appliance-1# show stp mstp mst-instances
    stp mstp mst-instances mst-instance 1
     state mst-id               1
     state bridge-priority      32768
     state designated-root-priority 32768
     state designated-root-address 0:94:a1:69:34:23
     state root-port            0
     state root-cost            0
     state topology-changes     0
     state time-since-topology-change 1641443429
    

    show stp mstp mst-instances mst-instance

    COMMAND

    show stp mstp mst-instances mst-instance

    DESCRIPTION

    Display information about a specific MST instance and its state. You can optionally specify the interfaces attribute, which lists interfaces configured for this MST instance and their respective spanning-tree state.

    EXAMPLE

    Display information about mst-instance 555:

    appliance-1# show stp mstp mst-instances mst-instance 555
    stp mstp mst-instances mst-instance 555
     state mst-id               555
     state vlan                 [ 555 ]
     state bridge-priority      61440
     state designated-root-priority 61440
     state designated-root-address 0:94:a1:8d:18:8
     state root-port            0
     state root-cost            0
     state topology-changes     1
     state time-since-topology-change 396
    

    show stp mstp state

    COMMAND

    show stp mstp state

    DESCRIPTION

    Display the global state for the MSTP protocol. You can optionally specify a single attribute. Available options are:

    • forwarding-delay: If this system is the root bridge, protocol uses this forwarding delay.
    • hello-time: If this system is the root bridge, protocol uses this hello-time.
    • hold-count: If this system is the root bridge, protocol uses this hold-count.
    • max-age: If this system is the root bridge, protocol uses this max-age.
    • max-hop: Lifetime of BPDUs in hop counts.
    • name: Name of the MSTP region in which this bridge resides.
    • revision: Revision for the MSTP region in which this bridge resides.

    EXAMPLE

    Display information about the global state for MSTP:

    appliance-1# show stp mstp state
    stp mstp state name 32768:0:94:a1:69:34:23
    stp mstp state revision 0
    stp mstp state max-hop 20
    stp mstp state hello-time 2
    stp mstp state max-age 20
    stp mstp state forwarding-delay 15
    stp mstp state hold-count 6
    

    show stp rstp

    COMMAND

    show stp rstp

    DESCRIPTION

    Display all system state related to the RSTP protocol. These fields are populated only when the stp global enabled-protocol is RSTP.

    EXAMPLE

    Display RSTP information:

    appliance-1# show stp rstp
    stp rstp state hello-time  2
    stp rstp state max-age     20
    stp rstp state forwarding-delay 15
    stp rstp state hold-count  6
    stp rstp state bridge-priority 32768
    stp rstp state bridge-address 0:94:a1:69:34:23
    stp rstp state designated-root-priority 32768
    stp rstp state designated-root-address 0:94:a1:69:34:23
    stp rstp state root-port   0
    stp rstp state root-cost   0
    stp rstp state topology-changes 0
    stp rstp state time-since-topology-change 1641443732
    

    show stp rstp interfaces interface

    COMMAND

    show stp rstp interfaces interface

    DESCRIPTION

    Display information about configured RSTP interfaces

    EXAMPLE

    Display information about all configured RSTP interfaces:

    appliance-1# show stp rstp interfaces
    stp rstp interfaces interface 1.0
     state name    1.0
     state port-priority 128
     state port-num 1
     state port-state BLOCKING
    stp rstp interfaces interface 11.0
     state name    11.0
     state port-priority 128
     state port-num 11
     state port-state FORWARDING
    

    show stp stp

    COMMAND

    show stp stp

    DESCRIPTION

    Display all system state related to the STP protocol. These fields are only populated when the STP global enabled-protocol is STP.

    EXAMPLE

    appliance-1# show stp stp
    stp stp state hello-time   2
    stp stp state max-age      20
    stp stp state forwarding-delay 15
    stp stp state hold-count   6
    stp stp state bridge-priority 32768
    stp stp state bridge-address 0:94:a1:69:34:23
    stp stp state designated-root-priority 32768
    stp stp state designated-root-address 0:94:a1:69:34:23
    stp stp state root-port    0
    stp stp state root-cost    0
    stp stp state topology-changes 0
    stp stp state time-since-topology-change 1641443885
    

    COMMAND

    show stp stp interfaces

    DESCRIPTION

    Display all system state related to interfaces configured for the STP protocol.

    EXAMPLE

    appliance-1# show stp stp interfaces
    stp stp interfaces interface 1.0
     state name    1.0
     state port-priority 128
     state port-num 1
     state port-state BLOCKING
    stp stp interfaces interface 2.0
     state name    2.0
     state port-priority 128
     state port-num 2
     state port-state FORWARDING
    appliance-1#
    

    show stp stp interfaces interface

    COMMAND

    show stp stp interfaces interface

    DESCRIPTION

    Display information about configured STP interfaces.

    EXAMPLE

    Display information about STP interface 1.0:

    appliance-1# show stp stp interfaces interface 1.0
    stp stp interfaces interface 1.0
     state name                 1.0
     state port-priority        128
     state port-num             1
     state port-state           BLOCKING
     state designated-root-priority 0
     state designated-root-address 0:0:0:0:0:0
     state designated-cost      0
     state designated-bridge-priority 0
     state designated-bridge-address 0:0:0:0:0:0
     state designated-port-num  0
     state forward-transisitions 0
     state counters bpdu-sent 0
     state counters bpdu-received 0
    

    show stp stp state


    COMMAND

    show stp stp state

    DESCRIPTION

    Display any global state specific to the STP protocol. You can optionally specify a single attribute. Available options are:

    • bridge-address: MAC address for this bridge used in STP protocol.
    • bridge-priority: Priority of this bridge used in root bridge selection.
    • designated-root-address: MAC address of current root bridge.
    • forwarding-delay: If this system is the root bridge, protocol uses this forwarding delay.
    • hello-time: If this system is the root bridge, protocol uses this hello-time.
    • hold-count: If this system is the root bridge, protocol uses this hold-count.
    • max-age: If this system is the root bridge, protocol uses this max-age.
    • root-cost: The calculated cost associated with the current root-port.
    • root-port: port-num which is currently root. The mapping between interface and port-num can be seen at stp rstp interfaces interface {name} state port-num.
    • time-since-topology-change: Seconds since last change in topology occurred.
    • topology-changes: Total number of topology changes.

    EXAMPLE

    Display information about the global state for STP:

    appliance-1# show stp stp state
    stp stp state hello-time   2
    stp stp state max-age      20
    stp stp state forwarding-delay 15
    stp stp state hold-count   6
    stp stp state bridge-priority 32768
    stp stp state bridge-address 0:94:a1:69:34:23
    stp stp state designated-root-priority 32768
    stp stp state designated-root-address 0:94:a1:69:34:23
    stp stp state root-port    0
    stp stp state root-cost    0
    stp stp state topology-changes 0
    stp stp state time-since-topology-change 1641443966
    

    show system aaa

    COMMAND show system aaa

    DESCRIPTION Display system user authentication information, including information about roles, users, primary key, server groups, and TLS.

    ARGUMENTS

    authentication

    • description: Display information about users and user roles.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    primary-key

    • description: Display information about the system's primary key.

    server-groups

    • description: Display information about configured server groups.

    tls

    • description: Display information about TLS certificates and CRLs.

    EXAMPLE

    Display the default system accounts:

    appliance-1# show system aaa authentication
              LAST        TALLY  EXPIRY
    USERNAME  CHANGE      COUNT  DATE    ROLE
    -----------------------------------------------------
    admin     2021-11-08  0      -1      admin
    big-ip    0           0      1       tenant-console
    root      2021-11-08  0      -1      root
    
    ROLENAME        GID   USERS
    -----------------------------
    admin           9000  -
    operator        9001  -
    root            0     -
    tenant-console  9100  -
    

    Display information for the primary key:

    appliance-1# show system aaa primary-key
    

    Show the TLS certificate:

    appliance-1# show system aaa tls state certificate
    

    Show the current CRLs in the system:

    appliance-1# show system aaa tls crls crl
    

    show system alarms

    COMMAND show system alarms

    DESCRIPTION Display information about system alarms.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display active alarm conditions:

    appliance-1# show system alarms
    ID RESOURCE SEVERITY TEXT TIME CREATED
    --------------------------------------------------------------------------------------------------
    65793 psu-1 ERROR PSU fault detected 2021-01-01 10:39:12.113796318 UTC
    

    show system appliance-mode

    COMMAND show system appliance-mode

    DESCRIPTION Check the current state of appliance mode. It can be either enabled or disabled.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    ihealth

    • description: Display configured iHealth information.

    EXAMPLE

    Display the current state of appliance mode:

    appliance-1# show system diagnostics ihealth
    system diagnostics ihealth state username ""
    system diagnostics ihealth state server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
    system diagnostics ihealth state authserver https://api.f5.com/auth/pub/sso/login/ihealth-api
    

    show system clock

    COMMAND show system clock

    DESCRIPTION Display the current time configured for the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    state appliance

  • description: Display the current time configured for the system.
  • state timezone-name

  • description: Display the current time zone name configured for the system.
  • EXAMPLES

    Display the currently-configured time zone name:

    appliance-1# show system clock
    system clock state timezone-name Etc/UTC
    system clock state appliance date-time "2022-01-06 04:54:34 America/Los_Angeles"
    

    Display the current time for the system:

    appliance-1# show system clock state appliance
    system clock state appliance date-time "2022-01-06 04:51:31 America/Los_Angeles"
    

    show system diagnostics

    COMMAND show system diagnostics

    DESCRIPTION Display iHealth information.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    ihealth

    • description: Display configured iHealth information.

    EXAMPLE

    Display the iHealth configuration for the system:

    appliance-1# show system diagnostics ihealth
    system diagnostics ihealth state username ""
    system diagnostics ihealth state server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
    system diagnostics ihealth state authserver https://api.f5.com/auth/pub/sso/login/ihealth-api
    

    show system dns

    COMMAND show system dns

    DESCRIPTION Display information about DNS servers configured for the system to use.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    host-entries

    • description: Display configured host entries (search domains).

    servers

    • description: Display configured DNS lookup servers.

    EXAMPLE

    Display all configured DNS servers:

    appliance-1# show system dns servers
    ADDRESS       ADDRESS  PORT
    -----------------------------
    192.168.10.1  -        53
    192.168.11.1  -        53
    

    show system events

    COMMAND show system events

    DESCRIPTION Display information about system events.

    EXAMPLE

    Display system events:

    appliance-1# show system events
    system events event
     log "65550 appliance firmware-update-status EVENT NA \"Firmware update is running for sirr \" \"2021-11-08 21:49:27.507242294 UTC\""
    system events event
     log "65550 appliance firmware-update-status EVENT NA \"Firmware update completed for sirr \" \"2021-11-08 21:49:29.505202936 UTC\""
    system events event
     log "65550 appliance firmware-update-status EVENT NA \"Firmware update is running for atse 1\" \"2021-11-08 21:49:29.511148376 UTC\""
     ...
    

    show system health

    COMMAND show system health

    DESCRIPTION Display health information about system components.

    ARGUMENTS

    The availability of options for this command depends on the hardware component for which you want to view health information.

    components component <specific-component> [ [ firmware | hardware | services ] <specific-component> ] ]

    • type: string
    • description: Name of the specific component. Available options are:
      • appliance
      • drive-slot-1
      • drive-slot-2
      • fantray
      • lcd
      • psu-1
      • psu-2

    EXAMPLES

    Display high-level hardware health state for the fan tray:

    appliance-1# show system health components component fantray hardware state
    KEY                         NAME      HEALTH  SEVERITY
    --------------------------------------------------------
    appliance/hardware/fantray  Fan Tray  ok      info
    

    Display health information about system memory:

    appliance-1# show system health components component appliance hardware appliance/hardware/memory
    hardware appliance/hardware/memory
     state name Memory
     state health ok
     state severity info
    NAME                                DESCRIPTION                      HEALTH  SEVERITY  VALUE  UPDATED AT
    --------------------------------------------------------------------------------------------------------------------
    memory:sensor:temperature           Memory DIMM temperature (C)      ok      info             2021-11-08T21:49:10Z
    rasdaemon:mc:corrected:event        RAS Daemon MC corrected event    ok      info      0      2022-01-06T05:13:24Z
    rasdaemon:mc:fatal:event            RAS Daemon MC fatal event        ok      info      0      2022-01-06T05:13:24Z
    rasdaemon:mc:uncorrected:event      RAS Daemon MC uncorrected event  ok      info      0      2022-01-06T05:13:24Z
    v6h:thermal-fault:vddq-abcd-vr-hot  VDDQ_ABCD_VR_HOT thermal fault   ok      info      0      2022-01-04T16:53:23Z
    v6h:thermal-fault:vddq-efgh-vr-hot  VDDQ_EFGH_VR_HOT thermal fault   ok      info      0      2022-01-04T16:53:23Z
    

    Display the status of the tcpdump service on the system:

    appliance-1# show system health components component appliance services appliance/services/tcpdumpd_manager
    services appliance/services/tcpdumpd_manager
     state name tcpdumpd_manager
     state health ok
     state severity info
    NAME                               DESCRIPTION                               HEALTH  SEVERITY  VALUE  UPDATED AT
    ----------------------------------------------------------------------------------------------------------------------------
    container:event:attach             Container attach event                    ok      info      0      2021-11-08T21:49:26Z
    container:event:die                Container die event                       ok      info      0      2021-11-08T21:49:26Z
    container:event:exec-create        Container exec create event               ok      info      0      2021-11-19T22:56:26Z
    container:event:exec-detach        Container exec detach event               ok      info      0      2021-11-08T21:49:26Z
    container:event:exec-die           Container exec die event                  ok      info      0      2021-11-08T21:49:26Z
    container:event:exec-start         Container exec start event                ok      info      0      2021-11-19T22:56:26Z
    container:event:kill               Container kill event                      ok      info      0      2021-12-04T00:19:35Z
    container:event:restart            Container restart event                   ok      info      0      2022-01-04T16:53:24Z
    container:event:restart-last-hour  Container restart count in the last hour  ok      info      0      2021-11-08T21:49:26Z
    container:event:start              Container start event                     ok      info      0      2021-11-08T21:49:26Z
    container:event:stop               Container stop event                      ok      info      0      2021-11-08T21:49:26Z
    container:running                  Container running                         ok      info      true   2022-01-06T05:13:24Z
    

    show system image

    COMMAND show system image

    DESCRIPTION Display information about the installed Base OS image on the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    install

    • description: Display only installed image information.

    EXAMPLES

    Display the currently-installed Base OS image on the system:

    appliance-1# show system image install
    system image state install install-os-version 1.0.0-11432
    system image state install install-service-version 1.0.0-11432
    system image state install install-status success
    

    Display information about all imported Base OS images:

    appliance-1# show system image
                                     IN
    VERSION OS   STATUS  DATE        USE
    ----------------------------------------
    1.0.0-10234  ready   2021-10-05  false
    1.0.0-11432  ready   2021-12-03  true
    
    VERSION                          IN
    SERVICE      STATUS  DATE        USE
    ----------------------------------------
    1.0.0-10234  ready   2021-10-05  false
    1.0.0-11432  ready   2021-12-03  true
    
                                     IN
    VERSION ISO  STATUS  DATE        USE
    ----------------------------------------
    1.0.0-10234  ready   2021-10-05  false
    1.0.0-11432  ready   2021-12-03  false
    

    show system licensing

    COMMAND show system licensing

    DESCRIPTION Display information about system license.

    EXAMPLE

    Display information about the license activated on the system (Note that actual license key values are not shown below):

    appliance-1# show system licensing
    system licensing license
                             Licensed version    1.0.0
                             Registration Key    XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX
                             Licensed date       2021/12/17
                             License start       2021/10/06
                             License end         2022/02/04
                             Service check date  2022/01/05
                             Platform ID         C128
                             Appliance SN        f5-abcd-efgh
    
                             Active Modules
                              Local Traffic Manager, r10900 (XXXXXXX-XXXXXXX)
                               FIX Low Latency
                               LTM to Best Upgrade, r109XX
                               Carrier-Grade NAT, r10XXX
                               BIG-IP, DNS and GTM Upgrade (1K TO MAX)
                               Rate Shaping
                               DNSSEC
                               Anti-Virus Checks
                               Base Endpoint Security Checks
                               Firewall Checks
                               Machine Certificate Checks
                               Network Access
                               Protected Workspace
                               Secure Virtual Keyboard
                               APM, Web Application
                               App Tunnel
                               Remote Desktop
                               DNS Rate Fallback, Unlimited
                               DNS Licensed Objects, Unlimited
                               DNS Rate Limit, Unlimited QPS
                               GTM Rate Fallback, (UNLIMITED)
                               GTM Licensed Objects, Unlimited
                               GTM Rate, Unlimited
                               Carrier Grade NAT (AFM ONLY)
                               APM, Limited
                               Routing Bundle
                               Protocol Security Manager
                               Access Policy Manager, Base, r109XX
                               Advanced Web Application Firewall, r10XXX
                               Max SSL, r10900
                               Max Compression, r10900
                               Advanced Firewall Manager, r10XXX
                               DNS Max, rSeries
    

    show system locator

    COMMAND show system locator

    DESCRIPTION Display whether the system locator function is enabled. This function illuminates the F5 logo ball so that you can more easily locate a chassis in a data center.

    EXAMPLE

    Display whether the system locator is enabled:

    appliance-1# show system locator
    system locator state disabled
    

    show system logging

    COMMAND show system logging

    DESCRIPTION Display information about remote logging.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    host-logs

    • description: Display configured settings for sending host logs to remote logging servers.

    show system mgmt-ip

    COMMAND show system mgmt-ip

    DESCRIPTION Display information about configured management IP addresses.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    state ipv4 [ gateway | prefix-length | system] ]

    • description: Display specified options for an IPv4 management IP address.

    state ipv6 [ gateway | prefix-length | system] ]

    • description: Display specified options for an IPv6 management IP address.

    EXAMPLE

    Display information about all configured management IP addresses:

    appliance-1# show system mgmt-ip
    system mgmt-ip state ipv4 system address 192.0.2.102
    system mgmt-ip state ipv4 prefix-length 24
    system mgmt-ip state ipv4 gateway 192.0.2.254
    system mgmt-ip state ipv6 system address ::
    system mgmt-ip state ipv6 prefix-length 0
    system mgmt-ip state ipv6 gateway ::
    

    Display only the gateway for a configured IPv4 management IP address:

    appliance-1# show system mgmt-ip state ipv4 gateway
    system mgmt-ip state ipv4 gateway 192.0.2.254
    

    show system network

    COMMAND show system network

    DESCRIPTION Display information about the configured and active internal network addresses.

    ARGUMENTS

    This command has no arguments.

    EXAMPLE

    Display information about the currently-configured internal network:

    appliance-1# show system network
    system network state configured-network-range-type RFC6598
    system network state configured-network-range 100.64.0.0/12
    system network state active-network-range-type RFC6598
    system network state active-network-range 100.64.0.0/12
    

    show system ntp

    COMMAND show system ntp

    DESCRIPTION Display the current state of the Network Time Protocol (NTP) service.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display the current state of NTP on the system:

    appliance-1# show system ntp
    system ntp state disabled
    

    show system ntp ntp-keys

    COMMAND show system ntp ntp-keys

    DESCRIPTION Display a list of configured NTP authentication keys.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    ntp-key <key-id>

    • description: An identifier used by the client and server to designate a secret key.

    show system ntp servers

    COMMAND show system ntp servers

    DESCRIPTION Displays a list of configured NTP servers.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display configured NTP servers:

    appliance-1# show system ntp servers
                                               ASSOCIATION                           ROOT   ROOT                POLL
    ADDRESS       ADDRESS       PORT  VERSION  TYPE         IBURST  PREFER  STRATUM  DELAY  DISPERSION  OFFSET  INTERVAL
    ----------------------------------------------------------------------------------------------------------------------
    ntp.pool.org  ntp.pool.org  123   4        SERVER       false   false   -        -      -           -       -
    

    show system raid

    COMMAND show system raid

    DESCRIPTION Display the current state of the RAID array.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    raid-array-status

    • description: Display the status of the RAID array.

    raid-array-status drive

    • type: unsignedLong
    • description: Display options for installed drives. Available options are:
      • array-member: Whether a drive is an array member.
      • array-status: Array status; status is undefined if the drive is not a member of the array.
      • bayid: Drive bay identifier.
      • serial-number: Drive serial number.
      • size: Drive size in GB.

    EXAMPLES

    Display the current status of the RAID array:

    appliance-1# show system raid raid-array-status
                                     ARRAY   ARRAY
    NAME  BAYID  SERIAL NUMBER       MEMBER  STATUS  SIZE
    ----------------------------------------------------------
    ssd1  0      PHLJ915001PK1R8S44  true    ok      684.7G
    
    ssd2  1      PHLJ915001Q61R8T42  true    ok      684.7G
    

    Display only the size, in GB, of the drives in the system:

    appliance-1# show system raid raid-array-status drive size
    NAME  SIZE
    ---------------
    ssd1  684.7G
    
    ssd2  684.7G
    

    show system state

    COMMAND show system state

    DESCRIPTION Display information about the system, such as domain name, login banner, and hostname.

    ARGUMENTS

    base-mac:

    • description: Show the system-allocated base MAC for the system.

    boot-time

    • description: Show the boot time for the system.

    current-datetime

    • description: Show the date and time for the system.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    domain-name

    • description: Show the domain name for the system.

    hostname

    • description: Show the hostname for the system.

    login-banner

    • description: Show the login banner for the system.

    mac-pool-size

    • description: Show the MAC pool size for the system.

    motd-banner

    • description: Show the message of the day (MOTD) banner for the system.

    EXAMPLES

    Display the current date and time:

    appliance-1# show system state current-datetime
    system state current-datetime "2022-01-06 05:58:49 America/Los_Angeles"
    

    Display the hostname for the system:

    appliance-1# show system state hostname
    system state hostname appliance-1
    

    Display the login banner for the system:

    appliance-1# show system state login-banner
    system state login-banner UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
    

    Display the message of the day (MOTD) banner for the system:

    appliance-1# show system state motd-banner
    system state motd-banner ATTENTION! This system is scheduled for maintenance in two days.
    

    show tenants

    COMMAND show tenants

    DESCRIPTION Display the state of all configured tenants in the system.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Display the state of configured tenants on the current system:

    appliance-1# show tenants
    tenants tenant big-ip
     state name          big-ip
     state unit-key-hash Cl2Hpf4K3RZXmhTEQPQ3orKjj4GsNrlCaLsOAdQ3I9c2SG6uWpan08OkIWKNOyEVnrYBvxA5TQQRaOSm/H+ftQ==
     state type          BIG-IP
     state mgmt-ip       192.0.2.61
     state prefix-length 24
     state gateway       192.0.2.254
     state cryptos       enabled
     state vcpu-cores-per-node 2
     state memory        7680
     state storage size 76
     state running-state deployed
     state mac-data base-mac 00:12:a1:34:56:b1
     state mac-data mac-pool-size 1
     state appliance-mode disabled
     state status        Starting
     state primary-slot  1
     state image-version "BIG-IP 15.1.4 0.0.248"
     state instances instance 1
      instance-id   1
      phase         "Allocating resources to tenant is in progress"
      image-name    BIGIP-bigip15.1.x-europa-15.1.45-0.0.248.ALL-F5OS.qcow2.zip.bundle
      creation-time ""
      ready-time    ""
      status        " "
    

    show tenants tenant

    COMMAND show tenants tenant

    DESCRIPTION Displays the state of a specific configured tenants in the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    tenant-name

    • type: string
    • description: Specific tenant name.

    EXAMPLE

    Display the state of a tenant named bigip:

    appliance-1# show tenants tenant bigip
    tenants tenant big-ip
     state name          big-ip
     state unit-key-hash Cl2Hpf4K3RZXmhTEQPQ3orKjj4GsNrlCaLsOAdQ3I9c2SG6uWpan08OkIWKNOyEVnrYBvxA5TQQRaOSm/H+ftQ==
     state type          BIG-IP
     state mgmt-ip       192.0.2.61
     state prefix-length 24
     state gateway       192.0.2.254
     state cryptos       enabled
     state vcpu-cores-per-node 2
     state memory        7680
     state storage size 76
     state running-state deployed
     state mac-data base-mac 00:12:a1:34:56:b1
     state mac-data mac-pool-size 1
     state appliance-mode disabled
     state status        Starting
     state primary-slot  1
     state image-version "BIG-IP 15.1.4 0.0.248"
     state instances instance 1
      instance-id   1
      phase         "Allocating resources to tenant is in progress"
      image-name    BIGIP-bigip15.1.x-europa-15.1.45-0.0.248.ALL-F5OS.qcow2.zip.bundle
      creation-time ""
      ready-time    ""
      status        " "
    

    show vlan-listeners

    COMMAND show vlan-listeners

    DESCRIPTION Displays configured vlan-listeners. These objects are system-created and available for display for technical support purposes only.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at a depth of three below a given element will be displayed, etc. The range is from 1 to 64.

    vlan-listener <interface> <vlan-id>

    • description: Display a specific vlan-listener associated with an interface and VLAN pair.

    EXAMPLE

    Display the vlan-listener on interface 1.0 with the VLAN ID of 100:

    appliance-1# show vlan-listeners vlan-listener 1.0 100
                                             NDI                                             SERVICE
    INTERFACE  VLAN  ENTRY TYPE     OWNER    ID    SVC  VTC  SEP  DMS  DID  CMDS  MIRRORING  IDS
    ------------------------------------------------------------------------------------------------
    1.0        100   VLAN-LISTENER  tenant-1  4095   8    -   15   -    -    -     disabled   -
    

    show vlans

    COMMAND show vlans

    DESCRIPTION Displays configured VLAN objects.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    vlan <vlan-id>

    • type: vlan-id
    • description: Display information only about a specified VLAN.

    EXAMPLE

    Display all configured VLANs:

    appliance-1# show vlans
    VLAN
    ID    INTERFACE
    -----------------
    101   internal
    

    F5 r2000/r4000 CLI Reference


    config-mode-commands


    abort

    COMMAND abort

    DESCRIPTION Abort a configuration session.

    ARGUMENTS This command has no arguments.


    annotate

    COMMAND annotate

    DESCRIPTION Associate an annotation (comment) with a given configuration or validation statement or pattern. To remove an annotation, leave the text empty.

    Note: Only available when the system has been configured with attributes enabled.

    ARGUMENTS

    <statement> <text>

    • type: string
    • description: A statement with which an annotation is to be associated and the text to be associated for a part of the configuration.

    clear

    COMMAND clear

    DESCRIPTION Remove all configuration changes.

    ARGUMENTS

    history

    • description: Clear command history.

    commit

    COMMAND commit

    DESCRIPTION Commit the current set of changes to the running configuration.

    ARGUMENTS

    abort <id>

    • type: int
    • description: Halt a pending commit using the persist-id <id> argument.

    and-quit

    • description: Commit the current set of changes and exit configuration mode.

    check

    • description: Validate the current configuration and indicate any configuration errors.

    comment <text>

    • type: string
    • description: Add a text comment about the commit operation. If the text string includes spaces, enclose the string in quotation marks (" ").

    label

    • type: string
    • description: Add a text label that describes the commit operation. If the text string includes spaces, enclose the string in quotation marks (" ").

    no-confirm

    • description: Commit the current set of changes without querying the user. If needed, you can specify the persist token as an argument to this command using the persist-id argument.

    save-running <filename>

    • type: string
    • description: Save a copy of the configuration to a specified file.

    compare

    COMMAND compare

    DESCRIPTION Compare two configuration subtrees.

    ARGUMENTS

    <config>

    • type: string
    • description: Compare the running configuration to a saved configuration.

    copy

    COMMAND copy

    DESCRIPTION Copy the running configuration.

    ARGUMENTS

    <identifier>

    • type: int
    • description: The file identifier.

    <path-to-file>

    • type: string
    • description: Path of the file to be compared.

    <file>

    • type: string
    • description: File name to be compared.

    describe

    COMMAND describe

    DESCRIPTION Display detailed information about a command.

    ARGUMENTS

    <command>

    • type: string
    • description: The source of the command (YANG, clispec, etc.).

    <path-to-file>

    • type: string
    • description: The path in the YANG file.

    do

    COMMAND do

    DESCRIPTION Run a command in operational (user) mode.

    ARGUMENTS

    <command>

    • type: string
    • description: Command to be run in operational mode.

    end

    COMMAND end

    DESCRIPTION Exit configuration mode. If no changes have been made to the configuration, you are prompted to save before exiting configuration mode.

    ARGUMENTS

    no-confirm

    • description: Exit configuration mode immediately, without committing any changes to the configuration.

    exit

    COMMAND exit

    DESCRIPTION Exit from the current mode in the configuration or exit configuration mode completely.

    ARGUMENTS

    configuration-mode

    • description: Exit from configuration mode regardless of mode. If changes have been made to the configuration, you are prompted to save before exiting configuration mode.

    level

    • description: Exit from the current level. If performed on the top level, exits configuration mode. This is the default value.

    no-confirm

    • description: Exit configuration mode immediately, without committing any changes to the configuration.

    help

    COMMAND help

    DESCRIPTION Display help information about a specified command.

    ARGUMENTS

    <command>

    • type: string
    • description: Command for which you want to view help.

    insert

    COMMAND insert

    DESCRIPTION Insert a parameter or element.

    ARGUMENTS

    <path-to-file>

    • type: string
    • description: Element or parameter to insert. If the element already exists and has the indexedView option set in the data model, then the old element will be renamed to element+1 and the new element inserted in its place.

    load

    COMMAND load

    DESCRIPTION Load configuration from an ASCII file or from terminal.

    ARGUMENTS

    merge <filename/terminal>

    • description: Merge with the existing configuration.

    override <filename/terminal>

    • description: Overwrite the old configuration.

    replace <filename/terminal>

    • description: Replace the old configuration.

    move

    COMMAND move

    DESCRIPTION Move an element or parameter.

    ARGUMENTS

    <path-to-file> <position>

    • type: strings
    • description: Element or parameter to move and the position to move this element. The element can be moved first, last (default), before, or after an element.

    no

    COMMAND no

    DESCRIPTION Delete or unset a configuration command.

    ARGUMENTS

    <command>

    • type: string
    • description: Command to delete or unset.

    pwd

    COMMAND pwd

    DESCRIPTION Display the current path in the configuration hierarchy.

    ARGUMENTS This command has no arguments.


    rename

    COMMAND rename

    DESCRIPTION Rename an instance.

    ARGUMENTS

    <path>

    • description: Path for the instance.

    <identifier>

    • description: New identifier for the instance.

    resolved

    COMMAND resolved

    DESCRIPTION Indicate that conflicts have been resolved.

    ARGUMENTS This command has no arguments.


    revert

    COMMAND revert

    DESCRIPTION Copy the running configuration.

    ARGUMENTS

    no-confirm

    • description: Copy the running configuration without prompting the user to confirm.

    rollback

    COMMAND rollback

    DESCRIPTION Returns the configuration to a previously committed configuration.

    ARGUMENTS

    configuration <rollback-version>

    • type: int
    • description: Return to an earlier committed version. The most recently committed configuration (the running configuration) is number 0, the next most recent is 1, and so on.

    selective <rollback-version>

    • type: int
    • description: Return to a specific earlier committed configuration. This might succeed or fail depending on the content of the delta rollback.

    EXAMPLES

    Return to the configuration changes made in rollback versions 0 and 1:

    appliance-1(config)# rollback configuration 1
    

    Return to the configuration changes made only in rollback version 1:

    appliance-1(config)# rollback selective 1
    

    save

    COMMAND save

    DESCRIPTION Save the whole or parts of the current configuration to a file.

    ARGUMENTS

    <filename>

    • description: Filename to which the configuration is saved. By default, the configuration is saved in curly bracket format.

    xml

    • description: Save the configuration in XML format.

    service

    COMMAND service

    DESCRIPTION Configures the CLI prompt. By default, the CLI prompt consists of the system name followed by an angle bracket (>) for user mode or a pound sign (#) for privileged mode. Use the the prompt string or the no service prompt config command to customize the CLI prompt for your system.

    ARGUMENTS

    prompt

    • description: Text of CLI prompt to be used.

    show

    COMMAND show

    DESCRIPTION Display a specified parameter.

    ARGUMENTS

    configuration

    • description: Display the current configuration buffer.

    full-configuration

    • description: Display the current configuration.

    history <number-of-items-to-show>

    • type: int
    • description: Display CLI command history.

    parser <command-prefix>

    • type: string
    • description: Display all possible commands starting with <command-prefix>.

    tag

    COMMAND tag

    DESCRIPTION Configure statement tags.

    ARGUMENTS

    add <statement> <tag>

    • type: string
    • description: Add a tag to a configuration statement.

    clear <statement>

    • type: string
    • description: Remove all tags from a configuration statement.

    del <statement> <tag>

    • type: string
    • description: Remove a tag from a statement.

    top

    COMMAND top

    DESCRIPTION Exit to the top level of the configuration hierarchy. You can optionally run a command after exiting to the top level.

    ARGUMENTS

    <command>

    • type: string
    • description: Optional command to run after exiting to the top level.

    validate

    COMMAND validate

    DESCRIPTION Verify that the candidate configuration contains no errors. This performs the same operation as commit check.

    ARGUMENTS This command has no arguments.


    cluster nodes node

    COMMAND cluster nodes node

    DESCRIPTION Configure whether a node is enabled or disabled on the system.

    ARGUMENTS

    config enabled

    • description: Enable a node on the system.

    config disabled

    • description: Disable a node on the system.

    config name <string>

    • type: string
    • description: A descriptive name for the node.

    EXAMPLE

    Disable node-1 on the system:

    appliance-1(config)# cluster nodes node node-1 config disabled
    

    cluster nodes node reboot

    COMMAND cluster nodes node reboot

    DESCRIPTION Reboot a node on the system.

    ARGUMENTS

    This command has no arguments.


    cluster disk-usage-threshold

    COMMAND cluster disk-usage-threshold

    DESCRIPTION Configure options for triggering disk usage alarms.

    ARGUMENTS

    config critical-limit <percentage>

    • type: unsignedByte
    • description: Percentage of disk usage that is allowed before triggering a critical alarm. The range is from 0 to 100%.

    config error-limit <percentage>

    • type: unsignedByte
    • description: Percentage of disk usage that is allowed before triggering an error alarm. The range is from 0 to 100%.

    config growth-rate-limit <percentage>

    • type: unsignedByte
    • description: Percentage of allowed disk usage growth. The range is from 0 to 100%.

    config interval <time-in-minutes>

    • type: unsignedByte
    • description: Time, in minutes, at which the system monitors disk usage.

    config warning-limit <percentage>

    • type: unsignedByte
    • description: Percentage of disk usage that is allowed before triggering a warning alarm. The range is from 0 to 100%.

    components

    COMMAND components

    DESCRIPTION

    Configure properties for hardware components.

    ARGUMENTS

    The availability of options for this command depends on which hardware component you are configuring.

    component <specific-component>

    • type: string
    • description: Name of the specific component. Available options are:
      • lcd
      • platform
      • psu-1
      • psu-2 (if installed)

    component <specific-component> config name

    • type: string
    • description: An optional descriptive name for a specific component.

    component <specific-component> properties property <specific-property>

    • type: string
    • description: An optional descriptive name or value for a specific component.

    component <specific-component> subcomponents subcomponent <specific-subcomponent>

    • type: string
    • description: An optional descriptive name or value for a specific component.

    file config concurrent-operations-limit

    COMMAND file config concurrent-operations-limit

    DESCRIPTION Specify how many concurrent file operations are allowed at a time.

    ARGUMENTS

    <number-of-file-ops>

    • type: byte
    • description: The number of concurrent file operations allowed at a time.

    EXAMPLE

    Limit the number of concurrent file operations to 10:

    appliance-1-active# file config concurrent-operations-limit 10
    

    file known-hosts known-host

    COMMAND file known-hosts known-host

    DESCRIPTION Add the IP address (and therefore, the public key) of a specified remote-host to the system known_hosts file.

    ARGUMENTS

    config fingerprint

    • type: boolean
    • description: Fingerprint received from remote-host string.

    config remote-host

    • type: string
    • description: The remote system FQDN or IPv4/IPv6 address. The minimum length is 1 character, and the maximum length is 253 characters.

    file import

    COMMAND file import

    DESCRIPTION Transfer a remote file to the system. These directories are available for use for file import operations on the system:

    • images/staging
    • images/import
    • images/tenant
    • diags/shared
    • configs/

    ARGUMENTS

    insecure

    • description: Disable SSL certificate verification of the remote system.

    local-file <path-to-file>

    • type: string
    • description: Path to the local file.

    password <password>

    • type: string
    • description: Password for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

    protocol [ scp | sftp | https ]

    • type: enumeration
    • description: Protocol to be used for file transfer.

    remote-file <path-to-file>

    • type: string
    • description: Path to the remote file.

    remote-host <path-to-file>

    • type: string
    • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

    remote-port <port-number>

    • type: unsignedShort
    • description: Port number to use for file transfer. The range is from 1 to 65535.

    remote-url <url>

    • type: string
    • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

    username <username>

    • type: string
    • description: Username for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

    web-token <webtoken>

    • type: string
    • description: Web token for connecting to the remote server.

    EXAMPLE

    Transfer a file named myfile.iso from the remote host files.company.com on port 443 to the images/staging directory on the system:

    appliance-1(config)# file import local-file images/staging remote-file images/myfile.iso remote-host files.company.com remote-port 443
    result File transfer is initiated.(images/staging/myfile.iso)
    

    file export

    COMMAND file export

    DESCRIPTION Transfer a file from the system to a remote system. These directories are available for use for file export operations on the system:

    • log
    • log/conf
    • diags/crash
    • diags/core
    • images/staging
    • images/import
    • images/tenant
    • diags/shared
    • configs/

    insecure

    • description: Disable SSL certificate verification of the remote system.

    local-file <path-to-file>

    • type: string
    • description: Path to the local file.

    password <password>

    • type: string
    • description: Password for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

    protocol [ scp | sftp | https ]

    • type: enumeration
    • description: Protocol to be used for file transfer.

    remote-file <path-to-file>

    • type: string
    • description: Path to the remote file.

    remote-host <path-to-file>

    • type: string
    • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

    remote-port <port-number>

    • type: unsignedShort
    • description: Port number to use for file transfer. The range is from 1 to 65535.

    remote-url <url>

    • type: string
    • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

    username <username>

    • type: string
    • description: Username for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

    web-token <webtoken>

    • type: string
    • description: Web token for connecting to the remote server.

    EXAMPLE

    Transfer a file named appliance.log from the local host to the /home/jdoe/ directory at files.company.com, using the username jdoe:

    appliance-1(config)# file export local-file log/host/appliance.log remote-host files.company.com remote-file home/jdoe/appliance.log username jdoe password
    Value for 'password' (<string>): *********
    result File transfer is initiated.(log/host/appliance.log)
    

    file delete

    COMMAND file delete

    DESCRIPTION Delete a specified file from the system. You can use file delete only on files in the diags/shared and core directories.

    ARGUMENTS

    file-name <path-to-file>

    • type: string
    • description: File to be deleted.

    EXAMPLE

    Delete a specified QKView file from the system:

    appliance-1(config)# file delete file-name diags/shared/qkview/qkview.tar
        result Deleting the file
    

    file list

    COMMAND file list

    DESCRIPTION Display a list of directories and files in a specified path.

    ARGUMENTS

    path <filepath>

    • type: string
    • description: Path for which you want to view the included files and directories.

    EXAMPLE

    Display a list of files in images/staging:

    appliance-1(config)# file list path images/staging
    entries {
        name
    R2R4.1.1.0-5810.iso
    }
    

    file show

    COMMAND file show

    DESCRIPTION Display the contents of a specified file. This command works only in operational mode, not config mode.

    ARGUMENTS

    <path-to-file>

    • type: string
    • description: File that you want to view.

    EXAMPLE

    Display the contents of the file log/appliance.log:

    appliance-1# file show log/host/appliance.log
    2022-04-07 15:05:27.612513079 - Registry port is 2000 for orchestration-manager
    2022-04-07 22:05:35.755369 - OMD log is initialized
    2022-04-07 22:05:35.755369 - 8:-2304 - applianceMainEventLoop::Orchestration manager startup.
    2022-04-07 22:05:35.760751 - 8:-16787712 - Can now ping appliance-1.chassis.local (100.65.60.1).
    2022-04-07 22:10:51.269193 - 8:-2304 - Waiting for connectivity checks on System.
    2022-04-07 22:11:07.949118 - 8:-16787712 - Successfully ssh'd to appliance 127.0.0.1.
    2022-04-07 22:11:12.856712 - 8:-2304 - Connectivity checks passed for System.
    2022-04-07 22:12:16.603387 - 8:-2304 - K3S cluster installation in appliance is succeeded.
    appliance-flannel_image|localhost:2000/appliance-flannel:0.13.0
    ...
    

    file tail

    COMMAND file tail

    DESCRIPTION Display only the last 10 lines of a specified file. This command works only in operational mode, not config mode.

    ARGUMENTS

    <path-to-file>

    • type: string
    • description: File that you want to view.

    -f

    • description: Display appended data as the file grows. Type Ctrl+C to cancel the operation.

    -n <number-of-lines>

    • description: Display a specific number of lines, instead of only the last 10 lines.

    EXAMPLES

    Display only the last 10 lines of log/host/appliance.log:

    appliance-1# file tail log/host/appliance.log
    Upgrade found appliance-flannel_image|localhost:2001/appliance-flannel:0.13.0
    appliance-multus_image|localhost:2001/appliance-multus:3.6.0
    Upgrade found appliance-multus_image|localhost:2001/appliance-multus:3.6.0
    2021-11-10 17:33:36.195643 - 8:695531264 - K3s IMAGE update is succeeded.
    2021-11-11 21:46:29.832495 - 8:469759744 - K3S cluster is NOT ready.
    2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
    2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
    2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
    2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
    2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.
    

    Display the last 10 lines of log/host/appliance.log and keep appending output as the file grows:

    appliance-1(config)# file tail -f log/host/appliance.log
    Upgrade found appliance-flannel_image|localhost:2001/appliance-flannel:0.13.0
    appliance-multus_image|localhost:2001/appliance-multus:3.6.0
    Upgrade found appliance-multus_image|localhost:2001/appliance-multus:3.6.0
    2021-11-10 17:33:36.195643 - 8:695531264 - K3s IMAGE update is succeeded.
    2021-11-11 21:46:29.832495 - 8:469759744 - K3S cluster is NOT ready.
    2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
    2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
    2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
    2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
    2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.
    

    Display only the last five lines of log/appliance.log:

    appliance-1# file tail -n 5 log/host/appliance.log
    No Image Changes Found for normal reboot
    sriov-cni_image|localhost:2000/sriov-cni:1.0.2
    No Image Changes Found for normal reboot
    sriov-network-device-plugin_image|localhost:2000/sriov-network-device-plugin:1.0.0
    No Image Changes Found for normal reboot
    

    file transfer-status

    COMMAND file transfer-status

    DESCRIPTION Display the status of file transfer operations. This command works in both operational mode and config mode.

    ARGUMENTS

    file-name <path-to-file>

    • type: string
    • description: View the status of a specific file that you have transferred.

    EXAMPLE

    Check the status of file transfers:

    appliance-1(config)# file transfer-status
    result
    S.No.|Operation |Protocol|Local File Path |Remote Host |Remote File Path |Status
    1 |Import file|HTTPS |images/staging/myfile.iso |files.company.com |images/myfile.iso |In Progress (15.0%)
    

    ````

    Config Mode Commands


    images remove

    COMMAND images remove

    DESCRIPTION Remove tenant image.

    ARGUMENTS

    name <image-name>.bundle

    • type: string
    • description: Name of the .bundle image file.

    EXAMPLE

    Remove the .bundle file named BIGIP-15.1.5-0.0.11.ALL-F5OS.zip.bundle:

    appliance-1(config)# images remove name BIGIP-15.1.5-0.0.11.ALL-F5OS.zip.bundle
    result Successful.
    

    interfaces interface

    COMMAND interfaces interface

    DESCRIPTION Configure network interface attributes.

    ARGUMENTS

    config description <description>

    • type: string
    • description: The description of the interface.

    config enabled

    • type: boolean
    • description: The configured, desired state of the interface. This field can be set only to ieee8023adLag when creating LAG interfaces.

    config name <name>

    • type: string
    • description: The name of the interface. The minimum length is 1 character, and the maximum length is 63 characters.

    config type <type>

    • type: identityref
    • description: The type of the interface.

    EXAMPLE

    Configure a description for interface 1.0 and verify that it was configured correctly:

    appliance-1(config)# interfaces interface 1.0 config description "100G Link"
    appliance-1(config-interface-1/1.0)# commit
    Commit complete.
    appliance-1(config-interface-1.0)# exit
    appliance-1(config)# end
    appliance-1# show running-config interfaces interface 1.0 config
    interfaces interface 1/1.0
     config name 1.0
     config type ethernetCsmacd
     config description "100G Link"
     config enabled
    !
    

    interfaces interface <lag-name> aggregation config

    COMMAND interfaces interface <lag-name> aggregation config

    DESCRIPTION Configure link aggregation groups (LAGs) and their attributes.

    ARGUMENTS

    lag-type [ STATIC | LACP ]

    • type: aggregation-type
    • description: Link aggregation type.

    distribution-hash [ dst-mac | src-dst-ipport | src-dst-mac ]

    • type: enumeration.
    • description: Supported load balancing hash values. Available options are:
      • dst-mac
      • src-dst-ipport
      • src-dst-mac

    switched-vlan config native-vlan <vlan-id>

    • type: unsignedShort
    • description: The native VLAN identifier for untagged frames arriving on a trunk interface. The range is from 1 to 4094.

    switched-vlan config trunk-vlans <vlan-ids>

    • type: list of unsignedShort
    • description: VLANs that the LAG members may carry. The range is from 1 to 4094.

    EXAMPLE

    Create a LAG named test-lag that uses dst-mac for the hash, assign trunk VLAN IDs 99 and 101, and then verify that it was configured correctly:

    appliance-1(config)# interfaces interface test-lag aggregation config distribution-hash dst-mac
    appliance-1(config)# commit
    appliance-1(config)# interfaces interface test-lag aggregation switched-vlan config trunk-vlans [ 99 101 ]
    appliance-1(config)# commit
    
    appliance-1# show running-config interfaces interface test-lag aggregation switched-vlan config
    interfaces interface test-lag
     aggregation switched-vlan config trunk-vlans [ 99 101 ]
    !
    

    interfaces interface <interface-name> ethernet

    COMMAND interfaces interface <interface-name> ethernet

    DESCRIPTION Configure physical interfaces attributes.

    ARGUMENTS

    config aggregate-id <aggregate-interface>

    • type: leafref
    • description: The logical aggregate interface (LAG) to which this interface belongs. The user is prompted with a list of configured LAGs.

    switched-vlan config native-vlan

    • type: unsignedShort
    • description: The native VLAN identifier for untagged frames arriving on the Ethernet interface. The range is from 1 to 4094.

    switched-vlan config trunk-vlans

    • type: list of unsignedShort
    • description: VLANs that the Ethernet interface can carry. The range is from 1 to 4094.

    interfaces interface <interface-name> ethernet config

    COMMAND interfaces interface <interface-name> ethernet config

    DESCRIPTION Configure Ethernet options for a specified interface.

    ARGUMENTS

    aggregate-id <interface>

    • description: The logical aggregate interface to which this interface belongs.

    interfaces interface mgmt ethernet config

    COMMAND interfaces interface mgmt ethernet config

    DESCRIPTION Configure Ethernet options for the management interface.

    ARGUMENTS

    auto-negotiate [ false | true ]

    • description: Whether to enable auto negotiation. Set to true to enable auto negotiate or false to disable it.

    duplex-mode [ FULL | HALF ]

    • description: Whether to enable full or half duplex on an interface. Set to FULL to enable full duplex on an interface or set to HALF to enable half duplex on an interface.

    port-speed

    • description: The port speed for the management interface. Available options are:
      • SPEED_1GB
      • SPEED_10MB
      • SPEED_100MB

    EXAMPLES

    Configure the management interface to use the FULL duplex mode:

    appliance-1(config)# interfaces interface mgmt ethernet config duplex-mode FULL
    

    lacp config system-priority

    COMMAND lacp config system-priority

    DESCRIPTION System priority and system MAC are combined as system-id, which is required by the LACP protocol. System MAC is not configurable.

    ARGUMENTS

    <priority>

    • type: unsignedShort
    • description: System priority used by the node on this LAG interface. A lower value indicates higher priority for determining which node is the controlling system. The default value is 32768.

    EXAMPLES

    Configure system priority to be 1000:

    appliance-1(config)# lacp config system-priority 1000
    

    lacp interfaces interface

    COMMAND lacp interfaces interface <lag-interface> config name <interface>

    DESCRIPTION

    Configure LACP to manage the LAG interface. To use LACP to manage a LAG interface, the LAG interface must already exist or be created first. LAG interfaces can have multiple interface members, and the LAG interface state is up as long as there is at least one active member. There must be valid VLANs attached to LAG interface to pass user traffic. Be sure that the VLAN exists before attaching it to a LAG interface.

    ARGUMENTS

    interval [ FAST | SLOW ]

    • type: enumeration
    • description: The interval at which interfaces send LACP packets. Set the interval to FAST to have packets sent every second. Set the interval to SLOW to have packets sent every 30 seconds.

    lacp-mode [ ACTIVE | PASSIVE ]

    • type: enumeration
    • description: Set to PASSIVE to place a port into a passive negotiating state, in which the port responds to received LACP packets, but does not initiate LACP negotiation. Set to ACTIVE to place a port into an active negotiating state, in which the port initiates negotiations with other ports by sending LACP packets.

    name <name>

    • type: string
    • description: User-defined name for the LACP interface. The minimum length is 1 character, and the maximum length is 63 characters.

    system-id-mac <mac-address>

    • type: mac-address
    • description: Hex list representation of the Layer 2 MAC address. The format must be exactly 6 octets in the format xx:xx:xx:xx:xx:xx.

    system-priority <priority>

    • type: unsignedShort
    • description: System priority used by the node on this LAG interface. A lower value indicates higher priority for determining which node is the controlling system.

    EXAMPLES

    Configure an LACP interface, set it to place the port into an active negotiating state, and set the interval to have packets sent every second:

    appliance-1(config)# lacp interfaces interface lag1 config lacp-mode ACTIVE interval FAST
    

    Create a LAG interface named lag1 with the type ieee8023adLag:

    appliance-1(config)# interfaces interface lag1 config type ieee8023adLag; commit
    

    Enable LACP on a LAG interface named lag1:

    appliance-1(config)# interfaces interface lag1 aggregation config lag-type LACP; commit
    

    Create an LACP interface named lag1 with default parameters (internal is set to SLOW, lacp-mode is set to ACTIVE):

    appliance-1(config)# lacp interfaces interface lag1 config name lag1; commit
    

    Add interface 1/1.0 and 1/2.0 as interface members into a LAG named lag1:

    appliance-1(config)# interfaces interface 1/1.0 ethernet config aggregate-id lag1
    appliance-1(config)#  interfaces interface 1/2.0 ethernet config aggregate-id lag1
    appliance-1(config)#  commit
    

    Attach VLANs 1000 and 1001 to a LAG interface named lag1:

    appliance-1(config)# interfaces interface lag1 aggregation switched-vlan config trunk-vlans [ 1000 1001 ]
    appliance-1(config)# commit
    

    lldp config

    COMMAND lldp config

    DESCRIPTION Configure Link Layer Discovery Protocol (LLDP) on the system.

    ARGUMENTS

    disabled

    • type: boolean
    • description: Disable LLDP on the system.

    enabled

    • type: boolean
    • description: Enable LLDP on the system.

    max-neighbors-per-port <neighbors>

    • type: unsignedShort
    • description: Maximum number of LLDP neighbors per port. The default value is 10.

    reinit-delay <delay>

    • type: unsignedShort
    • description: System delay time to re-initialize LLDP data unit (LLDPDU). The default value is 2.

    system-description <description>

    • type: string
    • description: System description for LLDP. The minimum length is 0 characters, and the maximum length is 255 characters.

    system-name <name>

    • type: string
    • description: System name for LLDP. The minimum length is 0 characters, and the maximum length is 255 characters.

    tx-delay <delay>

    • type: unsignedShort
    • description: System delay time to transmit LLDPDU. The default value is 2.

    tx-hold <hold>

    • type: unsignedShort
    • description: System hold time to transmit LLDPDU. The default value is 4.

    tx-interval <interval>

    • type: unsignedShort
    • description: System interval to transmit LLDPDU. The range is from 5 to 32768. The default value is 30.

    EXAMPLE

    Configure a system-description for LLDP and verify that it was configured correctly:

    appliance-1(config)# lldp config system-description "Test system description"
    appliance-1(config)# commit
    Commit complete.
    appliance-1(config)# end
    appliance-1# show running-config lldp config
    lldp config enabled
    lldp config system-description "Test system description"
    lldp config tx-interval 30
    lldp config tx-hold    4
    lldp config reinit-delay 2
    lldp config tx-delay   2
    lldp config max-neighbors-per-port 10
    

    lldp interfaces interface <interface-name> config

    COMMAND lldp interfaces interface <interface-name> config

    DESCRIPTION Configure LLDP attributes for an interface.

    ARGUMENTS

    name <name>

    • type: string
    • description: The name of the LLDP interface. The minimum length is 1 character, and the maximum length is 63 characters.

    enabled

    • type: boolean
    • description: Enable LLDP for the specified interface.

    disabled

    • type: boolean
    • description: Disable LLDP for the specified interface.

    tlv-advertisement-state [ none | txonly | rxonly | txrx ]

    • type: lldp-tlv-advertisement-direction, description: txrx
    • description: LLDP PDU direction for LLDP Type-Length-Value (TLV) advertisement.

    tlvmap <tlvmap-bit>

    • type: lldp-tlvmap-bits
    • description: Bitmap to define the LLDP TLV to be transmitted. Available options are:
      • chassis-id
      • link-aggregation
      • macphy
      • management-address
      • mfs
      • port-description
      • port-id
      • power-mdi
      • ppvid
      • product-model
      • protocol-identity
      • pvid
      • system-capabilities
      • system-description
      • system-name
      • ttl
      • vlan-name

    EXAMPLE

    Configure a tlv-advertisement-state for LLDP interface 1.0 on and verify that it was configured correctly:

    appliance-1(config)# lldp interfaces interface 1.0 config tlv-advertisement-state txrx
    appliance-1(config-interface-1.0)# commit
    Commit complete.
    appliance-1(config-interface-1.0)# top
    appliance-1(config)# end
    appliance-1# show running-config lldp interfaces interface 1.0
    lldp interfaces interface 1.0
     config name             1.0
     config enabled
     config tlv-advertisement-state txrx
     config tlvmap           chassis-id,port-id,ttl,port-description,system-name,system-description,system-capabilities,pvid,ppvid,vlan-name,protocol-identity,macphy,link-aggregation,power-mdi,mfs,product-model
    !
    

    port-profile

    COMMAND port-profiles port-profile

    DESCRIPTION Configure port profiles for front-panel interfaces (ethernet ports).

    ARGUMENTS

    config mode [ 2x25G-4x10G | 4x25G | 8x10G ]

    • type: enumeration
    • description: Port profile used for front-panel interfaces. Available options include:
      • 2x25G-4x10G
      • 4x25G
      • 8x10G

    EXAMPLE

    Configure the port profile to be four ports at 25G:

    appliance-1(config)# port-profile config mode 4x25G
    

    portgroups portgroup

    COMMAND portgroups portgroup

    DESCRIPTION Configure port group attributes.

    ARGUMENTS

    <portgroup> config name <name>

    • type: string
    • description: The name of the port group.

    <portgroup> config mode [ MODE_10GB | MODE_25GB ]

    • type: enumeration
    • description: The mode of the port group. All port groups on the system must be configured with the same mode. Changing to a different mode will restart the system. Available options are:
      • MODE_10GB
      • MODE_25GB

    <portgroup> config ddm ddm-poll-frequency <frequency>

    • type: unsignedInt
    • description: DDM polling frequency in seconds. Set to 0 (zero) to disable the polling.

    EXAMPLE

    Configure a port group on interface 1 to use a DDM polling frequency of 20 seconds:

    appliance-1(config)# portgroups portgroup 1 config ddm ddm-poll-frequency 20
    

    Configure the port mode on interface 1 to be MODE_25GB:

    appliance-1(config)# portgroups portgroup 1 config mode MODE_25GB
    

    system aaa authentication config authentication-method

    COMMAND

    system aaa authentication config authentication-method

    DESCRIPTION

    Specify which authentication methods can be used to authenticate and authorize users. You can enable all methods and indicate the order in which you'd like the methods to be attempted when a user logs in.

    ARGUMENTS

    [ LDAP_ALL | LOCAL | RADIUS_ALL | TACACS_ALL ]

    • type: enumeration
    • description: Set one or more types. Authentication is tried on the order in which it is configured here.

    EXAMPLE

    Attempt to authenticate in this order: LDAP, then RADIUS, and then local (/etc/password):

    appliance-1(config)# system aaa authentication config authentication-method [ LDAP_ALL RADIUS_ALL LOCAL ]
    

    system aaa authentication ldap active_directory

    COMMAND system aaa authentication ldap active_directory

    DESCRIPTION

    Specify whether to enable LDAP Active Directory (AD).

    ARGUMENTS

    [ false | true ]

    • type: enumeration
    • description: Set to true to enable LDAP AD or false to disable it. The default value is false.

    EXAMPLE

    Enable LDAP AD on the system:

    appliance-1(config)# system aaa authentication ldap active_directory true
    

    system aaa authentication ldap base

    COMMAND

    system aaa authentication ldap base

    DESCRIPTION

    Specify the search base distinguished name (DN) for LDAP authentication. Note that the configuration of base values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters. These must be the same as what is configured in the LDAP server.

    ARGUMENTS

    <dn-name>

    • type: list of string
    • description: The distinguished name from which to start the search for the LDAP user. The default format is 1 to 255 alphanumeric characters. Allowed special characters include: = . , -

    EXAMPLE

    appliance-1(config)# system aaa authentication ldap base dc=xyz,dc=com
    appliance-1(config)# system aaa authentication ldap base [ dc=xyz,dc=com dc=abc,dc=com ]
    

    system aaa authentication ldap bind_timelimit

    COMMAND system aaa authentication ldap bind_timelimit

    DESCRIPTION

    Specify a maximum amount of time to wait for LDAP authentication to return a result.

    ARGUMENTS

    <value-in-seconds>

    • type: unsignedShort
    • description: The maximum bind time limit, in seconds. The default value is 30.

    EXAMPLE

    Set a maximum bind time limit of 60 seconds:

    appliance-1(config)# system aaa authentication ldap bind_timelimit 60
    

    system aaa authentication ldap binddn

    COMMAND

    system aaa authentication ldap binddn

    DESCRIPTION

    Specify the distinguished name (DN) of an account that can search the base DN. If no account is specified, the LDAP connection establishes without authentication. Note that the configuration of binddn values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters; these must be the same as what is configured in the LDAP server.

    ARGUMENTS

    <dn-acct-info>

    • type: string
    • description: The account that is allowed to search the base DN. The default format is 1 to 255 alphanumeric characters. Allowed special characters include: = . , -

    EXAMPLE

    Set the distinguished name of a specified account for searching the base DN:

    appliance-1(config)# system aaa authentication ldap binddn cn=admin,dc=xyz,dc=com
    

    system aaa authentication ldap bindpw

    COMMAND

    system aaa authentication ldap bindpw

    DESCRIPTION

    Specify the password of the search account identified in binddn.

    ARGUMENTS

    <password>

    • type: AES encrypted string
    • description: The password for the search account on the LDAP server. This option is required if you enter a value for the binddn option. The default value is none.

    EXAMPLE

    Specify a password for the search account on the LDAP server:

    appliance-1(config)# system aaa authentication ldap bindpw <password>
    

    system aaa authentication ldap idle_timelimit

    COMMAND

    system aaa authentication ldap idle_timelimit

    DESCRIPTION

    Configure the maximum amount of time before the LDAP connection can be inactive before it times out.

    ARGUMENTS

    <number-of-seconds>

    • type: unsignedShort
    • description: The maximum idle timeout, in seconds. The default value is 30.

    EXAMPLE

    Set a maximum idle timeout of 60 seconds:

    appliance-1(config)# system aaa authentication ldap idle_timelimit 60
    

    system aaa authentication ldap ldap_version

    COMMAND

    system aaa authentication ldap ldap_version

    DESCRIPTION

    Specify the LDAP protocol version number.

    ARGUMENTS

    <version-number>

    • type: unsignedByte
    • description: The protocol version number for the LDAP server. The range is from 1 to 3. The default value is 3.

    EXAMPLE

    Specify that LDAPv3 is used for the LDAP server:

    appliance-1(config)# system aaa authentication ldap ldap_version 3
    

    system aaa authentication ldap ssl

    COMMAND

    system aaa authentication ldap ssl

    DESCRIPTION

    Specify whether to enable Transport Layer Security (TLS) functionality for the LDAP server.

    ARGUMENTS

    on

    • type: string
    • description: Enable TLS to secure all connections.

    off

    • type: string
    • description: Disable TLS to secure all connections.

    start_tls

    • type: string
    • description: Start a connection in unencrypted mode on a port configured for plain text and negotiates TLS/SSL encryption with the client. If selected, it is used rather than raw LDAP over SSL.

    EXAMPLE

    Specify that TLS is enabled for all connections:

    appliance-1(config)# system aaa authentication ldap ssl on
    

    system aaa authentication ldap timelimit

    COMMAND

    system aaa authentication ldap timelimit

    DESCRIPTION

    Specify a maximum time limit to use when performing LDAP searches to receive an LDAP response.

    ARGUMENTS

    <number-of-seconds>

    • type: unsignedShort
    • description: The time limit, in seconds, used for LDAP searches.

    EXAMPLE

    Specify a maximum time limit of 60 seconds for LDAP searches:

    appliance-1(config)# system aaa authentication ldap timelimit 60
    

    system aaa authentication ldap tls_cacert

    COMMAND

    system aaa authentication ldap tls_cacert

    DESCRIPTION

    Specify the CA certificate to be used for authenticating the TLS connection with the CA server. Also validates an issued certificate from a CA prior to accepting it into the system.

    ARGUMENTS

    <path-to-cacert>

    • type: string
    • description: The PEM-formatted X.509 certificate (self-signed or from a CA). The default value is none.

    EXAMPLE

    Specify a certificate for authenticating the TLS connection:

    appliance-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
    

    system aaa authentication ldap tls_cert

    COMMAND

    system aaa authentication ldap tls_cert

    DESCRIPTION

    Specify the file that contains the certificate for the client's key.

    ARGUMENTS

    <path-to-cacert>

    • type: string
    • description: The file that contains the certificate.

    EXAMPLE

    Specify a file that contains the certificate for a client's key:

    appliance-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
    

    system aaa authentication ldap tls_ciphers

    COMMAND

    system aaa authentication ldap tls_ciphers

    DESCRIPTION

    Specify acceptable cipher suites for the TLS library in use. For example, ECDHE-RSAAES256-GCM-SHA384 or ECDHE-RSA-AES128-GCM-SHA256.

    The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.

    ARGUMENTS

    <cipher-suite>

    • type: string
    • description: The cipher suite for the TLS library in use.

    EXAMPLE

    Specify the cipher suite for the TLS library in use:

    appliance-1(config)# system aaa authentication ldap tls_cyphers <cipher-suite>
    

    system aaa authentication ldap tls_key

    COMMAND

    system aaa authentication ldap tls_key

    DESCRIPTION

    Specify the file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert command.

    ARGUMENTS

    <path-to-file>

    • type: AES encrypted string
    • description: The file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert command.

    system aaa authentication ldap tls_reqcert

    COMMAND

    system aaa authentication ldap tls_reqcert

    DESCRIPTION

    Specify what checks to perform on certificates in a TLS session. The default value is never.

    ARGUMENTS

    never

    • type: string
    • description: This level indicates that a certificate is not required. This is the default level.

    allow

    • type: string
    • description: This level indicates that a certificate is requested. If none is provided, the session proceeds normally. If a certificate is provided, but the server is unable to verify it, the certificate is ignored and the session proceeds normally, as if no certificate had been provided.

    try

    • type: string
    • description: This level indicates that a certificate is requested. If no certificate is provided, the session proceeds normally. If a certificate is provided, and it cannot be verified, the session is terminated immediately.

    [ demand | hard ]

    • type: string
    • description: This level indicates that a certificate is requested and a valid certificate must be provided, otherwise the session is terminated immediately.

    EXAMPLE

    Specify that a certificate is not required for a TLS session:

    appliance-1(config)# system aaa authentication ldap tls_reqcert never
    

    system aaa authentication roles role

    COMMAND

    system aaa authentication roles role

    DESCRIPTION

    Specify the primary role assigned to the user.

    ARGUMENTS

    config gid

    • type: unsignedInt
    • description: The assigned system group ID for the role.

    config rolename

    • type: string
    • description: The assigned role name for the role; must comply with Linux naming policies.

    config users

    • type: list of strings
    • description: The roles assigned to the user.

    EXAMPLE

    Configure which rolename and system group ID is used for a specified role:

    appliance-1(config)# system aaa authentication roles role <rolename> config rolename <rolename> gid <unix-gid>
    

    system aaa authentication users user

    COMMAND

    system aaa authentication users user

    DESCRIPTION

    Configure options for users.

    ARGUMENTS

    config expiry-date <yyyy-mm-dd>

    • type: string
    • description: The date that you want the account to expire, in yyyy-mm-dd format. The default value is -1 (no expiration date). Use 1 to indicate expired.

    config last-change [ 0 | <yyyy-mm-dd> ]

    • type: int
    • description: Date of last password change, in yyyy-mm-dd format. Use 0 (zero) to indicate that the user must change the password at their next log in.

    config role

    • type: string
    • description: The role to which the user is assigned.

    tally-count

    • type: unsignedInt
    • description: The number of login failures, excluding root and admin users.

    config username

    • type: string
    • description: The name of the user.

    config set-password

    • type: string
    • description: Used by admin roles to change the password for other users.

    config change-password

    • type: string
    • description: Used by non-admin users to change their own password. This requires that they know their old password.

    EXAMPLE

    Configure a user named jdoe so that the user must change their password at their next log in and indicate that the account has no expiration date:

    appliance-1(config)# system aaa authentication users user jdoe config last-change 0 expiry-date -1
    

    system aaa password-policy config apply-to-root

    COMMAND

    system aaa password-policy config apply-to-root

    DESCRIPTION

    Specify whether to enforce password policies when the user configuring passwords is the root user. If enabled (true), the system returns an error on failed check if the root user changing the password. If disabled (false), the system displays a message about the failed check, but allows the root user to change the password and bypass password policies.

    ARGUMENTS

    [ false | true ]

    • type: enumeration
    • description: Set to true to enforce password policies even if it is the root user configuring passwords or false to disable it. The default value is false.

    system aaa password-policy config max-age

    COMMAND

    system aaa password-policy config max-age

    DESCRIPTION

    Configure the number of days that users can keep using the same password without changing it.

    ARGUMENTS

    max-age <days>

    • type: unsignedInt
    • description: The maximum number of days that a user can use the same password. The range of values is from 0 to 999999 days. Set to -1 to indicate that the password never expires.

    system aaa password-policy config max-login-failures

    COMMAND

    system aaa password-policy config max-login-failures

    DESCRIPTION

    Configure the maximum number of unsuccessful login attempts that are permitted before a user is locked out.

    ARGUMENTS

    max-login-failures <number-of-failures>

    • type: unsignedInt
    • description: The maximum number of unsuccessful login attempts that are permitted before a user is locked out. The range of values is from 0 to 65535.

    system aaa password-policy config min-length

    COMMAND

    system aaa password-policy config min-length

    DESCRIPTION

    Configure a minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default value is 9. If you want to allow passwords that are as short as 5 characters, you should not use min-length.

    ARGUMENTS

    min-length <size>

    • type: unsignedInt
    • description: The minimum length of new passwords. The range of values is from 6 to 255.

    system aaa password-policy config reject-username

    COMMAND

    system aaa password-policy config reject-username

    DESCRIPTION

    Check whether the user name is contained in the new password, either in straight or reversed form. If it is found, the new password is rejected.

    ARGUMENTS

    [ false | true ]

    • type: enumeration
    • description: Set to false to allow the user name in a new password or true to reject new passwords that contain the user name in some form. The default value is false.

    system aaa password-policy config required-differences

    COMMAND

    system aaa password-policy config required-differences

    DESCRIPTION

    Configure the number of character changes that are required in the new password that differentiate it from the old password.

    ARGUMENTS

    <number-of-diffs>

    • type: unsignedInt
    • description: The number of character changes required in a new password to differentiate it from the old password. The range is from 0 to 127. The default value is 5.

    system aaa password-policy config required-lowercase

    COMMAND

    system aaa password-policy config required-lowercase

    DESCRIPTION

    Configure the minimum number of lowercase character required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of lowercase characters required for a password. The range is from 0 to 127.

    system aaa password-policy config required-numeric

    COMMAND

    system aaa password-policy config required-numeric

    DESCRIPTION

    Configure the minimum number of numeric characters required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of numeric characters required for a password. The range is from 0 to 127.

    system aaa password-policy config required-special

    COMMAND

    system aaa password-policy config required-special

    DESCRIPTION

    Configure the minimum number of numeric characters required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of special characters required for a password. The range is from 0 to 127.

    system aaa password-policy config required-uppercase

    COMMAND

    system aaa password-policy config required-uppercase

    DESCRIPTION

    Configure the minimum number of numeric characters required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of uppercase characters required for a password. The range is from 0 to 127.

    system aaa password-policy config retries

    COMMAND

    system aaa password-policy config retries

    DESCRIPTION

    Configure the number of retries allowed when user authentication is unsuccessful.

    ARGUMENTS

    <number-of-retries>

    • type: unsignedInt
    • description: The number of retries allowed after unsuccessful user authentication. The range is from 0 to 127.

    system aaa password-policy config root-lockout

    COMMAND

    system aaa password-policy config root-lockout

    DESCRIPTION

    Configure whether the root account can be locked out after unsuccessful login attempts.

    ARGUMENTS

    [ false | true ]

    • type: enumeration
    • description: Set to false to disable root lockout after a number of unsuccessful login attempts or true to enable it. The default value is false.

    system aaa password-policy config root-unlock-time

    COMMAND system aaa password-policy config root-unlock-time

    DESCRIPTION

    Configure the time in seconds before the root user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts.

    ARGUMENTS

    <time-in-seconds>

    • type: unsignedInt
    • description: The amount of time (in seconds) after unsuccessful root user authentication before the user can retry logging in. The range is from 0 to 999999 seconds.

    system aaa password-policy config unlock-time

    COMMAND

    system aaa password-policy config unlock-time

    DESCRIPTION

    Configure the time in seconds before a user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts. If this option is not configured, the account is locked until the lock is removed manually by an administrator.

    ARGUMENTS

    <time-in-seconds>

    • type: unsignedInt
    • description: The amount of time (in seconds) after unsuccessful user authentication before the user can retry logging in. The range is from 0 to 999999 seconds.

    system aaa primary-key set

    COMMAND

    system aaa primary-key set

    DESCRIPTION

    Change the system primary encryption key with passphrase and salt. This is useful while migrating configuration from one machine to another.

    ARGUMENTS

    passphrase

    • type: string
    • description: The passphrase for the key. The minimum length is 6 characters, and the maximum length is 255 characters.

    confirm-passphrase

    • type: string
    • description: Set the option to confirm the passphrase input again.

    salt

    • type: string
    • description: The salt for the key. The minimum length is 6 characters, and the maximum length is 255 characters.

    confirm-salt

    • type: string
    • description: Set the option to confirm the salt input again.

    EXAMPLE

    Change the primary key, set a passphrase and salt, and then display the status of the key migration process:

    appliance-1(config)# system aaa primary-key set
    Value for 'passphrase' (<string, min: 6 chars, max: 255 chars>): ******
    Value for 'confirm-passphrase' (<string, min: 6 chars, max: 255 chars>): ******
    Value for 'salt' (<string, min: 6 chars, max: 255 chars>): *********
    Value for 'confirm-salt' (<string, min: 6 chars, max: 255 chars>): *********
    response description: Key migration is initiated. Use 'show system primary-key state status' to get status
    
    
    appliance-1# show system aaa primary-key state
    system aaa primary-key state hash Jt221bA3Xj73bClXPY9pdfQzauNUGO92hv1eXZbKcD/4G+Dr3u6hyFoahL+r3iIopJm4IzIInSwYsilAGdY08w==
    system aaa primary-key state status "COMPLETE        Initiated: Fri Apr 8 22:33:02 2022"
    

    system aaa server-groups server-group

    COMMAND

    system aaa server-groups server-group

    DESCRIPTION

    Configure one or more AAA servers of type RADIUS, LDAP, or TACACS+. The first server in the list is always used by default unless it is unavailable, in which case the next server in the list is used. You can configure the order of servers in the server group.

    ARGUMENTS

    <group-name> config name <name>

    • type: string
    • description: A descriptive name for the server.

    <group-name> config type [ LDAP | RADIUS | TACACS ]

    • type: enumeration
    • description: The type of authentication.

    <group-name> servers server <ip-address>

    • type: string
    • description: IP address for authentication server.

    system aaa tls ca-bundles ca-bundle

    COMMAND system aaa tls ca-bundles ca-bundle

    DESCRIPTION Configure a certificate authority bundle.

    ARGUMENTS

    name config content

    • type: string
    • description: Contents of a CA Bundle. The minimum length is 1 character.

    name config name

    • type: string
    • description: Name of CA Bundle.

    system aaa tls config certificate

    COMMAND

    system aaa tls config certificate

    DESCRIPTION

    Configure an SSL server certificate to be used for the webUI (HTTPS) or REST interface of the system.

    ARGUMENTS

    <certificate>

    • type: string
    • description: Valid certificate content.

    EXAMPLE

    Add a certificate and key to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the certificate/key. After you have added a certificate, you must add a key using system aaa tls config key, commit the changes:

    appliance-1(config)# system aaa tls config certificate
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# system aaa tls config key
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# commit
    Commit complete.
    

    system aaa tls config key

    COMMAND

    system aaa tls config key

    DESCRIPTION

    Configure a PEM-encoded private key to be used for the webUI (HTTPS) or REST interface of the system. Key value is encrypted in DB storage.

    ARGUMENTS

    <key>

    • type: AES encrypted string
    • description: Valid key content.

    EXAMPLE

    Add a TLS key and certificate to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the key/certificate. After you have added a key, you must add a certificate using system aaa tls config certificate:

    appliance-1(config)# system aaa tls config key
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# system aaa tls config certificate
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# commit
    Commit complete.
    

    system aaa tls crls crl

    COMMAND system aaa tls crls crl

    DESCRIPTION Configure a Certificate Revocation List Entry (CRL).

    ARGUMENTS

    config name <name>

    • type: string
    • description: Name of CRL entry.

    config revocation-key <crl>

    • type: string
    • description: Specifies the PEM-encoded CRL. The minimum length is 1 character.

    EXAMPLE

    Add a new CRL to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the CRL key.

    appliance-1(config)# system aaa tls crls crl <crl-name>
    Value for 'config revocation-key' (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    appliance-1(config)# commit
    Commit complete.
    

    system aaa tls create-self-signed-cert

    COMMAND system aaa tls create-self-signed-cert

    DESCRIPTION Create an OpenSSL key for use with AAA/TLS.

    ARGUMENTS

    key-type [ rsa | ecdsa ]

    • type: enumeration
    • description: Key type to use with the self-signed certificate. Available options are RSA and ECDSA (Elliptic Curve Digital Signature Algorithm).

    key-size <key-size>

    • type: unsignedInt,
    • description: Size of key. The range is from 2048 to 8192 bytes.

    days-valid <number>

    • type: unsignedInt
    • description: The number of days for which a certificate is valid.

    curve-name <curve-type>

    • type: enumeration
    • description: The ECDSA curve type to use. The default value is secp521r1. Available options are:
      • brainpoolP160r1: RFC 5639 curve over a 160 bit prime field
      • brainpoolP160t1: RFC 5639 curve over a 160 bit prime field
      • brainpoolP192r1: RFC 5639 curve over a 192 bit prime field
      • brainpoolP192t1: RFC 5639 curve over a 192 bit prime field
      • brainpoolP224r1: RFC 5639 curve over a 224 bit prime field
      • brainpoolP224t1: RFC 5639 curve over a 224 bit prime field
      • brainpoolP256r1: RFC 5639 curve over a 256 bit prime field
      • brainpoolP256t1: RFC 5639 curve over a 256 bit prime field
      • brainpoolP320r1: RFC 5639 curve over a 320 bit prime field
      • brainpoolP320t1: RFC 5639 curve over a 320 bit prime field
      • brainpoolP384r1: RFC 5639 curve over a 384 bit prime field
      • brainpoolP384t1: RFC 5639 curve over a 384 bit prime field
      • brainpoolP512r1: RFC 5639 curve over a 512 bit prime field
      • brainpoolP512t1: RFC 5639 curve over a 512 bit prime field
      • prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
      • prime192v2: X9.62 curve over a 192 bit prime field
      • prime192v3: X9.62 curve over a 192 bit prime field
      • prime239v1: X9.62 curve over a 239 bit prime field
      • prime239v2: X9.62 curve over a 239 bit prime field
      • prime239v3: X9.62 curve over a 239 bit prime field
      • prime256v1: X9.62/SECG curve over a 256 bit prime field
      • secp112r1: SECG/WTLS curve over a 112 bit prime field
      • secp112r2: SECG curve over a 112 bit prime field
      • secp128r1: SECG curve over a 128 bit prime field
      • secp128r2: SECG curve over a 128 bit prime field
      • secp160k1: SECG curve over a 160 bit prime field
      • secp160r1: SECG curve over a 160 bit prime field
      • secp160r2: SECG/WTLS curve over a 160 bit prime field
      • secp192k1: SECG curve over a 192 bit prime field
      • secp224k1: SECG curve over a 224 bit prime field
      • secp224r1: NIST/SECG curve over a 224 bit prime field
      • secp256k1: SECG curve over a 256 bit prime field
      • secp384r1: NIST/SECG curve over a 384 bit prime field
      • secp521r1: NIST/SECG curve over a 521 bit prime field
      • wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
      • wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
      • wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
      • wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
      • wap-wsg-idm-ecid-wtls12: WTLS curve over a 224 bit prime field

    name <common-name>

    • type: string
    • description: Common name for the certificate. (for example, the server's hostname). The minimum length is 1 character, and the maximum length is 63 characters.

    organization <org-name>

    • type: string
    • description: Certificate originator organization name (for example, your company's name). The minimum length is 1 character, and the maximum length is 63 characters.

    unit <unit-name>

    • type: string
    • description: Organizational unit name (for example, IT). The minimum length is 1 character, and the maximum length is 31 characters.

    city <city-name>

    • type: string
    • description: City or locality name (for example, Seattle). The minimum length is 1 character, and the maximum length is 127 characters.

    region <region-name>

    • type: string
    • description: State, county, or region (for example, Washington). The minimum length is 1 character, and the maximum length is 127 characters.

    country <country-code>

    • type: string
    • description: Two-letter country code (for example, US). Length must be exactly 2 characters.

    email <email-address>

    • type: string
    • description: Email address for certificate contact. The minimum length is 1 character, and the maximum length is 255 characters.

    version <version-number>

    • type: unsignedShort
    • description: Version number for the certificate.

    store-tls [ false | true ]

    • type: enumeration
    • description: Set to true to store the self-signed certificate pair in the the system-aaa-tls-config or false to specify that it should not be stored.

    EXAMPLE

    Create a private key and self-signed certificate:

    appliance-1(config)# system aaa tls create-self-signed-cert city Seattle country US days-valid 365 email j.doe@company.com key-type ecdsa name company.com organization "Company" region Washington unit IT version 1 curve-name prime239v2 store-tls false
    response
    -----BEGIN EC PRIVATE KEY-----
    MHECA1d8wiyJEVihDTnVi+v9RjfK3LhZ2Pd4R7B1MJf3lyXaoaAKBggqhkjOPQMB
    BaFAAz4ABHFISUTEi8wEdG0iBF3iqTi5m5b62xUSbhOJrXR8d0S6h+anvpo9xrH3
    QKbVuacd9H4cMj2tX/wyqVNePg==
    -----END EC PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIICAzCCAa4CCQCR5RKtuBFcxTAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMx
    EzARBgNVBAgMCl1t462pbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEzARBgNVBAoM
    CkY1IE5ldG9ya3MxEDAOBgNVBAsMB1NXRElBR1MxETAPBgNVBAMMCEdvZHppbGxh
    MR0wGwYJKoZIhvcNAQkBFg5qLm1vb3JlQGY1LmNvbTAeFw0yMTAzMjcwMjE2NTFa
    Fw0yMjAzMjcwMjE2NTFaMIGNMQswCQYDVQQGEwJVUzORBTWGA1UECAwKV2FzaGlu
    Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECgwKRjUgTmV0b3JrczEQMA4G
    A1UECwwHU1dESUFHUzERMA8GA1UEAwwIR29kemlsbGExHTAbBgkqhkiG9w0BCQEW
    DmoubW9vcmVAZRWPuB9tMFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEcUhJRMSL
    zAR0bSIEXeKpOLmblvrbFRJuE4mtdHx3RLqH5qe+mj3GsfdAptW5pwXtlI0yPa1f
    /DKpU14+MAoGCCqGSM49BAMCA0MAMEACHh38OAyBB5T9ScBklBXZUIuynHq3/tr4
    3VUQsMtYHQIeeP3vCrRm2qjPtK62QwtbkqDA9h2qTvuDj6uYL8EI
    -----END CERTIFICATE-----
    

    system aaa tls create-csr

    COMMAND system aaa tls create-csr

    DESCRIPTION Create a certificate signing request (CSR).

    ARGUMENTS

    name <common-name>

    • type: string
    • description: Common name for the certificate. (for example, the server's hostname). The minimum length is 1 character, and the maximum length is 63 characters.

    organization <org-name>

    • type: string
    • description: Certificate originator organization name (for example, your company's name). The minimum length is 1 character, and the maximum length is 63 characters.

    unit <unit-name>

    • type: string
    • description: Organizational unit name (for example, IT). The minimum length is 1 character, and the maximum length is 31 characters.

    city <city-name>

    • type: string
    • description: City or locality name (for example, Seattle). The minimum length is 1 character, and the maximum length is 127 characters.

    region <region-name>

    • type: string
    • description: State, county, or region (for example, Washington). The minimum length is 1 character, and the maximum length is 127 characters.

    country <country-code>

    • type: string
    • description: Two-letter country code (for example, US). Length must be exactly 2 characters.

    email <email-address>

    • type: string
    • description: Email address for certificate contact. The minimum length is 1 character, and the maximum length is 255 characters.

    version <version-number>

    • type: unsignedShort
    • description: Version number for the certificate.

    EXAMPLE

    Create a CSR:

    system aaa tls create-csr name company.com email j.doe@company.com organization "Company" unit IT
    response -----BEGIN CERTIFICATE REQUEST-----
    JRISPzCCAbsCAQEwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
    MRAwDgYDVQQHEwdTZWF0dGxlMRQwEgYDVQQKFAtGNVH4TW03b3JrczEUMBIGA1UE
    CxMLZGV2ZWxvcG1lbnQxGTAXBgkqhkiG9w0BCQEWCmRldkBmNS5jb20xEDAOBgNV
    BAMTB3Rlc3Rjc3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCinnAV
    Dv/G6+qbiBVO7zIPmFFatYcrzdUnvpTGXfPuh6VBRqcW90jJy12FwtYOL8P6mED+
    gfjpxRWe+PNursjZSIDpyh7Dn+F3MRF3zkgnSKlYKI9qqzlRHRAwi2U7GfujeR5H
    CXrJ4uxYK2Wp8WVSa7TWwj6Bnps8Uldnj0kenBJ1eUVUXoQAbUmZQg6l+qhKRiDh
    3E/xMOtaGWg0SjD7dEQij5l+8FBEHVhQKEr93GT1ifR62/MZSnPw2MY5OJ69p2Wn
    k7Fr7m4I5z9lxJduYDNmiddVilpWdqRaCB2j29XCmpVJduF2v6EsMx693K18IJ1h
    iRice6oKL7eoI/NdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAGjWSAqKUPqMY
    eLlSDJ9Bc4R+ckia5r/TITqamMN+m8TqQI8Pk0tAnwHCl8HHS+4cI8QuupgS/3aU
    ls7OtxceoQZ1VFX2sQFkrDJFe0ewZQLm5diip5kxFrnap0oA0wRy84ks0wxeiCWD
    New3hgSXfzyXI0g0auT6KNwsGaO8ZuhOX3ICNnSLbfb9T4zbhfI9jKopXQgZG/LO
    pOct33fdpf/U6kQA9Rw/nzs3Hz/nsVleOrl3TH1+9veMMF+6eq8KKPpbYKh9bhA+
    pYI3TtbZHuyRyQbq/r4gf4JkIu/PGszzy/rsDWy+b9g9nXMh1oFj+xhTrBjBk8a2
    0ov+Osy2iA==
    -----END CERTIFICATE REQUEST-----
    

    system allowed-ips allowed-ip

    COMMAND system allowed-ips allowed-ip

    DESCRIPTION

    Configure the system to allow traffic only from specified IP addresses. This is applicable only for ports 161, 8888, 443, 80, and 7001.

    ARGUMENTS

    <allowlist-profile-name> config ipv4 <ip-address>

    • type: string
    • description: IPv4 address of the system to add to the allow list.

    <allowlist-profile-name> config ipv4 port <port-number>

    • type: unsignedShort
    • description: Port number to use for IPv4 address entry in allow list. The range is from 1 to 65535.

    <allowlist-profile-name> config ipv6 address <ip-address>

    • type: string
    • description: IPv6 address of the system to add to the allow list.

    <allowlist-profile-name> config ipv6 port <port-number>

    • type: unsignedShort
    • description: Port number to use for IPv6 address entry in allow list. The range is from 1 to 65535.

    EXAMPLE

    Add a specified IPv4 address to the system allow list:

    appliance-1(config)# system allowed-ips allowed-ip test config ipv4 address 192.0.2.33 port 161
    

    system appliance-mode config

    COMMAND system appliance-mode config

    DESCRIPTION Configure whether appliance mode is enabled or disabled on the system. Appliance mode adds a layer of security by restricting user access to root and the bash shell. When enabled, the root user cannot log in to the device by any means, including from the serial console. You can enable appliance mode at these levels:

    • System: Run system appliance-mode on the system.
    • Tenant: Run tenants tenant <tenant-name\> config appliance-mode on the system.

    ARGUMENTS

    [ disabled | enabled ]

    • type: boolean
    • description: Specify enabled to enable appliance mode on the system. Specify disabled to disable it.

    EXAMPLE

    Enable appliance mode and then verify that appliance mode is enabled:

    appliance-1(config)# system appliance-mode config enabled
    appliance-1(config)# commit
    appliance-1(config)# end
    appliance-1# show system appliance-mode
    system appliance-mode state enabled
    

    Disable appliance mode and then verify that appliance mode is disabled:

    appliance-1(config)# system appliance-mode config disabled
    appliance-1(config)# commit
    appliance-1(config)# end
    appliance-1# show system appliance-mode
    system appliance-mode state disabled
    

    system clock config timezone-name

    COMMAND system clock config timezone-name

    DESCRIPTION Configure the time zone (tz) database name (for example, Europe/Stockholm) to use for the system. For a list of valid time zone names, see www.iana.org/time-zones.

    ARGUMENTS

    <tz-database-name>

    • type: string
    • description: The tz database names to be used by the system.

    EXAMPLES

    Configure the system to use the America/Los_Angeles time zone:

    appliance-1(config)# system clock config timezone-name America/Los_Angeles
    

    Configure the system to use the Asia/Calcutta time zone:

    appliance-1(config)# system clock config timezone-name Asia/Calcutta
    

    system config hostname

    COMMAND system config hostname

    DESCRIPTION Configure a hostname for the system.

    ARGUMENTS

    <hostname>

    • type: string
    • description: The hostname for the system. The hostname must be fully qualified domain name (FQDN). The minimum length is 1 character, and the maximum length is 253 characters.

    EXAMPLE

    Configure the hostname to be test.company.com:

    appliance-1(config)# system config hostname test.company.com
    

    system config login-banner

    COMMAND system config login-banner

    DESCRIPTION

    Configure a banner message to be displayed before users log in to the system.

    ARGUMENTS

    <message>

    • type: string
    • description: The login banner message for the system.

    EXAMPLE

    Configure a banner message:

    appliance-1(config)# system config login-banner
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
    

    system config motd-banner

    COMMAND system config motd-banner

    DESCRIPTION

    Configure a message of the day (MOTD) banner to display after users log in to the system.

    <message>

    • type: string
    • description: The MOTD banner message for the system.

    EXAMPLE

    Configure a MOTD banner message:

    appliance-1(config)# system config motd-banner
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    ATTENTION!
    This system is scheduled for maintenance in two days.
    

    system database config-backup

    COMMAND system database config-backup

    DESCRIPTION Generate a backup of the system configuration in the form of an XML file.

    ARGUMENTS

    name <filename>

    • type: string
    • description: The name of the backup file.

    proceed [ no | yes ]

    • type: boolean
    • description: Set to yes to overwrite the file if a file by that name exists or no to disable the file overwrite. The default value is no.

    EXAMPLE

    Create a backup file of the system configuration named backup-apr2022 and overwrite it if a file by that name already exists:

    appliance-1(config)# system database config-backup name backup-apr2022 proceed yes
    response Succeeded.
    

    system database config-restore

    COMMAND system database config-restore

    DESCRIPTION Restore the system configuration from an XML backup file.

    ARGUMENTS

    name <filename>

    • type: string
    • description: The name of the backup file.

    proceed [ no | yes ]

    • type: boolean
    • description: Set to yes to overwrite the configuration database or no to disable the overwrite. The default value is no.

    EXAMPLE

    Restore the system configuration from a backup file named backup-apr2022:

    appliance-1(config)# system database config-restore name backup-apr2022
    

    system database reset-to-default

    COMMAND system database reset-to-default

    DESCRIPTION Revert the system to the default configuration and clear any existing configuration information.

    IMPORTANT: This deletes all configuration on the system, including IP addresses, passwords, and tenant images.

    ARGUMENTS

    proceed [ no | yes ]

    • type: enumeration
    • description: Specify no to show a confirmation prompt prior to resetting the configuration to the default. Specify yes to bypass a confirmation prompt.

    EXAMPLE

    Revert the system to the default configuration:

    appliance-1(config)# system database config reset-to-default yes
    

    system diagnostics core-files list

    COMMAND system diagnostics core-files list

    DESCRIPTION List core files for the system.

    EXAMPLE

    List all core files on the system:

    appliance-1(config)# system diagnostics core-files list
    files [ appliance-1:/var/shared/core/container/test-1.core.gz appliance-1:/var/shared/core/container/test-2.core.gz ]
    

    system diagnostics core-files delete

    COMMAND system diagnostics core-files delete

    DESCRIPTION Delete core files from the system.

    ARGUMENTS

    files

    • type: list of strings
    • description: The hostname, path, and name of core files to be deleted. To delete more than one file, separate file names with a space.

    EXAMPLE

    List all core files on the system and specify one to delete:

    appliance-1(config)# system diagnostics core-files delete files [ appliance-1:/var/shared/core/container/test-1.core.gz ]
    

    system diagnostics ihealth config authserver

    COMMAND system diagnostics ihealth config authserver

    DESCRIPTION Specify a separate endpoint for authenticating and uploading QKView files to the iHealth service. The authserver config element enables you to specify an authentication server URL for the iHealth service. By default, authserver is set to the F5 iHealth authentication server https://api.f5.com/auth/pub/sso/login/ihealth-api.

    ARGUMENTS

    authserver

    • type: string
    • description: The FQDN for the authentication server.

    EXAMPLE

    Specify an authentication server for the iHealth service:

    appliance-1(config)# system diagnostics ihealth config authserver
    (<string>) (https://api.f5.com/auth/pub/sso/login/ihealth-api): https://api.f5networks.net/auth/pub/sso/login/ihealth-api
    

    system diagnostics ihealth config password

    COMMAND system diagnostics ihealth config password

    DESCRIPTION Specify the password used to log in to iHealth. This password is given in plain text, but will be encrypted when stored in the system.

    ARGUMENTS

    password

    • type: AES encrypted string
    • description: The password string for the iHealth user.

    EXAMPLE

    Specify a password to be used for logging in to iHealth:

    appliance-1(config)# system diagnostics ihealth config password
    (<AES encrypted string>): **********
    

    system diagnostics ihealth config server

    COMMAND system diagnostics ihealth config server

    DESCRIPTION Specify the iHealth service has a separate endpoint for authenticating and uploading QKView files. The server config element enables you to specify an upload server URL for the iHealth service. By default, the server is set to the F5 iHealth upload server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True.

    ARGUMENTS

    server

    • type: string
    • description: The FQDN for the iHealth upload server.

    EXAMPLE

    Specify an upload server for the iHealth service:

    appliance-1(config)# system diagnostics ihealth config server
    (<string>) (https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True): https://ihealth-api.f5networks.net/qkview-analyzer/api/qkviews?visible_in_gui=True
    

    system diagnostics ihealth config username

    COMMAND system diagnostics ihealth config username

    DESCRIPTION Specify the username used to access the iHealth service.

    ARGUMENTS

    username

    • type: string
    • description: The username used for accessing the iHealth service.

    EXAMPLE

    Specify a user name to be used when logging in to iHealth:

    appliance-1(config)# system diagnostics ihealth config username
    (<string>) (user@f5.com): user2@f5.com
    

    system diagnostics ihealth upload

    COMMAND system diagnostics ihealth upload

    DESCRIPTION Initiate a QKView file upload to iHealth. It returns a upload id, which is needed to check upload status or cancel an upload.

    ARGUMENTS

    qkview-file

    • type: string
    • description: The name of the QKView file to be uploaded. Use the system diagnostics qkview list command to see a list of available files. Note: Be sure to add /diags/shared/QKView/ as a prefix to the QKView file name.

    description

    • type: string
    • description: A short description of the QKView file. For example, "data path performance."

    service-request-number

    • type: string
    • description: The F5 service request number for F5 support. For example, 1-123123123 or C1231231.

    EXAMPLE

    Upload a file named /diags/shared/qkview/test.qkview to iHealth:

    appliance-1(config)# system diagnostics ihealth upload qkview-file /diags/shared/qkview/test.qkview description testing service-request-number C523232
    message HTTP/1.1 202 Accepted
    Location: /support/ihealth/status/iuw53AYW
    Date: Tue, 5 Apr 2022 12:09:08 GMT
    Content-Length: 0
    

    system diagnostics ihealth cancel

    COMMAND system diagnostics ihealth cancel

    DESCRIPTION Cancel a QKView upload that is in progress. If the upload is already complete, it cannot be cancelled. To remove the QKView, log in to the iHealth server and manually delete the QKView, if needed.

    ARGUMENTS

    upload-id

    • type: string
    • description: The upload-id that is returned when initiating an upload.

    EXAMPLE

    Cancel the QKView upload with an upload-id of iuw53AYW.

    appliance-1(config)# system diagnostics ihealth cancel upload-id iuw53AYW
    message HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Location: /support/ihealth/status/iuw53AYW
    Date: Tue, 5 Apr 2022 12:10:01 GMT
    Content-Length: 44
    

    system diagnostics qkview capture

    COMMAND system diagnostics qkview capture

    DESCRIPTION Generate a system diagnostic snapshot, called a QKView. The system can support only one snapshot collection at a time. QKView files are stored in the host directory: diags/shared/qkview/.

    ARGUMENTS

    filename <name>

    • type: string
    • description: The name of the file to which QKView data is written. The default filename is <system-name>.qkview.

    timeout <time-in-seconds>

    • type: int
    • description: The time in seconds after which to stop QKView collection. The default value is 0, which indicates no timeout.

    exclude-cores [ false | true ]

    • type: boolean
    • description: Set to true if core files should be excluded from QKView. The default value is false.

    maxcoresize <size-in-mb>

    • type: int
    • description: If this argument is specified, core files greater than this size (in MB) are excluded. The range is from 2 MB to 1000 MB. The default value is 25 MB.

    maxfilesize <size-in-mb>

    • type: int
    • description: If this argument is specified, all files greater than this size (in MB) are excluded. The range is from 2 MB to 1000 MB. The default value is 500 MB.

    EXAMPLE

    Generate a QKView and name the file client-qkview.tar, exclude core files, set the maximum core size to 500 MB, set the maximum file size to 500 MB, and set a timeout value of 0 (zero), which indicates no timeout, and then check the status of the QKView generation process:

    appliance-1(config)# system diagnostics qkview capture filename client-qkview exclude-cores true maxcoresize 500 maxfilesize 500 timeout 0
    result  Qkview file client-qkview is being collected
    return code 200
    
    appliance-1(config)# system diagnostics qkview status
    result  {"Busy":true,"Percent":12,"Status":"collecting","Message":"Collecting Data","Filename":"client-qkview"}
    
    resultint 0
    

    system diagnostics qkview cancel

    COMMAND system diagnostics qkview cancel

    DESCRIPTION Cancel a QKView that is in progress.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Cancel the currently running QKView:

    appliance-1(config)# system diagnostics qkview cancel
    result  Qkview with filename client-qkview.tar was canceled
    return code 200
    
    resultint 0
    

    system diagnostics qkview status

    COMMAND system diagnostics qkview status

    DESCRIPTION Get the status of a QKView that is in progress or the status of the last QKView collected.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    View the status of the currently running QKView:

    appliance-1(config)# system diagnostics qkview status
    result  {"Busy":true,"Percent":73,"Status":"collecting","Message":"Collecting Data","Filename":"myqkview.tar"}
    
    resultint 0
    
    appliance-1(config)# system diagnostics qkview status
    result  {"Busy":false,"Percent":100,"Status":"canceled","Message":"Collection canceled by user. Partial qkview saved.","Filename":"client-qkview.tar.canceled"}
    
    resultint 0
    

    system diagnostics qkview delete

    COMMAND system diagnostics qkview delete

    DESCRIPTION Delete a QKView file.

    ARGUMENTS

    filename

    • type: string
    • description: The name of file to delete.

    EXAMPLE

    Delete the QKView file named client-qkview.tar.canceled.

    appliance-1(config)# system diagnostics qkview delete filename client-qkview.tar.canceled
    result  Deleted Qkview file client-qkview.tar.canceled
    return code 200
    
    resultint 0
    

    system diagnostics qkview list

    COMMAND system diagnostics qkview list

    DESCRIPTION Show a list of QKView files.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    List all QKView files on the system:

    appliance-1(config)# system diagnostics qkview list
    result  {"Qkviews":[{"Filename":"20220412.tar","Date":"2022-04-13T00:51:11.145190991Z","Size":77726151},{"Filename":"client-qkview.canceled","Date":"2022-04-13T01:00:11.796209488Z","Size":83041507}]}
    
    resultint 0
    

    system dns config search

    COMMAND system dns config search

    DESCRIPTION Configure a DNS search domain for the system to use.

    ARGUMENTS

    <domain-name>

    • type: list of strings
    • description: The DNS search domain. The minimum length is 1 character, and the maximum length is 253 chars.

    system dns host-entries host-entry

    COMMAND system dns host-entries host-entry

    DESCRIPTION Configure a DNS host entry for the system to use.

    ARGUMENTS

    config config alias

    • type: list of strings
    • description: The alias for a DNS hostname entry.

    config config hostname

    • type: string
    • description: The hostname for a DNS entry.

    config config ipv4-address

    • type: list of strings
    • description: The hostname for a DNS entry.

    config config ipv6-address

    • type: list of strings
    • description: The hostname for a DNS entry.

    system dns servers

    COMMAND system dns servers

    DESCRIPTION Configure a DNS server for the system to use.

    ARGUMENTS

    server <name>

    • type: string
    • description: The DNS server name.

    address <ip-address>

    • type: string
    • description: The IP address of the DNS server.

    port <port-number>

    • type: unsignedShort
    • description: The port number of the DNS server. The default value is 53.

    EXAMPLE

    Configure a DNS server and then verify that it was completed:

    appliance-1(config)# system dns servers server 192.0.2.11 config port 53
    appliance-1(config-server-192.0.2.11)# commit
    Commit complete.
    appliance-1(config-server-192.0.2.11)# exit
    appliance-1(config)# end
    appliance-1# show running-config system dns
    system dns servers server 192.0.2.11
     config port 53
    !
    

    system image check-version

    COMMAND system image check-version

    DESCRIPTION Check whether the system is compatible with a specific system image service version upgrade version.

    ARGUMENTS

    iso-version <version>

    • type: string
    • description: System image ISO version.

    os-version <version>

    • type: string
    • description: System image OS version.

    service-version <version>

    • type: string
    • description: System image service version.

    EXAMPLE

    Verify that the system is compatible with service version number 1.1.0-3456:

    appliance-1(config)# system image check-version service-version 1.1.0-3456
    

    system image remove

    COMMAND system image remove

    DESCRIPTION Remove a system image.

    ARGUMENTS

    os <version>

    • type: string
    • description: OS version to remove.

    service <version>

    • type: string
    • description: Service version to remove.

    iso <version>

    • type: string
    • description: ISO version to remove

    system image set-version

    COMMAND system image set-version

    DESCRIPTION Trigger an install after verifying schema compatibility using check-version.

    ARGUMENTS

    iso-version <version>

    • type: string
    • description: System image ISO version.

    os-version

    • type: string
    • description: System image OS version.

    proceed [ no | yes ]

    • type: enumeration
    • description: Specify no to show a confirmation prompt prior to resetting the configuration to the default. Specify yes to bypass a confirmation prompt.

    service-version

    • type: string
    • description: System image service version.

    EXAMPLE

    Upgrade the system to iso version 1.1.0-3456:

    appliance-1(config)# system image set-version iso-version 1.1.0-3456
    

    Upgrade the os version to 1.1.0-3456:

    appliance-1(config)# system image set-version os-version 1.1.0-3456
    

    Upgrade the service version to 1.1.0-3456:

    appliance-1(config)# system image set-version service-version 1.1.0-3456
    

    system licensing install

    COMMAND system licensing install

    DESCRIPTION Perform an automatic system license installation. The system must be connected to the Internet to use the automatic method.

    ARGUMENTS

    add-on-keys <key>

    • type: string (array)
    • description: A 14-character string that informs the license server about which add-on products you are entitled to license.

    license-server <ip-address-or-host-name>

    • type: ip (ip-address), port (unsigned short), name (string)
    • description: IP address or host name of license server. You can specify IP address, port, and name of license server.

    registration-key <key>

    • type: string
    • description: A 27-character string that informs the license server about which F5 products you are entitled to license. The base registration key is preinstalled on your system. If you do not already have a base registration key, you can obtain one from F5 Technical Support.

    EXAMPLE

    Install a base license on the system:

    appliance-1(config)# system licensing install registration-key A1234-56789-01234-56789-0123456
    result License installed successfully.
    

    system licensing manual-install license

    COMMAND system licensing manual-install

    DESCRIPTION Perform a manual system license installation.

    ARGUMENTS

    license <license-text>

    • type: string
    • description: License information for the system. Before you use system licensing manual-install, you use system licensing get-dossier to get the system dossier text, and then activate the license at activate.f5.com.

    EXAMPLE

    License the system using license information from activate.f5.com:

    appliance-1(config)# system licensing manual-install license
    Value for 'license' (<string>):
    [Multiline mode, exit with ctrl-D.]
    > #
    > Auth vers : 5b
    > #
    > #
    > # BIG-IP System License Key File
    > # DO NOT EDIT THIS FILE!!
    > #
    > # Install this file as "/config/bigip.license".
    > #
    > # Contact information in file /CONTACTS
    > #
    > #
    > # Warning: Changing the system time while this system is running
    > # with a time-limited license may make the system unusable.
    > #
    > Usage : F5 Internal Product Development
    > #
    > #
    > # Only the specific use referenced above is allowed. Any other uses are prohibited.
    > #
    > Vendor : F5, Inc.
    > #
    > # Module List
    > #
    > active module : Local Traffic Manager, r10900 |K284576-4014992|Rate Shaping|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop
    ...
    

    system licensing get-dossier

    COMMAND system licensing get-dossier

    DESCRIPTION Generate an encrypted system dossier that can be used for retrieving a license from the F5 license server. This is used to perform a manual license installation.

    ARGUMENTS

    add-on-keys <key>

    • type: string (array)
    • description: A 14-character string that informs the license server about which add-on products you are entitled to license.

    registration-key <key>

    • type: string
    • description: A 27-character string that informs the license server about which F5 products you are entitled to license. The base registration key is preinstalled on your system. If you do not already have a base registration key, you can obtain one from F5 Technical Support.

    EXAMPLE

    Get a system licensing dossier from F5:

    appliance-1(config)# system licensing get-dossier
    system-dossier 48d05131e8688755efde6b1081af5e190793e5a0cfb70cd2da9da8c4c9d9d412a6360a11b869f2dfc779ef7c91df246f7184fe0010b7bcbd420e1664cb1d13b9890ec812bedf05d8cd530c87t82d13a7b63b9823ebdafc5f9061d6c12eb09a5a973361681d31a07dc92d774345cc52e70f8026729df4e2b5c9e6c22f96764e1cdd402f9e499841253259122877a85d7145a658a8444b0b6bc2dc8b9ef4a0156b8af2baa14500e9ce8c3ebcdf4060b35e1748aee093f0bb2349f53bf72f94c61979d1b8ccaf01c84235acf025f3cb3cad3f2cac9938b7481635280cc1589fac997aa4f6db9e8e04d02af5d91f5cd570fc261612233a1204e27a0d2ffd62e4107f89ad286a42ae07cea0918a7be0ba50e307664f8aaf9334051abb6d1559771d2fbfeb8f67335a8325b63a00ddfed563a926d595f1fe049bedf418dd997120945b1d622a574bd957fe6c60924c5562e6cf8ba837124a16bd2a49d1af0ace1f9dbe02af626336e073e8a2802949812eb0227faed9ad787c945c486dbc6d45327688025bcac81e472f3720c615f52455c8e0b235262cb4c8f2dd1ef8c753966fe11798db01714fd95e11348e1036f1ff69da16342595650c91b771cf7a28970c3caffa988faaf8f01cbd846151cd17201c3c8e58b18587e52a8be18f2ac9f175a41296fe9de3532433e94817f9b08ab2d9f66cdb76506e7d4156f9eb8af96aee363e8ab18eec930f6cc1c2dc80e2b254fbc9e31851a10f34506d71e1e5d60344a1ed5ec021c0e63513fd833ea8286258f6094592c7d04f9d29db93114518024b9129acb36ce41b1d1c7405db549f3aaa697919592a6dabfece7295cf57d8b950fcfed6cc40286d830be12097b0e3c0f9acbc07ccdb110b3cc98ca5a1ac09d6b152b2ace004d613364242a031e21057d3dc270ba00fe6918b3075b4692f55ca71fe6cd76c91f4beb19af97bb47dd677a77159e78adfa7e7cf0feb8a3490fc59fe660b26eb5268ecfed6f03c41ea0edadc7bc7573e91d0ad01313ee07e8719ec4d59fd6c90fcdbd29407f0a7666ff9de33251b04e270eb2d46c6cf8583d163c47d5768
    

    system licensing get-eula

    COMMAND system licensing get-eula

    DESCRIPTION Retrieve the End User License Agreement (EULA) from the F5 License Server.

    ARGUMENTS

    add-on-keys <key>

    • type: string (array)
    • description: A 14-character string that informs the license server about which add-on products you are entitled to license.

    registration-key <key>

    • type: string
    • description: A 27-character string that informs the license server about which F5 products you are entitled to license. The base registration key is preinstalled on your system. If you do not already have a base registration key, you can obtain one from F5 Technical Support.

    EXAMPLE

    Gets the contents of the latest F5 EULA:

    appliance-1(config)# system licensing get-eula
    eula-text END USER LICENSE AGREEMENT
    
    DOC-0355-16
    
    IMPORTANT " READ BEFORE INSTALLING OR OPERATING THIS PRODUCT
    
    YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BY INSTALLING,
    HAVING INSTALLED, COPYING, OR OTHERWISE USING THE SOFTWARE.  IF YOU
    DO NOT AGREE, DO NOT INSTALL OR USE THE SOFTWARE.
    
    This End User License Agreement ("License") applies to the software
    product(s) ("Software") you have licensed from us whether on
    a stand-alone basis or as part of any hardware ("Hardware") you
    purchase from us, (the Hardware and Software together, the "Product").
    ...
    

    system locator

    COMMAND system locator config enabled

    DESCRIPTION Configure whether the system locator function is enabled. Enabling this function illuminates the F5 logo ball so that you can more easily locate a chassis in a data center.

    ARGUMENTS

    config [ disabled | enabled ]

    • type: boolean
    • description: Specify enabled to enable the chassis locator function. Specify disabled to disable it.

    system logging remote-servers remote-server

    COMMAND system logging remote-servers remote-server

    DESCRIPTION Configure information about remote logging servers.

    ARGUMENTS

    config <ip-address-or-fqdn>

    • type: string
    • description: Host IP address or hostname of the remote log server. The minimum length is 1 character, and the maximum length is 253 characters.

    config config proto [ tcp | udp ]

    • type: enumeration
    • description: Remote server connection protocol. The default value is udp.

    config config remote-port <port-number>

    • type: unsignedShort
    • description: Destination port number for syslog messages. The default value is 514.

    selectors selector

    • description: Selector facility or severity selector on which to filter messages. F5OS supports only the LOCAL0 logging facility. All logs are directed to this facility, and it is the only one that you can use for remote logging.

    EXAMPLE

    Create a logging destination:

    appliance-1(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp
    appliance-1(config-remote-server-192.0.2.240)# commit
    Commit complete.
    

    Delete a logging destination:

    appliance-1(config)# no system logging remote-servers remote-server 192.0.2.240
    appliance-1(config)# commit
    Commit complete.
    

    system logging host-logs

    COMMAND system logging host-logs

    DESCRIPTION Configure settings for sending host logs to remote logging servers.

    ARGUMENTS

    config files file <dir-or-file-name>

    • type: string
    • description: File or directory to be sent.

    config remote-forwarding [ enabled | disabled ]

    • type: enumeration
    • description: Specify enabled to enable remote forwarding of active node host logs. Specify disabled to disable it.

    config remote-forwarding enabled include-standby

    • description: If remote forwarding is enabled, specify that the standby node will forward host logs to the active node.

    config selectors selector <selector>

    • description: Specify the facility, or class of host messages, to forward. Any logs directed to these will be forwarded, provided that host-logs is enabled and a remote server configuration is present. Available options are:
      • ALL
      • AUDIT
      • AUTH
      • AUTHPRIV
      • CONSOLE
      • KERNEL
      • LOCAL0 LOCAL7
      • MAIL
      • NTP
      • SYSLOG
      • SYSTEM_DAEMON
      • USER

    EXAMPLE

    Enable remote forwarding:

    appliance-1(config)# system logging host-logs config remote-forwarding enabled
    

    system logging sw-components sw-component

    COMMAND system logging sw-components sw-component

    DESCRIPTION Configure logging for platform software components. Available options are:

    • alert-service
    • api-svc-gateway
    • appliance-orchestration-agent
    • appliance-orchestration-manager
    • authd
    • confd-key-migrationd
    • dagd-service
    • datapath-cp-proxy
    • diag-agent
    • disk-usage-statd
    • dma-agent
    • fips-service
    • fpgamgr
    • ihealth-upload-service
    • ihealthd
    • image-agent
    • kubehelper
    • l2-agent
    • lacpd
    • license-service
    • line-dma-agent
    • lldpd
    • lopd
    • network-manager
    • nic-manager
    • optics-mgr
    • platform-diag
    • platform-fwu
    • platform-hal
    • platform-mgr
    • platform-monitor
    • platform-stats-bridge
    • qkviewd
    • rsyslog-configd
    • snmp-trapd
    • stpd
    • sw-rbcast
    • sys-host-config
    • system-control
    • tcpdumpd-manager
    • tmstat-agent
    • tmstat-merged
    • upgrade-service
    • user-manager
    • vconsole

    ARGUMENTS

    <component-name> config description

    • type: string
    • description: Text that describes the platform software component. This value is read-only.

    <component-name> config name

    • type: string
    • description: Name of the platform software component. This value is read-only.

    <component-name> config severity [ ALERT | CRITICAL | DEBUG | EMERGENCY | ERROR | INFORMATIONAL | NOTICE | WARNING ]

    • type: enumeration
    • description: Software component logging severity level. The default value is INFORMATIONAL. Available options, in decreasing order of severity, are:
      • EMERGENCY: System is unusable.
      • ALERT: Serious errors that require immediate administrator intervention.
      • CRITICAL: Critical errors, including hardware and file system failures.
      • ERROR: Non-critical, but possibly important, error messages.
      • WARNING: Messages that should be logged and reviewed.
      • NOTICE: Messages that contain useful information, but may be ignored.
      • INFORMATIONAL: Messages that contain useful information, but may be ignored. This is the default value.
      • DEBUG: Verbose messages used for troubleshooting.

    system mgmt-ip config dhcp-enabled

    COMMAND system mgmt-ip config dhcp-enabled

    DESCRIPTION Enable or disable DHCP for the system management IP address. DHCP is supported only on static interfaces.

    ARGUMENTS

    dhcp-enabled [ false | true ]

    • type: boolean
    • description: Set to true to enable DHCP for the management IP address or false to disable it. The default value is false.

    EXAMPLE

    Enable DHCP for the management IP address:

    appliance-1(config)# system mgmt-ip config dhcp-enabled true
    

    system mgmt-ip config ipv4 gateway

    COMMAND system mgmt-ip config ipv4 gateway

    DESCRIPTION Configure a gateway IPv4 address.

    ARGUMENTS

    <ip-address>

    • type: string
    • description: IPv4 address.

    EXAMPLE

    Configure the gateway IPv4 address to be 192.0.2.1:

    appliance-1(config)# system mgmt-ip config ipv4 gateway 192.0.2.1
    

    system mgmt-ip config ipv4 prefix-length

    COMMAND system mgmt-ip config ipv4 prefix-length

    DESCRIPTION Configure the IPv4 prefix length.

    ARGUMENTS

    <length>

    • type: int
    • description: IPv4 prefix length. The range is from 0 to 32.

    EXAMPLE

    Configure the IPv4 prefix length to be 24:

    appliance-1(config)# system mgmt-ip config ipv4 prefix-length 24
    

    system mgmt-ip config ipv4 system address

    COMMAND system mgmt-ip config ipv4 system address

    DESCRIPTION

    Configure an IPv4 management IP address for the system.

    ARGUMENTS

    <ip-address>

    • type: string
    • description: IPv4 address.

    system mgmt-ip config ipv6 gateway

    COMMAND system mgmt-ip config ipv6 gateway

    DESCRIPTION

    Configure a gateway IPv6 address.

    ARGUMENTS

    <ip-address>

    • type: string
    • description: IPv6 address.

    EXAMPLE

    Configure the gateway IPv6 address to be ::1:

    appliance-1(config)# system mgmt-ip config ipv6 gateway ::1
    

    system mgmt-ip config ipv6 prefix-length

    COMMAND system mgmt-ip config ipv6 prefix-length

    DESCRIPTION Configure IPv6 prefix length.

    ARGUMENTS

    <length>

    • type: int
    • description: IPv6 prefix length. The range is from 0 to 128.

    EXAMPLE

    Configure the IPv6 prefix length to be 64:

    appliance-1(config)# system mgmt-ip config ipv6 prefix-length 64
    

    system mgmt-ip config ipv6 system address

    COMMAND system mgmt-ip config ipv6 system address

    DESCRIPTION Configure an IPv6 management IP address for the system.

    ARGUMENTS

    <ip-address>

    • type: string
    • description: IPv6 address.

    system network config network-range-type

    DESCRIPTION Configure the internal address range.

    ARGUMENTS

    [ RFC1918 RFC6598 ]

    • description: Network range type for internal networking purposes. Available options are:
      • RFC1918: The system uses 10.[0-15]/12, as specified by RFC1918.
      • RFC6598: The system uses 100.64/10, as specified by RFC6598. This option ignores prefix. This is the default value.

    EXAMPLE

    Configure the range type to be RFC6598:

    appliance-1(config)# system network config network-range-type RFC6598
    

    system network config network-range-type RFC1918 chassis-id

    COMMAND system network config network-range-type RFC1918 chassis-id

    DESCRIPTION Set the chassis ID that is used to determine internal address ranges.

    IMPORTANT: F5 strongly recommends that you do not change this setting.

    ARGUMENTS

    chassis-id

    • type: int
    • description: Chassis ID for internal networking purposes. The range is from 1 to 4. The default value is 1.

    system network config network-range-type RFC1918 prefix

    COMMAND system network config network-range-type RFC1918 prefix

    DESCRIPTION

    Configure the internal network prefix index that is used to select the range of IP addresses used internally within the appliance. If needed, select a network prefix that ensures that internal appliance addresses do not overlap with site-local addresses that are accessible to the system.

    ARGUMENTS

    • type: unsignedByte
    • description: Range of internal IP addresses to use. The network prefix indexes range from 0 to 15, and each corresponds to a range of appliance network IP addresses. Available options are:
      • 0 - 10.[0-15].0.0/16
      • 1 - 10.[16-31].0.0/16
      • 2 - 10.[32-47].0.0/16
      • 3 - 10.[48-63].0.0/16
      • 4 - 10.[64-79].0.0/16
      • 5 - 10.[80-95].0.0/16
      • 6 - 10.[96-111].0.0/16
      • 7 - 10.[112-127].0.0/16
      • 8 - 10.[128-143].0.0/16
      • 9 - 10.[144-159].0.0/16
      • 10 - 10.[160-175].0.0/16
      • 11 - 10.[176-191].0.0/16
      • 12 - 10.[192-207].0.0/16
      • 13 - 10.[208-223].0.0/16
      • 14 - 10.[224-239].0.0/16
      • 15 - 10.[240-255].0.0/16

    EXAMPLE

    Configure the internal network range to use 10.[16-31].0.0/16:

    appliance-1(config)# system network config network-range-type RFC1918 prefix 1
    

    system ntp config

    COMMAND system ntp config

    DESCRIPTION Enable the Network Time Protocol (NTP) protocol and indicate that the system should synchronize the system clock with an NTP server defined in the ntp/server list.

    ARGUMENTS

    [ disabled | enabled ]

    • type: enumeration
    • description: Specify enabled to enable using NTP. Specify disabled to disable it.

    EXAMPLE

    Disable the use of NTP:

    appliance-1(config)# system ntp config disabled
    

    system ntp ntp-keys ntp-key

    COMMAND system ntp ntp-keys ntp-key

    DESCRIPTION Configure the list of Network Time Protocol (NTP) authentication keys.

    ARGUMENTS

    config key-id <id>

    • type: unsignedShort
    • description: An identifier used by the client and server to designate a secret key. The client and server must use the same key ID.

    config key-type <type>

    • type: NTP_AUTH_TYPE
    • description: Encryption type used for the NTP authentication key. For example, NTP_AUTH_MD5.

    config key-value <auth-key-value>

    • type: string
    • description: NTP authentication key value.

    system ntp servers server

    COMMAND system ntp servers server

    DESCRIPTION Configure which NTP servers can be used for system clock synchronization. If system ntp is enabled, then the system will attempt to contact and use the specified NTP servers.

    ARGUMENTS

    <ip-address-or-dns-name>

    • type: string
    • description: NTP Server address with which system clock synchronizes. The range is from 1 character to 253 characters.

    <ip-address-or-dns-name> config association-type [ PEER | POOL | SERVER ]

    • type: string
    • description: Classify the NTP configuration using these association types. The default value is SERVER.

    <ip-address-or-dns-name> config iburst [ false | true ]

    • type: boolean
    • description: Specify true to enable iburst for the NTP service. Specify false to disable it.

    <ip-address-or-dns-name> config port <port-number>

    • type: unsignedShort
    • description: Port number on which the NTP Service listens. The default value is 123.

    <ip-address-or-dns-name> config prefer [ false | true ]

    • type: boolean
    • description: Specify true to indicate that this server should be the preferred one. Specify false if not.

    <ip-address-or-dns-name> config version

    • type: unsignedByte
    • description: Version number to put in outgoing NTP packets. The range is from 0 to 4.

    EXAMPLES

    Configure an NTP server with the address pool.ntp.org, where the association type is POOL, and it is the preferred server:

    appliance-1(config)# system ntp servers server pool.ntp.org config association-type POOL prefer true
    appliance-1(config-server-pool.ntp.org)# top
    appliance-1(config)# system ntp config enabled
    appliance-1(config)# commit
    Commit complete.
    

    Configure an NTP server with the address time.f5net.com, where the association type is SERVER, iburst is enabled, port is 123, it is the preferred server, and version number is 4:

    appliance-1(config)# system ntp servers server time.f5net.com
    appliance-1(config-server-time.f5net.com)# config address time.f5net.com
    appliance-1(config-server-time.f5net.com)# config association-type SERVER
    appliance-1(config-server-time.f5net.com)# config iburst true
    appliance-1(config-server-time.f5net.com)# config port 123
    appliance-1(config-server-time.f5net.com)# config prefer true
    appliance-1(config-server-time.f5net.com)# config version 4
    appliance-1(config-server-time.f5net.com)# commit
    Commit complete.
    

    system reboot

    COMMAND system reboot

    DESCRIPTION Trigger a restart of the system. This resets the management IP connection.

    ARGUMENTS

    This command has no arguments.

    EXAMPLE

    Reboot the system and when prompted whether to confirm the reboot, enter yes:

    appliance-1(config)# system reboot
    The reboot of the system results in data plane and management connectivity to be disrupted. Proceed? [no,yes] 
    

    system set-datetime

    COMMAND system set-datetime

    DESCRIPTION Configure the date and time for the system.

    ARGUMENTS

    date <date>

    • type: string
    • description: The system date, in the format YYYY-MM-DD.

    time

    • type: string
    • description: The system time, in the format HH:MM:SS.

    EXAMPLES

    Configure the system date to be 2022-04-11:

    appliance-1(config)# system set-datetime date 2022-04-11
    

    Configure the system time to be 11:11:00:

    appliance-1(config)# system set-datetime date 11:11:00
    

    tenants tenant

    COMMAND tenants tenant

    DESCRIPTION Provision and deploy a tenant on the system.

    ARGUMENTS

    config config <tenant-name>

    • type: string
    • description: User-specified name for a tenant. The minimum length is 1 character, and the maximum length is 50 characters.

    <tenant-name> config appliance-mode [ disabled | enabled ]

    • type: string
    • description: Specify enabled to enable appliance node at the tenant level. Specify disabled to disable it.

    <tenant-name> config cryptos [ disabled | enabled ]

    • type: string
    • description: Specify enabled to enable crypto devices for the tenant level. Specify disabled to disable it.

    <tenant-name> config gateway <ip-address>

    • type: IP Address
    • description: Configure an IPv4 or IPv6 gateway address for the tenant management IP address.

    <tenant-name> config image <image-name>

    • type: string
    • description: Configure an image file to use for the tenant.

    <tenant-name> config memory <amount-of-memory>

    • type: Unsigned long
    • description: Configure the amount of memory in MBs for the tenant. The range is from 4096 to 102400 MBs.

    <tenant-name> config mgmt-ip <ip-address>

    • type: IP Address
    • description: Configure the IPv4 or IPv6 management IP address for tenant management access. You can configure the management IP address only when a tenant is not in the deployed state.

    <tenant-name> config nodes <node-number>

    • type: Unsigned byte
    • description: Configure the node in which to schedule the tenant.

    <tenant-name> config prefix-length <length>

    • type: Unsigned byte
    • description: Configure the prefix length for the management IP of the tenant. The range is from 0 to 128.

    <tenant-name> config running-state [ configured | provisioned | deployed ]

    • type: string
    • description: Configure the desired state of the tenant.

    <tenant-name> config storage size <size>

    • type: Unsigned short
    • description: Configure the storage quota in GBs for the tenant. The default value is 76 GB. The range is from 22 to 700 GB.

    <tenant-name> config type <tenant-type>

    • type: enumeration
    • description: Configure the type (for example, BIG-IP) of the tenant.

    <tenant-name> config vcpu-cores-per-node <number-of-cores>

    • type: Unsigned byte
    • description: Configure the number of logical CPU cores for the tenant.

    <tenant-name> config vlans <vlan-id>

    • type: Unsigned byte
    • description: Configure the VLAN ID from the system VLAN table for the tenant.

    EXAMPLE

    Configure a tenant named bigip-vm of type BIG-IP, using a specified image file, assigned to node 1, using port 22, a management IP address of 192.0.2.61, a netmask of 255.255.255.0, a gateway of 192.0.2.1, using VLAN 100, and a running state of deployed.

    appliance-1(config)# tenants tenant bigip-vm config type BIG-IP image BIGIP-bigip15.1.6.123.ALL-F5OS.qcow2.zip.bundle nodes 1 port 22 mgmt-ip 192.0.2.71 netmask 255.255.255.0 gateway 192.0.2.254 vlans 100 running-state deployed
    

    vlans vlan

    COMMAND vlans vlan

    DESCRIPTION Creates a VLAN object that can be referenced by other configuration commands. This command is intended to be expanded for future use and is currently not necessary for proper configuration of the system.

    ARGUMENTS

    [ <vlan-id> | range ]

    • type: vlan-id
    • description: Integer value for the VLAN or a range of VLAN IDs.

    [ <vlan-id> | range ] config name <name>

    • type: string
    • description: Name of the VLAN. The minimum length is 1 character, and the maximum length is 56 characters.

    [ <vlan-id> | range ] config vlan-id

    • type: unsigned short
    • description: Numerical value of the VLAN tag associated with the VLAN. The range is from 1 to 4094.

    EXAMPLE

    Configure VLAN 100, with the name 100 and a vlan-id of 100:

    appliance-1(config)# vlans vlan 100 config name 100 vlan-id 100
    

    Configure a VLAN range of 100-101:

    appliance-1(config)# vlans vlan range 100-101
    

    operational-mode-commands


    Operational Mode Commands


    autowizard

    COMMAND autowizard

    DESCRIPTION Specify whether to query automatically for mandatory elements.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify true to query automatically for mandatory elements. Specify false to disable it.

    clear

    COMMAND clear

    DESCRIPTION Remove all configuration changes.

    ARGUMENTS

    history

    • description: Clear operational and configuration mode history.

    complete-on-space

    COMMAND complete-on-space

    DESCRIPTION Specify whether to have the CLI complete a command name automatically when you type an unambiguous string and then press the space bar, or have the CLI list all possible completions when you type an ambiguous string and then press the space bar.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify true to enable the ability to have the CLI complete a command name automatically when you press the space bar. Specify false to disable it.

    config

    COMMAND config

    DESCRIPTION Enter configuration mode. In configuration mode, you are editing a copy of the running configuration, called the candidate configuration, not the actual running configuration. Your changes take effect only when you issue a commit command.

    ARGUMENTS

    terminal

    • description: Allow editing from this terminal only. This edits a private copy of the running configuration. This private copy is not locked, so another user could also edit it at the same time.

    no-confirm

    • description: Do not allow a commit confirmation. This edits a private copy of the running configuration and does not allow the commit confirmed command to be used to commit the configuration.

    exclusive

    • description: Specify an exclusive edit mode. This locks the running configuration and the candidate configuration, and edits the candidate configuration. No one else can edit the candidate configuration as long as it is locked.

    describe

    COMMAND describe

    DESCRIPTION Display internal information about how a command is implemented.

    ARGUMENTS

    <command>

    • type: string
    • description: Command for which you want to view implementation information.

    devtools

    COMMAND devtools

    DESCRIPTION Enable/disable development tools.

    ARGUMENTS

    [ true | false ]

    • description: Set to true to enable development tools or false to disable it.

    display-level

    COMMAND display-level

    DESCRIPTION Set the depth of the configuration shown for show commands.

    ARGUMENTS

    <depth>

    • type: unsigned long integer
    • description: Maximum depth to display for show commands. The <depth> can be a value from 1 to 64.

    exit

    COMMAND exit

    DESCRIPTION Exit the CLI session.

    ARGUMENTS This command has no arguments.


    file

    COMMAND file

    DESCRIPTION Perform file operations.

    ARGUMENTS

    For detailed information about these arguments, see the file page under config-mode-commands.

    • delete
    • export
    • import
    • list
    • show
    • tail
    • transfer-status

    help

    COMMAND help

    DESCRIPTION Display help information about a specified command.

    ARGUMENTS

    <command>

    • type: string
    • description: Command for which you want to view help.

    history

    COMMAND history

    DESCRIPTION Configure the command history cache size.

    ARGUMENTS

    <size>

    • type: int
    • description: Number of commands tracked by CLI history. The <size> can be a value from 0 through 1000.

    id

    COMMAND id

    DESCRIPTION Display information about the current user, including user, gid, group, and gids.

    ARGUMENTS This command has no arguments.


    idle-timeout

    COMMAND idle-timeout

    DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.

    ARGUMENTS

    <timeout>

    • type: int
    • description: Number of seconds that the CLI is inactive before a user is logged out. A value of 0 (zero) sets the time to infinity, so the user is never logged out. The timeout can be a value from 0 through 8192 seconds. The default value is 1800 seconds (30 minutes).

    ignore-leading-space

    COMMAND ignore-leading-space

    DESCRIPTION Specify whether to consider or ignore leading whitespace at the beginning of a command.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Set to false to ignore leading whitespace or true to consider it.

    job

    COMMAND job

    DESCRIPTION Perform job operations.

    ARGUMENTS

    stop

    • description: Stop a specified job.

    leaf-prompting

    COMMAND leaf-prompting

    DESCRIPTION Specify whether to enable or disable automatic querying for leaf values.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify false to disable leaf prompting and specify true to enable it.

    logout

    COMMAND logout

    DESCRIPTION Log out a specific session or user from all sessions.

    ARGUMENTS

    session <session-id>

    • type: string
    • description: Log out a specific session by providing a value for <session-id>.

    user <user-name>

    • type: string
    • description: Log out a specific user by providing a value for <user-name>.

    no

    COMMAND no

    DESCRIPTION Delete or unset a configuration command.

    ARGUMENTS

    <command>

    • type: string
    • description: Command to delete or unset.

    paginate

    COMMAND paginate

    DESCRIPTION Specify whether to control the pagination of CLI command output.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify false to display command output continuously, regardless of the CLI screen height. Specify true to display all command output one screen at a time. To display the next screen of output, press the space bar. This is the default setting.

    prompt1

    COMMAND prompt1

    DESCRIPTION Set the operational mode prompt.

    ARGUMENTS

    <prompt-text>

    • type: string
    • description: Text to display at the operational mode prompt. Enclose the text in quotation marks. You can use regular ASCII characters and these special characters:
      • \d - Current date in the format yyyy-mm-dd (for example, 2013-12-02).
      • \h - Hostname up to the first period (.). You configure the hostname with the system hostname command.
      • \H - Full hostname. You configure the hostname with the system hostname command.
      • \s - Source IP address of the local system.
      • \t - Current time in 24-hour hh:mm:ss format.
      • \A - Current time in 24-hour format.
      • \T - Current time in 12-hour hh:mm:ss format.
      • \@ - Current time in 12-hour hh:mm format.
      • \u - Login username of the current user.
      • \m - Mode name.
      • \m{n} - Mode name, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).
      • \M - Mode name in parentheses.
      • \M{n} - Mode name in parentheses, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).

    prompt2

    COMMAND prompt2

    DESCRIPTION Set the configuration mode prompt.

    ARGUMENTS

    <prompt-text>

    • type: string
    • description: Text to display at the operational mode prompt. Enclose the text in quotation marks. You can use regular ASCII characters and these special characters:
      • \d - Current date in the format yyyy-mm-dd (for example, 2013-12-02).
      • \h - Hostname up to the first period (.). You configure the hostname with the system hostname command.
      • \H - Full hostname. You configure the hostname with the system hostname command.
      • \s - Source IP address of the local system.
      • \t - Current time in 24-hour hh:mm:ss format.
      • \A - Current time in 24-hour format.
      • \T - Current time in 12-hour hh:mm:ss format.
      • \@ - Current time in 12-hour hh:mm format.
      • \u - Login username of the current user.
      • \m - Mode name.
      • \m{n} - Mode name, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).
      • \M - Mode name in parentheses.
      • \M{n} - Mode name in parentheses, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).

    pwd

    COMMAND pwd

    DESCRIPTION Display the current path in the configuration hierarchy.

    ARGUMENTS This command has no arguments.


    quit

    COMMAND quit

    DESCRIPTION Exit the CLI session.

    ARGUMENTS This command has no arguments.


    screen-length

    COMMAND screen-length

    DESCRIPTION Configure the length of the terminal window.

    ARGUMENTS

    <number-of-rows>

    • type: int
    • description: The length of the terminal screen, in rows. The <number-of-rows> can be from 0 through 256. When you set the screen length to 0 (zero), the CLI does not paginate command output.

    screen-width

    COMMAND screen-width

    DESCRIPTION Configure the width of the terminal window.

    ARGUMENTS

    <number-of-columns>

    • type: int
    • description: The width of the terminal screen, in columns. The <number-of-rows> can be from 200 through 256.

    script

    COMMAND script

    DESCRIPTION Perform script actions.

    ARGUMENTS

    reload

  • description: Manually reload scripts. Available options are:
    • all: Show information about all scripts, regardless of whether they have been changed.
    • debug: Show additional debug information about scripts.
    • diff: Show information about scripts that have changed since the last reload. This is the default value.
    • errors: Show information about scripts that have errors, regardless of whether they have been changed. Typical errors include invalid file permissions and syntax errors.

  • send

    COMMAND send

    DESCRIPTION Send a message to the terminal of a specified user or all users.

    ARGUMENTS

    [ all | username <\username> ]

    • description: Specify all to send a message to all users. Specify username <username> to send a message only to a specified user.

    <message>

    • type: string
    • description: Contents of message to send to specified user(s).

    show

    COMMAND show

    DESCRIPTION Show information about the system.

    ARGUMENTS

    <system-component>

    • type: string
    • description: The component about which you want to view information.

    show-defaults

    COMMAND show-defaults

    DESCRIPTION Specify whether to display the default configuration.

    ARGUMENTS

    [ false | true ]

    • type: boolean
    • description: Specify true to display the default values. Specify false to hide the default values.

    source

    COMMAND source

    DESCRIPTION Run commands from <file> as if they had been entered by the user.

    ARGUMENTS

    <file>

    • description: User-specified file.

    system

    COMMAND system

    DESCRIPTION Perform system operations. Available options are:

    • aaa - For more information, see system aaa.
    • database - For more information, see system database.
    • diagnostics - For more information, see system diagnostics.
    • events - Clear system events.
    • reboot - Restart the system.

    terminal

    COMMAND terminal

    DESCRIPTION Set the terminal type.

    ARGUMENTS

    [ generic | xterm | vt100 | ansi | linux ]

    • description: The type of terminal. Available options are:
      • generic
      • xterm
      • vt100
      • ansi
      • linux

    timestamp

    COMMAND timestamp

    DESCRIPTION Configure whether to display the timestamp.

    ARGUMENTS

    [ enable | disable ]

    • type: boolean
    • description: Specify enable to show the timestamp. Specify disable to hide the timestamp.

    who

    COMMAND who

    DESCRIPTION Display information on currently-logged on users. The command output displays the session ID, user name, context, from (IP address), protocol, date, and mode (operational or configuration).

    ARGUMENTS This command has no arguments.


    write

    COMMAND write

    DESCRIPTION Display the running configuration of the system on the terminal. This command is equivalent to the show running-config command.

    ARGUMENTS

    terminal

    • description: Displays the running configuration. To show the configuration of a specific component, press the Tab key to view additional options.

    pipe-mode-commands


    Pipe Mode Commands


    annotation

    COMMAND annotation

    DESCRIPTION Display only statements whose annotation matches a provided configuration statement or pattern.

    Note: Only available when the system has been configured with attributes enabled.

    ARGUMENTS

    <statement> <text>

    • type: string
    • description: Statement and text to search in a provided configuration statement.

    append

    COMMAND append

    DESCRIPTION Append command output text to a file.

    ARGUMENTS

    <filename>

    • type: string
    • description: Append command output to a specified file.

    begin

    COMMAND begin

    DESCRIPTION Display the command output starting at the first match of a specified string.

    ARGUMENTS

    <regularexpression-_restricted_subset>

    • type: string
    • description: Text string to find, where command output will begin displaying. The string is case sensitive.

    best-effort

    COMMAND best-effort

    DESCRIPTION Display command output or continue loading a file, even if a failure has occurred that might interfere with this process.

    ARGUMENTS This command has no arguments.


    context-match

    COMMAND context-match

    DESCRIPTION Display the upper hierarchy in which a pattern appears in the configuration.

    ARGUMENTS

    <pattern>

    • type: string
    • description: Characters from the output to match.

    count

    COMMAND count

    DESCRIPTION Count the number of lines in the command output.

    ARGUMENTS This command has no arguments.


    csv

    COMMAND csv

    DESCRIPTION Display table output in CSV format.

    ARGUMENTS This command has no arguments.


    de-select

    COMMAND de-select

    DESCRIPTION Do not show a specified field in the command output.

    ARGUMENTS

    <column-to-de-select>

    • type: string
    • description: The field that you do not want to display in the command output.

    debug

    COMMAND debug

    DESCRIPTION Display debug information.

    ARGUMENTS This command has no arguments.


    details

    COMMAND details

    DESCRIPTION Display the default values for commands in the running configuration.

    ARGUMENTS This command has no arguments.


    display

    COMMAND display

    DESCRIPTION Display options.

    ARGUMENTS This command has no arguments.


    exclude

    COMMAND exclude

    DESCRIPTION Exclude lines from the command output that match a string defined by a specified regular expression.

    ARGUMENTS

    <regular_expression-_restricted_subset>

    • type: string
    • description: String to match when excluding lines from the command output.

    extended

    COMMAND extended

    DESCRIPTION Display referring entries or elements.

    ARGUMENTS This command has no arguments.


    force

    COMMAND force

    DESCRIPTION Log out any users who are locking the configuration.

    ARGUMENTS This command has no arguments.


    hide

    COMMAND hide

    DESCRIPTION Hide display options.

    ARGUMENTS This command has no arguments.


    icount

    COMMAND icount

    DESCRIPTION Count the number of matching instances.

    ARGUMENTS This command has no arguments.


    include

    COMMAND include

    DESCRIPTION Include only lines in the command output that contain the string defined by a specified regular expression.

    ARGUMENTS

    <regular_expression-_restricted_subset>

    • type: string
    • description: String to match when including in the command output.

    linnum

    COMMAND linnum

    DESCRIPTION Display a line number at the beginning of each line in the displayed output.

    ARGUMENTS This command has no arguments.


    match-all

    COMMAND match-all

    DESCRIPTION Display the command output that matches all command output filters.

    ARGUMENTS This command has no arguments.


    match-any

    COMMAND match-any

    DESCRIPTION Display the command output that matches any one of the the command output filters. This is the default behavior when matching command output.

    ARGUMENTS This command has no arguments.


    more

    COMMAND more

    DESCRIPTION Paginate the command output. This is the default behavior.

    ARGUMENTS This command has no arguments.


    nomore

    COMMAND nomore

    DESCRIPTION Do not paginate command output.

    ARGUMENTS This command has no arguments.


    notab

    COMMAND notab

    DESCRIPTION Display tabular command output in a list instead of in a table. If the tabular command output is wider than the screen width, the output automatically displays in a list.

    ARGUMENTS This command has no arguments.


    repeat

    COMMAND repeat

    DESCRIPTION Repeat the output of a show command periodically.

    ARGUMENTS

    <interval-in-seconds>

    • type: int
    • description: How often to repeat the command, in seconds. Type Ctrl-C to terminate the display.

    save

    COMMAND save

    DESCRIPTION Save the command output text to a file.

    ARGUMENTS

    <filename>

    • type: string
    • description: The name of the file where command output is saved.

    select

    COMMAND select

    DESCRIPTION Display selected fields in the command output.

    ARGUMENTS

    <column-to-select>

    • type: string
    • description: The field(s) that you want to display in the command output.

    sort-by

    COMMAND sort-by

    DESCRIPTION Display command output with values sorted in a specified field.

    ARGUMENTS

    <index>

    • type: string
    • description: Name of the field to sort by in the command output.

    suppress-validate-warning-prompt

    COMMAND suppress-validate-warning-prompt

    DESCRIPTION Suppress the validation warning prompt.

    ARGUMENTS This command has no arguments.


    tab

    COMMAND tab

    DESCRIPTION Display tabular command output in table, even if the table is wider than the screen width. If the command output is wider than the screen width, wrap the output onto two or more lines.

    ARGUMENTS This command has no arguments.


    tags

    COMMAND tags

    DESCRIPTION Display only statements with tags that match a pattern.

    ARGUMENTS

    <pattern>

    • type: string
    • description: Characters from the output to match.

    trace

    COMMAND trace

    DESCRIPTION Display trace information.

    ARGUMENTS This command has no arguments.


    until

    COMMAND until

    DESCRIPTION Display the command output, ending with the line that matches a specified string.

    ARGUMENTS

    <regular_expression-_restricted_subset>

    • type: string
    • description: Text string to find to start displaying the command output.

    show-commands

    Show Commands


    show SNMP-FRAMEWORK-MIB

    COMMAND show SNMP-FRAMEWORK-MIB

    DESCRIPTION Display information about the SNMP engine Management Information Base (MIB).

    EXAMPLES

    Display information about the SNMP engine:

    appliance-1# show SNMP-FRAMEWORK-MIB
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:61:81:05:01
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 7
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 127740
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000
    

    show SNMP-MPD-MIB

    COMMAND show SNMP-MPD-MIB

    DESCRIPTION Display information about the SNMP Message Processing and Dispatching (MPD) MIB.

    EXAMPLES

    Display SNMP MPD information:

    appliance-1# show SNMP-MPD-MIB
    SNMP-MPD-MIB snmpMPDStats snmpUnknownSecurityModels 0
    SNMP-MPD-MIB snmpMPDStats snmpInvalidMsgs 0
    SNMP-MPD-MIB snmpMPDStats snmpUnknownPDUHandlers 0
    

    show SNMP-TARGET-MIB

    COMMAND show SNMP-TARGET-MIB

    DESCRIPTION Display information about the SNMP TARGET MIB.

    EXAMPLES

    Display the SNMP TARGET MIB information:

    appliance-1# show SNMP-TARGET-MIB
    SNMP-TARGET-MIB snmpTargetObjects snmpUnavailableContexts 0
    SNMP-TARGET-MIB snmpTargetObjects snmpUnknownContexts 0
    

    show SNMP-USER-BASED-MIB

    COMMAND show SNMP-USER-BASED-MIB

    DESCRIPTION Display information about objects that belong to SNMP files based on user-based security.

    EXAMPLES

    Display the SNMP TARGET user-based information:

    appliance-1# show SNMP-USER-BASED-SM-MIB
    SNMP-USER-BASED-SM-MIB usmStats usmStatsUnsupportedSecLevels 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsNotInTimeWindows 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsUnknownUserNames 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsUnknownEngineIDs 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsWrongDigests 0
    SNMP-USER-BASED-SM-MIB usmStats usmStatsDecryptionErrors 0
    

    show SNMPv2-MIB

    COMMAND show SNMPv2-MIB

    DESCRIPTION Display information about the SNMP version 2 MIB.

    EXAMPLES

    Display the SNMP version 2 MIB information:

    appliance-1# show SNMPv2-MIB
    SNMPv2-MIB system sysDescr "Linux 3.10.0-1160.25.1.F5.4.el7_8.x86_64 : Appliance services version 1.1.0-5810"
    SNMPv2-MIB system sysObjectID 1.3.6.1.2.1.1
    SNMPv2-MIB system sysUpTime 28545699
    SNMPv2-MIB system sysServices 72
    SNMPv2-MIB system sysORLastChange 9
    SNMPv2-MIB snmp snmpInPkts 0
    SNMPv2-MIB snmp snmpInBadVersions 0
    SNMPv2-MIB snmp snmpInBadCommunityNames 0
    SNMPv2-MIB snmp snmpInBadCommunityUses 0
    SNMPv2-MIB snmp snmpInASNParseErrs 0
    SNMPv2-MIB snmp snmpSilentDrops 0
    SNMPv2-MIB snmp snmpProxyDrops 0
    SNMPv2-MIB snmpSet snmpSetSerialNo 836391230
                                                                                                               SYS
    SYS                                                                                                        ORUP
    ORINDEX  SYS ORID             SYS ORDESCR                                                                  TIME
    -----------------------------------------------------------------------------------------------------------------
    1        1.3.6.1.4.1.12276.1  F5 Networks enterprise Platform MIB                                          9
    2        1.3.6.1.2.1.31       The MIB module to describe generic objects for network interface sub-layers  9
    

    show cli

    COMMAND show cli

    DESCRIPTION Display the default CLI session settings.

    ARGUMENTS

    This command has no arguments.

    EXAMPLES

    Display the current default CLI session settings:

    appliance-1# show cli
    autowizard            true
    complete-on-space     false
    devtools              false
    display-level         99999999
    history               100
    idle-timeout          0
    ignore-leading-space  false
    leaf-prompting        true
    output-file           terminal
    paginate              true
    prompt1               \h\M#
    prompt2               \h(\m)#
    screen-length         70
    screen-width          125
    service prompt config true
    show-defaults         false
    terminal              xterm-256color
    timestamp             disable
    

    show cluster

    COMMAND show cluster

    DESCRIPTION Display the current state of the OpenShift cluster and the last 25 OpenShift events that have occurred during installation and during normal operation.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display the current cluster state:

    appliance-1# show cluster
    cluster state
    cluster disk-usage-threshold state warning-limit 85
    cluster disk-usage-threshold state error-limit 90
    cluster disk-usage-threshold state critical-limit 97
    cluster disk-usage-threshold state growth-rate-limit 10
    cluster disk-usage-threshold state interval 60
    cluster nodes node node-1
     state enabled      true
     state node-running-state running
     state node-info creation-time 2022-01-25T23:59:06Z
     state node-info cpu 12
     state node-info pods 110
     state node-info memory 14680280Ki
     state ready-info ready true
     state ready-info last-transition-time 2022-02-24T18:19:32Z
     state ready-info message "kubelet is posting ready status"
     state out-of-disk-info last-transition-time ""
     state out-of-disk-info message ""
     state disk-pressure-info disk-pressure false
     state disk-pressure-info last-transition-time 2022-01-25T23:59:06Z
     state disk-pressure-info message "kubelet has no disk pressure"
     state disk-usage used-percent 37
     state disk-usage growth-rate 0
     state disk-usage status in-range
    DISK DATA  DISK DATA
    NAME       VALUE
    -------------------------
    available  61588611072
    capacity   101817933824
    used       35033628672
    
    STAGE NAME         STATUS  TIMESTAMP            VERSION
    --------------------------------------------------------------
    K3SClusterInstall  done    2022/01/25-23:59:37  1.21.1.1.8.3
    K3SClusterUpgrade  done    2022/02/24-18:15:25  1.21.1.1.8.4
    
    cluster cluster-status summary-status "K3S cluster is initialized and ready for use."
    INDEX  STATUS
    ---------------------------------------------------------------------------------------------
    0      2022-03-28 15:51:01.270528 -  applianceMainEventLoop::Orchestration manager startup.
    1      2022-03-28 15:51:01.274924 -  Can now ping appliance-1.chassis.local (100.65.60.1).
    2      2022-03-28 15:51:01.943806 -  Successfully ssh'd to appliance 127.0.0.1.
    3      2022-03-28 15:51:32.614402 -  Appliance 1 is ready in k3s cluster.
    4      2022-03-28 15:51:32.614469 -  K3S cluster is ready.
    5      2022-03-28 15:52:10.927012 -  K3s IMAGE update is succeeded.
    6      2022-04-02 20:17:29.409150 -  K3S cluster is NOT ready.
    7      2022-04-02 20:17:44.199082 -  K3S cluster is ready.
    8      2022-04-04 11:19:35.495921 -  Failed to ssh to 127.0.0.1.
    9      2022-04-04 11:20:06.155860 -  Successfully ssh'd to appliance 127.0.0.1.
    

    show cluster cluster-status

    COMMAND show cluster cluster-status

    DESCRIPTION Display the current state of a specific OpenShift event that has occurred during installation and during normal operation.

    ARGUMENTS

    cluster-status <event-number>

    • description: Show a specific OpenShift event.

    cluster-status summary-status

    • description: Show a summary of the status.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display cluster status:

    appliance-1# show cluster cluster-status
    cluster cluster-status summary-status "K3S cluster is initialized and ready for use."
    INDEX  STATUS
    ---------------------------------------------------------------------------------------------
    0      2022-03-28 15:51:01.270528 -  applianceMainEventLoop::Orchestration manager startup.
    1      2022-03-28 15:51:01.274924 -  Can now ping appliance-1.chassis.local (100.65.60.1).
    2      2022-03-28 15:51:01.943806 -  Successfully ssh'd to appliance 127.0.0.1.
    3      2022-03-28 15:51:32.614402 -  Appliance 1 is ready in k3s cluster.
    4      2022-03-28 15:51:32.614469 -  K3S cluster is ready.
    5      2022-03-28 15:52:10.927012 -  K3s IMAGE update is succeeded.
    6      2022-04-02 20:17:29.409150 -  K3S cluster is NOT ready.
    7      2022-04-02 20:17:44.199082 -  K3S cluster is ready.
    8      2022-04-04 11:19:35.495921 -  Failed to ssh to 127.0.0.1.
    9      2022-04-04 11:20:06.155860 -  Successfully ssh'd to appliance 127.0.0.1.
    

    show cluster disk-usage-threshold

    COMMAND show cluster disk-usage-threshold

    DESCRIPTION Display the current configuration of disk usage threshold.

    ARGUMENTS

    state critical-limit

    • description: The percentage of disk usage allowed before triggering a critical alarm.

    state error-limit

    • description: The percentage of disk usage allowed before triggering an error alarm.

    state growth-rate-limit

    • description: The percentage of disk usage growth rate allowed.

    state interval

    • description: The interval measured, in minutes, at which disk usage is monitored.

    state warning-limit

    • description: The percentage of disk usage allowed before triggering a warning alarm.

    EXAMPLE

    Display the current configuration for all disk usage threshold options:

    appliance-1# show cluster disk-usage-threshold
    cluster disk-usage-threshold state warning-limit 85
    cluster disk-usage-threshold state error-limit 90
    cluster disk-usage-threshold state critical-limit 97
    cluster disk-usage-threshold state growth-rate-limit 10
    cluster disk-usage-threshold state interval 60
    

    show cluster events

    COMMAND show cluster events

    DESCRIPTION Display information about cluster events, including namespace, type, reason, object and message.

    ARGUMENTS

    [ message | namespace | object | reason | type ]

    • description: Display specific information about a cluster event.

    show cluster install-status

    COMMAND show cluster install-status

    DESCRIPTION Display the status of the OpenShift cluster installation, including the state of the various stages of the OpenShift installation.

    ARGUMENTS

    This command has no arguments.


    show cluster nodes

    COMMAND show cluster nodes node

    DESCRIPTION Display the state of a specific node in the system.

    ARGUMENTS

    node <node>

    • type: string
    • description: Specific node to display.

    EXAMPLE

    Display the state of the node node-1:

    appliance-1# show cluster nodes node node-1
    cluster nodes node node-1
     state enabled      true
     state node-running-state running
     state node-info creation-time 2022-01-25T23:59:06Z
     state node-info cpu 12
     state node-info pods 110
     state node-info memory 14680280Ki
     state ready-info ready true
     state ready-info last-transition-time 2022-02-24T18:19:32Z
     state ready-info message "kubelet is posting ready status"
     state out-of-disk-info last-transition-time ""
     state out-of-disk-info message ""
     state disk-pressure-info disk-pressure false
     state disk-pressure-info last-transition-time 2022-01-25T23:59:06Z
     state disk-pressure-info message "kubelet has no disk pressure"
     state disk-usage used-percent 37
     state disk-usage growth-rate 0
     state disk-usage status in-range
    DISK DATA  DISK DATA
    NAME       VALUE
    -------------------------
    available  61418614784
    capacity   101817933824
    used       35203624960
    
    TENANT
    NAME    QAT DEVICE NAME    BDF
    ------------------------------------
    big-ip  qat_dev_vf000pf00  f4:00.1
            qat_dev_vf001pf00  f4:00.2
            qat_dev_vf002pf00  f4:00.3
            qat_dev_vf003pf00  f4:00.4
            qat_dev_vf004pf00  f4:00.5
            qat_dev_vf005pf00  f4:00.6
    

    show cluster state

    COMMAND show cluster state

    DESCRIPTION Display the current state of the cluster.

    ARGUMENTS

    This command has no arguments.


    show components

    COMMAND show components

    DESCRIPTION Display information about hardware inventory and firmware components.

    ARGUMENTS

    The availability of options for this command depends on which hardware component you are configuring.

    component <specific-component>

    • type: string
    • description: Name of the specific component. Available options are:
    • cpu
    • integrated-circuit
    • properties
    • psu-stats
    • software
    • state
    • storage
    • subcomponents

    component properties property

    • type: string
    • description: View information about firmware properties to verify the firmware version for components or verify that a firmware update has completed successfully. When a firmware update is in progress, the UPDATE STATUS is running, and it changes to complete when the update completes.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLES

    Display details about psu-1:

    appliance-1# show components component psu-1
    components component psu-1
     state serial-no 19CS30011421
     state part-no PWR-0334-05
     state empty false
     psu-stats psu-current-in 0.24
     psu-stats psu-current-out 4.4
     psu-stats psu-voltage-in 205.7
     psu-stats psu-voltage-out 12.0
     psu-stats psu-temperature-1 39.0
     psu-stats psu-temperature-2 35.0
     psu-stats psu-temperature-3 42.0
     psu-stats psu-fan-1-speed 6100
    

    Display all information about the platform:

    appliance-1# show components component platform
    components component platform
     state description    r4800
     state serial-no      f5-abcd-efgh
     state part-no        "200-0417-01 REV A"
     state empty          false
     state tpm-integrity-status Valid
     state memory available 6555197440
     state memory free 2038071296
     state memory used-percent 90
     state memory platform-total 15032606720
     state memory platform-used 8178208768
     state temperature current 26.0
     state temperature average 26.8
     state temperature minimum 26.0
     state temperature maximum 27.0
     fantray fan-stats fan-1-speed 9900
     fantray fan-stats fan-2-speed 9800
     fantray fan-stats fan-3-speed 9800
     fantray fan-stats fan-4-speed 9700
                                                                                   UPDATE
    NAME                        NAME  VALUE                          CONFIGURABLE  STATUS
    ---------------------------------------------------------------------------------------
    QAT0                        -     Snow Ridge Crypto/Compression  false         -
    fw-version-bios             -     0.95.081.1                     false         none
    fw-version-bmc              -     0.93.34                        false         none
    fw-version-bmc-slot1        -     34.0.93                        false         none
    fw-version-bmc-slot2        -     34.0.93                        false         none
    fw-version-cpld             -     0x0A                           false         none
    fw-version-drive-m.2.slot1  -     95420100                       false         none
    fw-version-drive-nvme0      -     95420100                       false         none
    fw-version-sirr             -     1.1.39                         false         none
    
     storage state disks disk nvme0n1
      state model Micron_7300_MTFDHBA480TDF
      state vendor Micron
    ...
    

    show configuration commit changes

    COMMAND show configuration commit changes

    DESCRIPTION Display changes that were made to the running configuration by previous configuration commits, including changes committed for a specified commit ID.

    ARGUMENTS

    <id>

    • type: int
    • description: Display information for a specific configuration commit.

    EXAMPLES

    Display information about the last commit:

    appliance-1# show configuration commit changes
    !
    ! Created by: admin
    ! Date: 2022-04-06 21:40:06
    ! Client: system
    !
    system aaa authentication users user big-ip
     config username big-ip
    !
    system aaa authentication users user big-ip
     config expiry-date 1
     config role tenant-console
    !
    

    Display information about commit ID 11:

    appliance-1# show configuration commit changes 11
    !
    ! Created by: admin
    ! Date: 2022-03-24 15:51:35
    ! Client: cli
    !
    system ntp servers server ntp.pool.org
     config address ntp.pool.org
    !
    system ntp servers server ntp.pool.org
    !
    

    show configuration commit list

    COMMAND show configuration commit list

    DESCRIPTION Display information about the configuration commits stored in the commit database.

    ARGUMENTS

    <number-of-commits>

    • type: int
    • description: Display a specific number of configuration commits.

    EXAMPLE

    Display information about the five most recent configuration commits:

    appliance-1# show configuration commit list 5
    2022-04-06 22:55:48
    SNo. ID       User       Client      Time Stamp          Label       Comment
    ~~~~ ~~       ~~~~       ~~~~~~      ~~~~~~~~~~          ~~~~~       ~~~~~~~
    0    10101    admin      system      2022-04-06 21:40:06
    1    10100    admin      rest        2022-04-06 21:40:06
    2    10099    admin      system      2022-04-04 18:14:53
    3    10098    admin      system      2022-04-04 18:10:49
    4    10097    system     system      2022-04-04 18:10:05
    

    show configuration rollback changes

    COMMAND show configuration rollback changes

    DESCRIPTION Display changes that would be made by the rollback configuration command or to display the list of commit IDs.

    ARGUMENTS

    <id>

    • type: int
    • description: Display information for a specific configuration commit.

    EXAMPLE

    Display changes that would be made by rolling back to the most recent configuration commit:

    appliance-1# show configuration rollback changes
    no system aaa authentication users user big-ip
    

    show file

    COMMAND show file

    DESCRIPTION Display current configuration for known hosts and status of file transfers.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    known-hosts

    • description: Show hosts listed in the system known_hosts file.

    transfer-operations

    • description: Show recent file transfer operations.

    EXAMPLE

    Display the status of recent file transfers:

    appliance-1# file transfer-status
    result
    S.No.|Operation  |Protocol|Local File Path                                             |Remote Host         |Remote File Path                                            |Status            |Time
    1    |Import file|HTTPS   |images/tenant/BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle  |sea.company.com|v15.1.6/daily/build3.0/VM/BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle|In Progress (12.0%)|Wed Apr  6 23:00:37 2022
    

    show history

    COMMAND show history

    DESCRIPTION Display a history of commands run on the system.

    ARGUMENTS

    • type: int
    • description: Number of commands to show in the command history.

    EXAMPLE

    Display the last three commands that were run on the system:

    appliance-1# show history 3
    23:03:57 -- idle-timeout 0
    23:04:00 -- show file transfer-operations
    23:04:12 -- show system mgmt-ip
    

    show images

    COMMAND show images

    DESCRIPTION Display all tenant images imported to the system. Also shows which image is currently in use and its status.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display all tenant images on the system:

    appliance-1# show images
                                                   IN
    NAME                                           USE    STATUS
    ----------------------------------------------------------------
    BIGIP-15.1.5-0.0.10.ALL-F5OS.qcow2.zip.bundle  true   verified
    BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle   false  verified
    

    show interfaces

    COMMAND show interfaces

    DESCRIPTION Display information about front-panel network interfaces. This includes options for link aggregation.

    ARGUMENTS

    <interface-name>

    • type: string
    • description: Limit the output to the specified interface. Available options are:
      • 1.0 - <n>.0
      • <lag-name>

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    <interface-name> aggregation

    • description: Limit the output to aggregation-specific information for the specified interface(s).

    <interface-name> ethernet

    • description: Limit the output to Ethernet-specific information for the specified interface(s).

    <interface-name> state

    • description: Limit the output to the operational state of the specified interface(s).

    EXAMPLES

    Display only the first level of interface information:

    appliance-1# show interfaces displaylevel 1
    interfaces interface 1.0
    interfaces interface 2.0
    interfaces interface 3.0
    interfaces interface 4.0
    interfaces interface 5.0
    interfaces interface 6.0
    interfaces interface 7.0
    interfaces interface 8.0
    interfaces interface mgmt
    

    Display information only about interface 2.0:

    appliance-1# show interfaces interface 2.0
    interfaces interface 2.0
     state name               2.0
     state type               ethernetCsmacd
     state mtu                9600
     state enabled            true
     state ifindex            24
     state oper-status        DOWN
     state counters in-octets 0
     state counters in-unicast-pkts 0
     state counters in-broadcast-pkts 0
     state counters in-multicast-pkts 0
     state counters in-discards 0
     state counters in-errors 0
     state counters in-fcs-errors 0
     state counters out-octets 0
     state counters out-unicast-pkts 0
     state counters out-broadcast-pkts 0
     state counters out-multicast-pkts 0
     state counters out-discards 0
     state counters out-errors 0
     state forward-error-correction auto
     state lacp_state         LACP_DEFAULTED
     ethernet state port-speed SPEED_100GB
     ethernet state hw-mac-address 00:94:a1:69:34:12
     ethernet state counters in-mac-control-frames 0
     ethernet state counters in-mac-pause-frames 0
     ethernet state counters in-oversize-frames 0
     ethernet state counters in-jabber-frames 0
     ethernet state counters in-fragment-frames 0
     ethernet state counters in-8021q-frames 0
     ethernet state counters in-crc-errors 0
     ethernet state counters out-mac-control-frames 0
     ethernet state counters out-mac-pause-frames 0
     ethernet state counters out-8021q-frames 0
     ethernet state flow-control rx on
    

    Display information about a LAG interface named test-lag:

    appliance-1# show interfaces interface test-lag
    interfaces interface test-lag
    state name               test-lag
    state type               ieee8023adLag
    state mtu                9600
    state oper-status        DOWN
    state forward-error-correction auto
    ethernet state flow-control rx on
    aggregation state lag-type STATIC
    aggregation state lag-speed 0
    aggregation state distribution-hash src-dst-ipport
    aggregation state mac-address 00:94:a1:69:34:26
    aggregation state lagid 1
    MEMBER  MEMBER
    NAME    STATUS
    ----------------
    1.0     DOWN
    

    show lacp

    COMMAND

    show lacp

    DESCRIPTION

    Display the current LACP configuration and state information for global and all LACP interfaces.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display information about configured LACP interfaces:

    appliance-1# show lacp
    lacp state system-id-mac 00:12:a1:69:34:23
    lacp interfaces interface lacp-test
     state name lacp-test
     state interval SLOW
     state lacp-mode ACTIVE
    

    show lacp interfaces

    COMMAND

    show lacp interfaces

    DESCRIPTION

    Show current LACP state for all LACP interfaces.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    system-id-mac

    • description: Combination of LACP system-priority and the stack MAC address.

    system-priority

    • description: Priority assigned to the system for LACP. A smaller value indicates a higher priority.

    show lacp state for a specific lacp interface

    COMMAND

    show lacp interfaces interface

    DESCRIPTION

    Show current LACP config and state information for an LACP interface.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    <interface-name>

    • description: The interface to display.

    EXAMPLE

    Display information about the testLAG interface:

    appliance-1# show lacp interfaces interface testLAG
    lacp interfaces interface testLAG
     state name    testLAG
     state interval FAST
     state lacp-mode ACTIVE
     state system-id-mac 0:12:a1:8e:4c:8
    

    show lacp state

    COMMAND

    show lacp state

    DESCRIPTION

    Display global LACP state information.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    system-id-mac

    • description: Combination of LACP system-priority and the stack MAC address.

    system-priority

    • description: Priority assigned to the system for LACP. A smaller value indicates a higher priority.

    EXAMPLE

    Display the global state of LACP:

    appliance-1# show lacp state
    lacp state system-id-mac 00:12:a1:66:e0:08
    

    show lldp

    COMMAND show lldp

    DESCRIPTION Display the information about Link Layer Discovery Protocol (LLDP) on the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    interfaces interface <interface-name>

    • type: string
    • description: Name of a specific LLDP interface.

    state

    • type: string
    • description: Show the state for a specific option. Available options are:
      • chassis-id
      • chassis-id-type
      • disabled
      • enabled
      • system-description
      • system-name

    EXAMPLES

    Display all LLDP information:

    appliance-1# show lldp
    lldp state enabled
    lldp state chassis-id f5-abcd-efgh
    lldp state chassis-id-type LOCAL
    lldp interfaces interface 1.0
     state name 1.0
     state enabled
     state counters frame-in 0
     state counters frame-out 4202
    

    Show whether LLDP is enabled or disabled:

    appliance-1# show lldp state enabled
    lldp state enabled
    

    show parser

    COMMAND show parser

    DESCRIPTION Display information about available commands and their syntax.

    ARGUMENTS

    dump

    • description: Display information about all available commands.

    EXAMPLE

    Display information about all commands:

    appliance-1# show parser dump
    autowizard [false/true]
    clear history
    complete-on-space [false/true]
    config [no-confirm]
    config
    config exclusive [no-confirm]
    config exclusive
    config terminal [no-confirm]
    config terminal
    describe autowizard
    describe clear history
    describe complete-on-space
    describe config
    describe describe
    describe devtools
    describe display-level
    describe exit
    describe file
    describe file
    describe file
    describe file
    describe file show
    describe file tail
    describe file
    describe help
    describe history
    describe id
    describe idle-timeout
    describe ignore-leading-space
    describe job stop
    describe leaf-prompting
    describe logout session
    describe logout user
    describe no history
    describe paginate
    describe prompt1
    describe prompt2
    describe pwd
    describe quit
    describe reset
    describe reset
    describe screen-length
    describe screen-width
    describe script reload
    ...
    

    show port-profile

    COMMAND show port-profile

    DESCRIPTION Display information about port profiles.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    port-profile state

    • description: Display the currently-configured port profile.

    EXAMPLE

    Display the currently-configured port profile:

    appliance-1# show port-profile state
    port-profile state mode 8x10G
    

    show portgroups

    COMMAND show portgroups

    DESCRIPTION Display information about portgroups.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    portgroup <specific-portgroup>

    • description: Limit the output to the specified portgroup.

    portgroup <specific-portgroup> state

    • description: Limit the output to the operational state of the specified portgroup(s). Available options are:
      • ddm
      • displaylevel
      • media
      • optic-state
      • transmitter-technology
      • vendor-name
      • vendor-oui
      • vendor-partnum
      • vendor-revision
      • vendor-serialnum

    EXAMPLES

    Display all information about portgroup 5:

    appliance-1# show portgroups portgroup 5
    portgroups portgroup 5
     state vendor-name "F5 INC."
     state vendor-oui 009065
     state vendor-partnum "OPT-0017        "
     state vendor-revision A0
     state vendor-serialnum "AWH16HF         "
     state media      10GBASE-LR
     state optic-state QUALIFIED
     state ddm rx-pwr low-threshold alarm -20.0
     state ddm rx-pwr low-threshold warn -18.01
     state ddm rx-pwr instant val-lane1 -2.21
     state ddm rx-pwr high-threshold alarm 2.5
     state ddm rx-pwr high-threshold warn 2.0
     state ddm tx-pwr low-threshold alarm -8.0
     state ddm tx-pwr low-threshold warn -7.0
     state ddm tx-pwr instant val-lane1 -1.39
     state ddm tx-pwr high-threshold alarm 2.0
     state ddm tx-pwr high-threshold warn 1.0
     state ddm temp low-threshold alarm -13.0
     state ddm temp low-threshold warn -8.0
     state ddm temp instant val 23.1132
     state ddm temp high-threshold alarm 78.0
     state ddm temp high-threshold warn 73.0
     state ddm bias low-threshold alarm 0.015
     state ddm bias low-threshold warn 0.02
     state ddm bias instant val-lane1 0.036342
     state ddm bias high-threshold alarm 0.085
     state ddm bias high-threshold warn 0.08
     state ddm vcc low-threshold alarm 2.9
     state ddm vcc low-threshold warn 3.0
     state ddm vcc instant val 3.35
     state ddm vcc high-threshold alarm 3.7
     state ddm vcc high-threshold warn 3.6
    

    Display only the optic-state of portgroup 5:

    appliance-1# show portgroups portgroup 5 state optic-state
    state optic-state QUALIFIED
    

    show restconf-state

    COMMAND show restconf-state

    DESCRIPTION Display capabilities supported by the RESTCONF server.

    ARGUMENTS

    capabilities capability

    • description: Display all capabilities supported by the RESTCONF server.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display all supported capabilities:

    appliance-1# show restconf-state
    restconf-state capabilities capability urn:ietf:params:restconf:capability:defaults:1.0?basic-mode=report-all
    restconf-state capabilities capability urn:ietf:params:restconf:capability:depth:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:fields:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:with-defaults:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:filter:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:replay:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:yang-patch:1.0
    restconf-state capabilities capability http://tail-f.com/ns/restconf/collection/1.0
    restconf-state capabilities capability http://tail-f.com/ns/restconf/query-api/1.0
    restconf-state capabilities capability http://tail-f.com/ns/restconf/unhide/1.0
    

    show running-config

    COMMAND show running-config

    DESCRIPTION Display the current configuration for the system. By default, the whole configuration is displayed. You can limit what is shown by supplying a pathfilter. The pathfilter may be either a path pointing to a specific instance, or if an instance id is omitted, the part following the omitted instance is treated as a filter.

    ARGUMENTS

    For information about these arguments, see these sections on the show-SNMP-FRAMEWORK-MIB page.

    • SNMP-COMMUNITY-MIB
    • SNMP-NOTIFICATION-MIB
    • SNMP-TARGET-MIB
    • SNMP-USER-BASED-SM-MIB
    • SNMP-VIEW-BASED-ACM-MIB
    • SNMPv2-MIB
    • cluster
    • components
    • file
    • interfaces
    • lacp
    • lldp
    • port-profile
    • portgroups
    • system
    • tenants
    • vlans

    EXAMPLE

    Display the current running configuration for file operations:

    appliance-1# show running-config file
    file config concurrent-operations-limit 5
    

    Display information about interface 8.0:

    appliance-1# show running-config interfaces interface 8.0
    interfaces interface 8.0
     config type ethernetCsmacd
     config enabled
    !
    

    show service-pods

    COMMAND show service-pods

    DESCRIPTION

    A system service is deployed in a Pod.

    IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    service-pod

    • type: string
    • description: Display information about a specific service pod.

    EXAMPLES

    Display information about the pod image version:

    appliance-1# show service-pods service-pod pod-image-version
                            POD
                            IMAGE
    SERVICE NAME            VERSION
    ---------------------------------
    compute                 2.4.16
    coredns                 1.8.3
    kube-flannel            0.13.0
    kube-multus             3.6.3
    kube-sriov-cni          1.0.2
    kube-sriovdp            1.0.0
    lb-port-443             v0.2.0
    local-path-provisioner  v0.0.19
    metrics-server          v0.3.6
    pause                   3.1
    traefik-ingress-lb      2.4.8
    virt-api                2.4.16
    virt-controller         2.4.16
    virt-handler            2.4.16
    virt-operator           2.4.16
    

    show system aaa

    COMMAND show system aaa

    DESCRIPTION Display system user authentication information, including information about roles, users, primary key, server groups, and TLS.

    ARGUMENTS

    authentication

    • description: Display information about users and user roles.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    primary-key

    • description: Display information about the system's primary key.

    server-groups

    • description: Display information about configured server groups.

    tls

    • description: Display information about TLS certificates and CRLs.

    EXAMPLE

    Display the default system accounts:

    appliance-1# show system aaa authentication
              LAST        TALLY  EXPIRY
    USERNAME  CHANGE      COUNT  DATE    ROLE
    -----------------------------------------------------
    admin     0           0      -1      admin
    root      2022-04-05  0      -1      root
    vm1       0           0      1       tenant-console
    
    ROLENAME        GID   USERS
    -----------------------------
    admin           9000  -
    operator        9001  -
    root            0     -
    tenant-console  9100  -
    

    Display information for the primary key:

    appliance-1# show system aaa primary-key
    

    Show the TLS certificate:

    appliance-1# show system aaa primary-key
    

    Show the current CRLs in the system:

    appliance-1# show system aaa tls crls crl
    

    show system alarms

    COMMAND show system alarms

    DESCRIPTION Display information about system alarms.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display active alarm conditions:

    appliance-1# show system alarms
    system alarms alarm 66307 lcd
     state severity ERROR
     state text   "Module communication error detected"
     state time-created "2022-04-08 15:15:15.601624499 UTC"
    

    show system appliance-mode

    COMMAND show system appliance-mode

    DESCRIPTION Check the current state of appliance mode. It can be either enabled or disabled.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    ihealth

    • description: Display configured iHealth information.

    EXAMPLE

    Display the current state of appliance mode:

    appliance-1# show system diagnostics ihealth
    system diagnostics ihealth state username ""
    system diagnostics ihealth state server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
    system diagnostics ihealth state authserver https://api.f5.com/auth/pub/sso/login/ihealth-api
    

    show system clock

    COMMAND show system clock

    DESCRIPTION Display the current time configured for the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    state appliance

  • description: Display the current time configured for the system.
  • state timezone-name

  • description: Display the current time zone name configured for the system.
  • EXAMPLES

    Display the currently-configured time zone name:

    appliance-1# show system clock
    system clock state timezone-name Etc/UTC
    system clock state appliance date-time "2022-04-08 23:28:05 Etc/UTC"
    

    Display the current time for the system:

    appliance-1# show system clock state appliance
    system clock state appliance date-time "2022-04-08 23:29:00 Etc/UTC"
    

    show system diagnostics

    COMMAND show system diagnostics

    DESCRIPTION Display iHealth information.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    ihealth

    • description: Display configured iHealth information.

    EXAMPLE

    Display the iHealth configuration for the system:

    appliance-1# show system diagnostics ihealth
    system diagnostics ihealth state username ""
    system diagnostics ihealth state server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
    system diagnostics ihealth state authserver https://api.f5.com/auth/pub/sso/login/ihealth-api
    

    show system dns

    COMMAND show system dns

    DESCRIPTION Display information about DNS servers configured for the system to use.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    host-entries

    • description: Display configured host entries (search domains).

    servers

    • description: Display configured DNS lookup servers.

    EXAMPLE

    Display all configured DNS servers:

    appliance-1# show system dns servers
    ADDRESS       ADDRESS  PORT
    -----------------------------
    192.168.10.1  -        53
    192.168.11.1  -        53
    

    show system events

    COMMAND show system events

    DESCRIPTION Display information about system events.

    EXAMPLE

    Display system events:

    appliance-1# show system events
    system events event
     log "66305 psu-1 psu-fault EVENT NA \"Presence detected\" \"2022-04-05 15:11:22.031819100 UTC\""
    system events event
     log "66304 appliance module-present EVENT NA \"Fan tray present\" \"2022-04-05 15:11:22.032649847 UTC\""
    system events event
     log "65543 appliance aom-fault EVENT NA \"MFG Lockout On\" \"2022-04-05 15:11:22.034033579 UTC\""
    system events event
     log "65543 appliance aom-fault ASSERT ERROR \"Fault detected in the AOM\" \"2022-04-08 10:00:02.962848108 UTC\""
    system events event
     log "65543 appliance aom-fault EVENT NA \"Bmc Health Self test failed: Device-specific 'internal' failure.\" \"2022-04-08 10:00:02.962896530 UTC\""
    system events event
     log "65543 appliance aom-fault CLEAR ERROR \"Fault detected in the AOM\" \"2022-04-08 11:00:02.959761260 UTC\""
    system events event
     log "65543 appliance aom-fault EVENT NA \"Bmc Health Self test passed\" \"2022-04-08 11:00:02.959789898 UTC\""
    

    show system health

    COMMAND show system health

    DESCRIPTION Display health information about system components.

    ARGUMENTS

    The availability of options for this command depends on the hardware component for which you want to view health information.

    components component <specific-component> [ [ firmware | hardware | services ] <specific-component> ] ]

    • type: string
    • description: Name of the specific component. Available options are:
      • appliance
      • fantray
      • lcd
      • psu-1
      • psu-2 (available if a dual-drive system only)

    EXAMPLES

    Display high-level hardware health state for the fan tray:

    appliance-1# show system health components component fantray hardware state
    KEY                         NAME      HEALTH  SEVERITY
    --------------------------------------------------------
    appliance/hardware/fantray  Fan Tray  ok      info
    

    Display health information about system memory:

    appliance-1# show system health components component fantray hardware appliance/hardware/fantray
    hardware appliance/hardware/fantray
     state name "Fan Tray"
     state health ok
     state severity info
    NAME                       DESCRIPTION            HEALTH  SEVERITY  VALUE  UPDATED AT
    -------------------------------------------------------------------------------------------------
    module:present             Module present status  ok      info      true   2022-04-05T15:11:19Z
    p5a:sensor:speed:fan:fan1  Fan1 (RPM)             ok      info      9900   2022-04-08T23:00:04Z
    p5a:sensor:speed:fan:fan2  Fan2 (RPM)             ok      info      9800   2022-04-08T23:00:04Z
    p5a:sensor:speed:fan:fan3  Fan3 (RPM)             ok      info      9800   2022-04-08T23:00:04Z
    p5a:sensor:speed:fan:fan4  Fan4 (RPM)             ok      info      9900   2022-04-08T23:00:04Z
    

    Display the status of the QKView service on the system:

    appliance-1# show system health components component appliance services appliance/services/qkviewd
    services appliance/services/qkviewd
     state name qkviewd
     state health ok
     state severity info
    NAME                               DESCRIPTION                               HEALTH  SEVERITY  VALUE  UPDATED AT
    ----------------------------------------------------------------------------------------------------------------------------
    container:event:attach             Container attach event                    ok      info      0      2022-04-05T15:11:21Z
    container:event:die                Container die event                       ok      info      0      2022-04-05T15:11:21Z
    container:event:exec-create        Container exec create event               ok      info      0      2022-04-05T15:11:21Z
    container:event:exec-detach        Container exec detach event               ok      info      0      2022-04-05T15:11:21Z
    container:event:exec-die           Container exec die event                  ok      info      0      2022-04-05T15:11:21Z
    container:event:exec-start         Container exec start event                ok      info      0      2022-04-05T15:11:21Z
    container:event:kill               Container kill event                      ok      info      0      2022-04-05T15:11:21Z
    container:event:restart            Container restart event                   ok      info      0      2022-04-05T15:11:21Z
    container:event:restart-last-hour  Container restart count in the last hour  ok      info      0      2022-04-05T15:11:21Z
    container:event:start              Container start event                     ok      info      0      2022-04-05T15:11:21Z
    container:event:stop               Container stop event                      ok      info      0      2022-04-05T15:11:21Z
    container:running                  Container running                         ok      info      true   2022-04-08T23:36:20Z
    

    show system image

    COMMAND show system image

    DESCRIPTION Display information about the installed Base OS image on the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    install

    • description: Display only installed image information.

    EXAMPLES

    Display the currently-installed Base OS image on the system:

    appliance-1# show system image install
    system image state install install-os-version 1.1.0-5810
    system image state install install-service-version 1.1.0-5810
    system image state install install-status none
    

    Display information about all imported Base OS images:

    appliance-1# show system image
                                    IN
    VERSION OS  STATUS  DATE        USE
    --------------------------------------
    1.1.0-5810  ready   2022-04-04  true
    
    VERSION                         IN
    SERVICE     STATUS  DATE        USE
    --------------------------------------
    1.1.0-5810  ready   2022-04-04  true
    
    VERSION                         IN
    ISO         STATUS  DATE        USE
    ---------------------------------------
    1.1.0-5810  ready   2022-04-04  false
    

    show system licensing

    COMMAND show system licensing

    DESCRIPTION Display information about system license.

    EXAMPLE

    Display information about the license activated on the system (Note that actual license key values are not shown below):

    appliance-1# show system licensing
    system licensing license
                             Licensed version    1.1.0
                             Registration Key    XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX
                             Licensed date       2022/03/14
                             License start       2022/02/10
                             License end         2022/05/05
                             Service check date  2022/04/05
                             Platform ID         C131
                             Appliance SN        f5-abcd-efgh
    
                             Active Modules
                              Local Traffic Manager, r4800 (318092989)
                               BIG-IP, DNS and GTM Upgrade (1K TO MAX)
                               Routing Bundle
                               Advanced Protocols
                               Advanced Web Application Firewall, r4XXX
                               Advanced Firewall Manager, r4XXX
                               BIG-IP, DNS (1K)
                               Rate Shaping
                               Anti-Virus Checks
                               Base Endpoint Security Checks
                               Firewall Checks
                               Machine Certificate Checks
                               Network Access
                               Protected Workspace
                               Secure Virtual Keyboard
                               APM, Web Application
                               App Tunnel
                               Remote Desktop
                               DNS Rate Fallback, Unlimited
                               DNS Rate Limit, Unlimited QPS
                               GTM Rate Fallback, (UNLIMITED)
                               GTM Rate, Unlimited
                               Carrier Grade NAT (AFM ONLY)
                               APM, Limited
                               Protocol Security Manager
                               Max SSL, r4800
                               Max Compression, r4800
                               DNSSEC
    

    show system locator

    COMMAND show system locator

    DESCRIPTION Display whether the system locator function is enabled. This function illuminates the F5 logo ball so that you can more easily locate a chassis in a data center.

    EXAMPLE

    Display whether the system locator is enabled:

    appliance-1# show system locator
    system locator state disabled
    

    show system logging

    COMMAND show system logging

    DESCRIPTION Display information about remote logging.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    host-logs

    • description: Display configured settings for sending host logs to remote logging servers.

    show system mgmt-ip

    COMMAND show system mgmt-ip

    DESCRIPTION Display information about configured management IP addresses.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    state ipv4 [ gateway | prefix-length | system ]

    • description: Display specified options for an IPv4 management IP address.

    state ipv6 [ gateway | prefix-length | system ]

    • description: Display specified options for an IPv6 management IP address.

    EXAMPLE

    Display information about all configured management IP addresses:

    appliance-1# show system mgmt-ip
    system mgmt-ip state ipv4 system address 192.0.2.102
    system mgmt-ip state ipv4 prefix-length 24
    system mgmt-ip state ipv4 gateway 192.0.2.254
    system mgmt-ip state ipv6 system address ::
    system mgmt-ip state ipv6 prefix-length 0
    system mgmt-ip state ipv6 gateway ::
    

    Display only the gateway for a configured IPv4 management IP address:

    appliance-1# show system mgmt-ip state ipv4 gateway
    system mgmt-ip state ipv4 gateway 192.0.2.254
    

    show system network

    COMMAND show system network

    DESCRIPTION Display information about the configured and active internal network addresses.

    ARGUMENTS

    This command has no arguments.

    EXAMPLE

    Display information about the currently-configured internal network:

    appliance-1# show system network
    system network state configured-network-range-type RFC6598
    system network state configured-network-range 100.64.0.0/12
    system network state active-network-range-type RFC6598
    system network state active-network-range 100.64.0.0/12
    

    show system ntp

    COMMAND show system ntp

    DESCRIPTION Display the current state of the Network Time Protocol (NTP) service.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display the current state of NTP on the system:

    appliance-1# show system ntp
    system ntp state disabled
    

    show system ntp ntp-keys

    COMMAND show system ntp ntp-keys

    DESCRIPTION Display a list of configured NTP authentication keys.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    ntp-key <key-id>

    • description: An identifier used by the client and server to designate a secret key.

    show system ntp servers

    COMMAND show system ntp servers

    DESCRIPTION Displays a list of configured NTP servers.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    EXAMPLE

    Display configured NTP servers:

    appliance-1# show system ntp servers
    system ntp servers server ntp.pool.org
     state address    ntp.pool.org
     state port       123
     state version    4
     state association-type SERVER
     state iburst     false
     state prefer     false
    

    show system state

    COMMAND show system state

    DESCRIPTION Display information about the system, such as domain name, login banner, and hostname.

    ARGUMENTS

    base-mac:

    • description: Show the system-allocated base MAC for the system.

    boot-time

    • description: Show the boot time for the system.

    current-datetime

    • description: Show the date and time for the system.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    domain-name

    • description: Show the domain name for the system.

    hostname

    • description: Show the hostname for the system.

    login-banner

    • description: Show the login banner for the system.

    mac-pool-size

    • description: Show the MAC pool size for the system.

    motd-banner

    • description: Show the message of the day (MOTD) banner for the system.

    EXAMPLES

    Display the current date and time:

    appliance-1# show system state current-datetime
    system state current-datetime "2022-04-08 23:51:09 Etc/UTC"
    

    Display the hostname for the system:

    appliance-1# show system state hostname
    system state hostname appliance-1
    

    Display the login banner for the system:

    appliance-1# show system state login-banner
    system state login-banner UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
    

    Display the message of the day (MOTD) banner for the system:

    appliance-1# show system state motd-banner
    system state motd-banner ATTENTION! This system is scheduled for maintenance in two days.
    

    show tenants

    COMMAND show tenants

    DESCRIPTION Display the state of all configured tenants in the system.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Display the state of configured tenants on the current system:

    appliance-1# show tenants
    tenants tenant big-ip
     state name          big-ip
     state unit-key-hash Cl2Hpf4K3RZXmhTEQPQ3orKjj4GsNrlCaLsOAdQ3I9c2SG6uWpan08OkIWKNOyEVnrYBvxA5TQQRaOSm/H+ftQ==
     state type          BIG-IP
    state image         BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle
     state mgmt-ip       192.0.2.61
     state prefix-length 24
     state gateway       192.0.2.254
     state vlans         [ 3962 ]
     state cryptos       enabled
     state vcpu-cores-per-node 2
     state memory        7680
     state storage size 76
     state running-state deployed
     state mac-data base-mac 00:12:a1:34:56:b1
     state mac-data mac-pool-size 1
     state appliance-mode disabled
     state status        Starting
     state primary-slot  1
     state image-version "BIG-IP 15.1.6 0.0.3"
     NDI      MAC
    ----------------------------
    default  14:a9:d0:01:62:0e
    
          POD    INSTANCE
    NODE  NAME   ID        PHASE    CREATION TIME         READY TIME            STATUS                   MGMT MAC
    ------------------------------------------------------------------------------------------------------------------------
    1     big-ip 1         Running  2022-04-05T16:10:12Z  2022-04-05T16:10:14Z  Started tenant instance  00:12:a1:34:56:b1
    

    show tenants tenant

    COMMAND show tenants tenant

    DESCRIPTION Displays the state of a specific configured tenants in the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    tenant-name

    • type: string
    • description: Specific tenant name.

    EXAMPLE

    Display the state of a tenant named bigip:

    appliance-1# show tenants tenant bigip
    tenants tenant big-ip
     state name          big-ip
     state unit-key-hash Cl2Hpf4K3RZXmhTEQPQ3orKjj4GsNrlCaLsOAdQ3I9c2SG6uWpan08OkIWKNOyEVnrYBvxA5TQQRaOSm/H+ftQ==
     state type          BIG-IP
    state image         BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle
     state mgmt-ip       192.0.2.61
     state prefix-length 24
     state gateway       192.0.2.254
     state vlans         [ 3962 ]
     state cryptos       enabled
     state vcpu-cores-per-node 2
     state memory        7680
     state storage size 76
     state running-state deployed
     state mac-data base-mac 00:12:a1:34:56:b1
     state mac-data mac-pool-size 1
     state appliance-mode disabled
     state status        Starting
     state primary-slot  1
     state image-version "BIG-IP 15.1.6 0.0.3"
     NDI      MAC
    ----------------------------
    default  14:a9:d0:01:62:0e
    
          POD    INSTANCE
    NODE  NAME   ID        PHASE    CREATION TIME         READY TIME            STATUS                   MGMT MAC
    ------------------------------------------------------------------------------------------------------------------------
    1     big-ip 1         Running  2022-04-05T16:10:12Z  2022-04-05T16:10:14Z  Started tenant instance  00:12:a1:34:56:b1
    

    show vlans

    COMMAND show vlans

    DESCRIPTION Displays configured VLAN objects.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.

    vlan <vlan-id>

    • type: vlan-id
    • description: Display information only about a specified VLAN.

    EXAMPLE

    Display all configured VLANs:

    appliance-1# show vlans
    VLAN
    ID    INTERFACE
    -----------------
    3962  1.0