COMMAND abort
DESCRIPTION Abort a configuration session.
ARGUMENTS This command has no arguments.
COMMAND annotate
DESCRIPTION Associate an annotation (comment) with a given configuration or validation statement or pattern. To remove an annotation, leave the text empty.
Note: Only available when the system has been configured with attributes enabled.
ARGUMENTS
COMMAND clear
DESCRIPTION Remove all configuration changes.
ARGUMENTS
COMMAND commit
DESCRIPTION Commit the current set of changes to the running configuration.
ARGUMENTS
persist-id
<id> argument.persist-id
argument.COMMAND compare
DESCRIPTION Compare two configuration subtrees.
ARGUMENTS
COMMAND copy
DESCRIPTION Copy the running configuration.
ARGUMENTS
COMMAND describe
DESCRIPTION Display detailed information about a command.
ARGUMENTS
COMMAND do
DESCRIPTION Run a command in operational (user) mode.
ARGUMENTS
COMMAND end
DESCRIPTION Exit configuration mode. If no changes have been made to the configuration, you are prompted to save before exiting configuration mode.
ARGUMENTS
COMMAND exit
DESCRIPTION Exit from the current mode in the configuration or exit configuration mode completely.
ARGUMENTS
COMMAND help
DESCRIPTION Display help information about a specified command.
ARGUMENTS
COMMAND insert
DESCRIPTION Insert a parameter or element.
ARGUMENTS
COMMAND move
DESCRIPTION Move an element or parameter.
ARGUMENTS
COMMAND no
DESCRIPTION Delete or unset a configuration command.
ARGUMENTS
COMMAND pwd
DESCRIPTION Display the current path in the configuration hierarchy.
ARGUMENTS This command has no arguments.
COMMAND resolved
DESCRIPTION Indicate that conflicts have been resolved.
ARGUMENTS This command has no arguments.
COMMAND revert
DESCRIPTION Copy the running configuration.
ARGUMENTS
COMMAND rollback
DESCRIPTION Returns the configuration to a previously committed configuration.
ARGUMENTS
EXAMPLES
Return to the configuration changes made in rollback versions 0 and 1:
appliance-1(config)# rollback configuration 1
Return to the configuration changes made only in rollback version 1:
appliance-1(config)# rollback selective 1
COMMAND show
DESCRIPTION Display a specified parameter.
ARGUMENTS
COMMAND tag
DESCRIPTION Configure statement tags.
ARGUMENTS
COMMAND top
DESCRIPTION Exit to the top level of the configuration hierarchy. You can optionally run a command after exiting to the top level.
ARGUMENTS
COMMAND validate
DESCRIPTION
Verify that the candidate configuration contains no errors. This performs the same operation as commit check
.
ARGUMENTS This command has no arguments.
COMMAND cluster nodes node
DESCRIPTION Configure whether a node is enabled or disabled on the system.
ARGUMENTS
EXAMPLE
Disable node-1 on the system:
appliance-1(config)# cluster nodes node node-1 config disabled
COMMAND cluster disk-usage-threshold
DESCRIPTION Configure options for triggering disk usage alarms.
ARGUMENTS
COMMAND components
DESCRIPTION
Configure properties for hardware components.
ARGUMENTS
The availability of options for this command depends on which hardware component you are configuring.
COMMAND fdb mac-table entries entry
DESCRIPTION Configure a Layer 2 forwarding database (FDB) entry in the system.
IMPORTANT: The FDB table is managed by the system, and manual configuration requires intricate knowledge of the hardware data path. You should configure an FDB object only under the guidance of F5 Technical Support. Manually configuring FDB objects can potentially impact the flow of network traffic through the system.
ARGUMENTS
xx:xx:xx:xx:xx:xx
.COMMAND file config concurrent-operations-limit
DESCRIPTION Specify how many concurrent file operations are allowed at a time.
ARGUMENTS
EXAMPLE
Limit the number of concurrent file operations to 10:
appliance-1-active# file config concurrent-operations-limit 10
COMMAND file known-hosts known-host
DESCRIPTION
Add the IP address (and therefore, the public key) of a specified remote-host to the system known_hosts
file.
ARGUMENTS
COMMAND file import
DESCRIPTION
Transfer a remote file to the system. These directories are available for use for file import
operations on the system:
ARGUMENTS
EXAMPLE
Transfer a file named myfile.iso
from the remote host files.company.com
on port 443
to the images/staging
directory on the system:
appliance-1(config)# file import local-file images/staging remote-file images/myfile.iso remote-host files.company.com remote-port 443
result File transfer is initiated.(images/staging/myfile.iso)
COMMAND file export
DESCRIPTION
Transfer a file from the system to a remote system. These directories are available for use for file export
operations on the system:
ARGUMENTS
EXAMPLE
Transfer a file named appliance.log
from the local host to the /home/jdoe/
directory at files.company.com
, using the username jdoe
:
appliance-1(config)# file export local-file log/host/appliance.log remote-host files.company.com remote-file home/jdoe/appliance.log username jdoe password
Value for 'password' (<string>): *********
result File transfer is initiated.(log/host/appliance.log)
COMMAND file abort-transfer
DESCRIPTION Cancel an in-progress file transfer operation.
ARGUMENTS
EXAMPLE
Cancel a specified in-progress file transfer:
appliance-1# file abort-transfer operation-id IMPORT-T7FsjGIf
Aborting will stop the file transfer. Do you want to proceed? [yes/no] yes
result File transfer abort operation initiated.
COMMAND file delete
DESCRIPTION
Delete a specified file from the system. You can use file delete
only on files in the diags/shared
and core
directories.
ARGUMENTS
EXAMPLE
Delete a specified QKView file from the system:
appliance-1(config)# file delete file-name diags/shared/qkview/qkview.tar
result Deleting the file
COMMAND file list
DESCRIPTION Display a list of directories and files in a specified path.
ARGUMENTS
EXAMPLE
Display a list of files in images/staging
:
appliance-1(config)# file list path images/staging
entries {
name
F5OS-A-1.6.0-7890.CANDIDATE.iso
}
COMMAND file show
DESCRIPTION Display the contents of a specified file. This command works only in operational mode, not config mode.
ARGUMENTS
EXAMPLE
Display the contents of the file log/appliance.log
:
appliance-1# file show log/host/appliance.log
2021-11-08 13:48:56.925181150 - Registry port is 2000 for orchestration-manager
2021-11-08 21:49:07.870995 - OMD log is initialized
2021-11-08 21:49:07.870995 - 8:1266673408 - applianceMainEventLoop::Orchestration manager startup.
2021-11-08 21:49:07.873428 - 8:1249888000 - Can now ping appliance-1.chassis.local (100.65.60.1).
2021-11-08 21:54:13.842022 - 8:1266673408 - Waiting for connectivity checks on System.
2021-11-08 21:54:39.498702 - 8:1249888000 - Successfully ssh'd to appliance 127.0.0.1.
2021-11-08 21:54:55.758399 - 8:1266673408 - Connectivity checks passed for System.
2021-11-08 21:55:38.332719 - 8:1266673408 - K3S cluster installation in appliance is succeeded.
2021-11-08 21:56:00.811884 - 8:1266673408 - Appliance 1 is ready in k3s cluster.
appliance-flannel_image|localhost:2000/appliance-flannel:0.13.0
...
COMMAND file tail
DESCRIPTION Display only the last 10 lines of a specified file. This command works only in operational mode, not config mode.
ARGUMENTS
EXAMPLES
Display only the last 10 lines of log/host/appliance.log
:
appliance-1# file tail log/host/appliance.log
Upgrade found appliance-flannel_image|localhost:2001/appliance-flannel:0.13.0
appliance-multus_image|localhost:2001/appliance-multus:3.6.0
Upgrade found appliance-multus_image|localhost:2001/appliance-multus:3.6.0
2021-11-10 17:33:36.195643 - 8:695531264 - K3s IMAGE update is succeeded.
2021-11-11 21:46:29.832495 - 8:469759744 - K3S cluster is NOT ready.
2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.
Display the last 10 lines of log/host/appliance.log
and keep appending output as the file grows:
appliance-1(config)# file tail -f log/host/appliance.log
Upgrade found appliance-flannel_image|localhost:2001/appliance-flannel:0.13.0
appliance-multus_image|localhost:2001/appliance-multus:3.6.0
Upgrade found appliance-multus_image|localhost:2001/appliance-multus:3.6.0
2021-11-10 17:33:36.195643 - 8:695531264 - K3s IMAGE update is succeeded.
2021-11-11 21:46:29.832495 - 8:469759744 - K3S cluster is NOT ready.
2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.
Display only the last five lines of log/appliance.log
:
appliance-1(config)# file tail -n 5 log/host/appliance.log
2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.
COMMAND file transfer-status
DESCRIPTION Display the status of file transfer operations. This command works in both operational mode and config mode.
ARGUMENTS
EXAMPLE
Check the status of file transfers:
appliance-1(config)# file transfer-status
result
S.No.|Operation |Protocol|Local File Path |Remote Host |Remote File Path |Status
1 |Import file|HTTPS |images/staging/myfile.iso |files.company.com |images/myfile.iso |In Progress (15.0%)
COMMAND fips hsm force-init
DESCRIPTION Perform a forced initialization of the embedded FIPS hardware security module (HSM).
IMPORTANT: This erases all data on the FIPS HSM and does not require authentication.
NOTE: All fips
commands are available only on platforms with an embedded FIPS HSM.
ARGUMENTS
EXAMPLE
Force initialize the FIPS HSM:
appliance-1(config)# fips hsm force-init
COMMAND fips hsm init
DESCRIPTION Perform an initialization of the embedded FIPS hardware security module (HSM).
IMPORTANT: This erases all data on the FIPS HSM and requires authentication.
ARGUMENTS
EXAMPLE
Initialize the FIPS HSM:
appliance-1(config)# fips hsm init
COMMAND fips hsm reset
DESCRIPTION Reset the embedded FIPS hardware security module (HSM).
ARGUMENTS
EXAMPLE
Reset the FIPS HSM:
appliance-1(config)# fips hsm reset
COMMAND fips set-partition
DESCRIPTION Create a FIPS partition or configure an existing FIPS partition.
ARGUMENTS
EXAMPLE
Create a FIPS partition:
appliance-1(config)# fips set-partition name PARTITION_2
COMMAND fips remove-partition
DESCRIPTION Delete a FIPS partition.
ARGUMENTS
EXAMPLE
Remove a FIPS partition:
appliance-1(config)# fips remove-partition name PARTITION_2
COMMAND fips set-firmware
DESCRIPTION Upgrade the firmware version for the embedded FIPS hardware security module (HSM).
ARGUMENTS
EXAMPLE
Upgrade the FIPS HSM firmware with a firmware image already on the FIPS management container:
appliance-1(config)# fips set-firmware source internal image CNN35XX-NFBE-FW-2.08-12
Value for 'so-password' (<string, min: 7 chars, max: 30 chars>): ********
result fips firmware has been set successfully. please reset hsm to reflect the update!
COMMAND images remove
DESCRIPTION Remove tenant image.
ARGUMENTS
EXAMPLE
Remove the .bundle file named BIGIP-15.1.5-0.0.11.ALL-F5OS.zip.bundle
:
appliance-1(config)# images remove name BIGIP-15.1.5-0.0.11.ALL-F5OS.zip.bundle
result Successful.
COMMAND interfaces interface
DESCRIPTION Configure network interface attributes.
ARGUMENTS
ieee8023adLag
when creating LAG interfaces.EXAMPLE
Configure a description for interface 1.0 and verify that it was configured correctly:
appliance-1(config)# interfaces interface 1.0 config description "100G Link"
appliance-1(config-interface-1/1.0)# commit
Commit complete.
appliance-1(config-interface-1.0)# exit
appliance-1(config)# end
appliance-1# show running-config interfaces interface 1.0 config
interfaces interface 1/1.0
config name 1.0
config type ethernetCsmacd
config description "100G Link"
config enabled
!
COMMAND interfaces interface <lag-name> aggregation config
DESCRIPTION Configure link aggregation groups (LAGs) and their attributes.
ARGUMENTS
EXAMPLE
Create a LAG named test-lag
that uses dst-mac
for the hash, assign trunk VLAN IDs 99
and 101
, and then verify that it was configured correctly:
appliance-1(config)# interfaces interface test-lag aggregation config distribution-hash dst-mac
appliance-1(config)# commit
appliance-1(config)# interfaces interface test-lag aggregation switched-vlan config trunk-vlans [ 99 101 }
appliance-1(config)# commit
appliance-1# show running-config interfaces interface test-lag aggregation switched-vlan config
interfaces interface test-lag
aggregation switched-vlan config trunk-vlans [ 99 101 }
!
COMMAND interfaces interface <interface-name> ethernet
DESCRIPTION Configure physical interfaces attributes.
ARGUMENTS
COMMAND interfaces interface mgmt ethernet config
DESCRIPTION Configure Ethernet options for the management interface.
ARGUMENTS
true
to enable auto negotiate or false
to disable it.FULL
to enable full duplex on an interface or set to HALF
to enable half duplex on an interface.EXAMPLE
Configure the management interface to use the FULL
duplex mode:
appliance-1(config)# interfaces interface mgmt ethernet config duplex-mode FULL
COMMAND iptunnels iptunnel geneve
DESCRIPTION Configure network virtualization using GENEVE (Generic Network Virtualization Encapsulation) tunnel.
ARGUMENTS
true
to enable support for IP tunnel type or false
to disable it. The default value is false
.COMMAND iptunnels iptunnel nvgre
DESCRIPTION Configure network virtualization using NVGRE (Network Virtualization using Generic Routing Encapsulation) tunnel.
ARGUMENTS
ethertype
are a hexadecimal value, with a leading '0x' followed by 4 digits.COMMAND iptunnels iptunnel vxlan
DESCRIPTION Configure network virtualization using VXLAN (Virtual Extensible LAN) multipoint tunnel.
ARGUMENTS
true
to enable support for VXLAN GPE tunnel type or false
to disable it. The default value is false
.true
to enable support for VXLAN GPE NSH tunnel type or false
to disable it. The default value is false
.COMMAND lacp config system-priority
DESCRIPTION
System priority and system MAC are combined as system-id
, which is required by the LACP protocol. System MAC is not configurable.
ARGUMENTS
32768
.EXAMPLES
Configure system priority to be 1000
:
appliance-1(config)# lacp config system-priority 1000
COMMAND lacp interfaces interface <lag-interface> config name <interface>
DESCRIPTION
Configure LACP to manage the LAG interface. To use LACP to manage a LAG interface, the LAG interface must already exist or be created first. LAG interfaces can have multiple interface members, and the LAG interface state is up as long as there is at least one active member. There must be valid VLANs attached to LAG interface to pass user traffic. Be sure that the VLAN exists before attaching it to a LAG interface.
ARGUMENTS
FAST
to have packets sent every second. Set the interval to SLOW
to have packets sent every 30 seconds.PASSIVE
to place a port into a passive negotiating state, in which the port responds to received LACP packets, but does not initiate LACP negotiation. Set to ACTIVE
to place a port into an active negotiating state, in which the port initiates negotiations with other ports by sending LACP packets.xx:xx:xx:xx:xx:xx
.EXAMPLES
Configure an LACP interface, set it to place the port into an active negotiating state, and set the interval to have packets sent every second:
appliance-1(config)# lacp interfaces interface lag1 config lacp-mode ACTIVE interval FAST
Create a LAG interface named lag1
with the type ieee8023adLag
:
appliance-1(config)# interfaces interface lag1 config type ieee8023adLag; commit
Enable LACP on a LAG interface named lag1
:
appliance-1(config)# interfaces interface lag1 aggregation config lag-type LACP; commit
Create an LACP interface named lag1
with default parameters (internal
is set to SLOW
, lacp-mode
is set to ACTIVE
):
appliance-1(config)# lacp interfaces interface lag1 config name lag1; commit
Add interface 1.0 and 2.0 as interface members into a LAG named lag1
:
appliance-1(config)# interfaces interface 1.0 ethernet config aggregate-id lag1
appliance-1(config)# interfaces interface 2.0 ethernet config aggregate-id lag1
appliance-1(config)# commit
Attach VLANs 1000 and 1001 to a LAG interface named lag1
:
appliance-1(config)# interfaces interface lag1 aggregation switched-vlan config trunk-vlans [ 1000 1001 }
appliance-1(config)# commit
COMMAND lldp config
DESCRIPTION Configure Link Layer Discovery Protocol (LLDP) on the system.
ARGUMENTS
10
.2
.2
.4
.30
.EXAMPLE
Configure a system-description for LLDP and verify that it was configured correctly:
appliance-1(config)# lldp config system-description "Test system description"
appliance-1(config)# commit
Commit complete.
appliance-1(config)# end
appliance-1# show running-config lldp config
lldp config enabled
lldp config system-description "Test system description"
lldp config tx-interval 30
lldp config tx-hold 4
lldp config reinit-delay 2
lldp config tx-delay 2
lldp config max-neighbors-per-port 10
COMMAND lldp interfaces interface <interface-name> config
DESCRIPTION Configure LLDP attributes for an interface.
ARGUMENTS
EXAMPLE
Configure a tlv-advertisement-state for LLDP interface 1.0 and verify that it was configured correctly:
appliance-1(config)# lldp interfaces interface 1.0 config tlv-advertisement-state txrx
appliance-1(config-interface-1.0)# commit
Commit complete.
appliance-1(config-interface-1.0)# top
appliance-1(config)# end
appliance-1# show running-config lldp interfaces interface 1.0
lldp interfaces interface 1.0
config name 1.0
config enabled
config tlv-advertisement-state txrx
config tlvmap chassis-id,port-id,ttl,port-description,system-name,system-description,system-capabilities,pvid,ppvid,vlan-name,protocol-identity,macphy,link-aggregation,power-mdi,mfs,product-model
!
COMMAND port-mappings port-mapping
DESCRIPTION Configure port mapping for front-panel interfaces.
ARGUMENTS
COMMAND portgroups portgroup
DESCRIPTION Configure port group attributes.
ARGUMENTS
EXAMPLE
Configure a port group on interface 1 to use a DDM polling frequency of 20 seconds:
appliance-1(config)# portgroups portgroup 1 config ddm ddm-poll-frequency 20
Configure the port mode on interface 1 to be MODE_25GB:
appliance-1(config)# portgroups portgroup 1 config mode MODE_25GB
COMMAND
SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry <community-name> snmpCommunityName <community-name> snmpCommunitySecurityName <community-name>
DESCRIPTION Configure an SNMP community.
ARGUMENTS
EXAMPLE
Configure the SNMP community name to be test_community
:
appliance-1(config)# SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry test_community snmpCommunityName test_community snmpCommunitySecurityName test_community
COMMAND
SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry <vacmSecurityModel> <community-name> vacmGroupName <group-name>
DESCRIPTION Configure SNMP VIEW BASED ACM for the specified community. This configuration maps a combination of securityModel and securityName into a groupName that is used to define an access control policy for a group of principals.
ARGUMENTS
1
for SNMP v1, and the default value is 2
for SNMP v2c.NOTE: Use group-name as read-access
while configuring the SNMP VACM.
EXAMPLE
Configure the SNMP v2c VACM read access
group for community test_community
:
appliance-1(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 2 test_community vacmGroupName read-access
Configure the SNMP v1 VACM read access
group for community test_community
:
appliance-1(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 1 test_community vacmGroupName read-access
IMPORTANT: To enable SNMP Traps, a DUT is required when configuring with snmpNotifyTable
, snmpTargetParamsTable
, and snmpTargetAddrTable
, as shown below.
COMMAND
SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry <snmpNotifyName> snmpNotifyTag <snmpNotifyName> snmpNotifyType trap
DESCRIPTION Configure the SNMP NOTIFICATION MIB Table. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.
ARGUMENTS
EXAMPLE
Configure the SNMP NOTIFICATION MIB entry to be v2_trap
for trap
notifications:
appliance-1(config)# SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry v2_trap snmpNotifyTag v2_trap snmpNotifyType trap
COMMAND
SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry <snmpTargetParamsName> snmpTargetParamsMPModel <snmpTargetParamsMPModel> snmpTargetParamsSecurityModel <snmpTargetParamsSecurityModel> snmpTargetParamsSecurityName <snmpTargetParamsSecurityName> snmpTargetParamsSecurityLevel <snmpTargetParamsSecurityLevel>
DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetParamsTable. This table is used in the generation of SNMP messages.
ARGUMENTS
NOTE: snmpTargetParamsMPModel = SNMPv1(0), SNMPv2c(1)
NOTE: snmpTargetParamsSecurityModel = ANY(0), SNMPv1(1), SNMPv2c(2)
NOTE: This must be one of the configured SNMP communities.
NOTE: This must be noAuthNoPriv
for SNMP v1 and v2c.
EXAMPLES
Configure the SNMP snmpTargetParamsTable to be group2
for SNMP v2 model with test_community
:
appliance-1(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group2 snmpTargetParamsMPModel 1 snmpTargetParamsSecurityModel 2 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv
Configure the SNMP snmpTargetParamsTable to be group1
for SNMP v1 model with test_community
:
appliance-1(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group1 snmpTargetParamsMPModel 0 snmpTargetParamsSecurityModel 1 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv
COMMAND
SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry <snmpTargetAddrName> snmpTargetAddrTDomain <snmpTargetAddrTDomain> snmpTargetAddrTAddress <snmpTargetAddrTAddress> snmpTargetAddrTagList <snmpTargetAddrTagList> snmpTargetAddrParams <snmpTargetAddrParams>
DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetAddrTable. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.
ARGUMENTS
NOTE: Use OID 1.3.6.1.6.1.1 for IPv4 and 1.3.6.1.2.1.100.1.2 for IPv6.
Notes: For an IPv4 address, the value should be ipv4 + port (6 dot-separated octets).
For an IPv6 address, the value should be ipv6 + port (18 dot-separated octets).
NOTE: This value must be one of the configured snmpNotifyTable rows (snmpNotifyName).
EXAMPLES
Configure the SNMP snmpTargetAddrTable to be v2_trap
with ipv4 address x.x.x.x
and port 6011
:
Port Octet Conversion:
6011 >> 8 = 23 (1st octet)
6011 & 255 = 123 (2nd octet)
appliance-1(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v2_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v2_trap snmpTargetAddrParams group2
Configure the SNMP snmpTargetAddrTable to be v1_trap
with ipv4 address x.x.x.x
and port 6011
:
appliance-1(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v1_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v1_trap snmpTargetAddrParams group1
COMMAND stp
DESCRIPTION Configure Spanning Tree Protocol (STP) on the system.
COMMAND stp global config enabled-protocol
DESCRIPTION
Configures whether Spanning Tree Protocol (STP) is enabled on the system. If empty, STP is disabled. There can be only one spanning tree protocol enabled at a time. When configuring anything for stp stp, stp rstp, or stp mstp, ensure that the respective protocol has been configured as the global enabled-protocol
.
When any spanning-tree protocol is configured, all interfaces in the system not configured for the respective spanning-tree protocol will be blocked to avoid broadcast storms. Deleting the enabled-protocol removes the blocking state.
ARGUMENTS
EXAMPLE
Enable STP as the as the global STP protocol and verify that it was configured correctly:
appliance-1(config)# stp global config enabled-protocol [ STP } ; commit
Commit complete.
appliance-1(config)# show full-configuration stp global
stp global config enabled-protocol [ STP ]
Enable RSTP as the as the global STP protocol and verify that it was configured correctly:
appliance-1(config)# stp global config enabled-protocol [ RSTP ] ; commit
Commit complete.
appliance-1(config)# show full-configuration stp global
stp global config enabled-protocol [ RSTP ]
Enable MSTP as the as the global STP protocol and verify that it was configured correctly:
appliance-1(config)# stp global config enabled-protocol [ MSTP ] ; commit
Commit complete.
appliance-1(config)# show full-configuration stp global
stp global config enabled-protocol [ MSTP ]
Disable STP on the system:
appliance-1(config)# no stp global config enabled-protocol ; commit
Commit complete.
appliance-1(config)# show full-configuration stp global
% No entries found.
COMMAND stp interfaces interface
DESCRIPTION Configure specific STP features for an interface.
ARGUMENTS
COMMAND stp mstp config
DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the MSTP protocol.
ARGUMENTS
EXAMPLES
Configure MSTP named my-region
with a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds, a hold count of 7 BPDUs per second, a revision level of 1, and a maximum hop of 21 hops, and then verify that it was configured correctly:
appliance-1(config)# stp mstp config forwarding-delay 16 hello-time 3 max-age 21 hold-count 7 name my-region revision 1 max-hop 21 ; commit
Commit complete.
appliance-1(config)# show full-configuration stp mstp config
stp mstp config name my-region
stp mstp config revision 1
stp mstp config max-hop 21
stp mstp config hello-time 3
stp mstp config max-age 21
stp mstp config forwarding-delay 16
stp mstp config hold-count 7
COMMAND stp mstp mst-instances mst-instance
DESCRIPTION Configure a specific MST instance.
ARGUMENTS
EXAMPLE
Configure MST instance 5 with a bridge priority of 36864, MST identifier of 5, and mapped to VLANs 100 and 101, and then verify that it was configured correctly:
appliance-1(config)# stp mstp mst-instances mst-instance 5 config bridge-priority 36864 mst-id 5 vlan [ 100 101 ]
appliance-1(config-mst-instance-5)# commit
Commit complete.
appliance-1(config-mst-instance-5)# show full
stp mstp mst-instances mst-instance 5
config mst-id 5
config vlan [ 100 101 ]
config bridge-priority 36864
!
COMMAND stp mstp mst-instances mst-instance {mst-id} interfaces interface
DESCRIPTION Configure data for MSTP on each interface. Must be configured in conjunction with an STP interface
ARGUMENTS
EXAMPLE
Configure MST instance 5 with interface 1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:
appliance-1(config)# show full-configuration stp interfaces
stp interfaces interface 1
config name 1
config edge-port EDGE_AUTO
config link-type P2P
!
appliance-1(config)# stp mstp mst-instances mst-instance 5 interfaces interface 1 config name 1 cost 100 port-priority 128 ; commit
Commit complete.
appliance-1(config-interface-1)# top
appliance-1(config)# show full-configuration stp mstp mst-instances mst-instance 5
stp mstp mst-instances mst-instance 5
config mst-id 5
config vlan [ 100 101 ]
config bridge-priority 36864
interfaces interface 1
config name 1
config cost 100
config port-priority 128
!
COMMAND stp rstp config
DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the RSTP protocol.
ARGUMENTS
EXAMPLES
Configure RSTP with a bridge priority of 36864, a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds, a hold count of 7 BPDUs per seconds, and then verify that it was configured correctly:
appliance-1(config)# stp rstp config bridge-priority 36864 forwarding-delay 16 hello-time 3 max-age 21 hold-count 7 ; commit
Commit complete.
appliance-1(config)# show full-configuration stp rstp config
stp rstp config hello-time 3
stp rstp config max-age 21
stp rstp config forwarding-delay 16
stp rstp config hold-count 7
stp rstp config bridge-priority 36864
COMMAND stp rstp interfaces interface
DESCRIPTION Configuration data for MSTP on each interface. Must be configured in conjunction with an STP interface.
ARGUMENTS
EXAMPLE
Configure RSTP instance 1 with interface 1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:
appliance-1(config)# show full-configuration stp interfaces
stp interfaces interface 1
config name 1
config edge-port EDGE_AUTO
config link-type P2P
!
appliance-1(config)# stp rstp interfaces interface 1 config name 1 cost 100 port-priority 128 ; commit
Commit complete.
appliance-1(config-interface-1)# show full
stp rstp interfaces interface 1
config name 1
config cost 100
config port-priority 128
!
COMMAND stp stp config bridge-priority
DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the MSTP protocol.
ARGUMENTS
EXAMPLES
Configure STP with a bridge priority of 36864, a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds, a hold count of 7 BPDUs per seconds, and then verify that it was configured correctly:
appliance-1(config)# stp stp config bridge-priority 36864 forwarding-delay 16 hello-time 3 hold-count 7 max-age 21 ; commit
Commit complete.
appliance-1(config)# show full-configuration stp stp config
stp stp config hello-time 3
stp stp config max-age 21
stp stp config forwarding-delay 16
stp stp config hold-count 7
stp stp config bridge-priority 36864
COMMAND stp stp interfaces interface
DESCRIPTION Configuration data for MSTP on each interface. Must be configured in conjunction with an STP interface.
ARGUMENTS
EXAMPLE
Configure STP instance 1 with interface 1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:
appliance-1(config)# show full-configuration stp interfaces
stp interfaces interface 1
config name 1
config edge-port EDGE_AUTO
config link-type P2P
!
appliance-1(config)# stp stp interfaces interface 1 config name 1 cost 100 port-priority 128 ; commit
Commit complete.
appliance-1(config-interface-1)# show full
stp stp interfaces interface 1
config name 1
config cost 100
config port-priority 128
!
COMMAND
system aaa authentication config authentication-method
DESCRIPTION
Specify which authentication methods can be used to authenticate and authorize users. You can enable all methods and indicate the order in which you'd like the methods to be attempted when a user logs in.
ARGUMENTS
EXAMPLE
Attempt to authenticate in this order: LDAP, then RADIUS, and then local (/etc/password
):
appliance-1(config)# system aaa authentication config authentication-method { LDAP_ALL RADIUS_ALL LOCAL }
COMMAND system aaa authentication config basic enabled
DESCRIPTION
Specify whether to use basic authentication (user name and password) on the system.
ARGUMENTS
enabled
to enable basic authentication or disabled
to disable it. The default value is enabled
.COMMAND system aaa authentication config cert-auth
DESCRIPTION Specify whether to use client certificates for authentication.
ARGUMENTS
enabled
to enable client certificate authentication or disabled
to disable it. The default value is disabled
.EXAMPLE
Enable client certificates for authentication:
appliance-1(config)# system aaa authentication config cert-auth enabled
COMMAND system aaa authentication clientcert config client-cert-name-field
DESCRIPTION
Specify the client certificate name, which is the field from which the username is extracted from the client certificate. The extracted username must exist in the system before a user logs in and authenticates. Otherwise, the login will fail. This option is visible and configurable only when you have enabled cert-auth
.
If you use LDAP as an authentication method, the LDAP server must be configured before you configure client certificate authentication, and the extracted username from the client certificate must match the existing user in the LDAP server.
ARGUMENTS
EXAMPLES
Use subjectname-cn as the client certificate name field:
appliance-1# system aaa authentication clientcert config client-cert-name-field subjectname-cn
Configure an OID using three different valid formats:
appliance-1(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID UPN
appliance-1(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID 1.1
appliance-1(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID 1.3.6.1.4.1.311.20.2.3
COMMAND system aaa authentication ldap active_directory
DESCRIPTION
Specify whether to enable LDAP Active Directory (AD) on the LDAP server.
ARGUMENTS
true
to enable LDAP AD or false
to disable it. The default value is false
.EXAMPLE
Enable LDAP AD on the system:
appliance-1(config)# system aaa authentication ldap active_directory true
COMMAND
system aaa authentication ldap base
DESCRIPTION
Specify the search base distinguished name (DN) for LDAP authentication. Note that the configuration of base values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters. These must be the same as what is configured in the LDAP server.
ARGUMENTS
EXAMPLE
appliance-1(config)# system aaa authentication ldap base dc=xyz,dc=com
appliance-1(config)# system aaa authentication ldap base { dc=xyz,dc=com dc=abc,dc=com }
COMMAND system aaa authentication ldap bind_timelimit
DESCRIPTION
Specify a maximum amount of time to wait for LDAP authentication to return a result.
ARGUMENTS
30
.EXAMPLE
Set a maximum bind time limit of 60
seconds:
appliance-1(config)# system aaa authentication ldap bind_timelimit 60
COMMAND
system aaa authentication ldap binddn
DESCRIPTION
Specify the distinguished name (DN) of an account that can search the base DN. If no account is specified, the LDAP connection establishes without authentication. Note that the configuration of binddn values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters; these must be the same as what is configured in the LDAP server.
ARGUMENTS
EXAMPLE
Set the distinguished name of a specified account for searching the base DN:
appliance-1(config)# system aaa authentication ldap binddn cn=admin,dc=xyz,dc=com
COMMAND
system aaa authentication ldap bindpw
DESCRIPTION
Specify the password of the search account identified in binddn.
ARGUMENTS
EXAMPLE
Specify a password for the search account on the LDAP server:
appliance-1(config)# system aaa authentication ldap bindpw <password>
COMMAND system aaa authentication ldap chase-referrals
DESCRIPTION Specify whether automatic referral chasing should be enabled.
ARGUMENTS
true
to enable referral chasing or false
to disable it. The default value is false
.COMMAND
system aaa authentication ldap idle_timelimit
DESCRIPTION
Configure the maximum amount of time before the LDAP connection can be inactive before it times out.
ARGUMENTS
30
.EXAMPLE
Set a maximum idle timeout of 60
seconds:
appliance-1(config)# system aaa authentication ldap idle_timelimit 60
COMMAND
system aaa authentication ldap ldap_version
DESCRIPTION
Specify the LDAP protocol version number.
ARGUMENTS
3
.EXAMPLE
Specify that LDAPv3 is used for the LDAP server:
appliance-1(config)# system aaa authentication ldap ldap_version 3
COMMAND
system aaa authentication ldap ssl
DESCRIPTION
Specify whether to enable Transport Layer Security (TLS) functionality for the LDAP server.
ARGUMENTS
EXAMPLE
Specify that TLS is enabled for all connections:
appliance-1(config)# system aaa authentication ldap ssl on
COMMAND
system aaa authentication ldap timelimit
DESCRIPTION
Specify a maximum time limit to use when performing LDAP searches to receive an LDAP response.
ARGUMENTS
EXAMPLE
Specify a maximum time limit of 60
seconds for LDAP searches:
appliance-1(config)# system aaa authentication ldap timelimit 60
COMMAND
system aaa authentication ldap tls_cacert
DESCRIPTION
Specify the CA certificate to be used for authenticating the TLS connection with the CA server. Also validates an issued certificate from a CA prior to accepting it into the system.
ARGUMENTS
EXAMPLE
Specify a certificate for authenticating the TLS connection:
appliance-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
COMMAND
system aaa authentication ldap tls_cert
DESCRIPTION
Specify the file that contains the certificate for the client's key.
ARGUMENTS
EXAMPLE
Specify a file that contains the certificate for a client's key:
appliance-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
COMMAND
system aaa authentication ldap tls_ciphers
DESCRIPTION
Specify acceptable cipher suites for the TLS library in use. For example, ECDHE-RSAAES256-GCM-SHA384 or ECDHE-RSA-AES128-GCM-SHA256.
The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.
ARGUMENTS
EXAMPLE
Specify the cipher suite for the TLS library in use:
appliance-1(config)# system aaa authentication ldap tls_cyphers <cipher-suite>
COMMAND
system aaa authentication ldap tls_key
DESCRIPTION
Specify the file that contains the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert
command.
ARGUMENTS
system aaa authentication ldap tls_cert
command.COMMAND
system aaa authentication ldap tls_reqcert
DESCRIPTION
Specify what checks to perform on certificates in a TLS session. The default value is never
.
ARGUMENTS
EXAMPLE
Specify that a certificate is not required for a TLS session:
appliance-1(config)# system aaa authentication ldap tls_reqcert never
DESCRIPTION Specify whether to use Online Certificate Status Protocol (OCSP) for certificate validation.
ARGUMENTS
enabled
to enable OCSP or disabled
to disable it. The default value is disabled
.COMMAND system aaa authentication ocsp config nonce-request
DESCRIPTION Specify whether queries to Online Certificate Status Protocol (OCSP) responders should include a nonce (a unique identifier) in the request.
ARGUMENTS
on
to enable nonce or off
to disable it. The default value is on
.EXAMPLE
Enable nonce for OCSP:
appliance-1(config)# system aaa authentication ocsp config nonce-request on
COMMAND system aaa authentication ocsp config override-responder
DESCRIPTION Specify whether the Online Certificate Status Protocol (OCSP) default responder is required for certificate validation.
ARGUMENTS
on
to require the OCSP default responder URI or off
to disable the requirement. The default value is off
.EXAMPLE
Specify that the default responder is required:
appliance-1(config)# system aaa authentication ocsp config override-responder on
COMMAND system aaa authentication ocsp config response-max-age
DESCRIPTION Specify the maximum amount of time, in seconds, for Online Certificate Status Protocol (OCSP) responses.
ARGUMENTS
EXAMPLE
Specify a maximum response age:
appliance-1(config)# system aaa authentication ocsp config response-max-age 2
COMMAND system aaa authentication ocsp config response-time-skew
DESCRIPTION Specify the maximum allowable time skew, in seconds, for Online Certificate Status Protocol (OCSP) response validation.
ARGUMENTS
EXAMPLE
Specify a maximum time for response validation:
appliance-1(config)# system aaa authentication ocsp config response-time-skew 52
COMMAND
system aaa authentication roles role
DESCRIPTION
Configure the role assigned to users.
ARGUMENTS
EXAMPLE
Configure a remote GID for a specified role:
appliance-1(config)# appliance-1(config)# system aaa authentication roles role admin config remote-gid
(<unsignedInt>) (9000): 6000
COMMAND
system aaa authentication users user
DESCRIPTION
Configure options for local users.
ARGUMENTS
-1
(no expiration date). Use 1
to indicate expired.0
(zero) to indicate that the user must change the password at their next log in.EXAMPLE
Configure a user named jdoe
so that the user must change their password at their next log in and indicate that the account has no expiration date:
appliance-1(config)# system aaa authentication users user jdoe config last-change 0 expiry-date -1
COMMAND
system aaa password-policy config apply-to-root
DESCRIPTION
Specify whether to enforce password policies when the user configuring passwords is the root user. If enabled (true
), the system returns an error on failed check if the root user changing the password. If disabled (false
), the system Display a message about the failed check, but allows the root user to change the password and bypass password policies.
ARGUMENTS
true
to enforce password policies even if it is the root user configuring passwords or false
to disable it. The default value is false
.COMMAND
system aaa password-policy config max-age
DESCRIPTION
Configure the number of days that users can keep using the same password without changing it.
ARGUMENTS
COMMAND system aaa password-policy config max-class-repeat
DESCRIPTION Configure how many repeated upper/lowercase letters, digits, or special characters (such as '!@#$%') are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND system aaa password-policy config max-letter-repeat
DESCRIPTION Configure how many repeated lowercase letters are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND
system aaa password-policy config max-login-failures
DESCRIPTION
Configure the maximum number of unsuccessful login attempts that are permitted before a user is locked out.
ARGUMENTS
COMMAND system aaa password-policy config max-sequence-repeat
DESCRIPTION Configure how many repeated upper/lowercase letters or digits are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND
system aaa password-policy config min-length
DESCRIPTION
Configure a minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default value is 9
. If you want to allow passwords that are as short as 5 characters, you should not use min-length
.
ARGUMENTS
COMMAND
system aaa password-policy config reject-username
DESCRIPTION
Check whether the user name is contained in the new password, either in straight or reversed form. Passwords that do not meet this requirement are invalid.
ARGUMENTS
false
to allow the user name in a new password or true
to reject new passwords that contain the user name in some form. The default value is false
.COMMAND
system aaa password-policy config required-differences
DESCRIPTION
Configure the number of character changes that are required in the new password that differentiate it from the old password.
ARGUMENTS
5
.COMMAND
system aaa password-policy config required-lowercase
DESCRIPTION
Configure the minimum number of lowercase character required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config required-numeric
DESCRIPTION
Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config required-special
DESCRIPTION
Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config required-uppercase
DESCRIPTION
Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config retries
DESCRIPTION
Configure the number of retries allowed when user authentication is unsuccessful.
ARGUMENTS
COMMAND
system aaa password-policy config root-lockout
DESCRIPTION
Configure whether the root account can be locked out after unsuccessful login attempts.
ARGUMENTS
false
to disable root lockout after a number of unsuccessful login attempts or true
to enable it. The default value is false
.COMMAND system aaa password-policy config root-unlock-time
DESCRIPTION
Configure the time in seconds before the root user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts.
ARGUMENTS
COMMAND
system aaa password-policy config unlock-time
DESCRIPTION
Configure the time in seconds before a user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts. If this option is not configured, the account is locked until the lock is removed manually by an administrator.
ARGUMENTS
COMMAND
system aaa primary-key set
DESCRIPTION
Change the system primary encryption key with passphrase and salt. This is useful while migrating configuration from one machine to another.
ARGUMENTS
EXAMPLE
Change the primary key, set a passphrase and salt, and then display the status of the key migration process:
appliance-1(config)# system aaa primary-key set
Value for 'passphrase' (<string, min: 6 chars, max: 255 chars>): ******
Value for 'confirm-passphrase' (<string, min: 6 chars, max: 255 chars>): ******
Value for 'salt' (<string, min: 6 chars, max: 255 chars>): *********
Value for 'confirm-salt' (<string, min: 6 chars, max: 255 chars>): *********
response description: Key migration is initiated. Use 'show system primary-key state status' to get status
appliance-1# show system aaa primary-key state
system aaa primary-key state hash Jt221bA3Xj73bClXPY9pdfQzauNUGO92hv1eXZbKcD/4G+Dr3u6hyFoahL+r3iIopJm4IzIInSwYsilAGdY08w==
system aaa primary-key state status "COMPLETE Initiated: Fri Dec 10 22:33:02 2021"
COMMAND system aaa restconf-token config lifetime
DESCRIPTION Specify a token lifetime for RESTCONF.
ARGUMENTS
15
.EXAMPLE
Configure the token lifetime to be 120 minutes:
appliance-1(config)# system aaa restconf-token config lifetime 120
COMMAND
system aaa server-groups server-group
DESCRIPTION
Configure one or more AAA servers of type RADIUS, LDAP, or TACACS+. The first server in the list is always used by default unless it is unavailable, in which case the next server in the list is used. You can configure the order of servers in the server group.
ARGUMENTS
COMMAND system aaa tls ca-bundles ca-bundle
DESCRIPTION Configure a certificate authority bundle.
ARGUMENTS
COMMAND
system aaa tls config certificate
DESCRIPTION
Configure an SSL server certificate to be used for the webUI (HTTPS) or REST interface of the system.
ARGUMENTS
EXAMPLE
Add a certificate and key to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the certificate/key. After you have added a certificate, you must add a key using system aaa tls config key
, commit the changes:
appliance-1(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# commit
Commit complete.
COMMAND
system aaa tls config key
DESCRIPTION
Configure a PEM-encoded private key to be used for the webUI (HTTPS) or REST interface of the system. Key value is encrypted in database storage.
ARGUMENTS
EXAMPLE
Add a TLS key and certificate to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the key/certificate. After you have added a key, you must add a certificate using system aaa tls config certificate
:
appliance-1(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# commit
Commit complete.
COMMAND system aaa tls config passphrase
DESCRIPTION Specify the encryption passphrase for the PEM-encoded private key.
ARGUMENTS
COMMAND system aaa tls config verify-client
DESCRIPTION Enable verification of httpd client certificates.
ARGUMENTS
true
to enable verification or false
to disable it. The default value is false
.COMMAND system aaa tls config verify-client-depth
DESCRIPTION Specify client certificate verification depth.
ARGUMENTS
1
, which indicates that the client certificate can be self-signed or must be signed by a Certificate Authority (CA) that is known to the server. A depth of 0
indicates that only self-signed client certificates are accepted. The range is from 0
to 100
. The value you provide for depth indicates the maximum number of CA certificates allowed to be followed while verifying the client certificate. You might need to raise the default depth if you received more than one chained root certificate in addition to a client certificate from your CA.COMMAND system aaa tls crls crl
DESCRIPTION Configure a Certificate Revocation List Entry (CRL).
ARGUMENTS
EXAMPLE
Add a new CRL to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the CRL key.
appliance-1(config)# system aaa tls crls crl <crl-name>
Value for 'config revocation-key' (<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# commit
Commit complete.
COMMAND system aaa tls create-self-signed-cert
DESCRIPTION Create an OpenSSL key for use with AAA/TLS.
ARGUMENTS
RSA
and ECDSA
(Elliptic Curve Digital Signature Algorithm).true
to store the self-signed certificate pair in the the system-aaa-tls-config or false
to specify that it should not be stored.secp521r1
. Available options are:EXAMPLE
Create a private key and self-signed certificate:
appliance-1(config)# system aaa tls create-self-signed-cert city Seattle country US days-valid 365 email j.doe@company.com key-type ecdsa name company.com organization "Company" region Washington unit IT version 1 curve-name prime239v2 store-tls false
response
-----BEGIN EC PRIVATE KEY-----
MHECA1d8wiyJEVihDTnVi+v9RjfK3LhZ2Pd4R7B1MJf3lyXaoaAKBggqhkjOPQMB
BaFAAz4ABHFISUTEi8wEdG0iBF3iqTi5m5b62xUSbhOJrXR8d0S6h+anvpo9xrH3
QKbVuacd9H4cMj2tX/wyqVNePg==
-----END EC PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICAzCCAa4CCQCR5RKtuBFcxTAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCl1t462pbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEzARBgNVBAoM
CkY1IE5ldG9ya3MxEDAOBgNVBAsMB1NXRElBR1MxETAPBgNVBAMMCEdvZHppbGxh
MR0wGwYJKoZIhvcNAQkBFg5qLm1vb3JlQGY1LmNvbTAeFw0yMTAzMjcwMjE2NTFa
Fw0yMjAzMjcwMjE2NTFaMIGNMQswCQYDVQQGEwJVUzORBTWGA1UECAwKV2FzaGlu
Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECgwKRjUgTmV0b3JrczEQMA4G
A1UECwwHU1dESUFHUzERMA8GA1UEAwwIR29kemlsbGExHTAbBgkqhkiG9w0BCQEW
DmoubW9vcmVAZRWPuB9tMFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEcUhJRMSL
zAR0bSIEXeKpOLmblvrbFRJuE4mtdHx3RLqH5qe+mj3GsfdAptW5pwXtlI0yPa1f
/DKpU14+MAoGCCqGSM49BAMCA0MAMEACHh38OAyBB5T9ScBklBXZUIuynHq3/tr4
3VUQsMtYHQIeeP3vCrRm2qjPtK62QwtbkqDA9h2qTvuDj6uYL8EI
-----END CERTIFICATE-----
COMMAND system aaa tls create-csr
DESCRIPTION Create a certificate signing request (CSR).
ARGUMENTS
EXAMPLE
Create a CSR:
system aaa tls create-csr name company.com email j.doe@company.com organization "Company" unit IT
response -----BEGIN CERTIFICATE REQUEST-----
JRISPzCCAbsCAQEwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
MRAwDgYDVQQHEwdTZWF0dGxlMRQwEgYDVQQKFAtGNVH4TW03b3JrczEUMBIGA1UE
CxMLZGV2ZWxvcG1lbnQxGTAXBgkqhkiG9w0BCQEWCmRldkBmNS5jb20xEDAOBgNV
BAMTB3Rlc3Rjc3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCinnAV
Dv/G6+qbiBVO7zIPmFFatYcrzdUnvpTGXfPuh6VBRqcW90jJy12FwtYOL8P6mED+
gfjpxRWe+PNursjZSIDpyh7Dn+F3MRF3zkgnSKlYKI9qqzlRHRAwi2U7GfujeR5H
CXrJ4uxYK2Wp8WVSa7TWwj6Bnps8Uldnj0kenBJ1eUVUXoQAbUmZQg6l+qhKRiDh
3E/xMOtaGWg0SjD7dEQij5l+8FBEHVhQKEr93GT1ifR62/MZSnPw2MY5OJ69p2Wn
k7Fr7m4I5z9lxJduYDNmiddVilpWdqRaCB2j29XCmpVJduF2v6EsMx693K18IJ1h
iRice6oKL7eoI/NdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAGjWSAqKUPqMY
eLlSDJ9Bc4R+ckia5r/TITqamMN+m8TqQI8Pk0tAnwHCl8HHS+4cI8QuupgS/3aU
ls7OtxceoQZ1VFX2sQFkrDJFe0ewZQLm5diip5kxFrnap0oA0wRy84ks0wxeiCWD
New3hgSXfzyXI0g0auT6KNwsGaO8ZuhOX3ICNnSLbfb9T4zbhfI9jKopXQgZG/LO
pOct33fdpf/U6kQA9Rw/nzs3Hz/nsVleOrl3TH1+9veMMF+6eq8KKPpbYKh9bhA+
pYI3TtbZHuyRyQbq/r4gf4JkIu/PGszzy/rsDWy+b9g9nXMh1oFj+xhTrBjBk8a2
0ov+Osy2iA==
-----END CERTIFICATE REQUEST-----
COMMAND system allowed-ips allowed-ip
DESCRIPTION
Configure the system to allow traffic only from specified IP addresses. Applies only to these ports: 22 (SSH), 80 (HTTP), 161 (SNMP), 443 (HTTPS), 7001 (VCONSOLE), and 8888 (RESTCONF).
ARGUMENTS
EXAMPLE
Add a specified IPv4 address to the system allow list:
appliance-1(config)# system allowed-ips allowed-ip test config ipv4 address 192.0.2.33 port 161
COMMAND system aom config ssh-session-banner
DESCRIPTION Configure a banner message to be displayed before users log in to the AOM menu.
ARGUMENTS
COMMAND system aom set-ssh-user-info
DESCRIPTION Set the username and password used to access the AOM SSH
ARGUMENTS
EXAMPLE
Create a user for accessing the AOM menu through ssh:
appliance-1(config)# system aom set-ssh-user-info
Value for 'username' (<string>): user1
Value for 'password' (<string>): ************
response AOM SSH username and password set successfully
COMMAND system aom ssh-session-idle-timeout
DESCRIPTION Sets duration of an inactive session before a user is logged out of the AOM Menu. If a user is connected to AOM using an SSH connection, the SSH connection is closed due session expiry after sometime of inactivity.
ARGUMENTS
EXAMPLE
Set the idle time to be the maximum value:
appliance-1(config)# system aom config ssh-session-idle-timeout
(<unsignedInt>) (30): 46800
COMMAND system aom system aom config ipv4 address
DESCRIPTION Configure the ipv4 address to login the AOM menu.
ARGUMENTS
EXAMPLE
Configure AOM IPv4 address to be 192.168.1.10
appliance-1(config)# system aom config ipv4 address 192.168.1.10
COMMAND system aom system aom config dhcp-enabled
DESCRIPTION Enable or disable DHCP for the system AOM menu.
ARGUMENTS
true
to enable DHCP for the management IP address or false
to disable it. The default value is false
.EXAMPLE
Enable DHCP for the AOM menu
appliance-1(config)# system aom config ipv4 dhcp-enabled true
COMMAND system aom config ipv4 gateway
DESCRIPTION Configure the ipv4 gateway to login the AOM menu
ARGUMENTS
EXAMPLE
Configure the AOM IPv4 gateway to be 192.168.1.1:
appliance-1(config)# f5-qmdh-frxy(config)# system aom config ipv4 address 192.168.1.1
COMMAND system aom config ipv4 address
DESCRIPTION Configure the IPv4 prefix length to login the AOM menu
ARGUMENTS
EXAMPLE
Configure the IPv4 prefix length to be 24:
appliance-1(config)# system aom config ipv4 prefix-length 24
COMMAND system aom config ipv6 address
DESCRIPTION Configure the ipv6 address to login the AOM menu.
ARGUMENTS
EXAMPLE
Configure AOM IPv4 address to be ::1
appliance-1(config)# system aom config ipv6 address ::1
COMMAND system aom config ipv6 gateway
DESCRIPTION Configure the ipv6 gateway to login the AOM menu
ARGUMENTS
EXAMPLE
Configure the AOM IPv4 gateway to be ::1
appliance-1(config)# system aom config ipv6 gateway ::1
COMMAND system aom config ipv4 address
DESCRIPTION Configure the IPv6 prefix length to login the AOM menu
ARGUMENTS
EXAMPLE
Configure the IPv6 prefix length to be 64:
appliance-1(config)# system aom config ipv6 prefix-length 64
COMMAND system appliance-mode config
DESCRIPTION Configure whether appliance mode is enabled or disabled on the system. Appliance mode adds a layer of security by restricting user access to root and the bash shell. When enabled, the root user cannot log in to the device by any means, including from the serial console. You can enable appliance mode at these levels:
system appliance-mode
on the system.tenants tenant <tenant-name\> config appliance-mode
on the system.ARGUMENTS
enabled
to enable appliance mode on the system or disabled
to disable it.EXAMPLE
Enable appliance mode and then verify that appliance mode is enabled:
appliance-1(config)# system appliance-mode config enabled
appliance-1(config)# commit
appliance-1(config)# end
appliance-1# show system appliance-mode
system appliance-mode state enabled
Disable appliance mode and then verify that appliance mode is disabled:
appliance-1(config)# system appliance-mode config disabled
appliance-1(config)# commit
appliance-1(config)# end
appliance-1# show system appliance-mode
system appliance-mode state disabled
COMMAND system clock
DESCRIPTION Configure the time zone (tz) database name (for example, Europe/Stockholm) to use for the system. For a list of valid time zone names, see www.iana.org/time-zones.
ARGUMENTS
EXAMPLES
Configure the system to use the America/Los_Angeles time zone:
appliance-1(config)# system clock config timezone-name America/Los_Angeles
Configure the system to use the Asia/Calcutta time zone:
appliance-1(config)# system clock config timezone-name Asia/Calcutta
COMMAND system config hostname
DESCRIPTION Configure a hostname for the system.
ARGUMENTS
EXAMPLE
Configure the hostname to be test.company.com
:
appliance-1(config)# system config hostname test.company.com
COMMAND system config login-banner
DESCRIPTION
Configure a banner message to be displayed before users log in to the system.
ARGUMENTS
EXAMPLE
Configure a banner message:
appliance-1(config)# system config login-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
COMMAND system config motd-banner
DESCRIPTION
Configure a message of the day (MOTD) banner to display after users log in to the system.
EXAMPLE
Configure a MOTD banner message:
appliance-1(config)# system config motd-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
ATTENTION!
This system is scheduled for maintenance in two days.
COMMAND system database config-backup
DESCRIPTION Generate a backup of the system configuration in the form of an XML file.
ARGUMENTS
yes
to overwrite the file if a file by that name exists or no
to disable the file overwrite. The default value is no
.EXAMPLE
Create a backup file of the system configuration named backup-nov2021
and overwrite it if a file by that name already exists:
appliance-1(config)# system database config-backup name backup-nov2021 overwrite yes
response Succeeded.
COMMAND system database config-restore
DESCRIPTION Restore the system configuration from an XML backup file.
ARGUMENTS
yes
to overwrite the configuration database or no
to disable the overwrite. The default value is no
.EXAMPLE
Restore the system configuration from a backup file named backup-nov2021
:
appliance-1(config)# system database config-restore name backup-nov2021
COMMAND system database reset-to-default
DESCRIPTION Revert the system to the default configuration and clear any existing configuration information.
IMPORTANT: This deletes all configuration on the system, including IP addresses, passwords, and tenant images.
ARGUMENTS
no
to show a confirmation prompt prior to resetting the configuration to the default. Specify yes
to bypass a confirmation prompt.EXAMPLE
Revert the system to the default configuration:
appliance-1(config)# system database config reset-to-default yes
COMMAND system diagnostics core-files list
DESCRIPTION List core files for the system.
EXAMPLE
List all core files on the system:
appliance-1# system diagnostics core-files list
files [ appliance-1:/var/shared/core/container/RAIDMonitorMain-1.core.gz appliance-1:/var/shared/core/container/RAIDMonitorMain-2.core.gz ]
COMMAND system diagnostics core-files delete
DESCRIPTION Delete core files from the system.
ARGUMENTS
EXAMPLE
List all core files on the system and specify one to delete:
appliance-1(config)# system diagnostics core-files list
files [ appliance-1:/var/shared/core/container/RAIDMonitorMain-1.core.gz appliance-1:/var/shared/core/container/RAIDMonitorMain-2.core.gz appliance-1:/var/shared/core/container/platform-mgr-1.core.gz appliance-1:/var/shared/core/host/vm-default_big--1.core.gz ]
appliance-1# system diagnostics core-files delete files [ appliance-1:/var/shared/core/container/RAIDMonitorMain-1.core.gz ]
COMMAND system diagnostics ihealth config authserver
DESCRIPTION Specify a separate endpoint for authenticating and uploading QKView files to the new iHealth2 service. The authserver config element enables you to specify an authentication server URL for the iHealth service. By default, authserver is set to the F5 iHealth authentication server https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token.
Before you can log in to the new iHealth system, you must first generate API token credentials at https://ihealth2.f5.com/qkview-analyzer/settings".
ARGUMENTS
EXAMPLE
Specify an authentication server for the iHealth service:
appliance-1(config)# system diagnostics ihealth config authserver
(<string>) (https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token): https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token
COMMAND system diagnostics ihealth config clientid
DESCRIPTION Specify the client identifier used to access iHealth. Before you can log in to the new iHealth system, you must first generate API token credentials at https://ihealth2.f5.com/qkview-analyzer/settings".
ARGUMENTS
COMMAND system diagnostics ihealth config clientsecret
DESCRIPTION Specify the secret associated with the client identifier for iHealth.
ARGUMENTS
COMMAND system diagnostics ihealth config server
DESCRIPTION Specify the iHealth service that has a separate endpoint for authenticating and uploading QKView files. The server config element enables you to specify an upload server URL for the iHealth service. By default, the server is set to the F5 iHealth upload server https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True.
ARGUMENTS
EXAMPLE
Specify an upload server for the iHealth service:
appliance-1(config)# system diagnostics ihealth config server
(<string>) (https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True): https://ihealth-api.f5networks.net/qkview-analyzer/api/qkviews?visible_in_gui=True
COMMAND system diagnostics ihealth upload
DESCRIPTION Initiate a QKView file upload to iHealth. It returns a upload id, which is needed to check upload status or cancel an upload.
ARGUMENTS
system diagnostics qkview list
command to see a list of available files.
NOTE: Be sure to add /diags/shared/QKView/
as a prefix to the QKView file name.EXAMPLE
Upload a file named /diags/shared/qkview/test.qkview
to iHealth:
appliance-1(config)# system diagnostics ihealth upload qkview-file /diags/shared/qkview/test.qkview description testing service-request-number C523232
message HTTP/1.1 202 Accepted
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 5 Apr 2022 12:09:08 GMT
Content-Length: 0
COMMAND system diagnostics ihealth cancel
DESCRIPTION Cancel a QKView upload that is in progress. If the upload is already complete, it cannot be cancelled. To remove the QKView, log in to the iHealth server and manually delete the QKView, if needed.
ARGUMENTS
EXAMPLE
Cancel the QKView upload with an upload-id
of iuw53AYW
.
appliance-1(config)# system diagnostics ihealth cancel upload-id iuw53AYW
message HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 5 Apr 2022 12:10:01 GMT
Content-Length: 44
COMMAND system diagnostics proxy
DESCRIPTION Specify a password for a web proxy server. If your system does not have internet access to reach f5.com, you can configure it to upload QKView files to iHealth using a web proxy server.
ARGUMENTS
EXAMPLES
Configure a proxy server using the IP address 192.0.2.20 and port 3128:
appliance-1(config)# system diagnostics proxy config proxy-server http://192.0.2.20:3128
Configure the username "myname" and a password for the proxy server:
appliance-1(config)# system diagnostics proxy config proxy-username myname
appliance-1(config)# system diagnostics proxy config proxy-password
(<AES encrypted string>): ******
COMMAND system diagnostics qkview capture
DESCRIPTION
Generate a system diagnostic snapshot, called a QKView. The system can support only one snapshot collection at a time. QKView files are stored in the host directory: diags/shared/qkview/
.
ARGUMENTS
<system-name>.qkview
.0
, which indicates no timeout.true
if core files should be excluded from QKView. The default value is false
.25
MB.500
MB.EXAMPLE
Generate a QKView and name the file client-qkview.tar
, exclude core files, set the maximum core size to 500 MB, set the maximum file size to 500 MB, and set a timeout value of 0 (zero), which indicates no timeout, and then check the status of the QKView generation process:
appliance-1(config)# system diagnostics qkview capture filename client-qkview exclude-cores true maxcoresize 500 maxfilesize 500 timeout 0
result Qkview file client-qkview is being collected
return code 200
appliance-1(config)# system diagnostics qkview status
result {"Busy":true,"Percent":12,"Status":"collecting","Message":"Collecting Data","Filename":"client-qkview"}
resultint 0
COMMAND system diagnostics qkview cancel
DESCRIPTION Cancel a QKView that is in progress.
ARGUMENTS This command has no arguments.
EXAMPLE
Cancel the currently running QKView:
appliance-1(config)# system diagnostics qkview cancel
result Qkview with filename client-qkview.tar was canceled
return code 200
resultint 0
COMMAND system diagnostics qkview status
DESCRIPTION Get the status of a QKView that is in progress or the status of the last QKView collected.
ARGUMENTS This command has no arguments.
EXAMPLE
View the status of the currently running QKView:
appliance-1(config)# system diagnostics qkview status
result {"Busy":true,"Percent":73,"Status":"collecting","Message":"Collecting Data","Filename":"myqkview.tar"}
resultint 0
appliance-1(config)# system diagnostics qkview status
result {"Busy":false,"Percent":100,"Status":"canceled","Message":"Collection canceled by user. Partial qkview saved.","Filename":"client-qkview.tar.canceled"}
resultint 0
COMMAND system diagnostics qkview delete
DESCRIPTION Delete a QKView file.
ARGUMENTS
EXAMPLE
Delete the QKView file named client-qkview.tar.canceled
.
appliance-1(config)# system diagnostics qkview delete filename client-qkview.tar.canceled
result Deleted Qkview file client-qkview.tar.canceled
return code 200
resultint 0
COMMAND system diagnostics qkview list
DESCRIPTION Show a list of QKView files.
ARGUMENTS This command has no arguments.
EXAMPLE
List all QKView files on the system:
appliance-1(config)# system diagnostics qkview list
result {"Qkviews":[{"Filename":"client-qkview.tar.canceled","Date":"2021-11-26T23:39:48.783066588Z","Size":131310},{"Filename":"myqkview.tar","Date":"2021-11-26T23:37:43.786269089Z","Size":668708104}]}
resultint 0
COMMAND system dns config search
DESCRIPTION Configure a DNS search domain for the system to use.
ARGUMENTS
COMMAND system dns host-entries host-entry
DESCRIPTION Configure a DNS host entry for the system to use.
ARGUMENTS
COMMAND system dns servers
DESCRIPTION Configure a DNS server for the system to use.
ARGUMENTS
53
.EXAMPLE
Configure a DNS server and then verify that it was completed:
appliance-1(config)# system dns servers server 192.0.2.11 config port 53
appliance-1(config-server-192.0.2.11)# commit
Commit complete.
appliance-1(config-server-192.0.2.11)# exit
appliance-1(config)# end
appliance-1# show running-config system dns
system dns servers server 192.0.2.11
config port 53
!
COMMAND system image check-version
DESCRIPTION Check whether the system is compatible with a specific system image service version upgrade version.
ARGUMENTS
EXAMPLE
Verify that the system is compatible with service version number 1.0.0-3456:
appliance-1(config)# system image check-version service-version 1.0.0-3456
COMMAND system image remove
DESCRIPTION Remove a system image.
ARGUMENTS
COMMAND system image set-version
DESCRIPTION Trigger an install after verifying schema compatibility using check-version.
ARGUMENTS
no
to show a confirmation prompt prior to resetting the configuration to the default. Specify yes
to bypass a confirmation prompt.EXAMPLE
Upgrade the system to iso version 1.0.0-3456:
appliance-1(config)# system image set-version iso-version 1.0.0-3456
Upgrade the os version to 1.0.0-3456:
appliance-1(config)# system image set-version os-version 1.0.0-3456
Upgrade the service version to 1.0.0-3456:
appliance-1(config)# system image set-version service-version 1.0.0-3456
COMMAND system licensing install
DESCRIPTION Perform an automatic system license installation. The system must be connected to the Internet to use the automatic method.
ARGUMENTS
EXAMPLE
Install a base license on the system:
appliance-1(config)# system licensing install registration-key A1234-56789-01234-56789-0123456
result License installed successfully.
COMMAND system licensing manual-install
DESCRIPTION Perform a manual system license installation.
ARGUMENTS
system licensing manual-install
, you use system licensing get-dossier
to get the system dossier text, and then activate the license at activate.f5.com.EXAMPLE
License the system using license information from activate.f5.com:
appliance-1(config)# system licensing manual-install license
Value for 'license' (<string>):
[Multiline mode, exit with ctrl-D.]
> #
> Auth vers : 5b
> #
> #
> # BIG-IP System License Key File
> # DO NOT EDIT THIS FILE!!
> #
> # Install this file as "/config/bigip.license".
> #
> # Contact information in file /CONTACTS
> #
> #
> # Warning: Changing the system time while this system is running
> # with a time-limited license may make the system unusable.
> #
> Usage : F5 Internal Product Development
> #
> #
> # Only the specific use referenced above is allowed. Any other uses are prohibited.
> #
> Vendor : F5, Inc.
> #
> # Module List
> #
> active module : Local Traffic Manager, r10900 |K284576-4014992|Rate Shaping|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop
...
COMMAND system licensing get-dossier
DESCRIPTION Generate an encrypted system dossier that can be used for retrieving a license from the F5 license server. This is used to perform a manual license installation.
ARGUMENTS
EXAMPLE
Get a system licensing dossier from F5:
appliance-1(config)# system licensing get-dossier
system-dossier 48d05131e8688755efde6b1081af5e190793e5a0cfb70cd2da9da8c4c9d9d412a6360a11b869f2dfc779ef7c91df246f7184fe0010b7bcbd420e1664cb1d13b9890ec812bedf05d8cd530c87t82d13a7b63b9823ebdafc5f9061d6c12eb09a5a973361681d31a07dc92d774345cc52e70f8026729df4e2b5c9e6c22f96764e1cdd402f9e499841253259122877a85d7145a658a8444b0b6bc2dc8b9ef4a0156b8af2baa14500e9ce8c3ebcdf4060b35e1748aee093f0bb2349f53bf72f94c61979d1b8ccaf01c84235acf025f3cb3cad3f2cac9938b7481635280cc1589fac997aa4f6db9e8e04d02af5d91f5cd570fc261612233a1204e27a0d2ffd62e4107f89ad286a42ae07cea0918a7be0ba50e307664f8aaf9334051abb6d1559771d2fbfeb8f67335a8325b63a00ddfed563a926d595f1fe049bedf418dd997120945b1d622a574bd957fe6c60924c5562e6cf8ba837124a16bd2a49d1af0ace1f9dbe02af626336e073e8a2802949812eb0227faed9ad787c945c486dbc6d45327688025bcac81e472f3720c615f52455c8e0b235262cb4c8f2dd1ef8c753966fe11798db01714fd95e11348e1036f1ff69da16342595650c91b771cf7a28970c3caffa988faaf8f01cbd846151cd17201c3c8e58b18587e52a8be18f2ac9f175a41296fe9de3532433e94817f9b08ab2d9f66cdb76506e7d4156f9eb8af96aee363e8ab18eec930f6cc1c2dc80e2b254fbc9e31851a10f34506d71e1e5d60344a1ed5ec021c0e63513fd833ea8286258f6094592c7d04f9d29db93114518024b9129acb36ce41b1d1c7405db549f3aaa697919592a6dabfece7295cf57d8b950fcfed6cc40286d830be12097b0e3c0f9acbc07ccdb110b3cc98ca5a1ac09d6b152b2ace004d613364242a031e21057d3dc270ba00fe6918b3075b4692f55ca71fe6cd76c91f4beb19af97bb47dd677a77159e78adfa7e7cf0feb8a3490fc59fe660b26eb5268ecfed6f03c41ea0edadc7bc7573e91d0ad01313ee07e8719ec4d59fd6c90fcdbd29407f0a7666ff9de33251b04e270eb2d46c6cf8583d163c47d5768
COMMAND system licensing get-eula
DESCRIPTION Retrieve the End User License Agreement (EULA) from the F5 License Server.
ARGUMENTS
EXAMPLE
Gets the contents of the latest F5 EULA:
appliance-1(config)# system licensing get-eula
eula-text END USER LICENSE AGREEMENT
DOC-0355-16
IMPORTANT " READ BEFORE INSTALLING OR OPERATING THIS PRODUCT
YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BY INSTALLING,
HAVING INSTALLED, COPYING, OR OTHERWISE USING THE SOFTWARE. IF YOU
DO NOT AGREE, DO NOT INSTALL OR USE THE SOFTWARE.
This End User License Agreement ("License") applies to the software
product(s) ("Software") you have licensed from us whether on
a stand-alone basis or as part of any hardware ("Hardware") you
purchase from us, (the Hardware and Software together, the "Product").
...
COMMAND system locator config enabled
DESCRIPTION Configure whether the system locator function is enabled. Enabling this function illuminates the F5 logo ball so that you can more easily locate a chassis in a data center.
ARGUMENTS
enabled
to enable the chassis locator function or disabled
to disable it.COMMAND system logging remote-servers remote-server
DESCRIPTION Configure information about remote logging servers.
ARGUMENTS
disabled
.udp
.514
.EXAMPLE
Configure a logging destination:
appliance-1(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp
appliance-1(config-remote-server-192.0.2.240)# commit
Commit complete.
Delete a logging destination:
appliance-1(config)# no system logging remote-servers remote-server 192.0.2.240
appliance-1(config)# commit
Commit complete.
Configure a secure logging destination:
appliance-1(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp remote-port 80 authentication enabled
appliance-1(config-remote-server-192.0.2.240)# commit
Commit complete.
COMMAND system logging host-logs
DESCRIPTION Configure settings for sending host logs to remote logging servers.
ARGUMENTS
enabled
to enable remote forwarding of active node host logs or disabled
to disable it.host-logs
is enabled and a remote server configuration is present. Available options are:EXAMPLE
Enable remote forwarding:
appliance-1(config)# system logging host-logs config remote-forwarding enabled
COMMAND system logging sw-components sw-component
DESCRIPTION Configure logging for platform software components. Available options are:
ARGUMENTS
INFORMATIONAL
. Available options, in decreasing order of severity, are:COMMAND system logging tls ca-bundles ca-bundle
DESCRIPTION Specify a certificate authority bundle.
ARGUMENTS
COMMAND system logging tls certificate
DESCRIPTION Specify the PEM-encoded certificate.
ARGUMENTS
COMMAND system logging tls key
DESCRIPTION Specifies the PEM-encoded private key.
ARGUMENTS
COMMAND system mgmt-ip config dhcp-enabled
DESCRIPTION Enable or disable DHCP for the system management IP address. DHCP is supported only on static interfaces.
ARGUMENTS
true
to enable DHCP for the management IP address or false
to disable it. The default value is false
.EXAMPLE
Enable DHCP for the management IP address:
appliance-1(config)# system mgmt-ip config dhcp-enabled true
COMMAND system mgmt-ip config ipv4 gateway
DESCRIPTION Configure a gateway IPv4 address.
ARGUMENTS
EXAMPLE
Configure the gateway IPv4 address to be 192.0.2.1
:
appliance-1(config)# system mgmt-ip config ipv4 gateway 192.0.2.1
COMMAND system mgmt-ip config ipv4 prefix-length
DESCRIPTION Configure the IPv4 prefix length.
ARGUMENTS
EXAMPLE
Configure the IPv4 prefix length to be 24
:
appliance-1(config)# system mgmt-ip config ipv4 prefix-length 24
COMMAND system mgmt-ip config ipv4 system address
DESCRIPTION
Configure an IPv4 management IP address for the system.
ARGUMENTS
COMMAND system mgmt-ip config ipv6 gateway
DESCRIPTION
Configure a gateway IPv6 address.
ARGUMENTS
EXAMPLE
Configure the gateway IPv6 address to be ::1
:
appliance-1(config)# system mgmt-ip config ipv6 gateway ::1
COMMAND system mgmt-ip config ipv6 prefix-length
DESCRIPTION Configure IPv6 prefix length.
ARGUMENTS
EXAMPLE
Configure the IPv6 prefix length to be 64
:
appliance-1(config)# system mgmt-ip config ipv6 prefix-length 64
COMMAND system mgmt-ip config ipv6 system address
DESCRIPTION Configure an IPv6 management IP address for the system.
ARGUMENTS
DESCRIPTION Configure the internal address range.
ARGUMENTS
prefix
. This is the default value.EXAMPLE
Configure the range type to be RFC6598:
appliance-1(config)# system network config network-range-type RFC6598
COMMAND system network config network-range-type RFC1918 chassis-id
DESCRIPTION Set the chassis ID that is used to determine internal address ranges.
IMPORTANT: F5 strongly recommends that you do not change this setting.
ARGUMENTS
1
.COMMAND system network config network-range-type RFC1918 prefix
DESCRIPTION
Configure the internal network prefix index that is used to select the range of IP addresses used internally within the appliance. If needed, select a network prefix that ensures that internal appliance addresses do not overlap with site-local addresses that are accessible to the system.
ARGUMENTS
EXAMPLE
Configure the internal network range to use 10.[16-31].0.0/16
:
appliance-1(config)# system network config network-range-type RFC1918 prefix 1
COMMAND system ntp config
DESCRIPTION
Enable the Network Time Protocol (NTP) protocol and indicate that the system should synchronize the system clock with an NTP server defined in the ntp/server
list.
ARGUMENTS
enabled
to enable using NTP or disabled
to disable it.EXAMPLE
Disable the use of NTP:
appliance-1(config)# system ntp config disabled
COMMAND system ntp config enable-ntp-auth
DESCRIPTION
Configure Network Time Protocol (NTP) authentication for the system. NTP authentication enhances security by ensuring that the system sends time-of-day requests only to trusted NTP servers.
ARGUMENTS
true
to enable using NTP authentication or false
to disable it.EXAMPLE
Enable the use of NTP authentication, and then use system ntp ntp-keys ntp-key
to add the key associated with your server to the system:
appliance-1(config)# system ntp config enable-ntp-auth true
COMMAND system ntp ntp-keys ntp-key
DESCRIPTION Configure the list of Network Time Protocol (NTP) authentication keys.
ARGUMENTS
key-id
value must match the range
value.EXAMPLE
Add the key associated with your NTP server to the system:
appliance-1(config)# system ntp ntp-keys ntp-key 11 config key-id 11 key-type F5_NTP_AUTH_SHA1 key-value HEX:E27611234BB5E7CDFC8A8ACE55B567FC5CA7C890
COMMAND system ntp servers server
DESCRIPTION
Configure which NTP servers can be used for system clock synchronization. If system ntp
is enabled
, then the system will attempt to contact and use the specified NTP servers. The key-id
, key-type
, and key-value
set on this client system using system ntp ntp-keys ntp-key
must match the server exactly.
ARGUMENTS
SERVER
.true
to enable iburst for the NTP service. Specify false
to disable it.123
.true
to indicate that this server should be the preferred one. Specify false
if not.system ntp ntp-keys ntp-key
.EXAMPLES
Configure an NTP server with the address pool.ntp.org
, where the association type is POOL
, and it is the preferred server:
appliance-1(config)# system ntp servers server pool.ntp.org config association-type POOL prefer true
appliance-1(config-server-pool.ntp.org)# top
appliance-1(config)# system ntp config enabled
appliance-1(config)# commit
Commit complete.
Configure an NTP server with the address pool.ntp.org
, where the association type is SERVER
, iburst is enabled, port is 123
, it is the preferred server, and version number is 4
:
appliance-1(config)# system ntp servers server pool.ntp.org
appliance-1(config-server-pool.ntp.org)# config address pool.ntp.org
appliance-1(config-server-pool.ntp.org)# config association-type SERVER
appliance-1(config-server-pool.ntp.org)# config iburst true
appliance-1(config-server-pool.ntp.org)# config port 123
appliance-1(config-server-pool.ntp.org)# config prefer true
appliance-1(config-server-pool.ntp.org)# config version 4
appliance-1(config-server-pool.ntp.org)# commit
Commit complete.
COMMAND system packages package
DESCRIPTION Manage independent service packages on the system.
ARGUMENTS
EXAMPLES
Set a new version of a package:
appliance-1(config)# system packages package optics-mgr-independent-pkg set-version version 4.0.0.2022_08_02_16_17_05.s3a9dffb4 proceed
Possible completions:
no yes
Check the version compatibility of a package:
appliance-1(config)# system packages package optics-mgr-independent-pkg check-version version 4.0.0.2022_08_02_16_17_05.s3a9dffb4
response Compatibility verification succeeded.
Remove a package version:
appliance-1(config)# system packages package optics-mgr-independent-pkg remove version 4.0.0.2022_08_02_16_17_05.s3a9dffb4
COMMAND system raid add
DESCRIPTION Add a new drive to the RAID array.
ARGUMENTS
EXAMPLE
Add ssd1 to the system's RAID array:
appliance-1(config)# system raid add drive ssd1
COMMAND system raid remove
DESCRIPTION Remove a drive from the RAID array.
ARGUMENTS
EXAMPLE
Remove ssd1 from the system's RAID array:
appliance-1(config)# system raid remove drive ssd1
COMMAND system security services service
DESCRIPTION Configure the SSH service (also known as sshd) to use a desired set of encryption ciphers, the HTTP service (also known as httpd) to use a desired set of KEX algorithms, and MAC algorithms to meet the security policy enforced in your environment.
ARGUMENTS
The cipher string can take several additional forms. It can consist of a single cipher suite or a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation.
You can combine lists of KEX algorithms into a single string using the + character as a logical AND operation.
You can combine lists of MAC algorithms into a single string using the + character as a logical AND operation.
The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.
COMMAND system security run-integrity-check
DESCRIPTION
Ensure the integrity of all the installed packages and containers in the system.
ARGUMENTS
yes
to perform an integrity check. Specify no
to skip it.COMMAND system snmp communities community
DESCRIPTION Configure the SNMP community name and community security model.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
EXAMPLE
Configure the system to use only the v1 security model:
appliance-1(config)# system snmp communities community config v1-comm security-model v1
Configure the system use both v1 and v2c security models:
appliance-1(config)# system snmp communities community both-comm config security-model [ v1 v2c ]
COMMAND system snmp config port
DESCRIPTION Configure the non-default port for SNMP.
ARGUMENTS
EXAMPLE
Configure the snmp port to be 8889
appliance-1(config)# system snmp config port 8889
COMMAND system snmp engine-id config value
DESCRIPTION Configure an SNMP engine ID.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
COMMAND system snmp targets target
DESCRIPTION Configure the SNMP target name.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
EXAMPLE
Configure an SNMP target with a v3 user:
appliance-1(config)# system snmp targets target v3-target config user v3-user ipv4 address 192.0.2.224 port 5001
Configure an SNMP target with a community and a security model:
appliance-1(config)# system snmp targets target v2c-target config community both-comm security-model v2c ipv4 address 192.0.2.224 port 5001
COMMAND system snmp users user
DESCRIPTION Configure the user name associated with an SNMPv3 group.
ARGUMENTS
EXAMPLE
Configure an SNMP v3 user that uses MD5 and AES for authentication and privacy:
appliance-1(config)# system snmp users user v3-user config authentication-protocol md5 privacy-protocol aes authentication-password
(<string, min: 8 chars, max: 32 chars>): ********
appliance-1(config-user-v3-user)# config privacy-password
(<string, min: 8 chars, max: 32 chars>): *********
appliance-1(config-user-v3-user)# commit
Commit complete.
COMMAND system telemetry exporters exporter
DESCRIPTION Configure the exporter details to push the telemetry data.
ARGUMENTS
true
to enable the retry on failure. 5
.EXAMPLE
Configure a telemetry exporter:
appliance-1(config)# system telemetry exporters exporter server1 config enabled endpoint address server1.f5net.com port 7890 instruments all options retry-enabled true timeout 5 compression gzip
appliance-1(config-exporter-server1)# commit
Commit complete.
COMMAND system reboot
DESCRIPTION Trigger a restart of the system. This resets the management IP connection and disrupts data plane connectivity.
ARGUMENTS
This command has no arguments.
EXAMPLE
Reboot the system and when prompted whether to confirm the reboot, enter yes
:
appliance-1(config)# system reboot
The reboot of the system results in data plane and management connectivity to be disrupted. Proceed? [no,yes]
COMMAND system set-datetime
DESCRIPTION Configure the date and time for the system.
ARGUMENTS
EXAMPLES
Configure the system date to be 2022-11-11:
appliance-1(config)# system set-datetime date 2022-11-11
Configure the system time to be 11:11:00:
appliance-1(config)# system set-datetime date 11:11:00
COMMAND system settings config idle-timeout
DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).EXAMPLE
Set the idle time to be the maximum value:
appliance-1(config)# system settings config idle-timeout 8192
COMMAND system settings config sshd-idle-timeout
DESCRIPTION Set how long the CLI is inactive before the root user is logged out of the system. If the root user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).COMMAND system settings dag config gtp-u teid-hash enabled
DESCRIPTION Specify whether to disaggregate all GTP-U traffic using TEID in place of L4 ports.
ARGUMENTS
true
to indicate that TEID is extracted, and L4 Ports are overloaded with TEID values instead of L4 Port values or false
to indicate that there is no change to packet parsing. The default value is false
.EXAMPLE
Enable the GTP-U feature:
appliance-1(config)# system settings dag config gtp-u teid-hash enabled true
COMMAND system settings gui advisory config color
DESCRIPTION Configure an advisory banner, including color and text to be displayed.
ARGUMENTS
COMMAND system settings gui advisory config
DESCRIPTION Specify whether to enable an advisory banner for the system webUI.
ARGUMENTS
enabled
to enable an advisory banner or disabled
to disable it. The default value is disabled
.EXAMPLE
Enable and configure an advisory banner:
appliance-1(config)# system settings gui advisory config enabled color orange text
(<string, min: 0 chars, max: 80 chars>): TEST ENVIRONMENT
COMMAND system settings gui advisory config text
DESCRIPTION Specify text displayed on advisory banner.
ARGUMENTS
COMMAND tenants tenant
DESCRIPTION Provision and deploy a tenant on the system.
ARGUMENTS
enabled
to enable appliance node at the tenant level or disabled
to disable it. You cannot configure this option when a tenant is in the deployed
running state.enabled
to enable crypto devices for the tenant level or disabled
to disable it. You cannot configure this option when a tenant is in the deployed
running state.deployed
running state.77
GB. The range is from 22 to 700 GB.true
to enable trust mode or false
to disable it. The default value is false
.EXAMPLE
Configure a tenant named bigip-vm
of type BIG-IP
, using a specified image file, assigned to node 1, using port 22
, a management IP address of 192.0.2.61
, a netmask of 255.255.255.0
, a gateway of 192.0.2.1
, using VLAN 100
, and a running state of deployed
:
appliance-1(config)# tenants tenant bigip-vm config type BIG-IP image BIGIP-bigip15.1.6.123.ALL-F5OS.qcow2.zip.bundle nodes 1 port 22 mgmt-ip 192.0.2.71 netmask 255.255.255.0 gateway 192.0.2.254 vlans 100 running-state deployed
COMMAND virtual-networks virtual-network
DESCRIPTION The name of the virtual network.
ARGUMENTS
default
.COMMAND virtual-wires virtual-wire
DESCRIPTION Configured virtual-wire keyed by name.
ARGUMENTS
true
to enable link status or false
to disable it. The default value is false
.COMMAND vlan-listeners vlan-listener
DESCRIPTION A VLAN listener is a system-generated object and should only be configured manually under the guidance of F5 Technical Support. Manually configuring a vlan-listener object could potentially impact the flow of network traffic through the system.
COMMAND vlans vlan
DESCRIPTION Creates a VLAN object that can be referenced by other configuration commands. This command is intended to be expanded for future use and is currently not necessary for proper configuration of the system.
ARGUMENTS
EXAMPLE
Configure VLAN 100, with the name 100
and a vlan-id
of 100
:
appliance-1(config)# vlans vlan 100 config name 100 vlan-id 100
Configure a VLAN range of 100-101:
appliance-1(config)# vlans vlan range 100-101
COMMAND autowizard
DESCRIPTION Specify whether to query automatically for mandatory elements.
ARGUMENTS
true
to query automatically for mandatory elements. Specify false
to disable it.COMMAND clear
DESCRIPTION Remove all configuration changes.
ARGUMENTS
COMMAND compare
DESCRIPTION Compare two configuration subtrees.
ARGUMENTS
COMMAND complete-on-space
DESCRIPTION Specify whether to have the CLI complete a command name automatically when you type an unambiguous string and then press the space bar, or have the CLI list all possible completions when you type an ambiguous string and then press the space bar.
ARGUMENTS
true
to enable the ability to have the CLI complete a command name automatically when you press the space bar. Specify false
to disable it.COMMAND config
DESCRIPTION
Enter configuration mode. In configuration mode, you are editing a copy of the running configuration, called the candidate configuration, not the actual running configuration. Your changes take effect only when you issue a commit
command.
ARGUMENTS
COMMAND describe
DESCRIPTION Display internal information about how a command is implemented.
ARGUMENTS
COMMAND devtools
DESCRIPTION Enable/disable development tools.
ARGUMENTS
true
to enable development tools or false
to disable it.COMMAND display-level
DESCRIPTION Set the depth of the configuration shown for show commands.
ARGUMENTS
<depth>
can be a value from 1 to 64.COMMAND exit
DESCRIPTION Exit the CLI session.
ARGUMENTS This command has no arguments.
COMMAND file
DESCRIPTION Perform file operations.
ARGUMENTS
For detailed information about these arguments, see the file
page under config-mode-commands.
COMMAND help
DESCRIPTION Display help information about a specified command.
ARGUMENTS
COMMAND history
DESCRIPTION Configure the command history cache size.
ARGUMENTS
<size>
can be a value from 0 through 1000.COMMAND id
DESCRIPTION Display information about the current user, including user, gid, group, and gids.
ARGUMENTS This command has no arguments.
COMMAND idle-timeout
DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).COMMAND ignore-leading-space
DESCRIPTION Specify whether to consider or ignore leading whitespace at the beginning of a command.
ARGUMENTS
false
to ignore leading whitespace or true
to consider it.COMMAND job
DESCRIPTION Perform job operations.
ARGUMENTS
COMMAND leaf-prompting
DESCRIPTION Specify whether to enable or disable automatic querying for leaf values.
ARGUMENTS
false
to disable leaf prompting and specify true
to enable it.COMMAND logout
DESCRIPTION Log out a specific session or user from all sessions.
ARGUMENTS
<session-id>
.<user-name>
.COMMAND no
DESCRIPTION Delete or unset a configuration command.
ARGUMENTS
COMMAND paginate
DESCRIPTION Specify whether to control the pagination of CLI command output.
ARGUMENTS
false
to display command output continuously, regardless of the CLI screen height. Specify true
to display all command output one screen at a time. To display the next screen of output, press the space bar. This is the default setting.COMMAND prompt1
DESCRIPTION Set the operational mode prompt.
ARGUMENTS
COMMAND prompt2
DESCRIPTION Set the configuration mode prompt.
ARGUMENTS
COMMAND pwd
DESCRIPTION Display the current path in the configuration hierarchy.
ARGUMENTS This command has no arguments.
COMMAND quit
DESCRIPTION Exit the CLI session.
ARGUMENTS This command has no arguments.
COMMAND screen-length
DESCRIPTION Configure the length of the terminal window.
ARGUMENTS
<number-of-rows>
can be from 0 through 256. When you set the screen length to 0 (zero), the CLI does not paginate command output.COMMAND screen-width
DESCRIPTION Configure the width of the terminal window.
ARGUMENTS
<number-of-rows>
can be from 200 through 256.COMMAND script
DESCRIPTION Perform script actions.
ARGUMENTS
COMMAND send
DESCRIPTION Send a message to the terminal of a specified user or all users.
ARGUMENTS
all
to send a message to all users. Specify username <username>
to send a message only to a specified user.COMMAND show
DESCRIPTION Show information about the system.
ARGUMENTS
COMMAND show-defaults
DESCRIPTION Specify whether to display the default configuration.
ARGUMENTS
true
to display the default values. Specify false
to hide the default values.COMMAND source
DESCRIPTION Run commands from <file> as if they had been entered by the user.
ARGUMENTS
COMMAND system
DESCRIPTION Perform system operations. Available options are:
system aaa
.system database
.system diagnostics
.COMMAND terminal
DESCRIPTION Set the terminal type.
ARGUMENTS
COMMAND timestamp
DESCRIPTION Configure whether to display the timestamp.
ARGUMENTS
enable
to show the timestamp. Specify disable
to hide the timestamp.COMMAND who
DESCRIPTION Display information on currently-logged on users. The command output Display the session ID, user name, context, from (IP address), protocol, date, and mode (operational or configuration).
ARGUMENTS This command has no arguments.
COMMAND write
DESCRIPTION
Display the running configuration of the system on the terminal. This command is equivalent to the show running-config
command.
ARGUMENTS
COMMAND annotation
DESCRIPTION Display only statements whose annotation matches a provided configuration statement or pattern.
Note: Only available when the system has been configured with attributes enabled.
ARGUMENTS
COMMAND append
DESCRIPTION Append command output text to a file.
ARGUMENTS
COMMAND begin
DESCRIPTION Display the command output starting at the first match of a specified string.
ARGUMENTS
COMMAND best-effort
DESCRIPTION Display command output or continue loading a file, even if a failure has occurred that might interfere with this process.
ARGUMENTS This command has no arguments.
COMMAND context-match
DESCRIPTION Display the upper hierarchy in which a pattern appears in the configuration.
ARGUMENTS
COMMAND count
DESCRIPTION Count the number of lines in the command output.
ARGUMENTS This command has no arguments.
COMMAND csv
DESCRIPTION Display table output in CSV format.
ARGUMENTS This command has no arguments.
COMMAND de-select
DESCRIPTION Do not show a specified field in the command output.
ARGUMENTS
COMMAND debug
DESCRIPTION Display debug information.
ARGUMENTS This command has no arguments.
COMMAND details
DESCRIPTION Display the default values for commands in the running configuration.
ARGUMENTS This command has no arguments.
COMMAND display
DESCRIPTION Display options.
ARGUMENTS
Possible completions:
curly-braces Display output as curly braces
json Display output as json
keypath Display output as keypath
restconf Display output as restconf path
xml Display output as XML
xpath Display output as xpath
COMMAND exclude
DESCRIPTION Exclude lines from the command output that match a string defined by a specified regular expression.
ARGUMENTS
COMMAND extended
DESCRIPTION Display referring entries or elements.
ARGUMENTS This command has no arguments.
COMMAND force
DESCRIPTION Log out any users who are locking the configuration.
ARGUMENTS This command has no arguments.
COMMAND hide
DESCRIPTION Hide display options.
ARGUMENTS This command has no arguments.
COMMAND icount
DESCRIPTION Count the number of matching instances.
ARGUMENTS This command has no arguments.
COMMAND include
DESCRIPTION Include only lines in the command output that contain the string defined by a specified regular expression.
ARGUMENTS
Possible completions:
<Regular Expression - restricted subset>
-a The number of lines to include after the match
-b The number of lines to include before the match
-c The number of context lines to include
COMMAND linnum
DESCRIPTION Display a line number at the beginning of each line in the displayed output.
ARGUMENTS This command has no arguments.
COMMAND match-all
DESCRIPTION Display the command output that matches all command output filters.
ARGUMENTS This command has no arguments.
COMMAND match-any
DESCRIPTION Display the command output that matches any one of the the command output filters. This is the default behavior when matching command output.
ARGUMENTS This command has no arguments.
COMMAND more
DESCRIPTION Paginate the command output. This is the default behavior.
ARGUMENTS This command has no arguments.
COMMAND nomore
DESCRIPTION Do not paginate command output.
ARGUMENTS This command has no arguments.
COMMAND notab
DESCRIPTION Display tabular command output in a list instead of in a table. If the tabular command output is wider than the screen width, the output automatically Display in a list.
ARGUMENTS This command has no arguments.
COMMAND repeat
DESCRIPTION
Repeat the output of a show
command periodically.
ARGUMENTS
COMMAND save
DESCRIPTION Save the command output text to a file.
ARGUMENTS
COMMAND select
DESCRIPTION Display selected fields in the command output.
ARGUMENTS
COMMAND sort-by
DESCRIPTION Display command output with values sorted in a specified field.
ARGUMENTS
COMMAND suppress-validate-warning-prompt
DESCRIPTION Suppress the validation warning prompt.
ARGUMENTS This command has no arguments.
COMMAND tab
DESCRIPTION Display tabular command output in table, even if the table is wider than the screen width. If the command output is wider than the screen width, wrap the output onto two or more lines.
ARGUMENTS This command has no arguments.
COMMAND tags
DESCRIPTION Display only statements with tags that match a pattern.
ARGUMENTS
COMMAND trace
DESCRIPTION Display trace information.
ARGUMENTS This command has no arguments.
COMMAND until
DESCRIPTION Display the command output, ending with the line that matches a specified string.
ARGUMENTS
COMMAND show system aom
DESCRIPTION Configure AOM network and SSH.
ARGUMENTS
show
command.COMMAND show SNMP-FRAMEWORK-MIB
DESCRIPTION Display information about the SNMP engine Management Information Base (MIB).
EXAMPLE
Display information about the SNMP engine:
appliance-1# show SNMP-FRAMEWORK-MIB
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:61:81:05:01
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 7
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 127740
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000
COMMAND show SNMP-MPD-MIB
DESCRIPTION Display information about the SNMP Message Processing and Dispatching (MPD) MIB.
EXAMPLE
Display SNMP MPD information:
appliance-1# show SNMP-MPD-MIB
SNMP-MPD-MIB snmpMPDStats snmpUnknownSecurityModels 0
SNMP-MPD-MIB snmpMPDStats snmpInvalidMsgs 0
SNMP-MPD-MIB snmpMPDStats snmpUnknownPDUHandlers 0
COMMAND show SNMP-TARGET-MIB
DESCRIPTION Display information about the SNMP TARGET MIB.
EXAMPLE
Display the SNMP TARGET MIB information:
appliance-1# show SNMP-TARGET-MIB
SNMP-TARGET-MIB snmpTargetObjects snmpUnavailableContexts 0
SNMP-TARGET-MIB snmpTargetObjects snmpUnknownContexts 0
COMMAND show SNMP-USER-BASED-MIB
DESCRIPTION Display information about objects that belong to SNMP files based on user-based security.
EXAMPLE
Display the SNMP TARGET user-based information:
appliance-1# show SNMP-USER-BASED-SM-MIB
SNMP-USER-BASED-SM-MIB usmStats usmStatsUnsupportedSecLevels 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsNotInTimeWindows 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsUnknownUserNames 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsUnknownEngineIDs 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsWrongDigests 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsDecryptionErrors 0
COMMAND show SNMPv2-MIB
DESCRIPTION Display information about the SNMP version 2 MIB.
EXAMPLE
Display the SNMP version 2 MIB information:
appliance-1# show SNMPv2-MIB
SNMPv2-MIB system sysDescr "Linux 3.10.0-1160.25.1.F5.4.el7_8.x86_64 : Appliance services version 1.1.0-5810"
SNMPv2-MIB system sysObjectID 1.3.6.1.2.1.1
SNMPv2-MIB system sysUpTime 28545699
SNMPv2-MIB system sysServices 72
SNMPv2-MIB system sysORLastChange 9
SNMPv2-MIB snmp snmpInPkts 0
SNMPv2-MIB snmp snmpInBadVersions 0
SNMPv2-MIB snmp snmpInBadCommunityNames 0
SNMPv2-MIB snmp snmpInBadCommunityUses 0
SNMPv2-MIB snmp snmpInASNParseErrs 0
SNMPv2-MIB snmp snmpSilentDrops 0
SNMPv2-MIB snmp snmpProxyDrops 0
SNMPv2-MIB snmpSet snmpSetSerialNo 836391230
SYS
SYS ORUP
ORINDEX SYS ORID SYS ORDESCR TIME
-----------------------------------------------------------------------------------------------------------------
1 1.3.6.1.4.1.12276.1 F5 Networks enterprise Platform MIB 9
2 1.3.6.1.2.1.31 The MIB module to describe generic objects for network interface sub-layers 9
COMMAND show cli
DESCRIPTION Display the default CLI session settings.
ARGUMENTS
This command has no arguments.
EXAMPLE
Display the current default CLI session settings:
appliance-1# show cli
autowizard true
complete-on-space false
devtools false
display-level 99999999
history 100
idle-timeout 0
ignore-leading-space false
leaf-prompting true
output-file terminal
paginate true
prompt1 \h\M#
prompt2 \h(\m)#
screen-length 70
screen-width 125
service prompt config true
show-defaults false
terminal xterm-256color
timestamp disable
COMMAND show cluster
DESCRIPTION Display the current state of the OpenShift cluster and the last 25 OpenShift events that have occurred during installation and during normal operation.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the current cluster state:
appliance-1# show cluster
cluster state
cluster disk-usage-threshold state warning-limit 85
cluster disk-usage-threshold state error-limit 90
cluster disk-usage-threshold state critical-limit 97
cluster disk-usage-threshold state growth-rate-limit 10
cluster disk-usage-threshold state interval 60
cluster nodes node node-1
state enabled true
state node-running-state running
state platform fpga-state FPGA_RDY
state platform dma-agent-state DMA_AGENT_RDY
state node-info creation-time 2021-11-08T21:55:12Z
state node-info cpu 48
state node-info pods 110
state node-info memory 26215440Ki
state ready-info ready true
state ready-info last-transition-time 2021-12-04T00:29:25Z
state ready-info message "kubelet is posting ready status"
state out-of-disk-info last-transition-time ""
state out-of-disk-info message ""
state disk-pressure-info disk-pressure true
state disk-pressure-info last-transition-time 2021-12-04T00:29:34Z
state disk-pressure-info message "kubelet has disk pressure"
state disk-usage used-percent 39
state disk-usage growth-rate 1
state disk-usage status in-range
DISK DATA DISK DATA
NAME VALUE
-------------------------
available 68550262784
capacity 117807665152
used 43249483776
TENANT
NAME QAT DEVICE NAME BDF
-----------------------------------
big-ip qat_dev_vf00pf00 53:01.0
qat_dev_vf00pf01 54:01.0
qat_dev_vf00pf02 55:01.0
NAMESPACE TYPE REASON OBJECT MESSAGE
------------------------------------------
-
cluster cluster-status summary-status "K3S cluster is NOT initialized."
INDEX STATUS
---------------------------------------------------------------------------------------------
0 2022-01-04 16:53:01.280210 - applianceMainEventLoop::Orchestration manager startup.
COMMAND show cluster cluster-status
DESCRIPTION Display the current state of a specific OpenShift event that has occurred during installation and during normal operation.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display cluster status:
appliance-1# show cluster cluster-status
cluster cluster-status summary-status "K3S cluster is NOT initialized."
INDEX STATUS
---------------------------------------------------------------------------------------------
0 2022-01-04 16:53:01.280210 - applianceMainEventLoop::Orchestration manager startup.
COMMAND show cluster disk-usage-threshold
DESCRIPTION Display the current configuration of disk usage threshold.
ARGUMENTS
EXAMPLE
Display the current configuration for all disk usage threshold options:
appliance-1# show cluster disk-usage-threshold
cluster disk-usage-threshold state warning-limit 85
cluster disk-usage-threshold state error-limit 90
cluster disk-usage-threshold state critical-limit 97
cluster disk-usage-threshold state growth-rate-limit 10
cluster disk-usage-threshold state interval 60
COMMAND show cluster events
DESCRIPTION Display information about cluster events, including namespace, type, reason, object and message.
ARGUMENTS
COMMAND show cluster install-status
DESCRIPTION Display the status of the OpenShift cluster installation, including the state of the various stages of the OpenShift installation.
ARGUMENTS
This command has no arguments.
COMMAND
show cluster nodes node
DESCRIPTION Display the state of a specific node in the system.
ARGUMENTS
EXAMPLE
Display the state of the node node-1:
appliance-1# show cluster nodes node node-1
cluster nodes node node-1
state enabled true
state node-running-state running
state platform fpga-state FPGA_RDY
state platform dma-agent-state DMA_AGENT_RDY
state node-info creation-time 2021-11-08T21:55:12Z
state node-info cpu 48
state node-info pods 110
state node-info memory 26215440Ki
state ready-info ready true
state ready-info last-transition-time 2021-12-04T00:29:25Z
state ready-info message "kubelet is posting ready status"
state out-of-disk-info last-transition-time ""
state out-of-disk-info message ""
state disk-pressure-info disk-pressure true
state disk-pressure-info last-transition-time 2021-12-04T00:29:34Z
state disk-pressure-info message "kubelet has disk pressure"
state disk-usage used-percent 39
state disk-usage growth-rate 1
state disk-usage status in-range
DISK DATA DISK DATA
NAME VALUE
-------------------------
available 68530409472
capacity 117807665152
used 43269337088
TENANT
NAME QAT DEVICE NAME BDF
-----------------------------------
big-ip qat_dev_vf00pf00 53:01.0
qat_dev_vf00pf01 54:01.0
qat_dev_vf00pf02 55:01.0
COMMAND show cluster state
DESCRIPTION Display the current state of the cluster.
ARGUMENTS
This command has no arguments.
COMMAND show components
DESCRIPTION Display information about hardware inventory and firmware components.
ARGUMENTS
The availability of options for this command depends on which hardware component you are configuring.
running
, and it changes to complete
when the update completes.show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display details about psu-1:
appliance-1# show components component psu-1
components component psu-1
state serial-no FZ2104Q71234
state part-no MW2100
state empty false
psu-stats psu-current-in 1.234
psu-stats psu-current-out 17.375
psu-stats psu-voltage-in 202.0
psu-stats psu-voltage-out 12.015
psu-stats psu-temperature-1 39.0
psu-stats psu-temperature-2 41.0
psu-stats psu-temperature-3 41.0
psu-stats psu-fan-1-speed 19680
Display all information about the platform:
appliance-1# show components component platform
components component platform
state description "r10900"
state serial-no f5-abcd-efgh
state part-no "200-0413-02 REV 2"
state empty false
state tpm-integrity-status Valid
state memory available 15305256960
state memory free 14715150336
state memory used-percent 94
state temperature current 27.2
state temperature average 28.6
state temperature minimum 26.8
state temperature maximum 31.3
UPDATE
NAME NAME VALUE CONFIGURABLE STATUS
-------------------------------------------------------------------------------------------
QAT0 - Lewisburg C62X Crypto/Compression false -
QAT1 - Lewisburg C62X Crypto/Compression false -
QAT2 - Lewisburg C62X Crypto/Compression false -
QAT3 - Lewisburg C62X Crypto/Compression false -
QAT4 - Lewisburg C62X Crypto/Compression false -
QAT5 - Lewisburg C62X Crypto/Compression false -
fw-version-bios - 1.02.108.1 false none
fw-version-bios-me - 4.4.4.58 false none
fw-version-cpld - 02.0A.00 false none
fw-version-drive-nvme0 - VDV10170 false none
fw-version-drive-nvme1 - VDV10170 false none
fw-version-drive-u.2.slot1 - VDV10170 false none
fw-version-drive-u.2.slot2 - VDV10170 false none
fw-version-lcd-app - 1.01.057.00.1 false none
fw-version-lcd-bootloader - 1.01.027.00.1 false none
fw-version-lcd-ui - 1.5.1 false none
fw-version-lop-app - 1.00.214.0.1 false none
fw-version-lop-bootloader - 1.02.062.0.1 false none
fw-version-sirr - 1.1.29 false none
storage state disks disk nvme0n1
state model "INTEL SSDPE2KX010T8"
state vendor Intel
...
COMMAND show configuration commit changes
DESCRIPTION Display changes that were made to the running configuration by previous configuration commits, including changes committed for a specified commit ID.
ARGUMENTS
EXAMPLES
Display information about the last commit:
appliance-1# show configuration commit changes
!
! Created by: admin
! Date: 2022-01-05 19:52:30
! Client: rest
!
system clock config timezone-name America/Los_Angeles
Display information about commit ID 2:
appliance-1# show configuration commit changes 2
!
! Created by: admin
! Date: 2022-01-05 00:36:06
! Client: cli
!
system ntp servers server ntp.pool.org
config address ntp.pool.org
!
system ntp servers server ntp.pool.org
!
COMMAND show configuration commit list
DESCRIPTION Display information about the configuration commits stored in the commit database.
ARGUMENTS
EXAMPLE
Display information about the five most recent configuration commits:
appliance-1# show configuration commit list 5
2022-01-06 02:57:46
SNo. ID User Client Time Stamp Label Comment
~~~~ ~~ ~~~~ ~~~~~~ ~~~~~~~~~~ ~~~~~ ~~~~~~~
0 10103 admin rest 2022-01-05 19:52:30
1 10101 admin system 2022-01-05 19:47:06
2 10100 admin cli 2022-01-05 00:36:06
3 10099 admin cli 2022-01-04 17:00:10
4 10098 admin rest 2022-01-04 16:56:09
COMMAND show configuration rollback changes
DESCRIPTION Display changes that would be made by the rollback configuration command or to display the list of commit IDs.
ARGUMENTS
EXAMPLE
Display changes that would be made by rolling back to the most recent configuration commit:
appliance-1# show configuration rollback changes
no system clock config timezone-name America/Los_Angeles
COMMAND
show dag-states
DESCRIPTION
Display system level packet disaggregation (DAG) state. This table is populated by the system with a row per running tenant. The data shows the where a packet can be distributed to when received by an interface.
** ARGUMENTS**
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.dag-state
for a given tenant name. Available options are:EXAMPLE
Display the current disaggregation state:
appliance-1# show dag-states
dag-states dag-state big-ip
publisher dagd
publisher-instance 1
publish-time 1638493412
commit-tenant-instance 1
commit-time 1638493412
dag-version 16
tenant-instance-ids [ 15 63 ]
sdag-table "f f f f f f f f f f f f f f f f f f f f f f f f"
sdag-table-hash 0
COMMAND show fdb
DESCRIPTION Show Layer 2 forwarding database (FDB) entries in the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all FDB information using table output:
appliance-1# show fdb | tab
show fdb | tab
NDI
MAC ADDRESS VLAN TAG TYPE VLAN TAG TYPE VID ENTRY TYPE OWNER AGE ID SVC VTC SEP DMS DID CMDS MIRRORING INTERFACE
-----------------------------------------------------------------------------------------------------------------------------------------------------
00:94:a1:8e:4c:09 1040 tag_type_vid 1040 tag_type_vid 1040 L2-LISTENER - - 4095 8 - - - - 1 - -
00:94:a1:8e:4c:09 1041 tag_type_vid 1041 tag_type_vid 1041 L2-LISTENER - - 4095 8 - - - - 1 - -
Show FDB MAC table information:
appliance-1# show fdb mac-table
fdb mac-table entries entry 00:94:a1:8e:4c:09 100 tag_type_vid
state vlan 100
state tag-type tag_type_vid
state vid 100
state entry-type L2-LISTENER
state owner defaultbip-1
state ifh-fields ndi-id 4095
state ifh-fields svc 8
state ifh-fields cmds 1
fdb mac-table entries entry 00:94:a1:8e:4c:09 101 tag_type_vid
state vlan 101
state tag-type tag_type_vid
state vid 101
state entry-type L2-LISTENER
state owner defaultbip-1
state ifh-fields ndi-id 4095
state ifh-fields svc 8
state ifh-fields cmds 1
COMMAND show file
DESCRIPTION Display current configuration for known hosts and status of file transfers.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.known_hosts
file.EXAMPLE
Display the status of recent file transfers:
appliance-1# show file transfer-operations
file transfer-operations transfer-operation images/tenant/BIGIP-15.1.4-0.0.10.ALL-F5OS.qcow2.zip.bundle sea.company.com v15.1.4/daily/build10.0/VM/BIGIP-15.1.4-0.0.10.ALL-F5OS.qcow2.zip.bundle "Import file" "HTTPS "
status "In Progress (41.0%)"
timestamp "Thu Jan 6 03:16:42 2022"
COMMAND show fips
DESCRIPTION Show information about the embedded FIPS hardware security module (HSM).
NOTE: Available only on platforms with an embedded FIPS HSM.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all information about the embedded FIPS HSM:
appliance-1# show fips
fips resources occupied-acclr-dev 35
fips resources occupied-contexts 250002
fips resources occupied-keys 5000
fips resources partitions 3
fips resources total-acclr-dev 63
fips resources total-contexts 1000000
fips resources total-keys 102235
fips resources total-partitions 32
fips status last-updated "Fri Jan 13 01:40:09 2023\n"
fips status state 2
fips status desc "FIPS mode with single factor authentication"
fips status label cavium
fips status model "NITROX-III CNN35XX-NFBE"
fips status part-number CNN3560-NFBE-3.0-G
fips status serial-number 6.0G1234-ICM000155
fips status firmware-major-version 2
fips status firmware-minor-version 8
fips status hw-major-version 6
fips status hw-minor-version 0
fips status build-number 11-25
fips status firmware-id CNN35XX-NFBE-FW-2.08-11-25
fips status temperature "78 C"
fips status wear-leveling DEVICE_STATUS_OK
OCCUPIED
ACCEL FIPS SESSION SESSION PCI
NAME KEYS DEVS BACKUP STATE KEYS COUNT ADDRESS
-----------------------------------------------------------------------
PARTITION_1 1000 10 enabled -1 0 0 ca:10.0
PARTITION_2 3000 15 disabled 2 0 0 ca:10.2
PARTITION_3 1000 10 disabled -1 0 0 ca:10.4
LOGIN
FAILURE
USERNAME TYPE COUNT
-------------------------
f5so CO 0
IMAGE SOURCE ID FW TYPE
------------------------------------------------------------------------------
CNL35XX-NFBE-FW-2.08-11-25 INTERNAL - -
CNN35XX-NFBE-FW-2.08-11-25 HSM CNN35XX-NFBE-FW-2.08-11-25 PRODUCTION
PCI
DEVICE
NAME PARTITION ID
-------------------------------
bigip-1 PARTITION_3 ca:10.4
bigip-2 PARTITION_1 ca:10.0
COMMAND show fpga-tables
DESCRIPTION Display current configuration for FPGA tables.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about port_mod0:
appliance-1# show fpga-tables xbar-ports xbar-port port0_mod0
fpga-tables xbar-ports xbar-port port0_mod0
state counters rx-pkt-cnt 4125
state counters rx-byte-cnt 1419000
state counters tx-pkt-cnt 0
state counters tx-byte-cnt 0
state counters tx-obuff-drops 0
state counters mcast-rx-full-drops 0
state counters mcast-tx-full-drops 0
state counters rx-cos0-drops 0
state counters rx-cos1-drops 0
state counters rx-cos2-drops 0
state counters rx-cos3-drops 0
state counters rx-cos4-drops 0
state counters rx-cos5-drops 0
state counters rx-cos6-drops 0
state counters rx-cos7-drops 0
state counters tx-cos0-drops 0
state counters tx-cos1-drops 0
state counters tx-cos2-drops 0
state counters tx-cos3-drops 0
state counters tx-cos4-drops 0
state counters tx-cos5-drops 0
state counters tx-cos6-drops 0
state counters tx-cos7-drops 0
state counters rx-mcast-pkt-cnt 0
state counters rx-mcast-byte-cnt 0
state counters rx-mcast-drops 0
state counters tx-mcast-pkt-cnt 0
state counters tx-mcast-byte-cnt 0
state counters tx-mcast-drops 0
state counters rx-dst-dis-pkt-cnt 0
state counters mirror-pkts-cnt 0
state counters mirror-bytes-cnt 0
COMMAND show history
DESCRIPTION Display a history of commands run on the system.
ARGUMENTS
EXAMPLE
Display the last three commands that were run on the system:
appliance-1# show history 3
03:24:37 -- show file transfer-operations state
03:24:57 -- idle-timeout 0
03:25:26 -- show file transfer-operations
COMMAND show images
DESCRIPTION Display all tenant images imported to the system. Also shows which image is currently in use and its status.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all tenant images on the system:
appliance-1# show images
IN
NAME USE STATUS
------------------------------------------------------------------------------------
BIGIP-15.1.4-0.0.10.ALL-F5OS.qcow2.zip.bundle false verified
COMMAND show interfaces
DESCRIPTION Display information about front-panel network interfaces. This includes options for link aggregation.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display only the first level of interface information:
appliance-1# show interfaces displaylevel 1
interfaces interface 1.0
interfaces interface 2.0
interfaces interface 3.0
interfaces interface 4.0
interfaces interface 5.0
interfaces interface 6.0
interfaces interface 7.0
interfaces interface 8.0
interfaces interface 9.0
interfaces interface 10.0
interfaces interface 11.0
interfaces interface 12.0
interfaces interface 13.0
interfaces interface 14.0
interfaces interface 15.0
interfaces interface 16.0
interfaces interface 17.0
interfaces interface 18.0
interfaces interface 19.0
interfaces interface 20.0
interfaces interface mgmt
interfaces interface test-lag
Display information only about interface 2.0:
appliance-1# show interfaces interface 2.0
interfaces interface 2.0
state name 2.0
state type ethernetCsmacd
state mtu 9600
state enabled true
state ifindex 24
state oper-status DOWN
state counters in-octets 0
state counters in-unicast-pkts 0
state counters in-broadcast-pkts 0
state counters in-multicast-pkts 0
state counters in-discards 0
state counters in-errors 0
state counters in-fcs-errors 0
state counters out-octets 0
state counters out-unicast-pkts 0
state counters out-broadcast-pkts 0
state counters out-multicast-pkts 0
state counters out-discards 0
state counters out-errors 0
state forward-error-correction auto
state lacp_state LACP_DEFAULTED
ethernet state port-speed SPEED_100GB
ethernet state hw-mac-address 00:94:a1:69:34:12
ethernet state counters in-mac-control-frames 0
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 0
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-8021q-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-control-frames 0
ethernet state counters out-mac-pause-frames 0
ethernet state counters out-8021q-frames 0
ethernet state flow-control rx on
Display information about a LAG interface named test-lag
:
appliance-1# show interfaces interface test-lag
interfaces interface test-lag
state name test-lag
state type ieee8023adLag
state mtu 9600
state oper-status DOWN
state forward-error-correction auto
aggregation state lag-type STATIC
aggregation state lag-speed 0
aggregation state distribution-hash src-dst-ipport
aggregation state mac-address 00:94:a1:69:34:26
aggregation state lagid 1
MEMBER MEMBER
NAME STATUS
----------------
1.0 DOWN
COMMAND show iptunnels
DESCRIPTION Display all IP tunnel configurations.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all IP tunnel information on the system:
appliance-1# show iptunnels
iptunnels iptunnel vxlan state dport 4789
iptunnels iptunnel vxlan state gpe enabled
iptunnels iptunnel vxlan state gpe dport 4790
iptunnels iptunnel vxlan state gpe nsh disabled
iptunnels iptunnel nvgre state ethertype 0x6558
iptunnels iptunnel geneve state dport 6081
iptunnels iptunnel geneve state enabled
COMMAND
show lacp
DESCRIPTION
Display the current LACP configuration and state information for global and all LACP interfaces.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about configured LACP interfaces:
appliance-1# show lacp
lacp state system-id-mac 00:94:a1:69:34:23
lacp interfaces interface lacp-test
state name lacp-test
state interval SLOW
state lacp-mode ACTIVE
COMMAND
show lacp interfaces
DESCRIPTION
Show current LACP state for all LACP interfaces.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.system-priority
and the stack MAC address.COMMAND
show lacp interfaces interface
DESCRIPTION
Show current LACP config and state information for an LACP interface.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about the testLAG
interface:
appliance-1# show lacp interfaces interface testLAG
lacp interfaces interface testLAG
state name testLAG
state interval FAST
state lacp-mode ACTIVE
state system-id-mac 0:94:a1:8e:4c:8
COMMAND
show lacp state
DESCRIPTION
Display global LACP state information.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.system-priority
and the stack MAC address.EXAMPLE
Display the global state of LACP:
appliance-1# show lacp state
lacp state system-id-mac 00:94:a1:66:e0:08
COMMAND show lldp
DESCRIPTION Display the information about Link Layer Discovery Protocol (LLDP) on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display all LLDP information:
appliance-1# show lldp
lldp state enabled
lldp state chassis-id f5-abcd-efgh
lldp state chassis-id-type LOCAL
lldp interfaces interface 1.0
state name 1.0
state enabled
state counters frame-in 0
state counters frame-out 4202
Show whether LLDP is enabled or disabled:
appliance-1# show lldp state enabled
lldp state enabled
COMMAND show parser
DESCRIPTION Display information about available commands and their syntax.
ARGUMENTS
EXAMPLE
Display information about all commands:
appliance-1# show parser dump
autowizard [false/true]
cd <Dir>
cd
clear history
compare file <File> [brief]
compare file <File> [brief] SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry
compare file <File> [brief] SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry
compare file <File> [brief] SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry
compare file <File> [brief] SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry
compare file <File> [brief] SNMP-USER-BASED-SM-MIB usmUserTable usmUserEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmAccessTable vacmAccessEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmViewTreeFamilyTable vacmViewTreeFamilyEntry
compare file <File> [brief] SNMPv2-MIB snmp snmpEnableAuthenTraps
compare file <File> [brief] SNMPv2-MIB system sysContact
compare file <File> [brief] SNMPv2-MIB system sysLocation
compare file <File> [brief] SNMPv2-MIB system sysName
compare file <File> [brief] cluster disk-usage-threshold config critical-limit
compare file <File> [brief] cluster disk-usage-threshold config error-limit
compare file <File> [brief] cluster disk-usage-threshold config growth-rate-limit
compare file <File> [brief] cluster disk-usage-threshold config interval
compare file <File> [brief] cluster disk-usage-threshold config warning-limit
compare file <File> [brief] cluster nodes node
compare file <File> [brief] components component
compare file <File> [brief] fdb mac-table entries entry
compare file <File> [brief] file config concurrent-operations-limit
compare file <File> [brief] file known-hosts known-host
compare file <File> [brief] fpga-tables xbar-ports xbar-port
compare file <File> [brief] interfaces interface
compare file <File> [brief] lacp config system-priority
compare file <File> [brief] lacp interfaces interface
compare file <File> [brief] lldp config disabled
compare file <File> [brief] lldp interfaces interface
compare file <File> [brief] port-mappings port-mapping
compare file <File> [brief] portgroups portgroup
compare file <File> [brief] stp global config
compare file <File> [brief] stp interfaces interface
compare file <File> [brief] stp mstp config hold-count
compare file <File> [brief] stp mstp mst-instances mst-instance
compare file <File> [brief] stp rstp config hold-count
compare file <File> [brief] stp rstp interfaces interface
compare file <File> [brief] stp stp config hold-count
compare file <File> [brief] stp stp interfaces interface
...
COMMAND show port-listeners
DESCRIPTION Display information about configured port listeners.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.COMMAND show port-mappings
DESCRIPTION Display information about port mappings.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about all pipelines:
appliance-1# show port-mappings port-mapping pipeline
NUM
CAPACITY ALLOCATED OVERSUBSCRIBE ALLOCATED MAX
NAME INDEX PIPELINE GROUP BW BW STATUS PORTS PORTS PORTS
-----------------------------------------------------------------------------------------------------------------------------
appliance-1 PIPELINE-1 PIPELINEGROUP-1 100 200 OVERSUBSCRIBED 5 8 [ 1.0 3.0 4.0 5.0 6.0 ]
PIPELINE-2 PIPELINEGROUP-1 100 200 OVERSUBSCRIBED 5 8 [ 10.0 2.0 7.0 8.0 9.0 ]
appliance-1 PIPELINE-3 PIPELINEGROUP-2 100 200 OVERSUBSCRIBED 5 8 [ 11.0 13.0 14.0 15.0 16.0 ]
PIPELINE-4 PIPELINEGROUP-2 100 200 OVERSUBSCRIBED 5 8 [ 12.0 17.0 18.0 19.0 20.0 ]
COMMAND show portgroups
DESCRIPTION Display information about portgroups.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display all information about portgroup 1:
appliance-1# show portgroups portgroup 1
portgroups portgroup 1
state vendor-name "F5 INC."
state vendor-oui 009065
state vendor-partnum "OPT-0031 "
state vendor-revision A0
state vendor-serialnum "X1KA007 "
state transmitter-technology "850 nm VCSEL"
state media 100GBASE-SR4
state optic-state QUALIFIED
state ddm rx-pwr low-threshold alarm -14.0
state ddm rx-pwr low-threshold warn -11.0
state ddm rx-pwr instant val-lane1 -2.9
state ddm rx-pwr instant val-lane2 -2.8
state ddm rx-pwr instant val-lane3 -2.76
state ddm rx-pwr instant val-lane4 -2.92
state ddm rx-pwr high-threshold alarm 3.4
state ddm rx-pwr high-threshold warn 2.4
state ddm tx-pwr low-threshold alarm -10.0
state ddm tx-pwr low-threshold warn -8.0
state ddm tx-pwr instant val-lane1 -1.19
state ddm tx-pwr instant val-lane2 -0.98
state ddm tx-pwr instant val-lane3 -0.98
state ddm tx-pwr instant val-lane4 -1.1
state ddm tx-pwr high-threshold alarm 5.0
state ddm tx-pwr high-threshold warn 3.0
state ddm temp low-threshold alarm -5.0
state ddm temp low-threshold warn 0.0
state ddm temp instant val 33.3359
state ddm temp high-threshold alarm 75.0
state ddm temp high-threshold warn 70.0
state ddm bias low-threshold alarm 0.003
state ddm bias low-threshold warn 0.005
state ddm bias instant val-lane1 0.00746
state ddm bias instant val-lane2 0.00754
state ddm bias instant val-lane3 0.00753
state ddm bias instant val-lane4 0.007516
state ddm bias high-threshold alarm 0.013
state ddm bias high-threshold warn 0.011
state ddm vcc low-threshold alarm 2.97
state ddm vcc low-threshold warn 3.135
state ddm vcc instant val 3.2288
state ddm vcc high-threshold alarm 3.63
state ddm vcc high-threshold warn 3.465
Display only the optic-state
of portgroup 2:
appliance-1# show portgroups portgroup 2 state optic-state
state optic-state QUALIFIED
COMMAND show restconf-state
DESCRIPTION Display capabilities supported by the RESTCONF server.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all supported capabilities:
appliance-1# show restconf-state
restconf-state capabilities capability urn:ietf:params:restconf:capability:defaults:1.0?basic-mode=report-all
restconf-state capabilities capability urn:ietf:params:restconf:capability:depth:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:fields:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:with-defaults:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:filter:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:replay:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:yang-patch:1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/collection/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/query-api/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/unhide/1.0
COMMAND show running-config
DESCRIPTION Display the current configuration for the system. By default, the whole configuration is displayed. You can limit what is shown by supplying a pathfilter. The pathfilter may be either a path pointing to a specific instance, or if an instance id is omitted, the part following the omitted instance is treated as a filter.
ARGUMENTS
For information about these arguments, see these sections on the show-SNMP-FRAMEWORK-MIB
page.
EXAMPLE
Display the current running configuration for file operations:
appliance-1# show running-config file
file config concurrent-operations-limit 5
Display information about interface 11.0:
appliance-1# show running-config interfaces interface 11.0
interfaces interface 11.0
config name 11.0
config type ethernetCsmacd
config enabled
COMMAND show service-instances
DESCRIPTION
Services are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system. A service might have multiple instances.
This command Display all the service instances on the system.
IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display the service-type
value for each service-instance:
appliance-1# show service-instances service-instance service-type | tab
SLOT INSTANCE
TENANT NAME ID ID SERVICE TYPE
---------------------------------------------------
L2HostLearn 1 4291376965 ST_SYSTEM_SERVICE
L2HostLearn 1 4291376966 ST_SYSTEM_SERVICE
SwRbcaster-1 1 3100278637 ST_SYSTEM_SERVICE
lacpd 1 3495072231 ST_SYSTEM_SERVICE
lldpd 1 2423009794 ST_SYSTEM_SERVICE
stpd 1 3777547480 ST_SYSTEM_SERVICE
COMMAND show service-pods
DESCRIPTION
A system service is deployed in a Pod.
IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about the pod image version:
appliance-1# show service-pods service-pod pod-image-version
SERVICE NAME POD IMAGE VERSION
--------------------------------------------------------------------------------
compute 1.0.17
coredns 1.8.3
helper-job-hnet-big-ip-1 5.1.0-appliance-master.2021-09-21-14-38-09.Sf319b34d
kube-flannel 0.13.0
kube-multus 3.6.0
lb-port-443 v0.2.0
local-path-provisioner v0.0.19
metrics-server v0.3.6
pause 3.1
traefik-ingress-lb 2.4.8
virt-api 1.0.17
virt-controller 1.0.17
virt-handler 1.0.17
COMMAND show services
DESCRIPTION
Display information about Services that are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system.
IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about services:
appliance-1# show services
USE USE
SERVICE HASH FIELD FULL TUNNEL IP HASH FIELD FULL TUNNEL IP TENANT
ID ALG SELECT MASK MASK SELECT PROTO ALG SELECT MASK MASK SELECT PROTO NAME
-----------------------------------------------------------------------------------------------------
8 dagv2 port true outer false dagv2 port true outer false big-ip
COMMAND
show stp
DESCRIPTION
Display the state of Spanning Tree Protocol (STP) on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display all STP information:
appliance-1# show SNMP-FRAMEWORK-MIB
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:61:81:05:01
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 7
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 127740
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000
appliance-1# show stp
stp global state enabled-protocol [ STP ]
stp rstp state hold-count 6
stp mstp state hold-count 6
stp stp state hello-time 2
stp stp state max-age 20
stp stp state forwarding-delay 15
stp stp state hold-count 6
stp stp state bridge-priority 32768
stp stp state bridge-address 0:94:a1:69:34:23
stp stp state designated-root-priority 32768
stp stp state designated-root-address 0:94:a1:69:34:23
stp stp state root-port 0
stp stp state root-cost 0
stp stp state topology-changes 0
stp stp state time-since-topology-change 1641442985
Display only STP information:
appliance-1# show stp stp
stp stp state hello-time 2
stp stp state max-age 20
stp stp state forwarding-delay 15
stp stp state hold-count 6
stp stp state bridge-priority 32768
stp stp state bridge-address 0:94:a1:69:34:23
stp stp state designated-root-priority 32768
stp stp state designated-root-address 0:94:a1:69:34:23
stp stp state root-port 0
stp stp state root-cost 0
stp stp state topology-changes 0
stp stp state time-since-topology-change 1641443111
COMMAND
show stp global state enabled-protocol
DESCRIPTION
Display which STP protocol is currently enabled for the system. There is either one enabled protocol per system or none.
EXAMPLE
Display the currently-enabled protocol:
appliance-1# show stp global state enabled-protocol
stp global state enabled-protocol [ STP ]
COMMAND
show stp interfaces interface
DESCRIPTION
Display information about configured STP interfaces, including the current link type and edge port status.
ARGUMENTS
EXAMPLE
Display information about all configured STP interfaces:
appliance-1# show stp interfaces
LINK
NAME NAME EDGE PORT TYPE
----------------------------------
1.0 1.0 EDGE_DISABLE P2P
COMMAND
show stp mstp
DESCRIPTION
Display all system state related to the MSTP protocol. These fields are populated only when the STP global enabled-protocol
is MSTP
.
EXAMPLE
Display MSTP information:
appliance-1# show stp mstp
stp mstp state name 32768:0:94:a1:69:34:23
stp mstp state revision 0
stp mstp state max-hop 20
stp mstp state hello-time 2
stp mstp state max-age 20
stp mstp state forwarding-delay 15
stp mstp state hold-count 6
COMMAND
show stp mstp mst-instances
DESCRIPTION
Display all configured MST instances and their state.
EXAMPLE
Display information about all configured MST instances:
appliance-1# show stp mstp mst-instances
stp mstp mst-instances mst-instance 1
state mst-id 1
state bridge-priority 32768
state designated-root-priority 32768
state designated-root-address 0:94:a1:69:34:23
state root-port 0
state root-cost 0
state topology-changes 0
state time-since-topology-change 1641443429
COMMAND
show stp mstp mst-instances mst-instance
DESCRIPTION
Display information about a specific MST instance and its state. You can optionally specify the interfaces
attribute, which lists interfaces configured for this MST instance and their respective spanning-tree state.
EXAMPLE
Display information about mst-instance
555:
appliance-1# show stp mstp mst-instances mst-instance 555
stp mstp mst-instances mst-instance 555
state mst-id 555
state vlan [ 555 ]
state bridge-priority 61440
state designated-root-priority 61440
state designated-root-address 0:94:a1:8d:18:8
state root-port 0
state root-cost 0
state topology-changes 1
state time-since-topology-change 396
COMMAND
show stp mstp state
DESCRIPTION
Display the global state for the MSTP protocol. You can optionally specify a single attribute. Available options are:
EXAMPLE
Display information about the global state for MSTP:
appliance-1# show stp mstp state
stp mstp state name 32768:0:94:a1:69:34:23
stp mstp state revision 0
stp mstp state max-hop 20
stp mstp state hello-time 2
stp mstp state max-age 20
stp mstp state forwarding-delay 15
stp mstp state hold-count 6
COMMAND
show stp rstp
DESCRIPTION
Display all system state related to the RSTP protocol. These fields are populated only when the stp global enabled-protocol
is RSTP
.
EXAMPLE
Display RSTP information:
appliance-1# show stp rstp
stp rstp state hello-time 2
stp rstp state max-age 20
stp rstp state forwarding-delay 15
stp rstp state hold-count 6
stp rstp state bridge-priority 32768
stp rstp state bridge-address 0:94:a1:69:34:23
stp rstp state designated-root-priority 32768
stp rstp state designated-root-address 0:94:a1:69:34:23
stp rstp state root-port 0
stp rstp state root-cost 0
stp rstp state topology-changes 0
stp rstp state time-since-topology-change 1641443732
COMMAND
show stp rstp interfaces interface
DESCRIPTION
Display information about configured RSTP interfaces
EXAMPLE
Display information about all configured RSTP interfaces:
appliance-1# show stp rstp interfaces
stp rstp interfaces interface 1.0
state name 1.0
state port-priority 128
state port-num 1
state port-state BLOCKING
stp rstp interfaces interface 11.0
state name 11.0
state port-priority 128
state port-num 11
state port-state FORWARDING
COMMAND
show stp stp
DESCRIPTION
Display all system state related to the STP protocol. These fields are only populated
when the STP global enabled-protocol
is STP
.
EXAMPLE
appliance-1# show stp stp
stp stp state hello-time 2
stp stp state max-age 20
stp stp state forwarding-delay 15
stp stp state hold-count 6
stp stp state bridge-priority 32768
stp stp state bridge-address 0:94:a1:69:34:23
stp stp state designated-root-priority 32768
stp stp state designated-root-address 0:94:a1:69:34:23
stp stp state root-port 0
stp stp state root-cost 0
stp stp state topology-changes 0
stp stp state time-since-topology-change 1641443885
COMMAND
show stp stp interfaces
DESCRIPTION
Display all system state related to interfaces configured for the STP protocol.
EXAMPLE
appliance-1# show stp stp interfaces
stp stp interfaces interface 1.0
state name 1.0
state port-priority 128
state port-num 1
state port-state BLOCKING
stp stp interfaces interface 2.0
state name 2.0
state port-priority 128
state port-num 2
state port-state FORWARDING
appliance-1#
COMMAND
show stp stp interfaces interface
DESCRIPTION
Display information about configured STP interfaces.
EXAMPLE
Display information about STP interface 1.0:
appliance-1# show stp stp interfaces interface 1.0
stp stp interfaces interface 1.0
state name 1.0
state port-priority 128
state port-num 1
state port-state BLOCKING
state designated-root-priority 0
state designated-root-address 0:0:0:0:0:0
state designated-cost 0
state designated-bridge-priority 0
state designated-bridge-address 0:0:0:0:0:0
state designated-port-num 0
state forward-transisitions 0
state counters bpdu-sent 0
state counters bpdu-received 0
COMMAND
show stp stp state
DESCRIPTION
Display any global state specific to the STP protocol. You can optionally specify a single attribute. Available options are:
root-port
.stp rstp interfaces interface {name} state port-num
.EXAMPLE
Display information about the global state for STP:
appliance-1# show stp stp state
stp stp state hello-time 2
stp stp state max-age 20
stp stp state forwarding-delay 15
stp stp state hold-count 6
stp stp state bridge-priority 32768
stp stp state bridge-address 0:94:a1:69:34:23
stp stp state designated-root-priority 32768
stp stp state designated-root-address 0:94:a1:69:34:23
stp stp state root-port 0
stp stp state root-cost 0
stp stp state topology-changes 0
stp stp state time-since-topology-change 1641443966
COMMAND show system aaa
DESCRIPTION Display system user authentication information, including information about roles, users, primary key, server groups, and TLS.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about configured system authentication:
appliance-1# show system aaa authentication
system aaa authentication state cert-auth disabled
system aaa authentication f5-aaa-token:state basic disabled
system aaa authentication ocsp state override-responder off
system aaa authentication ocsp state response-max-age -1
system aaa authentication ocsp state response-time-skew 300
system aaa authentication ocsp state nonce-request on
system aaa authentication ocsp state disabled
AUTHORIZED LAST TALLY EXPIRY
USERNAME KEYS CHANGE COUNT DATE ROLE
----------------------------------------------------------------------
admin - 2022-08-31 0 -1 admin
big-ip-15-1-6 - 0 0 1 tenant-console
big-ip-15-1-8 - 0 0 1 tenant-console
root - 2022-08-31 0 -1 root
REMOTE
ROLENAME GID GID USERS
-------------------------------------
admin 9000 - -
operator 9001 - -
resource-admin 9003 - -
tenant-console 9100 - -
Display information for the primary key:
appliance-1# show system aaa primary-key
system aaa primary-key state hash bIVhabcdtroyOkxMKYjyDEFGTd0NX4Ch1234Mi+5aFk9WbxdM6RTzl5678HYkCwnQkOE1ict0Y7Z3uOLgjYNBQ==
system aaa primary-key state status "COMPLETE Initiated: Tue Mar 7 22:32:04 2023"```
Show the TLS certificate:
appliance-1# show system aaa tls state certificate
Show the current CRLs in the system:
appliance-1# show system aaa tls crls crl
Show the current RESTCONF token lifetime:
appliance-1# show system aaa restconf-token
system aaa restconf-token state lifetime 25
Show the current state of client certificate authentication on the system:
appliance-1# show system aaa authentication state
system aaa authentication state cert-auth disabled
COMMAND show system alarms
DESCRIPTION Display information about system alarms.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display active alarm conditions:
appliance-1# show system alarms
ID RESOURCE SEVERITY TEXT TIME CREATED
--------------------------------------------------------------------------------------------------
65793 psu-1 ERROR PSU fault detected 2021-01-01 10:39:12.113796318 UTC
COMMAND show system appliance-mode
DESCRIPTION Check the current state of appliance mode. It can be either enabled or disabled.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the current state of appliance mode:
appliance-1# show system diagnostics ihealth
system diagnostics ihealth state username ""
system diagnostics ihealth state server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
system diagnostics ihealth state authserver https://api.f5.com/auth/pub/sso/login/ihealth-api
COMMAND show system clock
DESCRIPTION Display the current time configured for the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display the currently-configured time zone name:
appliance-1# show system clock
system clock state timezone-name Etc/UTC
system clock state appliance date-time "2022-01-06 04:54:34 America/Los_Angeles"
Display the current time for the system:
appliance-1# show system clock state appliance
system clock state appliance date-time "2022-01-06 04:51:31 America/Los_Angeles"
COMMAND show system diagnostics
DESCRIPTION Display information about iHealth, QKView, and iHealth web proxy.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the iHealth configuration for the system:
appliance-1# show system diagnostics ihealth
system diagnostics ihealth state server https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
system diagnostics ihealth state authserver https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token
system diagnostics ihealth state clientid ""
COMMAND show system dns
DESCRIPTION Display information about DNS servers configured for the system to use.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all configured DNS servers:
appliance-1# show system dns servers
ADDRESS ADDRESS PORT
-----------------------------
192.168.10.1 - 53
192.168.11.1 - 53
COMMAND show system events
DESCRIPTION Display information about system events.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display system events:
appliance-1# show system events
system events event
log "65550 appliance firmware-update-status EVENT NA \"Firmware update is running for sirr \" \"2021-11-08 21:49:27.507242294 UTC\""
system events event
log "65550 appliance firmware-update-status EVENT NA \"Firmware update completed for sirr \" \"2021-11-08 21:49:29.505202936 UTC\""
system events event
log "65550 appliance firmware-update-status EVENT NA \"Firmware update is running for atse 1\" \"2021-11-08 21:49:29.511148376 UTC\""
...
COMMAND show system health
DESCRIPTION Display health information about system components.
ARGUMENTS
The availability of options for this command depends on the hardware component for which you want to view health information.
EXAMPLES
Display high-level hardware health state for the fan tray:
appliance-1# show system health components component fantray hardware state
KEY NAME HEALTH SEVERITY
--------------------------------------------------------
appliance/hardware/fantray Fan Tray ok info
Display health information about system memory:
appliance-1# show system health components component appliance hardware appliance/hardware/memory
hardware appliance/hardware/memory
state name Memory
state health ok
state severity info
NAME DESCRIPTION HEALTH SEVERITY VALUE UPDATED AT
--------------------------------------------------------------------------------------------------------------------
memory:sensor:temperature Memory DIMM temperature (C) ok info 2021-11-08T21:49:10Z
rasdaemon:mc:corrected:event RAS Daemon MC corrected event ok info 0 2022-01-06T05:13:24Z
rasdaemon:mc:fatal:event RAS Daemon MC fatal event ok info 0 2022-01-06T05:13:24Z
rasdaemon:mc:uncorrected:event RAS Daemon MC uncorrected event ok info 0 2022-01-06T05:13:24Z
v6h:thermal-fault:vddq-abcd-vr-hot VDDQ_ABCD_VR_HOT thermal fault ok info 0 2022-01-04T16:53:23Z
v6h:thermal-fault:vddq-efgh-vr-hot VDDQ_EFGH_VR_HOT thermal fault ok info 0 2022-01-04T16:53:23Z
Display the status of the tcpdump service on the system:
appliance-1# show system health components component appliance services appliance/services/tcpdumpd_manager
services appliance/services/tcpdumpd_manager
state name tcpdumpd_manager
state health ok
state severity info
NAME DESCRIPTION HEALTH SEVERITY VALUE UPDATED AT
----------------------------------------------------------------------------------------------------------------------------
container:event:attach Container attach event ok info 0 2021-11-08T21:49:26Z
container:event:die Container die event ok info 0 2021-11-08T21:49:26Z
container:event:exec-create Container exec create event ok info 0 2021-11-19T22:56:26Z
container:event:exec-detach Container exec detach event ok info 0 2021-11-08T21:49:26Z
container:event:exec-die Container exec die event ok info 0 2021-11-08T21:49:26Z
container:event:exec-start Container exec start event ok info 0 2021-11-19T22:56:26Z
container:event:kill Container kill event ok info 0 2021-12-04T00:19:35Z
container:event:restart Container restart event ok info 0 2022-01-04T16:53:24Z
container:event:restart-last-hour Container restart count in the last hour ok info 0 2021-11-08T21:49:26Z
container:event:start Container start event ok info 0 2021-11-08T21:49:26Z
container:event:stop Container stop event ok info 0 2021-11-08T21:49:26Z
container:running Container running ok info true 2022-01-06T05:13:24Z
COMMAND show system image
DESCRIPTION Display information about the installed Base OS image on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display the currently-installed Base OS image on the system:
appliance-1# show system image install
system image state install install-os-version 1.0.0-11432
system image state install install-service-version 1.0.0-11432
system image state install install-status success
Display information about all imported Base OS images:
appliance-1# show system image
IN
VERSION OS STATUS DATE USE
----------------------------------------
1.0.0-10234 ready 2021-10-05 false
1.0.0-11432 ready 2021-12-03 true
VERSION IN
SERVICE STATUS DATE USE
----------------------------------------
1.0.0-10234 ready 2021-10-05 false
1.0.0-11432 ready 2021-12-03 true
IN
VERSION ISO STATUS DATE USE
----------------------------------------
1.0.0-10234 ready 2021-10-05 false
1.0.0-11432 ready 2021-12-03 false
COMMAND show system licensing
DESCRIPTION Display information about system license.
EXAMPLE
Display information about the license activated on the system (Note that actual license key values are not shown below):
appliance-1# show system licensing
system licensing license
Licensed version 1.0.0
Registration Key XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX
Licensed date 2021/12/17
License start 2021/10/06
License end 2022/02/04
Service check date 2022/01/05
Platform ID C128
Appliance SN f5-abcd-efgh
Active Modules
Local Traffic Manager, r10900 (XXXXXXX-XXXXXXX)
FIX Low Latency
LTM to Best Upgrade, r109XX
Carrier-Grade NAT, r10XXX
BIG-IP, DNS and GTM Upgrade (1K TO MAX)
Rate Shaping
DNSSEC
Anti-Virus Checks
Base Endpoint Security Checks
Firewall Checks
Machine Certificate Checks
Network Access
Protected Workspace
Secure Virtual Keyboard
APM, Web Application
App Tunnel
Remote Desktop
DNS Rate Fallback, Unlimited
DNS Licensed Objects, Unlimited
DNS Rate Limit, Unlimited QPS
GTM Rate Fallback, (UNLIMITED)
GTM Licensed Objects, Unlimited
GTM Rate, Unlimited
Carrier Grade NAT (AFM ONLY)
APM, Limited
Routing Bundle
Protocol Security Manager
Access Policy Manager, Base, r109XX
Advanced Web Application Firewall, r10XXX
Max SSL, r10900
Max Compression, r10900
Advanced Firewall Manager, r10XXX
DNS Max, rSeries
COMMAND show system locator
DESCRIPTION Display whether the system locator function is enabled. This function illuminates the F5 logo ball so that you can more easily locate a chassis in a data center.
EXAMPLE
Display whether the system locator is enabled:
appliance-1# show system locator
system locator state disabled
COMMAND show system logging
DESCRIPTION Display information about remote logging.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.COMMAND show system login-activity
DESCRIPTION Display information about all previous login attempts.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all recent admin user login attempts:
appliance-1# show system login-activity user admin
NAME LOGIN TIME METHOD HOST STATUS
------------------------------------------------------------
admin 2023-05-17 17:43:10 http 172.18.65.98 failed
2023-05-17 17:43:19 http 172.18.65.98 success
2023-05-17 18:05:17 http 172.18.65.98 success
2023-05-19 05:50:34 http 172.18.65.139 success
2023-05-19 16:12:53 http 172.18.65.105 success
2023-05-22 23:48:15 http 172.18.65.12 success
2023-05-23 03:37:19 ssh 172.18.65.12 success
Display all recent login attempts:
appliance-1# show system login-activity
NAME LOGIN TIME METHOD HOST STATUS
------------------------------------------------------------
admin 2023-04-28 23:04:13 http 172.18.65.173 success
2023-05-02 18:46:40 http 172.18.2.178 success
2023-05-03 15:50:24 http 172.18.65.150 success
2023-05-11 16:41:20 http 192.0.2.96 success
2023-05-17 17:36:38 http 172.18.65.98 success
2023-05-17 18:07:46 http 172.18.65.98 success
2023-05-23 04:47:49 ssh 172.18.65.12 success
root 2023-04-14 01:21:55 ssh 10.145.71.88 success
2023-04-14 01:23:08 ssh 10.145.71.88 success
COMMAND show system mac-allocation
DESCRIPTION Display information about chassis MAC address allocation.
EXAMPLE
Display current MAC address allocation:
appliance-1# show system mac-allocation
system mac-allocation state free-single-macs 6
system mac-allocation state allocated-single-macs 6
system mac-allocation state free-large-blocks 7
system mac-allocation state allocated-large-blocks 0
system mac-allocation state free-medium-blocks 0
system mac-allocation state allocated-medium-blocks 0
system mac-allocation state free-small-blocks 0
system mac-allocation state allocated-small-blocks 0
system mac-allocation state total-free-mac-count 230
system mac-allocation state total-allocated-mac-count 6
system mac-allocation state total-mac-count 236
COMMAND show system mgmt-ip
DESCRIPTION Display information about configured management IP addresses.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about all configured management IP addresses:
appliance-1# show system mgmt-ip
system mgmt-ip state ipv4 system address 192.0.2.102
system mgmt-ip state ipv4 prefix-length 24
system mgmt-ip state ipv4 gateway 192.0.2.254
system mgmt-ip state ipv6 system address ::
system mgmt-ip state ipv6 prefix-length 0
system mgmt-ip state ipv6 gateway ::
Display only the gateway for a configured IPv4 management IP address:
appliance-1# show system mgmt-ip state ipv4 gateway
system mgmt-ip state ipv4 gateway 192.0.2.254
COMMAND show system network
DESCRIPTION Display information about the configured and active internal network addresses.
ARGUMENTS
This command has no arguments.
EXAMPLE
Display information about the currently-configured internal network:
appliance-1# show system network
system network state configured-network-range-type RFC6598
system network state configured-network-range 100.64.0.0/12
system network state active-network-range-type RFC6598
system network state active-network-range 100.64.0.0/12
COMMAND show system ntp
DESCRIPTION Display the current state of the Network Time Protocol (NTP) service.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the current state of NTP on the system:
appliance-1# show system ntp
system ntp state disabled
COMMAND show system ntp ntp-keys
DESCRIPTION Display a list of configured NTP authentication keys.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.COMMAND show system ntp servers
DESCRIPTION Display a list of configured NTP servers.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display configured NTP servers:
appliance-1# show system ntp servers
ASSOCIATION ROOT ROOT POLL
ADDRESS ADDRESS PORT VERSION TYPE IBURST PREFER STRATUM DELAY DISPERSION OFFSET INTERVAL
----------------------------------------------------------------------------------------------------------------------
ntp.pool.org ntp.pool.org 123 4 SERVER false false - - - - -
COMMAND show system packages
DESCRIPTION Display information about independent service packages on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.COMMAND show system raid
DESCRIPTION Display the current state of the RAID array.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display the current status of the RAID array:
appliance-1# show system raid raid-array-status
ARRAY ARRAY
NAME BAYID SERIAL NUMBER MEMBER STATUS SIZE
----------------------------------------------------------
ssd1 0 PHLJ915001PK1R8S44 true ok 684.7G
ssd2 1 PHLJ915001Q61R8T42 true ok 684.7G
Display only the size, in GB, of the drives in the system:
appliance-1# show system raid raid-array-status drive size
NAME SIZE
---------------
ssd1 684.7G
ssd2 684.7G
COMMAND show system security
DESCRIPTION Display the status of system services and FIPS module, if present.
EXAMPLE
Display the currently-configured system services:
appliance-1# show system security
system security services service httpd
state ssl-ciphersuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA
system security services service sshd
state ciphers [ aes128-cbc aes128-ctr aes128-gcm@openssh.com aes256-cbc aes256-ctr aes256-gcm@openssh.com ]
state kexalgorithms [ diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 ]
COMMAND show system settings
DESCRIPTION Display information about system idle timeout, webUI advisory banner, and disaggregator (DAG) state.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the idle timeout for the system:
appliance-1# show system settings state idle-timeout
system settings state idle-timeout 8192
COMMAND show system snmp
DESCRIPTION Display SNMP system configuration.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about configured communities:
appliance-1# show system snmp communities
SECURITY
NAME NAME MODEL
--------------------------------------
v1-community v1-community [ v1 ]
Display information about configured targets:
appliance-1# show system snmp targets
SECURITY
NAME NAME USER COMMUNITY MODEL ADDRESS PORT ADDRESS PORT
-----------------------------------------------------------------------------------------
v3-target v3-target v3-user - - 192.0.2.224 5001 - -
Display information about configured users:
appliance-1# show system snmp users
AUTHENTICATION PRIVACY
NAME NAME PROTOCOL PROTOCOL
--------------------------------------------
v3-user v3-user md5 aes
COMMAND show system state
DESCRIPTION Display information about the system, such as domain name, login banner, and hostname.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display the current date and time:
appliance-1# show system state current-datetime
system state current-datetime "2022-01-06 05:58:49 America/Los_Angeles"
Display the hostname for the system:
appliance-1# show system state hostname
system state hostname appliance-1
Display the login banner for the system:
appliance-1# show system state login-banner
system state login-banner UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
Display the message of the day (MOTD) banner for the system:
appliance-1# show system state motd-banner
system state motd-banner ATTENTION! This system is scheduled for maintenance in two days.
COMMAND show system telemetry instruments
DESCRIPTION Display information about supported instruments.
ARGUMENTS
This command has no arguments
EXAMPLES
Display all supported instrument information:
appliance-1# show system telemetry instruments
NAME DESCRIPTION
-------------------------------------------------------------------------------------------
all Report all logs and metrics produced by the F5OS platform layer
logs F5OS platform log file through the OpenTelemetry 'log' API
platform F5OS platform metrics such as: memory, disk, cpu, interface stats
hardware F5OS hardware sensors such as: voltage, current, temperature, power, fan-speeds
optics F5OS front-panel Optic DDM metrics
tenant Low level tenant reported metrics such as: memory, disk, cpu interface stats
container F5OS Per-Container metrics such as: cpu, block-io, network, memory
COMMAND show system telemetry exporters
DESCRIPTION Display the current state of the exporter.
ARGUMENTS
This command has no arguments
EXAMPLES
Display the current state of the exporter:
appliance-1# show system telemetry exporters
system telemetry exporters exporter server1
state enabled
state endpoint address 10.144.74.171
state endpoint port 4317
state instruments [platform]
state options retry-enabled true
state options timeout 5
state options compression gzip
COMMAND show system version
DESCRIPTION Display information about system software version.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display version information about the installed system software:
appliance-1# show system version
system version os-version 1.6.0-7890
system version service-version 1.6.0-7890
system version product F5OS-A
COMMAND show tenants
DESCRIPTION Display the state of all configured tenants in the system.
ARGUMENTS This command has no arguments.
EXAMPLE
Display the state of configured tenants on the current system:
appliance-1# show tenants
tenants tenant big-ip
state name big-ip
state unit-key-hash Cl2Hpf4K3RZXmhTEQPQ3orKjj4GsNrlCaLsOAdQ3I9c2SG6uWpan08OkIWKNOyEVnrYBvxA5TQQRaOSm/H+ftQ==
state type BIG-IP
state mgmt-ip 192.0.2.61
state prefix-length 24
state gateway 192.0.2.254
state cryptos enabled
state vcpu-cores-per-node 2
state memory 7680
state storage size 76
state running-state deployed
state mac-data base-mac 00:12:a1:34:56:b1
state mac-data mac-pool-size 1
state appliance-mode disabled
state status Starting
state primary-slot 1
state image-version "BIG-IP 15.1.4 0.0.248"
state instances instance 1
instance-id 1
phase "Allocating resources to tenant is in progress"
image-name BIGIP-bigip15.1.x-europa-15.1.45-0.0.248.ALL-F5OS.qcow2.zip.bundle
creation-time ""
ready-time ""
status " "
COMMAND
show tenants tenant
DESCRIPTION Display the state of a specific configured tenants in the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the state of a tenant named bigip
:
appliance-1# show tenants tenant bigip
tenants tenant big-ip
state name big-ip
state unit-key-hash Cl2Hpf4K3RZXmhTEQPQ3orKjj4GsNrlCaLsOAdQ3I9c2SG6uWpan08OkIWKNOyEVnrYBvxA5TQQRaOSm/H+ftQ==
state type BIG-IP
state mgmt-ip 192.0.2.61
state prefix-length 24
state gateway 192.0.2.254
state cryptos enabled
state vcpu-cores-per-node 2
state memory 7680
state storage size 76
state running-state deployed
state mac-data base-mac 00:12:a1:34:56:b1
state mac-data mac-pool-size 1
state appliance-mode disabled
state status Starting
state primary-slot 1
state image-version "BIG-IP 15.1.4 0.0.248"
state instances instance 1
instance-id 1
phase "Allocating resources to tenant is in progress"
image-name BIGIP-bigip15.1.x-europa-15.1.45-0.0.248.ALL-F5OS.qcow2.zip.bundle
creation-time ""
ready-time ""
status " "
COMMAND show virtual-networks
DESCRIPTION Display information about virtual-networks configured on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about all configured virtual networks:
appliance-1# show virtual-networks
NDI MEMBER
NAME ID MODE NAME
---------------------------------
vn1 1 virtual-wire
vn2 2 virtual-wire
COMMAND show virtual-wires
DESCRIPTION Display information about virtual-wires configured on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about all configured virtual wires:
appliance-1# show virtual-wires
VWIRE
PROPAGATE VIRTUAL
NAME LINKSTATUS NETWORKS
--------------------------------
vwire true [ vn1 vn2 ]
COMMAND show vlan-listeners
DESCRIPTION
Display configured vlan-listeners
. These objects are system-created and available for display for technical support purposes only.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at a depth of three below a given element will be displayed, etc. The range is from 1 to 64.vlan-listener
associated with an interface and VLAN pair.EXAMPLE
Display the vlan-listener on interface 1.0 with the VLAN ID of 100:
appliance-1# show vlan-listeners vlan-listener 1.0 100
NDI SERVICE
INTERFACE VLAN ENTRY TYPE OWNER ID SVC VTC SEP DMS DID CMDS MIRRORING IDS
------------------------------------------------------------------------------------------------
1.0 100 VLAN-LISTENER tenant-1 4095 8 - 15 - - - disabled -
COMMAND show vlans
DESCRIPTION Display configured VLAN objects.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all configured VLANs:
appliance-1# show vlans
VLAN
ID INTERFACE
-----------------
101 internal
COMMAND abort
DESCRIPTION Abort a configuration session.
ARGUMENTS This command has no arguments.
COMMAND annotate
DESCRIPTION Associate an annotation (comment) with a given configuration or validation statement or pattern. To remove an annotation, leave the text empty.
Note: Only available when the system has been configured with attributes enabled.
ARGUMENTS
COMMAND clear
DESCRIPTION Remove all configuration changes.
ARGUMENTS
COMMAND commit
DESCRIPTION Commit the current set of changes to the running configuration.
ARGUMENTS
persist-id
<id> argument.persist-id
argument.COMMAND compare
DESCRIPTION Compare two configuration subtrees.
ARGUMENTS
COMMAND copy
DESCRIPTION Copy the running configuration.
ARGUMENTS
COMMAND describe
DESCRIPTION Display detailed information about a command.
ARGUMENTS
COMMAND do
DESCRIPTION Run a command in operational (user) mode.
ARGUMENTS
COMMAND end
DESCRIPTION Exit configuration mode. If no changes have been made to the configuration, you are prompted to save before exiting configuration mode.
ARGUMENTS
COMMAND exit
DESCRIPTION Exit from the current mode in the configuration or exit configuration mode completely.
ARGUMENTS
COMMAND help
DESCRIPTION Display help information about a specified command.
ARGUMENTS
COMMAND insert
DESCRIPTION Insert a parameter or element.
ARGUMENTS
COMMAND move
DESCRIPTION Move an element or parameter.
ARGUMENTS
COMMAND no
DESCRIPTION Delete or unset a configuration command.
ARGUMENTS
COMMAND pwd
DESCRIPTION Display the current path in the configuration hierarchy.
ARGUMENTS This command has no arguments.
COMMAND resolved
DESCRIPTION Indicate that conflicts have been resolved.
ARGUMENTS This command has no arguments.
COMMAND revert
DESCRIPTION Copy the running configuration.
ARGUMENTS
COMMAND rollback
DESCRIPTION Returns the configuration to a previously committed configuration.
ARGUMENTS
EXAMPLES
Return to the configuration changes made in rollback versions 0 and 1:
appliance-1(config)# rollback configuration 1
Return to the configuration changes made only in rollback version 1:
appliance-1(config)# rollback selective 1
COMMAND show
DESCRIPTION Display a specified parameter.
ARGUMENTS
COMMAND tag
DESCRIPTION Configure statement tags.
ARGUMENTS
COMMAND top
DESCRIPTION Exit to the top level of the configuration hierarchy. You can optionally run a command after exiting to the top level.
ARGUMENTS
COMMAND validate
DESCRIPTION
Verify that the candidate configuration contains no errors. This performs the same operation as commit check
.
ARGUMENTS This command has no arguments.
COMMAND cluster nodes node
DESCRIPTION Configure whether a node is enabled or disabled on the system.
ARGUMENTS
EXAMPLE
Disable node-1 on the system:
appliance-1(config)# cluster nodes node node-1 config disabled
COMMAND cluster disk-usage-threshold
DESCRIPTION Configure options for triggering disk usage alarms.
ARGUMENTS
COMMAND components
DESCRIPTION
Configure properties for hardware components.
ARGUMENTS
The availability of options for this command depends on which hardware component you are configuring.
COMMAND file config concurrent-operations-limit
DESCRIPTION Specify how many concurrent file operations are allowed at a time.
ARGUMENTS
EXAMPLE
Limit the number of concurrent file operations to 10:
appliance-1-active# file config concurrent-operations-limit 10
COMMAND file known-hosts known-host
DESCRIPTION
Add the IP address (and therefore, the public key) of a specified remote-host to the system known_hosts
file.
ARGUMENTS
COMMAND file import
DESCRIPTION
Transfer a remote file to the system. These directories are available for use for file import
operations on the system:
ARGUMENTS
EXAMPLE
Transfer a file named myfile.iso
from the remote host files.company.com
on port 443
to the images/staging
directory on the system:
appliance-1(config)# file import local-file images/staging remote-file images/myfile.iso remote-host files.company.com remote-port 443
result File transfer is initiated.(images/staging/myfile.iso)
COMMAND file export
DESCRIPTION
Transfer a file from the system to a remote system. These directories are available for use for file export
operations on the system:
ARGUMENTS
EXAMPLE
Transfer a file named appliance.log
from the local host to the /home/jdoe/
directory at files.company.com
, using the username jdoe
:
appliance-1(config)# file export local-file log/host/appliance.log remote-host files.company.com remote-file home/jdoe/appliance.log username jdoe password
Value for 'password' (<string>): *********
result File transfer is initiated.(log/host/appliance.log)
COMMAND file abort-transfer
DESCRIPTION Cancel an in-progress file transfer operation.
ARGUMENTS
EXAMPLE
Cancel a specified in-progress file transfer:
appliance-1# file abort-transfer operation-id IMPORT-T7FsjGIf
Aborting will stop the file transfer. Do you want to proceed? [yes/no] yes
result File transfer abort operation initiated.
COMMAND file delete
DESCRIPTION
Delete a specified file from the system. You can use file delete
only on files in the diags/shared
and core
directories.
ARGUMENTS
EXAMPLE
Delete a specified QKView file from the system:
appliance-1(config)# file delete file-name diags/shared/qkview/qkview.tar
result Deleting the file
COMMAND file list
DESCRIPTION Display a list of directories and files in a specified path.
ARGUMENTS
EXAMPLE
Display a list of files in images/staging
:
appliance-1(config)# file list path images/staging
entries {
name
F5OS-A-1.6.0-7890.CANDIDATE.iso
}
COMMAND file show
DESCRIPTION Display the contents of a specified file. This command works only in operational mode, not config mode.
ARGUMENTS
EXAMPLE
Display the contents of the file log/appliance.log
:
appliance-1# file show log/host/appliance.log
2021-11-08 13:48:56.925181150 - Registry port is 2000 for orchestration-manager
2021-11-08 21:49:07.870995 - OMD log is initialized
2021-11-08 21:49:07.870995 - 8:1266673408 - applianceMainEventLoop::Orchestration manager startup.
2021-11-08 21:49:07.873428 - 8:1249888000 - Can now ping appliance-1.chassis.local (100.65.60.1).
2021-11-08 21:54:13.842022 - 8:1266673408 - Waiting for connectivity checks on System.
2021-11-08 21:54:39.498702 - 8:1249888000 - Successfully ssh'd to appliance 127.0.0.1.
2021-11-08 21:54:55.758399 - 8:1266673408 - Connectivity checks passed for System.
2021-11-08 21:55:38.332719 - 8:1266673408 - K3S cluster installation in appliance is succeeded.
2021-11-08 21:56:00.811884 - 8:1266673408 - Appliance 1 is ready in k3s cluster.
appliance-flannel_image|localhost:2000/appliance-flannel:0.13.0
...
COMMAND file tail
DESCRIPTION Display only the last 10 lines of a specified file. This command works only in operational mode, not config mode.
ARGUMENTS
EXAMPLES
Display only the last 10 lines of log/host/appliance.log
:
appliance-1# file tail log/host/appliance.log
Upgrade found appliance-flannel_image|localhost:2001/appliance-flannel:0.13.0
appliance-multus_image|localhost:2001/appliance-multus:3.6.0
Upgrade found appliance-multus_image|localhost:2001/appliance-multus:3.6.0
2021-11-10 17:33:36.195643 - 8:695531264 - K3s IMAGE update is succeeded.
2021-11-11 21:46:29.832495 - 8:469759744 - K3S cluster is NOT ready.
2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.
Display the last 10 lines of log/host/appliance.log
and keep appending output as the file grows:
appliance-1(config)# file tail -f log/host/appliance.log
Upgrade found appliance-flannel_image|localhost:2001/appliance-flannel:0.13.0
appliance-multus_image|localhost:2001/appliance-multus:3.6.0
Upgrade found appliance-multus_image|localhost:2001/appliance-multus:3.6.0
2021-11-10 17:33:36.195643 - 8:695531264 - K3s IMAGE update is succeeded.
2021-11-11 21:46:29.832495 - 8:469759744 - K3S cluster is NOT ready.
2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.
Display only the last five lines of log/appliance.log
:
appliance-1(config)# file tail -n 5 log/host/appliance.log
2021-11-11 21:46:52.979390 - 8:695531264 - K3S cluster is ready.
2021-11-12 21:45:04.247298 - 8:695531264 - K3S cluster is NOT ready.
2021-11-12 21:45:27.427003 - 8:695531264 - K3S cluster is ready.
2021-11-13 03:57:32.937910 - 8:469759744 - Failed to ssh to 127.0.0.1.
2021-11-13 03:58:03.353815 - 8:469759744 - Successfully ssh'd to appliance 127.0.0.1.
COMMAND file transfer-status
DESCRIPTION Display the status of file transfer operations. This command works in both operational mode and config mode.
ARGUMENTS
EXAMPLE
Check the status of file transfers:
appliance-1(config)# file transfer-status
result
S.No.|Operation |Protocol|Local File Path |Remote Host |Remote File Path |Status
1 |Import file|HTTPS |images/staging/myfile.iso |files.company.com |images/myfile.iso |In Progress (15.0%)
COMMAND images remove
DESCRIPTION Remove tenant image.
ARGUMENTS
EXAMPLE
Remove the .bundle file named BIGIP-15.1.5-0.0.11.ALL-F5OS.zip.bundle
:
appliance-1(config)# images remove name BIGIP-15.1.5-0.0.11.ALL-F5OS.zip.bundle
result Successful.
COMMAND interfaces interface
DESCRIPTION Configure network interface attributes.
ARGUMENTS
ieee8023adLag
when creating LAG interfaces.EXAMPLE
Configure a description for interface 1.0 and verify that it was configured correctly:
appliance-1(config)# interfaces interface 1.0 config description "100G Link"
appliance-1(config-interface-1/1.0)# commit
Commit complete.
appliance-1(config-interface-1.0)# exit
appliance-1(config)# end
appliance-1# show running-config interfaces interface 1.0 config
interfaces interface 1/1.0
config name 1.0
config type ethernetCsmacd
config description "100G Link"
config enabled
!
COMMAND interfaces interface <lag-name> aggregation config
DESCRIPTION Configure link aggregation groups (LAGs) and their attributes.
ARGUMENTS
EXAMPLE
Create a LAG named test-lag
that uses dst-mac
for the hash, assign trunk VLAN IDs 99
and 101
, and then verify that it was configured correctly:
appliance-1(config)# interfaces interface test-lag aggregation config distribution-hash dst-mac
appliance-1(config)# commit
appliance-1(config)# interfaces interface test-lag aggregation switched-vlan config trunk-vlans { 99 101 }
appliance-1(config)# commit
appliance-1# show running-config interfaces interface test-lag aggregation switched-vlan config
interfaces interface test-lag
aggregation switched-vlan config trunk-vlans { 99 101 }
!
COMMAND interfaces interface <interface-name> ethernet
DESCRIPTION Configure physical interfaces attributes.
ARGUMENTS
COMMAND interfaces interface <interface-name> ethernet config
DESCRIPTION Configure Ethernet options for a specified interface.
ARGUMENTS
COMMAND interfaces interface mgmt ethernet config
DESCRIPTION Configure Ethernet options for the management interface.
ARGUMENTS
true
to enable auto negotiate or false
to disable it.FULL
to enable full duplex on an interface or set to HALF
to enable half duplex on an interface.EXAMPLE
Configure the management interface to use the FULL
duplex mode:
appliance-1(config)# interfaces interface mgmt ethernet config duplex-mode FULL
COMMAND lacp config system-priority
DESCRIPTION
System priority and system MAC are combined as system-id
, which is required by the LACP protocol. System MAC is not configurable.
ARGUMENTS
32768
.EXAMPLES
Configure system priority to be 1000
:
appliance-1(config)# lacp config system-priority 1000
COMMAND lacp interfaces interface <lag-interface> config name <interface>
DESCRIPTION
Configure LACP to manage the LAG interface. To use LACP to manage a LAG interface, the LAG interface must already exist or be created first. LAG interfaces can have multiple interface members, and the LAG interface state is up as long as there is at least one active member. There must be valid VLANs attached to LAG interface to pass user traffic. Be sure that the VLAN exists before attaching it to a LAG interface.
ARGUMENTS
FAST
to have packets sent every second. Set the interval to SLOW
to have packets sent every 30 seconds.PASSIVE
to place a port into a passive negotiating state, in which the port responds to received LACP packets, but does not initiate LACP negotiation. Set to ACTIVE
to place a port into an active negotiating state, in which the port initiates negotiations with other ports by sending LACP packets.xx:xx:xx:xx:xx:xx
.EXAMPLES
Configure an LACP interface, set it to place the port into an active negotiating state, and set the interval to have packets sent every second:
appliance-1(config)# lacp interfaces interface lag1 config lacp-mode ACTIVE interval FAST
Create a LAG interface named lag1
with the type ieee8023adLag
:
appliance-1(config)# interfaces interface lag1 config type ieee8023adLag; commit
Enable LACP on a LAG interface named lag1
:
appliance-1(config)# interfaces interface lag1 aggregation config lag-type LACP; commit
Create an LACP interface named lag1
with default parameters (internal
is set to SLOW
, lacp-mode
is set to ACTIVE
):
appliance-1(config)# lacp interfaces interface lag1 config name lag1; commit
Add interface 1/1.0 and 1/2.0 as interface members into a LAG named lag1
:
appliance-1(config)# interfaces interface 1/1.0 ethernet config aggregate-id lag1
appliance-1(config)# interfaces interface 1/2.0 ethernet config aggregate-id lag1
appliance-1(config)# commit
Attach VLANs 1000 and 1001 to a LAG interface named lag1
:
appliance-1(config)# interfaces interface lag1 aggregation switched-vlan config trunk-vlans [ 1000 1001 ]
appliance-1(config)# commit
COMMAND lldp config
DESCRIPTION Configure Link Layer Discovery Protocol (LLDP) on the system.
ARGUMENTS
10
.2
.2
.4
.30
.EXAMPLE
Configure a system-description for LLDP and verify that it was configured correctly:
appliance-1(config)# lldp config system-description "Test system description"
appliance-1(config)# commit
Commit complete.
appliance-1(config)# end
appliance-1# show running-config lldp config
lldp config enabled
lldp config system-description "Test system description"
lldp config tx-interval 30
lldp config tx-hold 4
lldp config reinit-delay 2
lldp config tx-delay 2
lldp config max-neighbors-per-port 10
COMMAND lldp interfaces interface <interface-name> config
DESCRIPTION Configure LLDP attributes for an interface.
ARGUMENTS
EXAMPLE
Configure a tlv-advertisement-state for LLDP interface 1.0 on and verify that it was configured correctly:
appliance-1(config)# lldp interfaces interface 1.0 config tlv-advertisement-state txrx
appliance-1(config-interface-1.0)# commit
Commit complete.
appliance-1(config-interface-1.0)# top
appliance-1(config)# end
appliance-1# show running-config lldp interfaces interface 1.0
lldp interfaces interface 1.0
config name 1.0
config enabled
config tlv-advertisement-state txrx
config tlvmap chassis-id,port-id,ttl,port-description,system-name,system-description,system-capabilities,pvid,ppvid,vlan-name,protocol-identity,macphy,link-aggregation,power-mdi,mfs,product-model
!
COMMAND port-profiles port-profile
DESCRIPTION Configure port profiles for front-panel interfaces (ethernet ports).
ARGUMENTS
EXAMPLE
Configure the port profile to be four ports at 25G:
appliance-1(config)# port-profile config mode 4x25G
COMMAND portgroups portgroup
DESCRIPTION Configure port group attributes.
ARGUMENTS
EXAMPLE
Configure a port group on interface 1 to use a DDM polling frequency of 20 seconds:
appliance-1(config)# portgroups portgroup 1 config ddm ddm-poll-frequency 20
Configure the port mode on interface 1 to be MODE_25GB:
appliance-1(config)# portgroups portgroup 1 config mode MODE_25GB
COMMAND
SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry <community-name> snmpCommunityName <community-name> snmpCommunitySecurityName <community-name>
DESCRIPTION Configure an SNMP community.
ARGUMENTS
EXAMPLE
Configure the SNMP community name to be test_community
:
appliance-1(config)# SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry test_community snmpCommunityName test_community snmpCommunitySecurityName test_community
COMMAND
SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry <vacmSecurityModel> <community-name> vacmGroupName <group-name>
DESCRIPTION Configure SNMP VIEW BASED ACM for the specified community. This configuration maps a combination of securityModel and securityName into a groupName that is used to define an access control policy for a group of principals.
ARGUMENTS
1
for SNMP v1, and the default value is 2
for SNMP v2c.NOTE: Use group-name as read-access
while configuring the SNMP VACM.
EXAMPLE
Configure the SNMP v2c VACM read access
group for community test_community
:
appliance-1(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 2 test_community vacmGroupName read-access
Configure the SNMP v1 VACM read access
group for community test_community
:
appliance-1(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 1 test_community vacmGroupName read-access
IMPORTANT: To enable SNMP Traps, a DUT is required when configuring with snmpNotifyTable
, snmpTargetParamsTable
, and snmpTargetAddrTable
, as shown below.
COMMAND
SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry <snmpNotifyName> snmpNotifyTag <snmpNotifyName> snmpNotifyType trap
DESCRIPTION Configure the SNMP NOTIFICATION MIB Table. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.
ARGUMENTS
EXAMPLE
Configure the SNMP NOTIFICATION MIB entry to be v2_trap
for trap
notifications:
appliance-1(config)# SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry v2_trap snmpNotifyTag v2_trap snmpNotifyType trap
COMMAND
SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry <snmpTargetParamsName> snmpTargetParamsMPModel <snmpTargetParamsMPModel> snmpTargetParamsSecurityModel <snmpTargetParamsSecurityModel> snmpTargetParamsSecurityName <snmpTargetParamsSecurityName> snmpTargetParamsSecurityLevel <snmpTargetParamsSecurityLevel>
DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetParamsTable. This table is used in the generation of SNMP messages.
ARGUMENTS
NOTE: snmpTargetParamsMPModel = SNMPv1(0), SNMPv2c(1)
NOTE: snmpTargetParamsSecurityModel = ANY(0), SNMPv1(1), SNMPv2c(2)
NOTE: This must be one of the configured SNMP communities.
NOTE: This must be noAuthNoPriv
for SNMP v1 and v2c.
EXAMPLES
Configure the SNMP snmpTargetParamsTable to be group2
for SNMP v2 model with test_community
:
appliance-1(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group2 snmpTargetParamsMPModel 1 snmpTargetParamsSecurityModel 2 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv
Configure the SNMP snmpTargetParamsTable to be group1
for SNMP v1 model with test_community
:
appliance-1(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group1 snmpTargetParamsMPModel 0 snmpTargetParamsSecurityModel 1 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv
COMMAND
SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry <snmpTargetAddrName> snmpTargetAddrTDomain <snmpTargetAddrTDomain> snmpTargetAddrTAddress <snmpTargetAddrTAddress> snmpTargetAddrTagList <snmpTargetAddrTagList> snmpTargetAddrParams <snmpTargetAddrParams>
DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetAddrTable. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.
ARGUMENTS
NOTE: Use OID 1.3.6.1.6.1.1 for IPv4 and 1.3.6.1.2.1.100.1.2 for IPv6.
Notes: For an IPv4 address, the value should be ipv4 + port (6 dot-separated octets).
For an IPv6 address, the value should be ipv6 + port (18 dot-separated octets).
NOTE: This value must be one of the configured snmpNotifyTable rows (snmpNotifyName).
EXAMPLES
Configure the SNMP snmpTargetAddrTable to be v2_trap
with ipv4 address x.x.x.x
and port 6011
:
Port Octet Conversion:
6011 >> 8 = 23 (1st octet)
6011 & 255 = 123 (2nd octet)
appliance-1(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v2_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v2_trap snmpTargetAddrParams group2
Configure the SNMP snmpTargetAddrTable to be v1_trap
with ipv4 address x.x.x.x
and port 6011
:
appliance-1(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v1_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v1_trap snmpTargetAddrParams group1
COMMAND
system aaa authentication config authentication-method
DESCRIPTION
Specify which authentication methods can be used to authenticate and authorize users. You can enable all methods and indicate the order in which you'd like the methods to be attempted when a user logs in.
ARGUMENTS
EXAMPLE
Attempt to authenticate in this order: LDAP, then RADIUS, and then local (/etc/password
):
appliance-1(config)# system aaa authentication config authentication-method { LDAP_ALL RADIUS_ALL LOCAL }
COMMAND system aaa authentication config basic enabled
DESCRIPTION
Specify whether to use basic authentication (user name and password) on the system.
ARGUMENTS
enabled
to enable basic authentication or disabled
to disable it. The default value is enabled
.COMMAND system aaa authentication config cert-auth
DESCRIPTION Specify whether to use client certificates for authentication.
ARGUMENTS
enabled
to enable client certificate authentication or disabled
to disable it. The default value is disabled
.EXAMPLE
Enable client certificates for authentication:
appliance-1(config)# system aaa authentication config cert-auth enabled
COMMAND system aaa authentication clientcert config client-cert-name-field
DESCRIPTION
Specify the client certificate name, which is the field from which the username is extracted from the client certificate. The extracted username must exist in the system before a user logs in and authenticates. Otherwise, the login will fail. This option is visible and configurable only when you have enabled cert-auth
.
If you use LDAP as an authentication method, the LDAP server must be configured before you configure client certificate authentication, and the extracted username from the client certificate must match the existing user in the LDAP server.
ARGUMENTS
EXAMPLES
Use subjectname-cn as the client certificate name field:
appliance-1# system aaa authentication clientcert config client-cert-name-field subjectname-cn
Configure an OID using three different valid formats:
appliance-1(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID UPN
appliance-1(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID 1.1
appliance-1(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID 1.3.6.1.4.1.311.20.2.3
COMMAND system aaa authentication ldap active_directory
DESCRIPTION
Specify whether to enable LDAP Active Directory (AD) on the LDAP server.
ARGUMENTS
true
to enable LDAP AD or false
to disable it. The default value is false
.EXAMPLE
Enable LDAP AD on the system:
appliance-1(config)# system aaa authentication ldap active_directory true
COMMAND
system aaa authentication ldap base
DESCRIPTION
Specify the search base distinguished name (DN) for LDAP authentication. Note that the configuration of base values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters. These must be the same as what is configured in the LDAP server.
ARGUMENTS
EXAMPLE
appliance-1(config)# system aaa authentication ldap base dc=xyz,dc=com
appliance-1(config)# system aaa authentication ldap base { dc=xyz,dc=com dc=abc,dc=com }
COMMAND system aaa authentication ldap bind_timelimit
DESCRIPTION
Specify a maximum amount of time to wait for LDAP authentication to return a result.
ARGUMENTS
30
.EXAMPLE
Set a maximum bind time limit of 60
seconds:
appliance-1(config)# system aaa authentication ldap bind_timelimit 60
COMMAND
system aaa authentication ldap binddn
DESCRIPTION
Specify the distinguished name (DN) of an account that can search the base DN. If no account is specified, the LDAP connection establishes without authentication. Note that the configuration of binddn values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters; these must be the same as what is configured in the LDAP server.
ARGUMENTS
EXAMPLE
Set the distinguished name of a specified account for searching the base DN:
appliance-1(config)# system aaa authentication ldap binddn cn=admin,dc=xyz,dc=com
COMMAND
system aaa authentication ldap bindpw
DESCRIPTION
Specify the password of the search account identified in binddn.
ARGUMENTS
EXAMPLE
Specify a password for the search account on the LDAP server:
appliance-1(config)# system aaa authentication ldap bindpw <password>
COMMAND system aaa authentication ldap chase-referrals
DESCRIPTION Specify whether automatic referral chasing should be enabled.
ARGUMENTS
true
to enable referral chasing or false
to disable it. The default value is false
.COMMAND
system aaa authentication ldap idle_timelimit
DESCRIPTION
Configure the maximum amount of time before the LDAP connection can be inactive before it times out.
ARGUMENTS
30
.EXAMPLE
Set a maximum idle timeout of 60
seconds:
appliance-1(config)# system aaa authentication ldap idle_timelimit 60
COMMAND
system aaa authentication ldap ldap_version
DESCRIPTION
Specify the LDAP protocol version number.
ARGUMENTS
3
.EXAMPLE
Specify that LDAPv3 is used for the LDAP server:
appliance-1(config)# system aaa authentication ldap ldap_version 3
COMMAND
system aaa authentication ldap ssl
DESCRIPTION
Specify whether to enable Transport Layer Security (TLS) functionality for the LDAP server.
ARGUMENTS
EXAMPLE
Specify that TLS is enabled for all connections:
appliance-1(config)# system aaa authentication ldap ssl on
COMMAND
system aaa authentication ldap timelimit
DESCRIPTION
Specify a maximum time limit to use when performing LDAP searches to receive an LDAP response.
ARGUMENTS
EXAMPLE
Specify a maximum time limit of 60
seconds for LDAP searches:
appliance-1(config)# system aaa authentication ldap timelimit 60
COMMAND
system aaa authentication ldap tls_cacert
DESCRIPTION
Specify the CA certificate to be used for authenticating the TLS connection with the CA server. Also validates an issued certificate from a CA prior to accepting it into the system.
ARGUMENTS
EXAMPLE
Specify a certificate for authenticating the TLS connection:
appliance-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
COMMAND
system aaa authentication ldap tls_cert
DESCRIPTION
Specify the file that contains the certificate for the client's key.
ARGUMENTS
EXAMPLE
Specify a file that contains the certificate for a client's key:
appliance-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
COMMAND
system aaa authentication ldap tls_ciphers
DESCRIPTION
Specify acceptable cipher suites for the TLS library in use. For example, ECDHE-RSAAES256-GCM-SHA384 or ECDHE-RSA-AES128-GCM-SHA256.
The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.
ARGUMENTS
EXAMPLE
Specify the cipher suite for the TLS library in use:
appliance-1(config)# system aaa authentication ldap tls_cyphers <cipher-suite>
COMMAND
system aaa authentication ldap tls_key
DESCRIPTION
Specify the file that contains the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert
command.
ARGUMENTS
system aaa authentication ldap tls_cert
command.COMMAND
system aaa authentication ldap tls_reqcert
DESCRIPTION
Specify what checks to perform on certificates in a TLS session. The default value is never
.
ARGUMENTS
EXAMPLE
Specify that a certificate is not required for a TLS session:
appliance-1(config)# system aaa authentication ldap tls_reqcert never
DESCRIPTION Specify whether to use Online Certificate Status Protocol (OCSP) for certificate validation.
ARGUMENTS
enabled
to enable OCSP or disabled
to disable it. The default value is disabled
.COMMAND system aaa authentication ocsp config nonce-request
DESCRIPTION Specify whether queries to Online Certificate Status Protocol (OCSP) responders should include a nonce (a unique identifier) in the request.
ARGUMENTS
on
to enable nonce or off
to disable it. The default value is on
.EXAMPLE
Enable nonce for OCSP:
appliance-1(config)# system aaa authentication ocsp config nonce-request on
COMMAND system aaa authentication ocsp config override-responder
DESCRIPTION Specify whether the Online Certificate Status Protocol (OCSP) default responder is required for certificate validation.
ARGUMENTS
on
to require the OCSP default responder URI or off
to disable the requirement. The default value is off
.EXAMPLE
Specify that the default responder is required:
appliance-1(config)# system aaa authentication ocsp config override-responder on
COMMAND system aaa authentication ocsp config response-max-age
DESCRIPTION Specify the maximum amount of time, in seconds, for Online Certificate Status Protocol (OCSP) responses.
ARGUMENTS
EXAMPLE
Specify a maximum response age:
appliance-1(config)# system aaa authentication ocsp config response-max-age 2
COMMAND system aaa authentication ocsp config response-time-skew
DESCRIPTION Specify the maximum allowable time skew, in seconds, for Online Certificate Status Protocol (OCSP) response validation.
ARGUMENTS
EXAMPLE
Specify a maximum time for response validation:
appliance-1(config)# system aaa authentication ocsp config response-time-skew 52
COMMAND
system aaa authentication roles role
DESCRIPTION
Configure the role assigned to users.
ARGUMENTS
EXAMPLE
Configure a remote GID for a specified role:
appliance-1(config)# appliance-1(config)# system aaa authentication roles role admin config remote-gid
(<unsignedInt>) (9000): 6000
COMMAND
system aaa authentication users user
DESCRIPTION
Configure options for local users.
ARGUMENTS
-1
(no expiration date). Use 1
to indicate expired.0
(zero) to indicate that the user must change the password at their next log in.EXAMPLE
Configure a user named jdoe
so that the user must change their password at their next log in and indicate that the account has no expiration date:
appliance-1(config)# system aaa authentication users user jdoe config last-change 0 expiry-date -1
COMMAND
system aaa password-policy config apply-to-root
DESCRIPTION
Specify whether to enforce password policies when the user configuring passwords is the root user. If enabled (true
), the system returns an error on failed check if the root user changing the password. If disabled (false
), the system Display a message about the failed check, but allows the root user to change the password and bypass password policies.
ARGUMENTS
true
to enforce password policies even if it is the root user configuring passwords or false
to disable it. The default value is false
.COMMAND
system aaa password-policy config max-age
DESCRIPTION
Configure the number of days that users can keep using the same password without changing it.
ARGUMENTS
COMMAND system aaa password-policy config max-class-repeat
DESCRIPTION Configure how many repeated upper/lowercase letters, digits, or special characters (such as '!@#$%') are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND system aaa password-policy config max-letter-repeat
DESCRIPTION Configure how many repeated lowercase letters are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND
system aaa password-policy config max-login-failures
DESCRIPTION
Configure the maximum number of unsuccessful login attempts that are permitted before a user is locked out.
ARGUMENTS
COMMAND system aaa password-policy config max-sequence-repeat
DESCRIPTION Configure how many repeated upper/lowercase letters or digits are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND
system aaa password-policy config min-length
DESCRIPTION
Configure a minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default value is 9
. If you want to allow passwords that are as short as 5 characters, you should not use min-length
.
ARGUMENTS
COMMAND
system aaa password-policy config reject-username
DESCRIPTION
Check whether the user name is contained in the new password, either in straight or reversed form. Passwords that do not meet this requirement are invalid.
ARGUMENTS
false
to allow the user name in a new password or true
to reject new passwords that contain the user name in some form. The default value is false
.COMMAND
system aaa password-policy config required-differences
DESCRIPTION
Configure the number of character changes that are required in the new password that differentiate it from the old password.
ARGUMENTS
5
.COMMAND
system aaa password-policy config required-lowercase
DESCRIPTION
Configure the minimum number of lowercase character required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config required-numeric
DESCRIPTION
Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config required-special
DESCRIPTION
Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config required-uppercase
DESCRIPTION
Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config retries
DESCRIPTION
Configure the number of retries allowed when user authentication is unsuccessful.
ARGUMENTS
COMMAND
system aaa password-policy config root-lockout
DESCRIPTION
Configure whether the root account can be locked out after unsuccessful login attempts.
ARGUMENTS
false
to disable root lockout after a number of unsuccessful login attempts or true
to enable it. The default value is false
.COMMAND system aaa password-policy config root-unlock-time
DESCRIPTION
Configure the time in seconds before the root user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts.
ARGUMENTS
COMMAND
system aaa password-policy config unlock-time
DESCRIPTION
Configure the time in seconds before a user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts. If this option is not configured, the account is locked until the lock is removed manually by an administrator.
ARGUMENTS
COMMAND
system aaa primary-key set
DESCRIPTION
Change the system primary encryption key with passphrase and salt. This is useful while migrating configuration from one machine to another.
ARGUMENTS
EXAMPLE
Change the primary key, set a passphrase and salt, and then display the status of the key migration process:
appliance-1(config)# system aaa primary-key set
Value for 'passphrase' (<string, min: 6 chars, max: 255 chars>): ******
Value for 'confirm-passphrase' (<string, min: 6 chars, max: 255 chars>): ******
Value for 'salt' (<string, min: 6 chars, max: 255 chars>): *********
Value for 'confirm-salt' (<string, min: 6 chars, max: 255 chars>): *********
response description: Key migration is initiated. Use 'show system primary-key state status' to get status
appliance-1# show system aaa primary-key state
system aaa primary-key state hash Jt221bA3Xj73bClXPY9pdfQzauNUGO92hv1eXZbKcD/4G+Dr3u6hyFoahL+r3iIopJm4IzIInSwYsilAGdY08w==
system aaa primary-key state status "COMPLETE Initiated: Fri Apr 8 22:33:02 2022"
COMMAND system aaa restconf-token config lifetime
DESCRIPTION Specify the length of the authentication token lifetime for RESTCONF. This enables you to bypass reauthenticating your SSH or webUI sessions for up to 24 hours.
ARGUMENTS
15
.EXAMPLE
Configure the token lifetime to be 120 minutes:
appliance-1(config)# system aaa restconf-token config lifetime 120
COMMAND
system aaa server-groups server-group
DESCRIPTION
Configure one or more AAA servers of type RADIUS, LDAP, or TACACS+. The first server in the list is always used by default unless it is unavailable, in which case the next server in the list is used. You can configure the order of servers in the server group.
ARGUMENTS
COMMAND system aaa tls ca-bundles ca-bundle
DESCRIPTION Configure a certificate authority bundle.
ARGUMENTS
COMMAND
system aaa tls config certificate
DESCRIPTION
Configure an SSL server certificate to be used for the webUI (HTTPS) or REST interface of the system.
ARGUMENTS
EXAMPLE
Add a certificate and key to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the certificate/key. After you have added a certificate, you must add a key using system aaa tls config key
, commit the changes:
appliance-1(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# commit
Commit complete.
COMMAND
system aaa tls config key
DESCRIPTION
Configure a PEM-encoded private key to be used for the webUI (HTTPS) or REST interface of the system. Key value is encrypted in database storage.
ARGUMENTS
EXAMPLE
Add a TLS key and certificate to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the key/certificate. After you have added a key, you must add a certificate using system aaa tls config certificate
:
appliance-1(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# commit
Commit complete.
COMMAND system aaa tls config passphrase
DESCRIPTION Specify the encryption passphrase for the PEM-encoded private key.
ARGUMENTS
COMMAND system aaa tls config verify-client
DESCRIPTION Enable verification of httpd client certificates.
ARGUMENTS
true
to enable verification or false
to disable it. The default value is false
.COMMAND system aaa tls config verify-client-depth
DESCRIPTION Specify client certificate verification depth.
ARGUMENTS
1
, which indicates that the client certificate can be self-signed or must be signed by a Certificate Authority (CA) that is known to the server. A depth of 0
indicates that only self-signed client certificates are accepted. The range is from 0
to 100
. The value you provide for depth indicates the maximum number of CA certificates allowed to be followed while verifying the client certificate. You might need to raise the default depth if you received more than one chained root certificate in addition to a client certificate from your CA.COMMAND system aaa tls crls crl
DESCRIPTION Configure a Certificate Revocation List Entry (CRL).
ARGUMENTS
EXAMPLE
Add a new CRL to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the CRL key.
appliance-1(config)# system aaa tls crls crl <crl-name>
Value for 'config revocation-key' (<string>):
[Multiline mode, exit with ctrl-D.]
> ...
appliance-1(config)# commit
Commit complete.
COMMAND system aaa tls create-self-signed-cert
DESCRIPTION Create an OpenSSL key for use with AAA/TLS.
ARGUMENTS
RSA
and ECDSA
(Elliptic Curve Digital Signature Algorithm).true
to store the self-signed certificate pair in the the system-aaa-tls-config or false
to specify that it should not be stored.secp521r1
. Available options are:EXAMPLE
Create a private key and self-signed certificate:
appliance-1(config)# system aaa tls create-self-signed-cert city Seattle country US days-valid 365 email j.doe@company.com key-type ecdsa name company.com organization "Company" region Washington unit IT version 1 curve-name prime239v2 store-tls false
response
-----BEGIN EC PRIVATE KEY-----
MHECA1d8wiyJEVihDTnVi+v9RjfK3LhZ2Pd4R7B1MJf3lyXaoaAKBggqhkjOPQMB
BaFAAz4ABHFISUTEi8wEdG0iBF3iqTi5m5b62xUSbhOJrXR8d0S6h+anvpo9xrH3
QKbVuacd9H4cMj2tX/wyqVNePg==
-----END EC PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICAzCCAa4CCQCR5RKtuBFcxTAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCl1t462pbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEzARBgNVBAoM
CkY1IE5ldG9ya3MxEDAOBgNVBAsMB1NXRElBR1MxETAPBgNVBAMMCEdvZHppbGxh
MR0wGwYJKoZIhvcNAQkBFg5qLm1vb3JlQGY1LmNvbTAeFw0yMTAzMjcwMjE2NTFa
Fw0yMjAzMjcwMjE2NTFaMIGNMQswCQYDVQQGEwJVUzORBTWGA1UECAwKV2FzaGlu
Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECgwKRjUgTmV0b3JrczEQMA4G
A1UECwwHU1dESUFHUzERMA8GA1UEAwwIR29kemlsbGExHTAbBgkqhkiG9w0BCQEW
DmoubW9vcmVAZRWPuB9tMFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEcUhJRMSL
zAR0bSIEXeKpOLmblvrbFRJuE4mtdHx3RLqH5qe+mj3GsfdAptW5pwXtlI0yPa1f
/DKpU14+MAoGCCqGSM49BAMCA0MAMEACHh38OAyBB5T9ScBklBXZUIuynHq3/tr4
3VUQsMtYHQIeeP3vCrRm2qjPtK62QwtbkqDA9h2qTvuDj6uYL8EI
-----END CERTIFICATE-----
COMMAND system aaa tls create-csr
DESCRIPTION Create a certificate signing request (CSR).
ARGUMENTS
EXAMPLE
Create a CSR:
system aaa tls create-csr name company.com email j.doe@company.com organization "Company" unit IT
response -----BEGIN CERTIFICATE REQUEST-----
JRISPzCCAbsCAQEwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
MRAwDgYDVQQHEwdTZWF0dGxlMRQwEgYDVQQKFAtGNVH4TW03b3JrczEUMBIGA1UE
CxMLZGV2ZWxvcG1lbnQxGTAXBgkqhkiG9w0BCQEWCmRldkBmNS5jb20xEDAOBgNV
BAMTB3Rlc3Rjc3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCinnAV
Dv/G6+qbiBVO7zIPmFFatYcrzdUnvpTGXfPuh6VBRqcW90jJy12FwtYOL8P6mED+
gfjpxRWe+PNursjZSIDpyh7Dn+F3MRF3zkgnSKlYKI9qqzlRHRAwi2U7GfujeR5H
CXrJ4uxYK2Wp8WVSa7TWwj6Bnps8Uldnj0kenBJ1eUVUXoQAbUmZQg6l+qhKRiDh
3E/xMOtaGWg0SjD7dEQij5l+8FBEHVhQKEr93GT1ifR62/MZSnPw2MY5OJ69p2Wn
k7Fr7m4I5z9lxJduYDNmiddVilpWdqRaCB2j29XCmpVJduF2v6EsMx693K18IJ1h
iRice6oKL7eoI/NdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAGjWSAqKUPqMY
eLlSDJ9Bc4R+ckia5r/TITqamMN+m8TqQI8Pk0tAnwHCl8HHS+4cI8QuupgS/3aU
ls7OtxceoQZ1VFX2sQFkrDJFe0ewZQLm5diip5kxFrnap0oA0wRy84ks0wxeiCWD
New3hgSXfzyXI0g0auT6KNwsGaO8ZuhOX3ICNnSLbfb9T4zbhfI9jKopXQgZG/LO
pOct33fdpf/U6kQA9Rw/nzs3Hz/nsVleOrl3TH1+9veMMF+6eq8KKPpbYKh9bhA+
pYI3TtbZHuyRyQbq/r4gf4JkIu/PGszzy/rsDWy+b9g9nXMh1oFj+xhTrBjBk8a2
0ov+Osy2iA==
-----END CERTIFICATE REQUEST-----
COMMAND system allowed-ips allowed-ip
DESCRIPTION
Configure the system to allow traffic only from specified IP addresses. Applies only to these ports: 22 (SSH), 80 (HTTP), 161 (SNMP), 443 (HTTPS), 7001 (VCONSOLE), and 8888 (RESTCONF).
ARGUMENTS
EXAMPLE
Add a specified IPv4 address to the system allow list:
appliance-1(config)# system allowed-ips allowed-ip test config ipv4 address 192.0.2.33 port 161
COMMAND system aom config ssh-session-banner
DESCRIPTION Configure a banner message to be displayed before users log in to the AOM menu.
ARGUMENTS
COMMAND system aom set-ssh-user-info
DESCRIPTION Set the username and password used to access the AOM SSH
ARGUMENTS
EXAMPLE
Create a user for accessing the AOM menu through ssh:
appliance-1(config)# system aom set-ssh-user-info
Value for 'username' (<string>): user1
Value for 'password' (<string>): ************
response AOM SSH username and password set successfully
COMMAND system aom ssh-session-idle-timeout
DESCRIPTION Sets duration of an inactive session before a user is logged out of the AOM Menu. If a user is connected to AOM using an SSH connection, the SSH connection is closed due session expiry after sometime of inactivity.
ARGUMENTS
EXAMPLE
Set the idle time to be the maximum value:
appliance-1(config)# system aom config ssh-session-idle-timeout
(<unsignedInt>) (30): 46800
COMMAND system aom system aom config ipv4 address
DESCRIPTION Configure the ipv4 address to login the AOM menu.
ARGUMENTS
EXAMPLE
Configure AOM IPv4 address to be 192.168.1.10
appliance-1(config)# system aom config ipv4 address 192.168.1.10
COMMAND system aom system aom config dhcp-enabled
DESCRIPTION Enable or disable DHCP for the system AOM menu.
ARGUMENTS
true
to enable DHCP for the management IP address or false
to disable it. The default value is false
.EXAMPLE
Enable DHCP for the AOM menu
appliance-1(config)# system aom config ipv4 dhcp-enabled true
COMMAND system aom config ipv4 gateway
DESCRIPTION Configure the ipv4 gateway to login the AOM menu
ARGUMENTS
EXAMPLE
Configure the AOM IPv4 gateway to be 192.168.1.1:
appliance-1(config)# f5-qmdh-frxy(config)# system aom config ipv4 address 192.168.1.1
COMMAND system aom config ipv4 address
DESCRIPTION Configure the IPv4 prefix length to login the AOM menu
ARGUMENTS
EXAMPLE
Configure the IPv4 prefix length to be 24:
appliance-1(config)# system aom config ipv4 prefix-length 24
COMMAND system aom config ipv6 address
DESCRIPTION Configure the ipv6 address to login the AOM menu.
ARGUMENTS
EXAMPLE
Configure AOM IPv4 address to be ::1
appliance-1(config)# system aom config ipv6 address ::1
COMMAND system aom config ipv6 gateway
DESCRIPTION Configure the ipv6 gateway to login the AOM menu
ARGUMENTS
EXAMPLE
Configure the AOM IPv4 gateway to be ::1
appliance-1(config)# system aom config ipv6 gateway ::1
COMMAND system aom config ipv4 address
DESCRIPTION Configure the IPv6 prefix length to login the AOM menu
ARGUMENTS
EXAMPLE
Configure the IPv6 prefix length to be 64:
appliance-1(config)# system aom config ipv6 prefix-length 64
COMMAND system appliance-mode config
DESCRIPTION Configure whether appliance mode is enabled or disabled on the system. Appliance mode adds a layer of security by restricting user access to root and the bash shell. When enabled, the root user cannot log in to the device by any means, including from the serial console. You can enable appliance mode at these levels:
system appliance-mode
on the system.tenants tenant <tenant-name\> config appliance-mode
on the system.ARGUMENTS
enabled
to enable appliance mode on the system or disabled
to disable it.EXAMPLE
Enable appliance mode and then verify that appliance mode is enabled:
appliance-1(config)# system appliance-mode config enabled
appliance-1(config)# commit
appliance-1(config)# end
appliance-1# show system appliance-mode
system appliance-mode state enabled
Disable appliance mode and then verify that appliance mode is disabled:
appliance-1(config)# system appliance-mode config disabled
appliance-1(config)# commit
appliance-1(config)# end
appliance-1# show system appliance-mode
system appliance-mode state disabled
COMMAND system clock
DESCRIPTION Configure the time zone (tz) database name (for example, Europe/Stockholm) to use for the system. For a list of valid time zone names, see www.iana.org/time-zones.
ARGUMENTS
EXAMPLES
Configure the system to use the America/Los_Angeles time zone:
appliance-1(config)# system clock config timezone-name America/Los_Angeles
Configure the system to use the Asia/Calcutta time zone:
appliance-1(config)# system clock config timezone-name Asia/Calcutta
COMMAND system config hostname
DESCRIPTION Configure a hostname for the system.
ARGUMENTS
EXAMPLE
Configure the hostname to be test.company.com
:
appliance-1(config)# system config hostname test.company.com
COMMAND system config login-banner
DESCRIPTION
Configure a banner message to be displayed before users log in to the system.
ARGUMENTS
EXAMPLE
Configure a banner message:
appliance-1(config)# system config login-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
COMMAND system config motd-banner
DESCRIPTION
Configure a message of the day (MOTD) banner to display after users log in to the system.
EXAMPLE
Configure a MOTD banner message:
appliance-1(config)# system config motd-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
ATTENTION!
This system is scheduled for maintenance in two days.
COMMAND system database config-backup
DESCRIPTION Generate a backup of the system configuration in the form of an XML file.
ARGUMENTS
yes
to overwrite the file if a file by that name exists or no
to disable the file overwrite. The default value is no
.EXAMPLE
Create a backup file of the system configuration named backup-apr2022
and overwrite it if a file by that name already exists:
appliance-1(config)# system database config-backup name backup-apr2022 proceed yes
response Succeeded.
COMMAND system database config-restore
DESCRIPTION Restore the system configuration from an XML backup file.
ARGUMENTS
yes
to overwrite the configuration database or no
to disable the overwrite. The default value is no
.EXAMPLE
Restore the system configuration from a backup file named backup-apr2022
:
appliance-1(config)# system database config-restore name backup-apr2022
COMMAND system database reset-to-default
DESCRIPTION Revert the system to the default configuration and clear any existing configuration information.
IMPORTANT: This deletes all configuration on the system, including IP addresses, passwords, and tenant images.
ARGUMENTS
no
to show a confirmation prompt prior to resetting the configuration to the default. Specify yes
to bypass a confirmation prompt.EXAMPLE
Revert the system to the default configuration:
appliance-1(config)# system database config reset-to-default yes
COMMAND system diagnostics core-files list
DESCRIPTION List core files for the system.
EXAMPLE
List all core files on the system:
appliance-1(config)# system diagnostics core-files list
files [ appliance-1:/var/shared/core/container/test-1.core.gz appliance-1:/var/shared/core/container/test-2.core.gz ]
COMMAND system diagnostics core-files delete
DESCRIPTION Delete core files from the system.
ARGUMENTS
EXAMPLE
List all core files on the system and specify one to delete:
appliance-1(config)# system diagnostics core-files delete files [ appliance-1:/var/shared/core/container/test-1.core.gz ]
COMMAND system diagnostics ihealth config authserver
DESCRIPTION Specify a separate endpoint for authenticating and uploading QKView files to the new iHealth2 service. The authserver config element enables you to specify an authentication server URL for the iHealth service. By default, authserver is set to the F5 iHealth authentication server https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token.
Before you can log in to the new iHealth system, you must first generate API token credentials at https://ihealth2.f5.com/qkview-analyzer/settings".
ARGUMENTS
EXAMPLE
Specify an authentication server for the iHealth service:
appliance-1(config)# system diagnostics ihealth config authserver
(<string>) (https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token): https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token
COMMAND system diagnostics ihealth config clientid
DESCRIPTION Specify the client identifier used to access iHealth. Before you can log in to the new iHealth system, you must first generate API token credentials at https://ihealth2.f5.com/qkview-analyzer/settings".
ARGUMENTS
COMMAND system diagnostics ihealth config clientsecret
DESCRIPTION Specify the secret associated with the client identifier for iHealth.
ARGUMENTS
COMMAND system diagnostics ihealth config server
DESCRIPTION Specify the iHealth service that has a separate endpoint for authenticating and uploading QKView files. The server config element enables you to specify an upload server URL for the iHealth service. By default, the server is set to the F5 iHealth upload server https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True.
ARGUMENTS
EXAMPLE
Specify an upload server for the iHealth service:
appliance-1(config)# system diagnostics ihealth config server
(<string>) (https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True): https://ihealth-api.f5networks.net/qkview-analyzer/api/qkviews?visible_in_gui=True
COMMAND system diagnostics ihealth upload
DESCRIPTION Initiate a QKView file upload to iHealth. It returns a upload id, which is needed to check upload status or cancel an upload.
ARGUMENTS
system diagnostics qkview list
command to see a list of available files.
NOTE: Be sure to add /diags/shared/QKView/
as a prefix to the QKView file name.EXAMPLE
Upload a file named /diags/shared/qkview/test.qkview
to iHealth:
appliance-1(config)# system diagnostics ihealth upload qkview-file /diags/shared/qkview/test.qkview description testing service-request-number C523232
message HTTP/1.1 202 Accepted
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 5 Apr 2022 12:09:08 GMT
Content-Length: 0
COMMAND system diagnostics ihealth cancel
DESCRIPTION Cancel a QKView upload that is in progress. If the upload is already complete, it cannot be cancelled. To remove the QKView, log in to the iHealth server and manually delete the QKView, if needed.
ARGUMENTS
EXAMPLE
Cancel the QKView upload with an upload-id
of iuw53AYW
.
appliance-1(config)# system diagnostics ihealth cancel upload-id iuw53AYW
message HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 5 Apr 2022 12:10:01 GMT
Content-Length: 44
COMMAND system diagnostics proxy
DESCRIPTION Specify a password for a web proxy server. If your system does not have internet access to reach f5.com, you can configure it to upload QKView files to iHealth using a web proxy server.
ARGUMENTS
EXAMPLES
Configure a proxy server using the IP address 192.0.2.20 and port 3128:
appliance-1(config)# system diagnostics proxy config proxy-server http://192.0.2.20:3128
Configure the username "myname" and a password for the proxy server:
appliance-1(config)# system diagnostics proxy config proxy-username myname
appliance-1(config)# system diagnostics proxy config proxy-password
(<AES encrypted string>): ******
COMMAND system diagnostics qkview capture
DESCRIPTION
Generate a system diagnostic snapshot, called a QKView. The system can support only one snapshot collection at a time. QKView files are stored in the host directory: diags/shared/qkview/
.
ARGUMENTS
<system-name>.qkview
.0
, which indicates no timeout.true
if core files should be excluded from QKView. The default value is false
.25
MB.500
MB.EXAMPLE
Generate a QKView and name the file client-qkview.tar
, exclude core files, set the maximum core size to 500 MB, set the maximum file size to 500 MB, and set a timeout value of 0 (zero), which indicates no timeout, and then check the status of the QKView generation process:
appliance-1(config)# system diagnostics qkview capture filename client-qkview exclude-cores true maxcoresize 500 maxfilesize 500 timeout 0
result Qkview file client-qkview is being collected
return code 200
appliance-1(config)# system diagnostics qkview status
result {"Busy":true,"Percent":12,"Status":"collecting","Message":"Collecting Data","Filename":"client-qkview"}
resultint 0
COMMAND system diagnostics qkview cancel
DESCRIPTION Cancel a QKView that is in progress.
ARGUMENTS This command has no arguments.
EXAMPLE
Cancel the currently running QKView:
appliance-1(config)# system diagnostics qkview cancel
result Qkview with filename client-qkview.tar was canceled
return code 200
resultint 0
COMMAND system diagnostics qkview status
DESCRIPTION Get the status of a QKView that is in progress or the status of the last QKView collected.
ARGUMENTS This command has no arguments.
EXAMPLE
View the status of the currently running QKView:
appliance-1(config)# system diagnostics qkview status
result {"Busy":true,"Percent":73,"Status":"collecting","Message":"Collecting Data","Filename":"myqkview.tar"}
resultint 0
appliance-1(config)# system diagnostics qkview status
result {"Busy":false,"Percent":100,"Status":"canceled","Message":"Collection canceled by user. Partial qkview saved.","Filename":"client-qkview.tar.canceled"}
resultint 0
COMMAND system diagnostics qkview delete
DESCRIPTION Delete a QKView file.
ARGUMENTS
EXAMPLE
Delete the QKView file named client-qkview.tar.canceled
.
appliance-1(config)# system diagnostics qkview delete filename client-qkview.tar.canceled
result Deleted Qkview file client-qkview.tar.canceled
return code 200
resultint 0
COMMAND system diagnostics qkview list
DESCRIPTION Show a list of QKView files.
ARGUMENTS This command has no arguments.
EXAMPLE
List all QKView files on the system:
appliance-1(config)# system diagnostics qkview list
result {"Qkviews":[{"Filename":"20220412.tar","Date":"2022-04-13T00:51:11.145190991Z","Size":77726151},{"Filename":"client-qkview.canceled","Date":"2022-04-13T01:00:11.796209488Z","Size":83041507}]}
resultint 0
COMMAND system dns config search
DESCRIPTION Configure a DNS search domain for the system to use.
ARGUMENTS
COMMAND system dns host-entries host-entry
DESCRIPTION Configure a DNS host entry for the system to use.
ARGUMENTS
COMMAND system dns servers
DESCRIPTION Configure a DNS server for the system to use.
ARGUMENTS
53
.EXAMPLE
Configure a DNS server and then verify that it was completed:
appliance-1(config)# system dns servers server 192.0.2.11 config port 53
appliance-1(config-server-192.0.2.11)# commit
Commit complete.
appliance-1(config-server-192.0.2.11)# exit
appliance-1(config)# end
appliance-1# show running-config system dns
system dns servers server 192.0.2.11
config port 53
!
COMMAND system image check-version
DESCRIPTION Check whether the system is compatible with a specific system image service version upgrade version.
ARGUMENTS
EXAMPLE
Verify that the system is compatible with service version number 1.1.0-3456:
appliance-1(config)# system image check-version service-version 1.1.0-3456
COMMAND system image remove
DESCRIPTION Remove a system image.
ARGUMENTS
COMMAND system image set-version
DESCRIPTION Trigger an install after verifying schema compatibility using check-version.
ARGUMENTS
no
to show a confirmation prompt prior to resetting the configuration to the default. Specify yes
to bypass a confirmation prompt.EXAMPLE
Upgrade the system to iso version 1.1.0-3456:
appliance-1(config)# system image set-version iso-version 1.1.0-3456
Upgrade the os version to 1.1.0-3456:
appliance-1(config)# system image set-version os-version 1.1.0-3456
Upgrade the service version to 1.1.0-3456:
appliance-1(config)# system image set-version service-version 1.1.0-3456
COMMAND system licensing install
DESCRIPTION Perform an automatic system license installation. The system must be connected to the Internet to use the automatic method.
ARGUMENTS
EXAMPLE
Install a base license on the system:
appliance-1(config)# system licensing install registration-key A1234-56789-01234-56789-0123456
result License installed successfully.
COMMAND system licensing manual-install
DESCRIPTION Perform a manual system license installation.
ARGUMENTS
system licensing manual-install
, you use system licensing get-dossier
to get the system dossier text, and then activate the license at activate.f5.com.EXAMPLE
License the system using license information from activate.f5.com:
appliance-1(config)# system licensing manual-install license
Value for 'license' (<string>):
[Multiline mode, exit with ctrl-D.]
> #
> Auth vers : 5b
> #
> #
> # BIG-IP System License Key File
> # DO NOT EDIT THIS FILE!!
> #
> # Install this file as "/config/bigip.license".
> #
> # Contact information in file /CONTACTS
> #
> #
> # Warning: Changing the system time while this system is running
> # with a time-limited license may make the system unusable.
> #
> Usage : F5 Internal Product Development
> #
> #
> # Only the specific use referenced above is allowed. Any other uses are prohibited.
> #
> Vendor : F5, Inc.
> #
> # Module List
> #
> active module : Local Traffic Manager, r10900 |K284576-4014992|Rate Shaping|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop
...
COMMAND system licensing get-dossier
DESCRIPTION Generate an encrypted system dossier that can be used for retrieving a license from the F5 license server. This is used to perform a manual license installation.
ARGUMENTS
EXAMPLE
Get a system licensing dossier from F5:
appliance-1(config)# system licensing get-dossier
system-dossier 48d05131e8688755efde6b1081af5e190793e5a0cfb70cd2da9da8c4c9d9d412a6360a11b869f2dfc779ef7c91df246f7184fe0010b7bcbd420e1664cb1d13b9890ec812bedf05d8cd530c87t82d13a7b63b9823ebdafc5f9061d6c12eb09a5a973361681d31a07dc92d774345cc52e70f8026729df4e2b5c9e6c22f96764e1cdd402f9e499841253259122877a85d7145a658a8444b0b6bc2dc8b9ef4a0156b8af2baa14500e9ce8c3ebcdf4060b35e1748aee093f0bb2349f53bf72f94c61979d1b8ccaf01c84235acf025f3cb3cad3f2cac9938b7481635280cc1589fac997aa4f6db9e8e04d02af5d91f5cd570fc261612233a1204e27a0d2ffd62e4107f89ad286a42ae07cea0918a7be0ba50e307664f8aaf9334051abb6d1559771d2fbfeb8f67335a8325b63a00ddfed563a926d595f1fe049bedf418dd997120945b1d622a574bd957fe6c60924c5562e6cf8ba837124a16bd2a49d1af0ace1f9dbe02af626336e073e8a2802949812eb0227faed9ad787c945c486dbc6d45327688025bcac81e472f3720c615f52455c8e0b235262cb4c8f2dd1ef8c753966fe11798db01714fd95e11348e1036f1ff69da16342595650c91b771cf7a28970c3caffa988faaf8f01cbd846151cd17201c3c8e58b18587e52a8be18f2ac9f175a41296fe9de3532433e94817f9b08ab2d9f66cdb76506e7d4156f9eb8af96aee363e8ab18eec930f6cc1c2dc80e2b254fbc9e31851a10f34506d71e1e5d60344a1ed5ec021c0e63513fd833ea8286258f6094592c7d04f9d29db93114518024b9129acb36ce41b1d1c7405db549f3aaa697919592a6dabfece7295cf57d8b950fcfed6cc40286d830be12097b0e3c0f9acbc07ccdb110b3cc98ca5a1ac09d6b152b2ace004d613364242a031e21057d3dc270ba00fe6918b3075b4692f55ca71fe6cd76c91f4beb19af97bb47dd677a77159e78adfa7e7cf0feb8a3490fc59fe660b26eb5268ecfed6f03c41ea0edadc7bc7573e91d0ad01313ee07e8719ec4d59fd6c90fcdbd29407f0a7666ff9de33251b04e270eb2d46c6cf8583d163c47d5768
COMMAND system licensing get-eula
DESCRIPTION Retrieve the End User License Agreement (EULA) from the F5 License Server.
ARGUMENTS
EXAMPLE
Gets the contents of the latest F5 EULA:
appliance-1(config)# system licensing get-eula
eula-text END USER LICENSE AGREEMENT
DOC-0355-16
IMPORTANT " READ BEFORE INSTALLING OR OPERATING THIS PRODUCT
YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BY INSTALLING,
HAVING INSTALLED, COPYING, OR OTHERWISE USING THE SOFTWARE. IF YOU
DO NOT AGREE, DO NOT INSTALL OR USE THE SOFTWARE.
This End User License Agreement ("License") applies to the software
product(s) ("Software") you have licensed from us whether on
a stand-alone basis or as part of any hardware ("Hardware") you
purchase from us, (the Hardware and Software together, the "Product").
...
COMMAND system locator config enabled
DESCRIPTION Configure whether the system locator function is enabled. Enabling this function illuminates the F5 logo ball so that you can more easily locate a chassis in a data center.
ARGUMENTS
enabled
to enable the chassis locator function or disabled
to disable it.COMMAND system logging remote-servers remote-server
DESCRIPTION Configure information about remote logging servers.
ARGUMENTS
disabled
.udp
.514
.EXAMPLE
Configure a logging destination:
appliance-1(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp
appliance-1(config-remote-server-192.0.2.240)# commit
Commit complete.
Delete a logging destination:
appliance-1(config)# no system logging remote-servers remote-server 192.0.2.240
appliance-1(config)# commit
Commit complete.
Configure a secure logging destination:
appliance-1(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp remote-port 80 authentication enabled
appliance-1(config-remote-server-192.0.2.240)# commit
Commit complete.
COMMAND system logging host-logs
DESCRIPTION Configure settings for sending host logs to remote logging servers.
ARGUMENTS
enabled
to enable remote forwarding of active node host logs or disabled
to disable it.host-logs
is enabled and a remote server configuration is present. Available options are:EXAMPLE
Enable remote forwarding:
appliance-1(config)# system logging host-logs config remote-forwarding enabled
COMMAND system logging sw-components sw-component
DESCRIPTION Configure logging for platform software components. Available options are:
ARGUMENTS
INFORMATIONAL
. Available options, in decreasing order of severity, are:COMMAND system logging tls ca-bundles ca-bundle
DESCRIPTION Specify a certificate authority bundle.
ARGUMENTS
COMMAND system logging tls certificate
DESCRIPTION Specify the PEM-encoded certificate.
ARGUMENTS
COMMAND system logging tls key
DESCRIPTION Specify the PEM-encoded private key.
ARGUMENTS
COMMAND system mgmt-ip config dhcp-enabled
DESCRIPTION Enable or disable DHCP for the system management IP address. DHCP is supported only on static interfaces.
ARGUMENTS
true
to enable DHCP for the management IP address or false
to disable it. The default value is false
.EXAMPLE
Enable DHCP for the management IP address:
appliance-1(config)# system mgmt-ip config dhcp-enabled true
COMMAND system mgmt-ip config ipv4 gateway
DESCRIPTION Configure a gateway IPv4 address.
ARGUMENTS
EXAMPLE
Configure the gateway IPv4 address to be 192.0.2.1
:
appliance-1(config)# system mgmt-ip config ipv4 gateway 192.0.2.1
COMMAND system mgmt-ip config ipv4 prefix-length
DESCRIPTION Configure the IPv4 prefix length.
ARGUMENTS
EXAMPLE
Configure the IPv4 prefix length to be 24
:
appliance-1(config)# system mgmt-ip config ipv4 prefix-length 24
COMMAND system mgmt-ip config ipv4 system address
DESCRIPTION
Configure an IPv4 management IP address for the system.
ARGUMENTS
COMMAND system mgmt-ip config ipv6 gateway
DESCRIPTION
Configure a gateway IPv6 address.
ARGUMENTS
EXAMPLE
Configure the gateway IPv6 address to be ::1
:
appliance-1(config)# system mgmt-ip config ipv6 gateway ::1
COMMAND system mgmt-ip config ipv6 prefix-length
DESCRIPTION Configure IPv6 prefix length.
ARGUMENTS
EXAMPLE
Configure the IPv6 prefix length to be 64
:
appliance-1(config)# system mgmt-ip config ipv6 prefix-length 64
COMMAND system mgmt-ip config ipv6 system address
DESCRIPTION Configure an IPv6 management IP address for the system.
ARGUMENTS
DESCRIPTION Configure the internal address range.
ARGUMENTS
prefix
. This is the default value.EXAMPLE
Configure the range type to be RFC6598:
appliance-1(config)# system network config network-range-type RFC6598
COMMAND system network config network-range-type RFC1918 chassis-id
DESCRIPTION Set the chassis ID that is used to determine internal address ranges.
IMPORTANT: F5 strongly recommends that you do not change this setting.
ARGUMENTS
1
.COMMAND system network config network-range-type RFC1918 prefix
DESCRIPTION
Configure the internal network prefix index that is used to select the range of IP addresses used internally within the appliance. If needed, select a network prefix that ensures that internal appliance addresses do not overlap with site-local addresses that are accessible to the system.
ARGUMENTS
EXAMPLE
Configure the internal network range to use 10.[16-31].0.0/16
:
appliance-1(config)# system network config network-range-type RFC1918 prefix 1
COMMAND system ntp config
DESCRIPTION
Enable the Network Time Protocol (NTP) protocol and indicate that the system should synchronize the system clock with an NTP server defined in the ntp/server
list.
ARGUMENTS
enabled
to enable using NTP or disabled
to disable it.EXAMPLE
Disable the use of NTP:
appliance-1(config)# system ntp config disabled
COMMAND system ntp config enable-ntp-auth
DESCRIPTION
Configure Network Time Protocol (NTP) authentication for the system. NTP authentication enhances security by ensuring that the system sends time-of-day requests only to trusted NTP servers.
ARGUMENTS
true
to enable using NTP authentication or false
to disable it.EXAMPLE
Enable the use of NTP authentication, and then use system ntp ntp-keys ntp-key
to add the key associated with your server to the system:
appliance-1(config)# system ntp config enable-ntp-auth true
COMMAND system ntp ntp-keys ntp-key
DESCRIPTION Configure the list of Network Time Protocol (NTP) authentication keys.
ARGUMENTS
key-id
value must match the range
value.EXAMPLE
Add the key associated with your NTP server to the system:
appliance-1(config)# system ntp ntp-keys ntp-key range 123 config key-id 123 key-type NTP_AUTH_MD5 key-value abcd123
COMMAND system ntp servers server
DESCRIPTION
Configure which NTP servers can be used for system clock synchronization. If system ntp
is enabled
, then the system will attempt to contact and use the specified NTP servers. The key-id
, key-type
, and key-value
set on this client system using system ntp ntp-keys ntp-key
must match the server exactly.
ARGUMENTS
SERVER
.true
to enable iburst for the NTP service. Specify false
to disable it.123
.true
to indicate that this server should be the preferred one. Specify false
if not.system ntp ntp-keys ntp-key
.EXAMPLES
Configure an NTP server with the address pool.ntp.org
, where the association type is POOL
, and it is the preferred server:
appliance-1(config)# system ntp servers server pool.ntp.org config association-type POOL prefer true
appliance-1(config-server-pool.ntp.org)# top
appliance-1(config)# system ntp config enabled
appliance-1(config)# commit
Commit complete.
Configure an NTP server with the address pool.ntp.org
, where the association type is SERVER
, iburst is enabled, port is 123
, it is the preferred server, and version number is 4
:
appliance-1(config)# system ntp servers server pool.ntp.org
appliance-1(config-server-pool.ntp.org)# config address pool.ntp.org
appliance-1(config-server-pool.ntp.org)# config association-type SERVER
appliance-1(config-server-pool.ntp.org)# config iburst true
appliance-1(config-server-pool.ntp.org)# config port 123
appliance-1(config-server-pool.ntp.org)# config prefer true
appliance-1(config-server-pool.ntp.org)# config version 4
appliance-1(config-server-pool.ntp.org)# commit
Commit complete.
COMMAND system packages package
DESCRIPTION Manage independent service packages on the system.
ARGUMENTS
EXAMPLES
Set a new version of a package:
appliance-1(config)# system packages package optics-mgr-independent-pkg set-version version 4.0.0.2022_08_02_16_17_05.s3a9dffb4 proceed
Possible completions:
no yes
Check the version compatibility of a package:
appliance-1(config)# system packages package optics-mgr-independent-pkg check-version version 4.0.0.2022_08_02_16_17_05.s3a9dffb4
response Compatibility verification succeeded.
Remove a package version:
appliance-1(config)# system packages package optics-mgr-independent-pkg remove version 4.0.0.2022_08_02_16_17_05.s3a9dffb4
COMMAND system security services service
DESCRIPTION Configure the SSH service (also known as sshd) to use a desired set of encryption ciphers, the HTTP service (also known as httpd) to use a desired set of KEX algorithms, and MAC algorithms to meet the security policy enforced in your environment.
ARGUMENTS
The cipher string can take several additional forms. It can consist of a single cipher suite or a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation.
You can combine lists of KEX algorithms into a single string using the + character as a logical AND operation.
You can combine lists of MAC algorithms into a single string using the + character as a logical AND operation.
The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.
COMMAND system security run-integrity-check
DESCRIPTION
Ensure the integrity of all the installed packages and containers in the system.
ARGUMENTS
yes
to perform an integrity check. Specify no
to skip it.COMMAND system snmp communities community
DESCRIPTION Configure the SNMP community name and community security model.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
EXAMPLE
Configure the system to use only the v1 security model:
appliance-1(config)# system snmp communities community config v1-comm security-model v1
Configure the system use both v1 and v2c security models:
appliance-1(config)# system snmp communities community both-comm config security-model [ v1 v2c ]
COMMAND system snmp config port
DESCRIPTION Configure the non-default port for SNMP.
ARGUMENTS
EXAMPLE
Configure the snmp port to be 8889
appliance-1(config)# system snmp config port 8889
COMMAND system snmp engine-id config value
DESCRIPTION Configure an SNMP engine ID.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
COMMAND system snmp targets target
DESCRIPTION Configure the SNMP target name.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
EXAMPLE
Configure an SNMP target with a v3 user:
appliance-1(config)# system snmp targets target v3-target config user v3-user ipv4 address 192.0.2.224 port 5001
Configure an SNMP target with a community and a security model:
appliance-1(config)# system snmp targets target v2c-target config community both-comm security-model v2c ipv4 address 192.0.2.224 port 5001
COMMAND system snmp users user
DESCRIPTION Configure the user name associated with an SNMPv3 group.
ARGUMENTS
EXAMPLE
Configure an SNMP v3 user that uses MD5 and AES for authentication and privacy:
appliance-1(config)# system snmp users user v3-user config authentication-protocol md5 privacy-protocol aes authentication-password
(<string, min: 8 chars, max: 32 chars>): ********
appliance-1(config-user-v3-user)# config privacy-password
(<string, min: 8 chars, max: 32 chars>): *********
appliance-1(config-user-v3-user)# commit
Commit complete.
COMMAND system telemetry exporters exporter
DESCRIPTION Configure the exporter details to push the telemetry data.
ARGUMENTS
true
to enable the retry on failure. 5
.EXAMPLE
Configure a telemetry exporter:
appliance-1(config)# system telemetry exporters exporter server1 config enabled endpoint address server1.f5net.com port 7890 instruments all options retry-enabled true timeout 5 compression gzip
appliance-1(config-exporter-server1)# commit
Commit complete.
COMMAND system reboot
DESCRIPTION Trigger a restart of the system. This resets the management IP connection.
ARGUMENTS
This command has no arguments.
EXAMPLE
Reboot the system and when prompted whether to confirm the reboot, enter yes
:
appliance-1(config)# system reboot
The reboot of the system results in data plane and management connectivity to be disrupted. Proceed? [no,yes]
COMMAND system set-datetime
DESCRIPTION Configure the date and time for the system.
ARGUMENTS
EXAMPLES
Configure the system date to be 2022-11-11:
appliance-1(config)# system set-datetime date 2022-11-11
Configure the system time to be 11:11:00:
appliance-1(config)# system set-datetime date 11:11:00
COMMAND system settings config idle-timeout
DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).EXAMPLE
Set the idle time to be the maximum value:
appliance-1(config)# system settings config idle-timeout 8192
COMMAND system settings config sshd-idle-timeout
DESCRIPTION Set how long the CLI is inactive before the root user is logged out of the system. If the root user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).COMMAND system settings gui advisory config color
DESCRIPTION Configure an advisory banner, including color and text to be displayed.
ARGUMENTS
COMMAND system settings gui advisory config
DESCRIPTION Specify whether to enable an advisory banner for the system webUI.
ARGUMENTS
enabled
to enable an advisory banner or disabled
to disable it. The default value is disabled
.EXAMPLE
Enable and configure an advisory banner:
appliance-1(config)# system settings gui advisory config enabled color orange text
(<string, min: 0 chars, max: 80 chars>): TEST ENVIRONMENT
COMMAND system settings gui advisory config text
DESCRIPTION Specify text displayed on advisory banner.
ARGUMENTS
COMMAND tenants tenant
DESCRIPTION Provision and deploy a tenant on the system.
ARGUMENTS
enabled
to enable appliance node at the tenant level or disabled
to disable it. You cannot configure this option when a tenant is in the deployed
running state.enabled
to enable crypto devices for the tenant level or disabled
to disable it. You cannot configure this option when a tenant is in the deployed
running state.deployed
running state.77
GB. The range is from 22 to 700 GB.true
to enable trust mode or false
to disable it. The default value is false
.EXAMPLE
Configure a tenant named bigip-vm
of type BIG-IP
, using a specified image file, assigned to node 1, using port 22
, a management IP address of 192.0.2.61
, a netmask of 255.255.255.0
, a gateway of 192.0.2.1
, using VLAN 100
, and a running state of deployed
:
appliance-1(config)# tenants tenant bigip-vm config type BIG-IP image BIGIP-bigip15.1.6.123.ALL-F5OS.qcow2.zip.bundle nodes 1 port 22 mgmt-ip 192.0.2.71 netmask 255.255.255.0 gateway 192.0.2.254 vlans 100 running-state deployed
COMMAND vlans vlan
DESCRIPTION Creates a VLAN object that can be referenced by other configuration commands. This command is intended to be expanded for future use and is currently not necessary for proper configuration of the system.
ARGUMENTS
EXAMPLE
Configure VLAN 100, with the name 100
and a vlan-id
of 100
:
appliance-1(config)# vlans vlan 100 config name 100 vlan-id 100
Configure a VLAN range of 100-101:
appliance-1(config)# vlans vlan range 100-101
COMMAND autowizard
DESCRIPTION Specify whether to query automatically for mandatory elements.
ARGUMENTS
true
to query automatically for mandatory elements. Specify false
to disable it.COMMAND clear
DESCRIPTION Remove all configuration changes.
ARGUMENTS
COMMAND complete-on-space
DESCRIPTION Specify whether to have the CLI complete a command name automatically when you type an unambiguous string and then press the space bar, or have the CLI list all possible completions when you type an ambiguous string and then press the space bar.
ARGUMENTS
true
to enable the ability to have the CLI complete a command name automatically when you press the space bar. Specify false
to disable it.COMMAND config
DESCRIPTION
Enter configuration mode. In configuration mode, you are editing a copy of the running configuration, called the candidate configuration, not the actual running configuration. Your changes take effect only when you issue a commit
command.
ARGUMENTS
COMMAND describe
DESCRIPTION Display internal information about how a command is implemented.
ARGUMENTS
COMMAND devtools
DESCRIPTION Enable/disable development tools.
ARGUMENTS
true
to enable development tools or false
to disable it.COMMAND display-level
DESCRIPTION Set the depth of the configuration shown for show commands.
ARGUMENTS
<depth>
can be a value from 1 to 64.COMMAND exit
DESCRIPTION Exit the CLI session.
ARGUMENTS This command has no arguments.
COMMAND file
DESCRIPTION Perform file operations.
ARGUMENTS
For detailed information about these arguments, see the file
page under config-mode-commands.
COMMAND help
DESCRIPTION Display help information about a specified command.
ARGUMENTS
COMMAND history
DESCRIPTION Configure the command history cache size.
ARGUMENTS
<size>
can be a value from 0 through 1000.COMMAND id
DESCRIPTION Display information about the current user, including user, gid, group, and gids.
ARGUMENTS This command has no arguments.
COMMAND idle-timeout
DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).COMMAND ignore-leading-space
DESCRIPTION Specify whether to consider or ignore leading whitespace at the beginning of a command.
ARGUMENTS
false
to ignore leading whitespace or true
to consider it.COMMAND job
DESCRIPTION Perform job operations.
ARGUMENTS
COMMAND leaf-prompting
DESCRIPTION Specify whether to enable or disable automatic querying for leaf values.
ARGUMENTS
false
to disable leaf prompting and specify true
to enable it.COMMAND logout
DESCRIPTION Log out a specific session or user from all sessions.
ARGUMENTS
<session-id>
.<user-name>
.COMMAND no
DESCRIPTION Delete or unset a configuration command.
ARGUMENTS
COMMAND paginate
DESCRIPTION Specify whether to control the pagination of CLI command output.
ARGUMENTS
false
to display command output continuously, regardless of the CLI screen height. Specify true
to display all command output one screen at a time. To display the next screen of output, press the space bar. This is the default setting.COMMAND prompt1
DESCRIPTION Set the operational mode prompt.
ARGUMENTS
COMMAND prompt2
DESCRIPTION Set the configuration mode prompt.
ARGUMENTS
COMMAND pwd
DESCRIPTION Display the current path in the configuration hierarchy.
ARGUMENTS This command has no arguments.
COMMAND quit
DESCRIPTION Exit the CLI session.
ARGUMENTS This command has no arguments.
COMMAND screen-length
DESCRIPTION Configure the length of the terminal window.
ARGUMENTS
<number-of-rows>
can be from 0 through 256. When you set the screen length to 0 (zero), the CLI does not paginate command output.COMMAND screen-width
DESCRIPTION Configure the width of the terminal window.
ARGUMENTS
<number-of-rows>
can be from 200 through 256.COMMAND script
DESCRIPTION Perform script actions.
ARGUMENTS
COMMAND send
DESCRIPTION Send a message to the terminal of a specified user or all users.
ARGUMENTS
all
to send a message to all users. Specify username <username>
to send a message only to a specified user.COMMAND show
DESCRIPTION Show information about the system.
ARGUMENTS
COMMAND show-defaults
DESCRIPTION Specify whether to display the default configuration.
ARGUMENTS
true
to display the default values. Specify false
to hide the default values.COMMAND source
DESCRIPTION Run commands from <file> as if they had been entered by the user.
ARGUMENTS
COMMAND system
DESCRIPTION Perform system operations. Available options are:
system aaa
.system database
.system diagnostics
.COMMAND terminal
DESCRIPTION Set the terminal type.
ARGUMENTS
COMMAND timestamp
DESCRIPTION Configure whether to display the timestamp.
ARGUMENTS
enable
to show the timestamp. Specify disable
to hide the timestamp.COMMAND who
DESCRIPTION Display information on currently-logged on users. The command output Display the session ID, user name, context, from (IP address), protocol, date, and mode (operational or configuration).
ARGUMENTS This command has no arguments.
COMMAND write
DESCRIPTION
Display the running configuration of the system on the terminal. This command is equivalent to the show running-config
command.
ARGUMENTS
COMMAND annotation
DESCRIPTION Display only statements whose annotation matches a provided configuration statement or pattern.
Note: Only available when the system has been configured with attributes enabled.
ARGUMENTS
COMMAND append
DESCRIPTION Append command output text to a file.
ARGUMENTS
COMMAND begin
DESCRIPTION Display the command output starting at the first match of a specified string.
ARGUMENTS
COMMAND best-effort
DESCRIPTION Display command output or continue loading a file, even if a failure has occurred that might interfere with this process.
ARGUMENTS This command has no arguments.
COMMAND context-match
DESCRIPTION Display the upper hierarchy in which a pattern appears in the configuration.
ARGUMENTS
COMMAND count
DESCRIPTION Count the number of lines in the command output.
ARGUMENTS This command has no arguments.
COMMAND csv
DESCRIPTION Display table output in CSV format.
ARGUMENTS This command has no arguments.
COMMAND de-select
DESCRIPTION Do not show a specified field in the command output.
ARGUMENTS
COMMAND debug
DESCRIPTION Display debug information.
ARGUMENTS This command has no arguments.
COMMAND details
DESCRIPTION Display the default values for commands in the running configuration.
ARGUMENTS This command has no arguments.
COMMAND display
DESCRIPTION Display options.
ARGUMENTS
Possible completions:
curly-braces Display output as curly braces
json Display output as json
keypath Display output as keypath
restconf Display output as restconf path
xml Display output as XML
xpath Display output as xpath
COMMAND exclude
DESCRIPTION Exclude lines from the command output that match a string defined by a specified regular expression.
ARGUMENTS
COMMAND extended
DESCRIPTION Display referring entries or elements.
ARGUMENTS This command has no arguments.
COMMAND force
DESCRIPTION Log out any users who are locking the configuration.
ARGUMENTS This command has no arguments.
COMMAND hide
DESCRIPTION Hide display options.
ARGUMENTS This command has no arguments.
COMMAND icount
DESCRIPTION Count the number of matching instances.
ARGUMENTS This command has no arguments.
COMMAND include
DESCRIPTION Include only lines in the command output that contain the string defined by a specified regular expression.
ARGUMENTS
Possible completions:
<Regular Expression - restricted subset>
-a The number of lines to include after the match
-b The number of lines to include before the match
-c The number of context lines to include
COMMAND linnum
DESCRIPTION Display a line number at the beginning of each line in the displayed output.
ARGUMENTS This command has no arguments.
COMMAND match-all
DESCRIPTION Display the command output that matches all command output filters.
ARGUMENTS This command has no arguments.
COMMAND match-any
DESCRIPTION Display the command output that matches any one of the the command output filters. This is the default behavior when matching command output.
ARGUMENTS This command has no arguments.
COMMAND more
DESCRIPTION Paginate the command output. This is the default behavior.
ARGUMENTS This command has no arguments.
COMMAND nomore
DESCRIPTION Do not paginate command output.
ARGUMENTS This command has no arguments.
COMMAND notab
DESCRIPTION Display tabular command output in a list instead of in a table. If the tabular command output is wider than the screen width, the output automatically Display in a list.
ARGUMENTS This command has no arguments.
COMMAND repeat
DESCRIPTION
Repeat the output of a show
command periodically.
ARGUMENTS
COMMAND save
DESCRIPTION Save the command output text to a file.
ARGUMENTS
COMMAND select
DESCRIPTION Display selected fields in the command output.
ARGUMENTS
COMMAND sort-by
DESCRIPTION Display command output with values sorted in a specified field.
ARGUMENTS
COMMAND suppress-validate-warning-prompt
DESCRIPTION Suppress the validation warning prompt.
ARGUMENTS This command has no arguments.
COMMAND tab
DESCRIPTION Display tabular command output in table, even if the table is wider than the screen width. If the command output is wider than the screen width, wrap the output onto two or more lines.
ARGUMENTS This command has no arguments.
COMMAND tags
DESCRIPTION Display only statements with tags that match a pattern.
ARGUMENTS
COMMAND trace
DESCRIPTION Display trace information.
ARGUMENTS This command has no arguments.
COMMAND until
DESCRIPTION Display the command output, ending with the line that matches a specified string.
ARGUMENTS
COMMAND show system aom
DESCRIPTION Configure AOM network and SSH.
ARGUMENTS
show
command.COMMAND show SNMP-FRAMEWORK-MIB
DESCRIPTION Display information about the SNMP engine Management Information Base (MIB).
EXAMPLE
Display information about the SNMP engine:
appliance-1# show SNMP-FRAMEWORK-MIB
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:61:81:05:01
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 7
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 127740
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000
COMMAND show SNMP-MPD-MIB
DESCRIPTION Display information about the SNMP Message Processing and Dispatching (MPD) MIB.
EXAMPLE
Display SNMP MPD information:
appliance-1# show SNMP-MPD-MIB
SNMP-MPD-MIB snmpMPDStats snmpUnknownSecurityModels 0
SNMP-MPD-MIB snmpMPDStats snmpInvalidMsgs 0
SNMP-MPD-MIB snmpMPDStats snmpUnknownPDUHandlers 0
COMMAND show SNMP-TARGET-MIB
DESCRIPTION Display information about the SNMP TARGET MIB.
EXAMPLE
Display the SNMP TARGET MIB information:
appliance-1# show SNMP-TARGET-MIB
SNMP-TARGET-MIB snmpTargetObjects snmpUnavailableContexts 0
SNMP-TARGET-MIB snmpTargetObjects snmpUnknownContexts 0
COMMAND show SNMP-USER-BASED-MIB
DESCRIPTION Display information about objects that belong to SNMP files based on user-based security.
EXAMPLE
Display the SNMP TARGET user-based information:
appliance-1# show SNMP-USER-BASED-SM-MIB
SNMP-USER-BASED-SM-MIB usmStats usmStatsUnsupportedSecLevels 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsNotInTimeWindows 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsUnknownUserNames 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsUnknownEngineIDs 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsWrongDigests 0
SNMP-USER-BASED-SM-MIB usmStats usmStatsDecryptionErrors 0
COMMAND show SNMPv2-MIB
DESCRIPTION Display information about the SNMP version 2 MIB.
EXAMPLE
Display the SNMP version 2 MIB information:
appliance-1# show SNMPv2-MIB
SNMPv2-MIB system sysDescr "Linux 3.10.0-1160.25.1.F5.4.el7_8.x86_64 : Appliance services version 1.1.0-5810"
SNMPv2-MIB system sysObjectID 1.3.6.1.2.1.1
SNMPv2-MIB system sysUpTime 28545699
SNMPv2-MIB system sysServices 72
SNMPv2-MIB system sysORLastChange 9
SNMPv2-MIB snmp snmpInPkts 0
SNMPv2-MIB snmp snmpInBadVersions 0
SNMPv2-MIB snmp snmpInBadCommunityNames 0
SNMPv2-MIB snmp snmpInBadCommunityUses 0
SNMPv2-MIB snmp snmpInASNParseErrs 0
SNMPv2-MIB snmp snmpSilentDrops 0
SNMPv2-MIB snmp snmpProxyDrops 0
SNMPv2-MIB snmpSet snmpSetSerialNo 836391230
SYS
SYS ORUP
ORINDEX SYS ORID SYS ORDESCR TIME
-----------------------------------------------------------------------------------------------------------------
1 1.3.6.1.4.1.12276.1 F5 Networks enterprise Platform MIB 9
2 1.3.6.1.2.1.31 The MIB module to describe generic objects for network interface sub-layers 9
COMMAND show cli
DESCRIPTION Display the default CLI session settings.
ARGUMENTS
This command has no arguments.
EXAMPLE
Display the current default CLI session settings:
appliance-1# show cli
autowizard true
complete-on-space false
devtools false
display-level 99999999
history 100
idle-timeout 0
ignore-leading-space false
leaf-prompting true
output-file terminal
paginate true
prompt1 \h\M#
prompt2 \h(\m)#
screen-length 70
screen-width 125
service prompt config true
show-defaults false
terminal xterm-256color
timestamp disable
COMMAND show cluster
DESCRIPTION Display the current state of the OpenShift cluster and the last 25 OpenShift events that have occurred during installation and during normal operation.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the current cluster state:
appliance-1# show cluster
cluster state
cluster disk-usage-threshold state warning-limit 85
cluster disk-usage-threshold state error-limit 90
cluster disk-usage-threshold state critical-limit 97
cluster disk-usage-threshold state growth-rate-limit 10
cluster disk-usage-threshold state interval 60
cluster nodes node node-1
state enabled true
state node-running-state running
state node-info creation-time 2022-01-25T23:59:06Z
state node-info cpu 12
state node-info pods 110
state node-info memory 14680280Ki
state ready-info ready true
state ready-info last-transition-time 2022-02-24T18:19:32Z
state ready-info message "kubelet is posting ready status"
state out-of-disk-info last-transition-time ""
state out-of-disk-info message ""
state disk-pressure-info disk-pressure false
state disk-pressure-info last-transition-time 2022-01-25T23:59:06Z
state disk-pressure-info message "kubelet has no disk pressure"
state disk-usage used-percent 37
state disk-usage growth-rate 0
state disk-usage status in-range
DISK DATA DISK DATA
NAME VALUE
-------------------------
available 61588611072
capacity 101817933824
used 35033628672
STAGE NAME STATUS TIMESTAMP VERSION
--------------------------------------------------------------
K3SClusterInstall done 2022/01/25-23:59:37 1.21.1.1.8.3
K3SClusterUpgrade done 2022/02/24-18:15:25 1.21.1.1.8.4
cluster cluster-status summary-status "K3S cluster is initialized and ready for use."
INDEX STATUS
---------------------------------------------------------------------------------------------
0 2022-03-28 15:51:01.270528 - applianceMainEventLoop::Orchestration manager startup.
1 2022-03-28 15:51:01.274924 - Can now ping appliance-1.chassis.local (100.65.60.1).
2 2022-03-28 15:51:01.943806 - Successfully ssh'd to appliance 127.0.0.1.
3 2022-03-28 15:51:32.614402 - Appliance 1 is ready in k3s cluster.
4 2022-03-28 15:51:32.614469 - K3S cluster is ready.
5 2022-03-28 15:52:10.927012 - K3s IMAGE update is succeeded.
6 2022-04-02 20:17:29.409150 - K3S cluster is NOT ready.
7 2022-04-02 20:17:44.199082 - K3S cluster is ready.
8 2022-04-04 11:19:35.495921 - Failed to ssh to 127.0.0.1.
9 2022-04-04 11:20:06.155860 - Successfully ssh'd to appliance 127.0.0.1.
COMMAND show cluster cluster-status
DESCRIPTION Display the current state of a specific OpenShift event that has occurred during installation and during normal operation.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display cluster status:
appliance-1# show cluster cluster-status
cluster cluster-status summary-status "K3S cluster is initialized and ready for use."
INDEX STATUS
---------------------------------------------------------------------------------------------
0 2022-03-28 15:51:01.270528 - applianceMainEventLoop::Orchestration manager startup.
1 2022-03-28 15:51:01.274924 - Can now ping appliance-1.chassis.local (100.65.60.1).
2 2022-03-28 15:51:01.943806 - Successfully ssh'd to appliance 127.0.0.1.
3 2022-03-28 15:51:32.614402 - Appliance 1 is ready in k3s cluster.
4 2022-03-28 15:51:32.614469 - K3S cluster is ready.
5 2022-03-28 15:52:10.927012 - K3s IMAGE update is succeeded.
6 2022-04-02 20:17:29.409150 - K3S cluster is NOT ready.
7 2022-04-02 20:17:44.199082 - K3S cluster is ready.
8 2022-04-04 11:19:35.495921 - Failed to ssh to 127.0.0.1.
9 2022-04-04 11:20:06.155860 - Successfully ssh'd to appliance 127.0.0.1.
COMMAND show cluster disk-usage-threshold
DESCRIPTION Display the current configuration of disk usage threshold.
ARGUMENTS
EXAMPLE
Display the current configuration for all disk usage threshold options:
appliance-1# show cluster disk-usage-threshold
cluster disk-usage-threshold state warning-limit 85
cluster disk-usage-threshold state error-limit 90
cluster disk-usage-threshold state critical-limit 97
cluster disk-usage-threshold state growth-rate-limit 10
cluster disk-usage-threshold state interval 60
COMMAND show cluster events
DESCRIPTION Display information about cluster events, including namespace, type, reason, object and message.
ARGUMENTS
COMMAND show cluster install-status
DESCRIPTION Display the status of the OpenShift cluster installation, including the state of the various stages of the OpenShift installation.
ARGUMENTS
This command has no arguments.
COMMAND
show cluster nodes node
DESCRIPTION Display the state of a specific node in the system.
ARGUMENTS
EXAMPLE
Display the state of the node node-1:
appliance-1# show cluster nodes node node-1
cluster nodes node node-1
state enabled true
state node-running-state running
state node-info creation-time 2022-01-25T23:59:06Z
state node-info cpu 12
state node-info pods 110
state node-info memory 14680280Ki
state ready-info ready true
state ready-info last-transition-time 2022-02-24T18:19:32Z
state ready-info message "kubelet is posting ready status"
state out-of-disk-info last-transition-time ""
state out-of-disk-info message ""
state disk-pressure-info disk-pressure false
state disk-pressure-info last-transition-time 2022-01-25T23:59:06Z
state disk-pressure-info message "kubelet has no disk pressure"
state disk-usage used-percent 37
state disk-usage growth-rate 0
state disk-usage status in-range
DISK DATA DISK DATA
NAME VALUE
-------------------------
available 61418614784
capacity 101817933824
used 35203624960
TENANT
NAME QAT DEVICE NAME BDF
------------------------------------
big-ip qat_dev_vf000pf00 f4:00.1
qat_dev_vf001pf00 f4:00.2
qat_dev_vf002pf00 f4:00.3
qat_dev_vf003pf00 f4:00.4
qat_dev_vf004pf00 f4:00.5
qat_dev_vf005pf00 f4:00.6
COMMAND show cluster state
DESCRIPTION Display the current state of the cluster.
ARGUMENTS
This command has no arguments.
COMMAND show components
DESCRIPTION Display information about hardware inventory and firmware components.
ARGUMENTS
The availability of options for this command depends on which hardware component you are configuring.
running
, and it changes to complete
when the update completes.show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display details about psu-1:
appliance-1# show components component psu-1
components component psu-1
state serial-no 19CS30011421
state part-no PWR-0334-05
state empty false
psu-stats psu-current-in 0.24
psu-stats psu-current-out 4.4
psu-stats psu-voltage-in 205.7
psu-stats psu-voltage-out 12.0
psu-stats psu-temperature-1 39.0
psu-stats psu-temperature-2 35.0
psu-stats psu-temperature-3 42.0
psu-stats psu-fan-1-speed 6100
Display all information about the platform:
appliance-1# show components component platform
components component platform
state description r4800
state serial-no f5-abcd-efgh
state part-no "200-0417-01 REV A"
state empty false
state tpm-integrity-status Valid
state memory available 6555197440
state memory free 2038071296
state memory used-percent 90
state memory platform-total 15032606720
state memory platform-used 8178208768
state temperature current 26.0
state temperature average 26.8
state temperature minimum 26.0
state temperature maximum 27.0
fantray fan-stats fan-1-speed 9900
fantray fan-stats fan-2-speed 9800
fantray fan-stats fan-3-speed 9800
fantray fan-stats fan-4-speed 9700
UPDATE
NAME NAME VALUE CONFIGURABLE STATUS
---------------------------------------------------------------------------------------
QAT0 - Snow Ridge Crypto/Compression false -
fw-version-bios - 0.95.081.1 false none
fw-version-bmc - 0.93.34 false none
fw-version-bmc-slot1 - 34.0.93 false none
fw-version-bmc-slot2 - 34.0.93 false none
fw-version-cpld - 0x0A false none
fw-version-drive-m.2.slot1 - 95420100 false none
fw-version-drive-nvme0 - 95420100 false none
fw-version-sirr - 1.1.39 false none
storage state disks disk nvme0n1
state model Micron_7300_MTFDHBA480TDF
state vendor Micron
...
COMMAND show configuration commit changes
DESCRIPTION Display changes that were made to the running configuration by previous configuration commits, including changes committed for a specified commit ID.
ARGUMENTS
EXAMPLES
Display information about the last commit:
appliance-1# show configuration commit changes
!
! Created by: admin
! Date: 2022-04-06 21:40:06
! Client: system
!
system aaa authentication users user big-ip
config username big-ip
!
system aaa authentication users user big-ip
config expiry-date 1
config role tenant-console
!
Display information about commit ID 11:
appliance-1# show configuration commit changes 11
!
! Created by: admin
! Date: 2022-03-24 15:51:35
! Client: cli
!
system ntp servers server ntp.pool.org
config address ntp.pool.org
!
system ntp servers server ntp.pool.org
!
COMMAND show configuration commit list
DESCRIPTION Display information about the configuration commits stored in the commit database.
ARGUMENTS
EXAMPLE
Display information about the five most recent configuration commits:
appliance-1# show configuration commit list 5
2022-04-06 22:55:48
SNo. ID User Client Time Stamp Label Comment
~~~~ ~~ ~~~~ ~~~~~~ ~~~~~~~~~~ ~~~~~ ~~~~~~~
0 10101 admin system 2022-04-06 21:40:06
1 10100 admin rest 2022-04-06 21:40:06
2 10099 admin system 2022-04-04 18:14:53
3 10098 admin system 2022-04-04 18:10:49
4 10097 system system 2022-04-04 18:10:05
COMMAND show configuration rollback changes
DESCRIPTION Display changes that would be made by the rollback configuration command or to display the list of commit IDs.
ARGUMENTS
EXAMPLE
Display changes that would be made by rolling back to the most recent configuration commit:
appliance-1# show configuration rollback changes
no system aaa authentication users user big-ip
COMMAND show file
DESCRIPTION Display current configuration for known hosts and status of file transfers.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.known_hosts
file.EXAMPLE
Display the status of recent file transfers:
appliance-1# file transfer-status
result
S.No.|Operation |Protocol|Local File Path |Remote Host |Remote File Path |Status |Time
1 |Import file|HTTPS |images/tenant/BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle |sea.company.com|v15.1.6/daily/build3.0/VM/BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle|In Progress (12.0%)|Wed Apr 6 23:00:37 2022
COMMAND show history
DESCRIPTION Display a history of commands run on the system.
ARGUMENTS
EXAMPLE
Display the last three commands that were run on the system:
appliance-1# show history 3
23:03:57 -- idle-timeout 0
23:04:00 -- show file transfer-operations
23:04:12 -- show system mgmt-ip
COMMAND show images
DESCRIPTION Display all tenant images imported to the system. Also shows which image is currently in use and its status.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all tenant images on the system:
appliance-1# show images
IN
NAME USE STATUS
----------------------------------------------------------------
BIGIP-15.1.5-0.0.10.ALL-F5OS.qcow2.zip.bundle true verified
BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle false verified
COMMAND show interfaces
DESCRIPTION Display information about front-panel network interfaces. This includes options for link aggregation.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display only the first level of interface information:
appliance-1# show interfaces displaylevel 1
interfaces interface 1.0
interfaces interface 2.0
interfaces interface 3.0
interfaces interface 4.0
interfaces interface 5.0
interfaces interface 6.0
interfaces interface 7.0
interfaces interface 8.0
interfaces interface mgmt
Display information only about interface 2.0:
appliance-1# show interfaces interface 2.0
interfaces interface 2.0
state name 2.0
state type ethernetCsmacd
state mtu 9600
state enabled true
state ifindex 24
state oper-status DOWN
state counters in-octets 0
state counters in-unicast-pkts 0
state counters in-broadcast-pkts 0
state counters in-multicast-pkts 0
state counters in-discards 0
state counters in-errors 0
state counters in-fcs-errors 0
state counters out-octets 0
state counters out-unicast-pkts 0
state counters out-broadcast-pkts 0
state counters out-multicast-pkts 0
state counters out-discards 0
state counters out-errors 0
state forward-error-correction auto
state lacp_state LACP_DEFAULTED
ethernet state port-speed SPEED_100GB
ethernet state hw-mac-address 00:94:a1:69:34:12
ethernet state counters in-mac-control-frames 0
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 0
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-8021q-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-control-frames 0
ethernet state counters out-mac-pause-frames 0
ethernet state counters out-8021q-frames 0
ethernet state flow-control rx on
Display information about a LAG interface named test-lag
:
appliance-1# show interfaces interface test-lag
interfaces interface test-lag
state name test-lag
state type ieee8023adLag
state mtu 9600
state oper-status DOWN
state forward-error-correction auto
ethernet state flow-control rx on
aggregation state lag-type STATIC
aggregation state lag-speed 0
aggregation state distribution-hash src-dst-ipport
aggregation state mac-address 00:94:a1:69:34:26
aggregation state lagid 1
MEMBER MEMBER
NAME STATUS
----------------
1.0 DOWN
COMMAND
show lacp
DESCRIPTION
Display the current LACP configuration and state information for global and all LACP interfaces.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about configured LACP interfaces:
appliance-1# show lacp
lacp state system-id-mac 00:12:a1:69:34:23
lacp interfaces interface lacp-test
state name lacp-test
state interval SLOW
state lacp-mode ACTIVE
COMMAND
show lacp interfaces
DESCRIPTION
Show current LACP state for all LACP interfaces.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.system-priority
and the stack MAC address.COMMAND
show lacp interfaces interface
DESCRIPTION
Show current LACP config and state information for an LACP interface.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about the testLAG
interface:
appliance-1# show lacp interfaces interface testLAG
lacp interfaces interface testLAG
state name testLAG
state interval FAST
state lacp-mode ACTIVE
state system-id-mac 0:12:a1:8e:4c:8
COMMAND
show lacp state
DESCRIPTION
Display global LACP state information.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.system-priority
and the stack MAC address.EXAMPLE
Display the global state of LACP:
appliance-1# show lacp state
lacp state system-id-mac 00:12:a1:66:e0:08
COMMAND show lldp
DESCRIPTION Display the information about Link Layer Discovery Protocol (LLDP) on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display all LLDP information:
appliance-1# show lldp
lldp state enabled
lldp state chassis-id f5-abcd-efgh
lldp state chassis-id-type LOCAL
lldp interfaces interface 1.0
state name 1.0
state enabled
state counters frame-in 0
state counters frame-out 4202
Show whether LLDP is enabled or disabled:
appliance-1# show lldp state enabled
lldp state enabled
COMMAND show parser
DESCRIPTION Display information about available commands and their syntax.
ARGUMENTS
EXAMPLE
Display information about all commands:
appliance-1# show parser dump
autowizard [false/true]
clear history
complete-on-space [false/true]
config [no-confirm]
config
config exclusive [no-confirm]
config exclusive
config terminal [no-confirm]
config terminal
describe autowizard
describe clear history
describe complete-on-space
describe config
describe describe
describe devtools
describe display-level
describe exit
describe file
describe file
describe file
describe file
describe file show
describe file tail
describe file
describe help
describe history
describe id
describe idle-timeout
describe ignore-leading-space
describe job stop
describe leaf-prompting
describe logout session
describe logout user
describe no history
describe paginate
describe prompt1
describe prompt2
describe pwd
describe quit
describe reset
describe reset
describe screen-length
describe screen-width
describe script reload
...
COMMAND show port-profile
DESCRIPTION Display information about port profiles.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the currently-configured port profile:
appliance-1# show port-profile state
port-profile state mode 8x10G
COMMAND show portgroups
DESCRIPTION Display information about portgroups.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display all information about portgroup 5:
appliance-1# show portgroups portgroup 5
portgroups portgroup 5
state vendor-name "F5 INC."
state vendor-oui 009065
state vendor-partnum "OPT-0017 "
state vendor-revision A0
state vendor-serialnum "AWH16HF "
state media 10GBASE-LR
state optic-state QUALIFIED
state ddm rx-pwr low-threshold alarm -20.0
state ddm rx-pwr low-threshold warn -18.01
state ddm rx-pwr instant val-lane1 -2.21
state ddm rx-pwr high-threshold alarm 2.5
state ddm rx-pwr high-threshold warn 2.0
state ddm tx-pwr low-threshold alarm -8.0
state ddm tx-pwr low-threshold warn -7.0
state ddm tx-pwr instant val-lane1 -1.39
state ddm tx-pwr high-threshold alarm 2.0
state ddm tx-pwr high-threshold warn 1.0
state ddm temp low-threshold alarm -13.0
state ddm temp low-threshold warn -8.0
state ddm temp instant val 23.1132
state ddm temp high-threshold alarm 78.0
state ddm temp high-threshold warn 73.0
state ddm bias low-threshold alarm 0.015
state ddm bias low-threshold warn 0.02
state ddm bias instant val-lane1 0.036342
state ddm bias high-threshold alarm 0.085
state ddm bias high-threshold warn 0.08
state ddm vcc low-threshold alarm 2.9
state ddm vcc low-threshold warn 3.0
state ddm vcc instant val 3.35
state ddm vcc high-threshold alarm 3.7
state ddm vcc high-threshold warn 3.6
Display only the optic-state
of portgroup 5:
appliance-1# show portgroups portgroup 5 state optic-state
state optic-state QUALIFIED
COMMAND show restconf-state
DESCRIPTION Display capabilities supported by the RESTCONF server.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all supported capabilities:
appliance-1# show restconf-state
restconf-state capabilities capability urn:ietf:params:restconf:capability:defaults:1.0?basic-mode=report-all
restconf-state capabilities capability urn:ietf:params:restconf:capability:depth:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:fields:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:with-defaults:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:filter:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:replay:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:yang-patch:1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/collection/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/query-api/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/unhide/1.0
COMMAND show running-config
DESCRIPTION Display the current configuration for the system. By default, the whole configuration is displayed. You can limit what is shown by supplying a pathfilter. The pathfilter may be either a path pointing to a specific instance, or if an instance id is omitted, the part following the omitted instance is treated as a filter.
ARGUMENTS
For information about these arguments, see these sections on the show-SNMP-FRAMEWORK-MIB
page.
EXAMPLE
Display the current running configuration for file operations:
appliance-1# show running-config file
file config concurrent-operations-limit 5
Display information about interface 8.0:
appliance-1# show running-config interfaces interface 8.0
interfaces interface 8.0
config type ethernetCsmacd
config enabled
!
COMMAND show service-pods
DESCRIPTION
A system service is deployed in a Pod.
IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about the pod image version:
appliance-1# show service-pods service-pod pod-image-version
POD
IMAGE
SERVICE NAME VERSION
---------------------------------
compute 2.4.16
coredns 1.8.3
kube-flannel 0.13.0
kube-multus 3.6.3
kube-sriov-cni 1.0.2
kube-sriovdp 1.0.0
lb-port-443 v0.2.0
local-path-provisioner v0.0.19
metrics-server v0.3.6
pause 3.1
traefik-ingress-lb 2.4.8
virt-api 2.4.16
virt-controller 2.4.16
virt-handler 2.4.16
virt-operator 2.4.16
COMMAND show system aaa
DESCRIPTION Display system user authentication information, including information about roles, users, primary key, server groups, and TLS.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about configured system authentication:
appliance-1# show system aaa authentication
system aaa authentication state cert-auth disabled
system aaa authentication f5-aaa-token:state basic disabled
system aaa authentication ocsp state override-responder off
system aaa authentication ocsp state response-max-age -1
system aaa authentication ocsp state response-time-skew 300
system aaa authentication ocsp state nonce-request on
system aaa authentication ocsp state disabled
AUTHORIZED LAST TALLY EXPIRY
USERNAME KEYS CHANGE COUNT DATE ROLE
----------------------------------------------------------------------
admin - 2022-08-31 0 -1 admin
big-ip-15-1-6 - 0 0 1 tenant-console
big-ip-15-1-8 - 0 0 1 tenant-console
root - 2022-08-31 0 -1 root
REMOTE
ROLENAME GID GID USERS
-------------------------------------
admin 9000 - -
operator 9001 - -
resource-admin 9003 - -
tenant-console 9100 - -
Display information for the primary key:
appliance-1# show system aaa primary-key
system aaa primary-key state hash bIVhabcdtroyOkxMKYjyDEFGTd0NX4Ch1234Mi+5aFk9WbxdM6RTzl5678HYkCwnQkOE1ict0Y7Z3uOLgjYNBQ==
system aaa primary-key state status "COMPLETE Initiated: Tue Mar 7 22:32:04 2023"```
Show the TLS certificate:
appliance-1# show system aaa primary-key
Show the current CRLs in the system:
appliance-1# show system aaa tls crls crl
Show the current RESTCONF token lifetime:
appliance-1# show system aaa restconf-token
system aaa restconf-token state lifetime 15
Show the current state of client certificate authentication on the system:
appliance-1# show system aaa authentication state
system aaa authentication state cert-auth disabled
COMMAND show system alarms
DESCRIPTION Display information about system alarms.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display active alarm conditions:
appliance-1# show system alarms
system alarms alarm 66307 lcd
state severity ERROR
state text "Module communication error detected"
state time-created "2022-04-08 15:15:15.601624499 UTC"
COMMAND show system appliance-mode
DESCRIPTION Check the current state of appliance mode. It can be either enabled or disabled.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the current state of appliance mode:
appliance-1# show system diagnostics ihealth
system diagnostics ihealth state username ""
system diagnostics ihealth state server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
system diagnostics ihealth state authserver https://api.f5.com/auth/pub/sso/login/ihealth-api
COMMAND show system clock
DESCRIPTION Display the current time configured for the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display the currently-configured time zone name:
appliance-1# show system clock
system clock state timezone-name Etc/UTC
system clock state appliance date-time "2022-04-08 23:28:05 Etc/UTC"
Display the current time for the system:
appliance-1# show system clock state appliance
system clock state appliance date-time "2022-04-08 23:29:00 Etc/UTC"
COMMAND show system diagnostics
DESCRIPTION Display information about iHealth, QKView, and iHealth web proxy.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the iHealth configuration for the system:
appliance-1# show system diagnostics ihealth
system diagnostics ihealth state server https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
system diagnostics ihealth state authserver https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token
system diagnostics ihealth state clientid ""
COMMAND show system dns
DESCRIPTION Display information about DNS servers configured for the system to use.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all configured DNS servers:
appliance-1# show system dns servers
ADDRESS ADDRESS PORT
-----------------------------
192.168.10.1 - 53
192.168.11.1 - 53
COMMAND show system events
DESCRIPTION Display information about system events.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display system events:
appliance-1# show system events
system events event
log "66305 psu-1 psu-fault EVENT NA \"Presence detected\" \"2022-04-05 15:11:22.031819100 UTC\""
system events event
log "66304 appliance module-present EVENT NA \"Fan tray present\" \"2022-04-05 15:11:22.032649847 UTC\""
system events event
log "65543 appliance aom-fault EVENT NA \"MFG Lockout On\" \"2022-04-05 15:11:22.034033579 UTC\""
system events event
log "65543 appliance aom-fault ASSERT ERROR \"Fault detected in the AOM\" \"2022-04-08 10:00:02.962848108 UTC\""
system events event
log "65543 appliance aom-fault EVENT NA \"Bmc Health Self test failed: Device-specific 'internal' failure.\" \"2022-04-08 10:00:02.962896530 UTC\""
system events event
log "65543 appliance aom-fault CLEAR ERROR \"Fault detected in the AOM\" \"2022-04-08 11:00:02.959761260 UTC\""
system events event
log "65543 appliance aom-fault EVENT NA \"Bmc Health Self test passed\" \"2022-04-08 11:00:02.959789898 UTC\""
COMMAND show system health
DESCRIPTION Display health information about system components.
ARGUMENTS
The availability of options for this command depends on the hardware component for which you want to view health information.
EXAMPLES
Display high-level hardware health state for the fan tray:
appliance-1# show system health components component fantray hardware state
KEY NAME HEALTH SEVERITY
--------------------------------------------------------
appliance/hardware/fantray Fan Tray ok info
Display health information about system memory:
appliance-1# show system health components component fantray hardware appliance/hardware/fantray
hardware appliance/hardware/fantray
state name "Fan Tray"
state health ok
state severity info
NAME DESCRIPTION HEALTH SEVERITY VALUE UPDATED AT
-------------------------------------------------------------------------------------------------
module:present Module present status ok info true 2022-04-05T15:11:19Z
p5a:sensor:speed:fan:fan1 Fan1 (RPM) ok info 9900 2022-04-08T23:00:04Z
p5a:sensor:speed:fan:fan2 Fan2 (RPM) ok info 9800 2022-04-08T23:00:04Z
p5a:sensor:speed:fan:fan3 Fan3 (RPM) ok info 9800 2022-04-08T23:00:04Z
p5a:sensor:speed:fan:fan4 Fan4 (RPM) ok info 9900 2022-04-08T23:00:04Z
Display the status of the QKView service on the system:
appliance-1# show system health components component appliance services appliance/services/qkviewd
services appliance/services/qkviewd
state name qkviewd
state health ok
state severity info
NAME DESCRIPTION HEALTH SEVERITY VALUE UPDATED AT
----------------------------------------------------------------------------------------------------------------------------
container:event:attach Container attach event ok info 0 2022-04-05T15:11:21Z
container:event:die Container die event ok info 0 2022-04-05T15:11:21Z
container:event:exec-create Container exec create event ok info 0 2022-04-05T15:11:21Z
container:event:exec-detach Container exec detach event ok info 0 2022-04-05T15:11:21Z
container:event:exec-die Container exec die event ok info 0 2022-04-05T15:11:21Z
container:event:exec-start Container exec start event ok info 0 2022-04-05T15:11:21Z
container:event:kill Container kill event ok info 0 2022-04-05T15:11:21Z
container:event:restart Container restart event ok info 0 2022-04-05T15:11:21Z
container:event:restart-last-hour Container restart count in the last hour ok info 0 2022-04-05T15:11:21Z
container:event:start Container start event ok info 0 2022-04-05T15:11:21Z
container:event:stop Container stop event ok info 0 2022-04-05T15:11:21Z
container:running Container running ok info true 2022-04-08T23:36:20Z
COMMAND show system image
DESCRIPTION Display information about the installed Base OS image on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display the currently-installed Base OS image on the system:
appliance-1# show system image install
system image state install install-os-version 1.1.0-5810
system image state install install-service-version 1.1.0-5810
system image state install install-status none
Display information about all imported Base OS images:
appliance-1# show system image
IN
VERSION OS STATUS DATE USE
--------------------------------------
1.1.0-5810 ready 2022-04-04 true
VERSION IN
SERVICE STATUS DATE USE
--------------------------------------
1.1.0-5810 ready 2022-04-04 true
VERSION IN
ISO STATUS DATE USE
---------------------------------------
1.1.0-5810 ready 2022-04-04 false
COMMAND show system licensing
DESCRIPTION Display information about system license.
EXAMPLE
Display information about the license activated on the system (Note that actual license key values are not shown below):
appliance-1# show system licensing
system licensing license
Licensed version 1.1.0
Registration Key XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX
Licensed date 2022/03/14
License start 2022/02/10
License end 2022/05/05
Service check date 2022/04/05
Platform ID C131
Appliance SN f5-abcd-efgh
Active Modules
Local Traffic Manager, r4800 (318092989)
BIG-IP, DNS and GTM Upgrade (1K TO MAX)
Routing Bundle
Advanced Protocols
Advanced Web Application Firewall, r4XXX
Advanced Firewall Manager, r4XXX
BIG-IP, DNS (1K)
Rate Shaping
Anti-Virus Checks
Base Endpoint Security Checks
Firewall Checks
Machine Certificate Checks
Network Access
Protected Workspace
Secure Virtual Keyboard
APM, Web Application
App Tunnel
Remote Desktop
DNS Rate Fallback, Unlimited
DNS Rate Limit, Unlimited QPS
GTM Rate Fallback, (UNLIMITED)
GTM Rate, Unlimited
Carrier Grade NAT (AFM ONLY)
APM, Limited
Protocol Security Manager
Max SSL, r4800
Max Compression, r4800
DNSSEC
COMMAND show system locator
DESCRIPTION Display whether the system locator function is enabled. This function illuminates the F5 logo ball so that you can more easily locate a chassis in a data center.
EXAMPLE
Display whether the system locator is enabled:
appliance-1# show system locator
system locator state disabled
COMMAND show system logging
DESCRIPTION Display information about remote logging.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.COMMAND show system login-activity
DESCRIPTION Display information about all previous login attempts.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all recent admin user login attempts:
appliance-1# show system login-activity user admin
NAME LOGIN TIME METHOD HOST STATUS
------------------------------------------------------------
admin 2023-05-17 17:43:10 http 172.18.65.98 failed
2023-05-17 17:43:19 http 172.18.65.98 success
2023-05-17 18:05:17 http 172.18.65.98 success
2023-05-19 05:50:34 http 172.18.65.139 success
2023-05-19 16:12:53 http 172.18.65.105 success
2023-05-22 23:48:15 http 172.18.65.12 success
2023-05-23 03:37:19 ssh 172.18.65.12 success
Display all recent login attempts:
appliance-1# show system login-activity
NAME LOGIN TIME METHOD HOST STATUS
------------------------------------------------------------
admin 2023-04-28 23:04:13 http 172.18.65.173 success
2023-05-02 18:46:40 http 172.18.2.178 success
2023-05-03 15:50:24 http 172.18.65.150 success
2023-05-11 16:41:20 http 192.0.2.96 success
2023-05-17 17:36:38 http 172.18.65.98 success
2023-05-17 18:07:46 http 172.18.65.98 success
2023-05-23 04:47:49 ssh 172.18.65.12 success
root 2023-04-14 01:21:55 ssh 10.145.71.88 success
2023-04-14 01:23:08 ssh 10.145.71.88 success
COMMAND show system mac-allocation
DESCRIPTION Display information about chassis MAC address allocation.
EXAMPLE
Display current MAC address allocation:
appliance-1# show system mac-allocation
system mac-allocation state free-single-macs 6
system mac-allocation state allocated-single-macs 6
system mac-allocation state free-large-blocks 7
system mac-allocation state allocated-large-blocks 0
system mac-allocation state free-medium-blocks 0
system mac-allocation state allocated-medium-blocks 0
system mac-allocation state free-small-blocks 0
system mac-allocation state allocated-small-blocks 0
system mac-allocation state total-free-mac-count 230
system mac-allocation state total-allocated-mac-count 6
system mac-allocation state total-mac-count 236
COMMAND show system mgmt-ip
DESCRIPTION Display information about configured management IP addresses.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about all configured management IP addresses:
appliance-1# show system mgmt-ip
system mgmt-ip state ipv4 system address 192.0.2.102
system mgmt-ip state ipv4 prefix-length 24
system mgmt-ip state ipv4 gateway 192.0.2.254
system mgmt-ip state ipv6 system address ::
system mgmt-ip state ipv6 prefix-length 0
system mgmt-ip state ipv6 gateway ::
Display only the gateway for a configured IPv4 management IP address:
appliance-1# show system mgmt-ip state ipv4 gateway
system mgmt-ip state ipv4 gateway 192.0.2.254
COMMAND show system network
DESCRIPTION Display information about the configured and active internal network addresses.
ARGUMENTS
This command has no arguments.
EXAMPLE
Display information about the currently-configured internal network:
appliance-1# show system network
system network state configured-network-range-type RFC6598
system network state configured-network-range 100.64.0.0/12
system network state active-network-range-type RFC6598
system network state active-network-range 100.64.0.0/12
COMMAND show system ntp
DESCRIPTION Display the current state of the Network Time Protocol (NTP) service.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the current state of NTP on the system:
appliance-1# show system ntp
system ntp state disabled
COMMAND show system ntp ntp-keys
DESCRIPTION Display a list of configured NTP authentication keys.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.COMMAND show system ntp servers
DESCRIPTION Display a list of configured NTP servers.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display configured NTP servers:
appliance-1# show system ntp servers
system ntp servers server ntp.pool.org
state address ntp.pool.org
state port 123
state version 4
state association-type SERVER
state iburst false
state prefer false
COMMAND show system security
DESCRIPTION Display the status of system services and FIPS module, if present.
EXAMPLE
Display the currently-configured system services:
appliance-1# show system security
system security services service httpd
state ssl-ciphersuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA
system security services service sshd
state ciphers [ aes128-cbc aes128-ctr aes128-gcm@openssh.com aes256-cbc aes256-ctr aes256-gcm@openssh.com ]
state kexalgorithms [ diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 ]
COMMAND show system settings
DESCRIPTION Display information about system idle timeout and webUI advisory banner.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the idle timeout for the system:
appliance-1# show system settings state idle-timeout
system settings state idle-timeout 8192
COMMAND show system snmp
DESCRIPTION Display SNMP system configuration.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about configured communities:
appliance-1# show system snmp communities
SECURITY
NAME NAME MODEL
--------------------------------------
v1-community v1-community [ v1 ]
Display information about configured targets:
appliance-1# show system snmp targets
SECURITY
NAME NAME USER COMMUNITY MODEL ADDRESS PORT ADDRESS PORT
-----------------------------------------------------------------------------------------
v3-target v3-target v3-user - - 192.0.2.224 5001 - -
Display information about configured users:
appliance-1# show system snmp users
AUTHENTICATION PRIVACY
NAME NAME PROTOCOL PROTOCOL
--------------------------------------------
v3-user v3-user md5 aes
COMMAND show system state
DESCRIPTION Display information about the system, such as domain name, login banner, and hostname.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display the current date and time:
appliance-1# show system state current-datetime
system state current-datetime "2022-04-08 23:51:09 Etc/UTC"
Display the hostname for the system:
appliance-1# show system state hostname
system state hostname appliance-1
Display the login banner for the system:
appliance-1# show system state login-banner
system state login-banner UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
Display the message of the day (MOTD) banner for the system:
appliance-1# show system state motd-banner
system state motd-banner ATTENTION! This system is scheduled for maintenance in two days.
COMMAND show system telemetry instruments
DESCRIPTION Display information about supported instruments.
ARGUMENTS
This command has no arguments
EXAMPLES
Display all supported instrument information:
appliance-1# show system telemetry instruments
NAME DESCRIPTION
-------------------------------------------------------------------------------------------
all Report all logs and metrics produced by the F5OS platform layer
logs F5OS platform log file through the OpenTelemetry 'log' API
platform F5OS platform metrics such as: memory, disk, cpu, interface stats
hardware F5OS hardware sensors such as: voltage, current, temperature, power, fan-speeds
optics F5OS front-panel Optic DDM metrics
tenant Low level tenant reported metrics such as: memory, disk, cpu interface stats
container F5OS Per-Container metrics such as: cpu, block-io, network, memory
COMMAND show system telemetry exporters
DESCRIPTION Display the current state of the exporter.
ARGUMENTS
This command has no arguments
EXAMPLES
Display the current state of the exporter:
appliance-1# show system telemetry exporters
system telemetry exporters exporter server1
state enabled
state endpoint address 10.144.74.171
state endpoint port 4317
state instruments [platform]
state options retry-enabled true
state options timeout 5
state options compression gzip
COMMAND show system version
DESCRIPTION Display information about system software version.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display version information about the installed system software:
appliance-1# show system version
system version os-version 1.6.0-7890
system version service-version 1.6.0-7890
system version product F5OS-A
COMMAND show tenants
DESCRIPTION Display the state of all configured tenants in the system.
ARGUMENTS This command has no arguments.
EXAMPLE
Display the state of configured tenants on the current system:
appliance-1# show tenants
tenants tenant big-ip
state name big-ip
state unit-key-hash Cl2Hpf4K3RZXmhTEQPQ3orKjj4GsNrlCaLsOAdQ3I9c2SG6uWpan08OkIWKNOyEVnrYBvxA5TQQRaOSm/H+ftQ==
state type BIG-IP
state image BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle
state mgmt-ip 192.0.2.61
state prefix-length 24
state gateway 192.0.2.254
state vlans [ 3962 ]
state cryptos enabled
state vcpu-cores-per-node 2
state memory 7680
state storage size 76
state running-state deployed
state mac-data base-mac 00:12:a1:34:56:b1
state mac-data mac-pool-size 1
state appliance-mode disabled
state status Starting
state primary-slot 1
state image-version "BIG-IP 15.1.6 0.0.3"
NDI MAC
----------------------------
default 14:a9:d0:01:62:0e
POD INSTANCE
NODE NAME ID PHASE CREATION TIME READY TIME STATUS MGMT MAC
------------------------------------------------------------------------------------------------------------------------
1 big-ip 1 Running 2022-04-05T16:10:12Z 2022-04-05T16:10:14Z Started tenant instance 00:12:a1:34:56:b1
COMMAND
show tenants tenant
DESCRIPTION Display the state of a specific configured tenants in the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the state of a tenant named bigip
:
appliance-1# show tenants tenant bigip
tenants tenant big-ip
state name big-ip
state unit-key-hash Cl2Hpf4K3RZXmhTEQPQ3orKjj4GsNrlCaLsOAdQ3I9c2SG6uWpan08OkIWKNOyEVnrYBvxA5TQQRaOSm/H+ftQ==
state type BIG-IP
state image BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle
state mgmt-ip 192.0.2.61
state prefix-length 24
state gateway 192.0.2.254
state vlans [ 3962 ]
state cryptos enabled
state vcpu-cores-per-node 2
state memory 7680
state storage size 76
state running-state deployed
state mac-data base-mac 00:12:a1:34:56:b1
state mac-data mac-pool-size 1
state appliance-mode disabled
state status Starting
state primary-slot 1
state image-version "BIG-IP 15.1.6 0.0.3"
NDI MAC
----------------------------
default 14:a9:d0:01:62:0e
POD INSTANCE
NODE NAME ID PHASE CREATION TIME READY TIME STATUS MGMT MAC
------------------------------------------------------------------------------------------------------------------------
1 big-ip 1 Running 2022-04-05T16:10:12Z 2022-04-05T16:10:14Z Started tenant instance 00:12:a1:34:56:b1
COMMAND show vlans
DESCRIPTION Display configured VLAN objects.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all configured VLANs:
appliance-1# show vlans
VLAN
ID INTERFACE
-----------------
3962 1.0